Re: Fedora 18 security questions.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

William Mattison writes:
malware. What does Linux have corresponding to that? I'm just about certain that my old Linux system is infected with working spyware. 

I have never heard of spyware on Linux.
I'd like to have something like security essentials, malwarebytes, etc. on my new Linux system.
Security essentials, malwarebytes, etc.'s sole reason for existence is the fundamentally flawed technical design of the underlying operating system, namely the fact that it's a single user system, with the user having total access to all files an executables on the system. Although recent vintages of MS Windows have introduced concepts such as, supposedly, separate user and admin accouns, it works about just as well as a bandaid on a constantly bleeding wound.
Even let's hypothetically say there's an exploit in Firefox that can be used to inject executable code, through a malicious web page, once running the code will have no way to overwrite Firefox's binary executable, and implant itself in Firefox, or any other operating system executable. As soon as you log out or reboot, it's gone. The scope of the damage is limited to wiping files in your home directory, and that's about it.
An actual infestation, that's similar in nature as it would be on MS Windows, would also simultaneously require an exploit in the Linux kernel itself. Although I do recall, offhand, a couple of kernel privilege escalation exploits that have come out at some point in the past, I can't recall more than 2-3 in the last 20 years, and they've generally been fixed up in a matter of days.
Probably the most that could be accomplished, on a persistent basis, would be browser-based spyware, a malicious Firefox plugin that installs itself. But that would stick out like a sore thumb, in about:plugins, and even if the plugin somehow manages to figure out how to corrupt Firefox, once it starts, to hide itself, it would still be trivially identifiable, and trivially disabled, like Firefox has recently auto-disabled certain malicious plugins.

Attachment: pgp3hSAH313x7.pgp
Description: PGP signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux