Are you safe of viruses and malware using Linux - YES!

Experience of malware in Linux

It is common that we think that only Windows suffers from viruses and malware and that Linux is free of those
problems. That is only partly so. I experienced a malware attack when downloaded some software from web using
Crome web browser in Windows. I was logged in with my Google account.

The malware changed my Google start page to a fake search page and settings page to a fake settings page that
looked like original but did not work, not allowing me to change the start page. You did not get to normal use of
Google browser any more. The fake search page appeared again and again what ever you tried. That all happened
in Windows.

However, when you tried to close Windows and go to Linux using the same Google user account, you experienced
the same fake search page to open there. So It game in from web using Crome in Windows and was transferred
to the Linux side Crome startpage when using the same user account. So, it seems to be dangerous to use
same browsers and user accounts in Windows and Linux. Also your Linux applications can be infected through
that mechanism. So, what I did is that I deleted the Crome from Windows and use now there only Internet Exploder.
I also improved the virus and malware protection on Windows.

It could be also more safe to have more than one web browser installed to be used in emergency situations if
something hapends in your default browser.

Zorin 8/8.1 Core and Ultimate 32 Bit, Ubunbtu 13.10 32 Bit, Windows 7 Ultimate 64 Bit, Asus AMD Athlon 64 Bit X2 Dual core 4000+, HP 530 Intel Celeron M 32 Bit

I think you have a different situation altogether. You stated that your problem originated from Windows - I suspect that, because you have a Google account (?) under Chrome - your 'account' has become 'hijacked' so not an infection in GNU/Linux but crafted web malware that is tied in to your IP address/Google account - so the originator of your issue was downlodaing something which had malware attached that took information from your Chrome browser - so I don't think this would have happened if you were running GNU/Linux on its own - you should however install 'chkrootkit' for rootkits which are cross-platform malware!

See this post:

viewtopic.php?f=5&t=6666#p31619

Henriolavi,
do you have Chrome Sync in place? I believe it comes as default in later releases of Chrome if you are logged into your Google account.
If so, then your Linux Chrome simply synced with the Windows Chrome and this is why your home page changed. This does not mean you are experiencing malware on Linux.
However, let's keep in mind that malware on Linux is not impossible, just very rare because it is harder to write and there are fewer possible victims.

Bye
Cris

Cris70 wrote:Henriolavi,
do you have Chrome Sync in place? I believe it comes as default in later releases of Chrome if you are logged into your Google account.
If so, then your Linux Chrome simply synced with the Windows Chrome and this is why your home page changed. This does not mean you are experiencing malware on Linux.
However, let's keep in mind that malware on Linux is not impossible, just very rare because it is harder to write and there are fewer possible victims.

Bye
Cris

Hi Cris70, many thanks for your input - it needed someone who uses Chrome to give a clear answer - I avoid spyware browsers period! Or rather I never use anything Google!

Thanks Cris70

I believe that the clarification you gave is just what happend. Ghrome in Windows was infected and it synched
the Linux Chrome start page. Chrome in Linux was not infected due to I could go there to the original
Chrome settings page and chance the start page back to normal. Only in Windows side Chrome
the malware could do the start and settings page changes and put some additional extensions to Chrome.
So, this shows that in Linux we could be little more safe. The Windows Ghrome malware could not move
into Linux Chrome. That saved me from total disaster.

Hi there, glad you can now see the issue. All I would advise is that:

1. You install clamAV if you intend to email/forward emails with Window apps attached - the usual precautions should always be followed - never open an email from anyone you don't have in your contact/address list!

2. Downloading packages from third party sources should be checked before extracting tarballs - some malarky uploaded a 'theme' to gnome-look.org called 'Ubundows 8' - if it was not inspected before running it would wipe your GNU/Linux off the hard drive - I did post something on this elsewhere on the forum with a guide from Blackwolf, one of the Admins on ultimateeditionoz.com on how to inspect tarballs.

