LInux malware

[Baldape]

Whats the state of Linux malware for home users but particularly for enterprise servers. I mean look at how many websites have been hit by Blackhat hackers over just the last few months and how many of those websites run on Linux or Free BSD even home users are at higher risk now, though still nothing compared to Windows home user malware infections so why aren't there more antimalware solutions for Linux would something like MBAM/MBAE help fend off all these exploits from happening so often to enterprise websites & perhaps assist Linux home users against malware exploits as well.

[gonzo]

When it comes to research, development, coding, testing, marketing and everything else that goes into a commercial solution, Linux -- as good and important as it is -- is a tiny piece of the puzzle.  Malware primarily targets Windows computers because they can get reap much larger benefits from a larger market.  Anti-malware and anti-virus vendors follow the same trend.  I know what you're saying, but that's the reality of the situation.

[Baldape]

When it comes to research, development, coding, testing, marketing and everything else that goes into a commercial solution, Linux -- as good and important as it is -- is a tiny piece of the puzzle.  Malware primarily targets Windows computers because they can get reap much larger benefits from a larger market.  Anti-malware and anti-virus vendors follow the same trend.  I know what you're saying, but that's the reality of the situation.

Yes I know that but Linux is growing in popularity there for were seeing more malware pop-up for it and I agree at this time it wouldn't make much sense to develop an Linux 'home' antimalware product at this time but what about commercial whats the state of malware based threats towards them? Maybe I'm a bit mistaken but with all the attacks now days against commercial setups shouldn't there be an antimalware product for commercial Linux systems?

 

Either way I really would like to discus the state of Linux Malware and current solutions and how they measure up/strength and weakness. Thank you.

[gonzo]

I know it sounds like I am dismissing your statement, but in fact I agree with you completely.  I have attempted to rally support for products that serve the Linux/Unix market, but none have materialized so far.  I haven't given up on that, and I can imagine my manager is cringing as he reads this.  Besides the Linux vs. Windows point, there is also another issue to contend with...clients vs. servers.  As it stands now, Malwarebytes does not offer an anti-malware product that is blessed for full functionality on a server.  That may change in the future, but it isn't there now.

 

A challenge that presents itself is the infinite number of services that a server can provide, and the adherence to professional standards of the coder that writes those services.  The role of a client (a.k.a. desktop/laptop) is much simpler than that of a server, and a server will often be dealing with scripting, JIT code, and networking functionality that doesn't ever come into play on a client.  All of those lead to higher potential of false positives, blocked processes, blocked network activity, and potential erroneous addition of any of those onto exclusion lists that could easily lead to user-caused vulnerabilities that would not have existed otherwise.  We will likely learn more about the intricacies of the inner workings of a server on a Windows platform that could help us deal with other platforms, but how to implement on the other platforms is a different matter still.

 

I personally would invite and encourage you to open discussions on the subject in this forum, though I must admit that I am speaking from the perspective of a geek and not officially from a company perspective.  If we could learn from it, and maybe create added momentum in that direction, I think it adds value.  At the same time, servers, Linux and Linux servers are all part of a possible future and not a guaranteed future.

[Baldape]

I know it sounds like I am dismissing your statement, but in fact I agree with you completely.  I have attempted to rally support for products that serve the Linux/Unix market, but none have materialized so far.  I haven't given up on that, and I can imagine my manager is cringing as he reads this.  Besides the Linux vs. Windows point, there is also another issue to contend with...clients vs. servers.  As it stands now, Malwarebytes does not offer an anti-malware product that is blessed for full functionality on a server.  That may change in the future, but it isn't there now.

 

A challenge that presents itself is the infinite number of services that a server can provide, and the adherence to professional standards of the coder that writes those services.  The role of a client (a.k.a. desktop/laptop) is much simpler than that of a server, and a server will often be dealing with scripting, JIT code, and networking functionality that doesn't ever come into play on a client.  All of those lead to higher potential of false positives, blocked processes, blocked network activity, and potential erroneous addition of any of those onto exclusion lists that could easily lead to user-caused vulnerabilities that would not have existed otherwise.  We will likely learn more about the intricacies of the inner workings of a server on a Windows platform that could help us deal with other platforms, but how to implement on the other platforms is a different matter still.

 

I personally would invite and encourage you to open discussions on the subject in this forum, though I must admit that I am speaking from the perspective of a geek and not officially from a company perspective.  If we could learn from it, and maybe create added momentum in that direction, I think it adds value.  At the same time, servers, Linux and Linux servers are all part of a possible future and not a guaranteed future.reats

 

Thanks gonzo for understanding my concern and certainly a anti-exploit service for servers would be more realistic to help identify possible incoming threats and at the very least alert the admins to a possible unknown threat. This way they could take the necessary actions to stop the attack before the B-hackers can do major damage also if or 'when' theres a Linux server edition of Malwrebytes it should have integration with security modules such as apparmor 

 

 

Speaking of exploits I possibly almost had a Linux malware infection just recently but Bluhell Firewall (FF add-on) blocked the website in question. But it was likely designed for Windows systems in the first place.