See this post: viewtopic.php?f=5&t=6076&p=28820&hilit=Blackwolf+ubundows8#p28820

3. install 'chkrootkit' - rootkits are not OS specific as such - full guide here:

viewtopic.php?f=5&t=6666&p=31619&hilit=chkrootkit+and+how+to+use#p31619

Hi,

Real beginners question here on this subject. Why is it risky to run unsupported versions of ubuntu/Zorin? My understanding was that they were safer then windows primarily because of the low number of people using Linux derivatives so in that regard a Zorin 6 would be as safe as an 8.0. I mean, what is the nature of this update from 7 to 8 and does it have a significant security aspect and if so what is that? I was under the impression that these systems did not have security updates like windows and in fact that is one thing that appealed to me. I.e, thought the updates were about better useability etc.

Curious because just got involved and immediately stymied when ran into the whole Pae mess with Zorin 8.0 but then discovered how to make lubuntu 14,04 work using forcepae thank god. On my old T41 Thinkpad Pentium.

Still why not use unsupported forms of Zorin or other early stuff? Might be advantages like maybe my Brother 2270 would work.

I do not believe that the security risks will rabidly increase even if a nonsupported os is used. It is more question of that you can not get updates to the application softwares from the official support sources and also overall support is decreased over time. This is more an inconvenience issue than a big security problem in Linux. So you will have then more a personal responsibility to look that your computer will work according your needs.

It also depends on what you are doing with your computer. If it is a stand alone machine without net connection, so there is not any risks, but if net surfing and net banking is the main area of use then I see that the increasing security aspect should be considered, by giving additional focus to use updated browser and using safe connections and sources.

The main issue with applications are 'stack overflow' errors which could lead to a machine being taken over but I always read that this usually mean someone who has access to the machine as a local user - patches are usually out within days - there was a major security leak in the GNU/Linux kernel for a number of years before it got patched - still not as long as M$ 15 year security flaw in its kernel

The difference between M$ and GNU/Linux is that the latter is Community Driven and patches are uploaded to the repos within days and even sometimes hours - not so with M$.

Your main threat is going to be downloading a package from a 'non-supported' site such as a tar.bz2 as I have stated previously - there was a theme made available from Gnome-look.org called Ubundows and that would wipe your GNU/Linux OS off your hard drive and any data you had in your /home completely!

So whilst there are no viruses it does not prevent stupid script kiddies writing malicious bash scripts to wipe your drive - so beware - I did post how to check tarballs in another part of this forum, courtesy of Blackwolf, UltimateEditionOZ Administrator.

To address the title of the OP:

"Malware Attack Infected 25,000 Linux/UNIX Servers"

http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers


"But if you fall into the trap of believing that Linux is perfectly immune to viruses, you very well might fall victim to that naivety."

http://www.linux.com/learn/tutorials/284124-myth-busting-is-linux-immune-to-viruses


Partial list of Linux Viruses & Worms

http://en.wikipedia.org/wiki/Linux_malware



In my experience, Linux, MacIntosh, et al are no more immune/resistant to viruses, malware, and rootkits than Windows is. The difference is the number of said exploits between the two. So the reason why you're *safer* on a linux or MacIntosh machine is, as one security expert put it, if I'm writing a virus, am I going to gear it toward the OS run on 90% of machines in the world (Windows) or the 10% (the rest)?

SplatOz wrote:To address the title of the OP:

"Malware Attack Infected 25,000 Linux/UNIX Servers"

http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers


"But if you fall into the trap of believing that Linux is perfectly immune to viruses, you very well might fall victim to that naivety."

http://www.linux.com/learn/tutorials/284124-myth-busting-is-linux-immune-to-viruses


Partial list of Linux Viruses & Worms

http://en.wikipedia.org/wiki/Linux_malware



In my experience, Linux, MacIntosh, et al are no more immune/resistant to viruses, malware, and rootkits than Windows is. The difference is the number of said exploits between the two. So the reason why you're *safer* on a linux or MacIntosh machine is, as one security expert put it, if I'm writing a virus, am I going to gear it toward the OS run on 90% of machines in the world (Windows) or the 10% (the rest)?

The first one is in respect of GNU/Linux/Unix servers - not going to affect many Zorin users - there was a case where SysAdmins had become very lax and had not installed Server patches to GNU/Linux servers and they fell foul.

The second article is a good one but I think Virus is the wrong term - malware, yes or rather 'malscript' which can delete a whole GNU/Linux install - which some spoofers put on here awhile ago, claiming to make the system run faster - but they got kicked off and the message deleted as soon as it was discovered.

Rootkits are cross-platform - chrootkit is probably the better for Ubuntu users as 'rkhunter' will report stuff that is unexplainable because it was written for a different GNU/Linux system.

The wikipedia article is probably the best of the bunch and Wolfman was the first to report the Hand of Thief Banking virus on this forum.

Swarfendor437 wrote:The first one is in respect of GNU/Linux/Unix servers - not going to affect many Zorin users - there was a case where SysAdmins had become very lax and had not installed Server patches to GNU/Linux servers and they fell foul.

This should be a lesson to any user as well...make sure you install updates. And the OP title used the generic "Linux" not "Zorin" so I think the example applies. I think the point is that viruses, malware, et al are not limited to Windows. I have yet to meet the person that can write perfect code which explains the daily discovery of vulnerabilities detailed in the following link.
http://www.ubuntu.com/usn/

However anyone alarmed by the number of vulnerabilities above has to realize that the number of Windows vulnerabilities discovered daily is probably 1000 times what is found on Linux systems. Again, not because Windows is necessarily inherently more vulnerable or poorly coded but because thousands more people are looking for holes.

Ironically enough, I read an article where someone hoped the exodus off Windows XP didn't create a surge of Linux adopters. The reasoning was that if the percentage of Linux users becomes large enough, hackers may start spending more time looking for Linux vulnerabilities.

That or exploring people's ignorance of what certain commands can do to a machine. In fact if you want a safe machine you need to go back to this:

http://cdn.osxdaily.com/wp-content/uplo ... screen.jpg

The GUI (Graphical User Interface) is the weakest link, that and java and flash - I noticed in that wiki article about OpenOffice and security issues there back in 2007 - and I notice that the latest releases of LibreOffice have these security issues turned off!

Henriolavi wrote:I do not believe that the security risks will rabidly increase even if a nonsupported os is used. It is more question of that you can not get updates to the application softwares from the official support sources and also overall support is decreased over time. This is more an inconvenience issue than a big security problem in Linux. So you will have then more a personal responsibility to look that your computer will work according your needs.

It also depends on what you are doing with your computer. If it is a stand alone machine without net connection, so there is not any risks, but if net surfing and net banking is the main area of use then I see that the increasing security aspect should be considered, by giving additional focus to use updated browser and using safe connections and sources.

Thanks Henriolavi,

By "application software" do you mean external programs like Adobe flash player? That the main downside would be updating stuff like that?

Also, in this paragraph you say you don't see any real security difference between an unsupported distro like Zorin 6.1 or even earlier and a supported 8.0. Yet in your second paragraph you seem to contradict this and imply at least that there is a real difference so if you could clarify I'd sure appreciate. The concern here is of course about disruptive malware and/or loss of financial control using machine online.

If I had 6.1 in the past when it was supported and I downloaded updates would some of those updates been security updates just like microsoft critical updates?

Hi, Yes they would include security updates - when a Kernel is updated it is not just for drivers it is also security flaws - the same for any application that could be susceptible to 'memory stack overflow errors' that could allow a 'local' user to gain root privileges - one good reason to ditch 'remote desktop clients' and 'guest' account!

Hi

What I mean, when using a non supported distro then you, as user, have increased responsibility to keep your installed system safe as possible. This means that you may have need to update application softwares from other sources, like updates of your browser. It is often informed from your bank what browsers and its version is required to be used to be safe and to make an update if you use some old version. When upgrading or installing new software from other sources, you have also increased risk to be infected if you do not carefully look what you have downloaded and installing. Additional security aspect is that you have all data backups in a safe place if something hapends with the core system, so that you can isolate the virus infection or malware, clean it up and restore the core without loosing your data. All these actions are valid even if you use an officially supported distro, However it might be slightly easier to do and live with that.

I am not a security specialist, so there may be some shortcomings in my advice. However, I have learned something by experiencing different types of attacks to install to the system something that I don't want. I have separated as much as possible the locations of different os.es and data so that all are not infected or crashed from same attack or failure. Ie. I have only Windows on my HDD installed in dektop and the Zorin 8 Core on an USB Drive because I see a risk to install them alongside to the same HDD. I use different browsers, IE, FF and Chrome in different os.es so that all browsers and os.es are not infected now via synching.

https://help.ubuntu.com/community/Antivirus

Wolfman wrote:https://help.ubuntu.com/community/Antivirus

Great Link Wolfman!