[CWB]

i have visited and revisited the *state of AV/AM for 'nix"* over the past few years ...

several players have entered the game but only a half a fistful have "stuck around" .

 

one of the problems is about the money .

it takes a lot of money to develop a product for wide use that plays nice with the sundry system lash-ups .

another aspect along the money lines is the idea that linux and associated software are developed from a "free" point of view .

many users balk at spending a cent when it comes to linux systems and software because of a main premise of their origins .

as was mentioned by gonzo , when it comes to servers ... it is a different ballgame (think soccer versus *real* american football) .

[Baldape]

i have visited and revisited the *state of AV/AM for 'nix"* over the past few years ...

several players have entered the game but only a half a fistful have "stuck around" .

 

one of the problems is about the money .

it takes a lot of money to develop a product for wide use that plays nice with the sundry system lash-ups .

another aspect along the money lines is the idea that linux and associated software are developed from a "free" point of view .

many users balk at spending a cent when it comes to linux systems and software because of a main premise of their origins .

as was mentioned by gonzo , when it comes to servers ... it is a different ballgame (think soccer versus *real* american football) .

 

I completely agree CWB the free in freesoftware/open source doesn't mean free of cost instead it stands for freedom and if you have developers working full-time they have to be compensated for there work. I'm little surprised that someone hasn't made a paid fork of ClamAV yet just think how much it would help the original ClamAV project let alone help fight against Linux infections.

 

BTW what you recommend for Linux security home or or otherwise?

[David H. Lipman]

BTW what you recommend for Linux security home or or otherwise?

Practice Safe Hex !

[Baldape]

Practice Safe Hex !

 

Well I have apparmor installed and configured. Can you explain what a Hex is to me in layman's terms.

[David H. Lipman]

Sure...

 

HEX is short for Hexadecimal.  A numbering system based upon Base₁₆

 

HEX and Binary are the mathematical constructs of the computing system.

 

In school and at home ( hopefully ) we are taught to practice Safe Sex.  Safe Sex is a series of practices a person takes to protect themselves from unwanted pregnancies and from sexually transmitted diseases.

 

Several years ago we coined the term Safe Hex as a memorable parallel to Safe Sex only instead of being about the human body, it is about the computer system.

 

Therefore Safe Hex is a series of practices a person takes to protect their computing platform from computer viruses, trojans and exploit code ( malware ), hacking and other threats that can hurt the computing platform and its user.

 

When I write Safe Hex it is all about YOU, not some software you install.  It is your actions, or lack thereof, that can greatly impact your use of the computer.  Therefore all the software in the world won't protect you if you don't take due care and caution and practice Safe Hex.  Software is just a fall back protection.  In other words it is just a safety net.

[Baldape]

Sure...

 

HEX is short for Hexadecimal.  A numbering system based upon Base₁₆

 

HEX and Binary are the mathematical constructs of the computing system.

 

In school and at home ( hopefully ) we are taught to practice Safe Sex.  Safe Sex is a series of practices a person takes to protect themselves from unwanted pregnancies and from sexually transmitted diseases.

 

Several years ago we coined the term Safe Hex as a memorable parallel to Safe Sex only instead of being about the human body, it is about the computer system.

 

Therefore Safe Hex is a series of practices a person takes to protect their computing platform from computer viruses, trojans and exploit code ( malware ), hacking and other threats that can hurt the computing platform and its user.

 

When I write Safe Hex it is all about YOU, not some software you install.  It is your actions, or lack thereof, that can greatly impact your use of the computer.  Therefore all the software in the world won't protect you if you don't take due care and caution and practice Safe Hex.  Software is just a fall back protection.  In other words it is just a safety net.

 

Well I diffidently practice Safe Hex  the majority of time excluding when I let that person use my browser in Linux Mint just recently.

[CWB]

and that is why i keep a #2 ball-peen hammer hanging close to my comp ...

if anyone touches the keyboard i start by beating on their fingers and work my way up from there .

it sure is a great deterrent .

 

i tried the ESET flavor of AV/AM/firewall about 1.5 years ago ...

i was not really all that impressed with the GUI (and i use ESET on my windows machines) .

 

clamav may be wonderful to some users , but , try as i might i kept getting the "newer version and gui available" ...

trying to "update" them proved to be an exercise in futility .

a look at the numbers/ratings for clamav show that there is not much enthusiasm about/for it .

 

i tried out the bitdefender nix flavor ...

while i did like the way that it worked and really did find *stuff* , i felt that the gui/settings were a bit lacking.

 

comodo has a 'nix flavor but recently there has been an issue with what basically amounts to crapware being included in the mix .

this is a topic in these forums .

 

as i mentioned , there are a few AVs available .

here is a link : https://help.ubuntu.com/community/Antivirus

the start of the article lists the reasons for using an AV on a 'nix system ...

this is a refreshing difference from most of the answers one will find when researching the question "what is a good AV for 'nix systems" .

many times *someone* will chime in and say "you don't need an AV ..." , and perhaps will quote some numbers that were seemingly obtained from an orifice on their person .

if i didn't think i needed an AV/AM , i wouldn't ask the question in the first place !

[Baldape]

and that is why i keep a #2 ball-peen hammer hanging close to my comp ...

if anyone touches the keyboard i start by beating on their fingers and work my way up from there .

it sure is a great deterrent .

 

i tried the ESET flavor of AV/AM/firewall about 1.5 years ago ...

i was not really all that impressed with the GUI (and i use ESET on my windows machines) .

 

clamav may be wonderful to some users , but , try as i might i kept getting the "newer version and gui available" ...

trying to "update" them proved to be an exercise in futility .

a look at the numbers/ratings for clamav show that there is not much enthusiasm about/for it .

 

i tried out the bitdefender nix flavor ...

while i did like the way that it worked and really did find *stuff* , i felt that the gui/settings were a bit lacking.

 

comodo has a 'nix flavor but recently there has been an issue with what basically amounts to crapware being included in the mix .

this is a topic in these forums .

 

as i mentioned , there are a few AVs available .

here is a link : https://help.ubuntu.com/community/Antivirus

the start of the article lists the reasons for using an AV on a 'nix system ...

this is a refreshing difference from most of the answers one will find when researching the question "what is a good AV for 'nix systems" .

many times *someone* will chime in and say "you don't need an AV ..." , and perhaps will quote some numbers that were seemingly obtained from an orifice on their person .

if i didn't think i needed an AV/AM , i wouldn't ask the question in the first place !

 

So basically what your saying is that Linux home AV/AM aren't really as important as a inbound/outgoing rule-based firewall and browser/app protection such as apparmor or Noscript?

 

Well after all Linux home users aren't a major target 'yet' but another Unix distro namely OSX is and they could use a good antimalware solution such as MBAM/MBAE.

[CWB]

i am not saying that at all ...

a good firewall and an AV/AM are needed on any system that goes "online" or has some form of communications with the outside world .

this includes being "networked" on a system that has an internet connection (say a print/data server in a commercial environment) .

even the seemingly benign act of plugging in a flash drive can result in a system infection .

(a local printing company found this out ... a customer brought in a contaminated thumb drive)

while the average home user can (relatively) afford an intrusion of some type better than a commercial installation , an ounce of prevention is worth a butt-load of cure .

 

the situation today is such that when it comes to infections and malware , no matter what OS type you run , it is not a matter of "if" but of "when" .

[Baldape]

i am not saying that at all ...

a good firewall and an AV/AM are needed on any system that goes "online" or has some form of communications with the outside world .

this includes being "networked" on a system that has an internet connection (say a print/data server in a commercial environment) .

even the seemingly benign act of plugging in a flash drive can result in a system infection .

(a local printing company found this out ... a customer brought in a contaminated thumb drive)

while the average home user can (relatively) afford an intrusion of some type better than a commercial installation , an ounce of prevention is worth a butt-load of cure .

 

the situation today is such that when it comes to infections and malware , no matter what OS type you run , it is not a matter of "if" but of "when" .

Sorry I misunderstood.

How well can security security modules like Apparmor or GRsecurity prevent infections or attacks?

[Aura]

I have no idea if it has been said, but most malware or vulnerabilities under *nix are way more dangerous that the ones on Windows, in term of damage they can do. Simply due to the fact that usually, when a *nix system is compromised and root can be accessed, pretty much anything can be done from there. The root under *nix have way more power than an Administrator under Windows, this is one of the strenght of *nix, but also one of its weakness. Somebody correct me if I'm wrong.

[CWB]

yep ... the seeming strength of *something* many times has a catastrophic downfall ...

look at what happened to Achilles .

 

getting access to "root" is difficult in a 'nix system but once it has been acquired it is like pulling the pin on a grenade .

some people have weak passwords or none at all ... this does not help the situation .

and why do they have weak or no password(s) ? because they are under the impression that a 'nix system is impervious to attack .

windows systems can suffer pretty much the same fate as "root" in nix ... if a *god* account is *somehow* created or elevated .

 

as for what is a "good" amount or type of security , a check in the 'nix forums that lean toward security and "anti" stuff will be of help ...

that is , if you can avoid those naysayers that are like the the guy that pops his head out of the cellar after a tornado has destroyed the house and farm and then says :

"every thing looks good ... no problems here ..." .