Linux and SpyWare?
Robin Laing
Robin.Laing at drdc-rddc.gc.ca
Thu Feb 3 16:30:08 UTC 2005
Scot L. Harris wrote:
> On Wed, 2005-02-02 at 12:21, Tim Alberts wrote:
>
>>Is Linux vulnerable to SpyWare and if so, what are some tools to deal
>>with it? Any specific SpyWare tools, I don't mean hacking into iptables
>>manually.
>
>
> So far spyware for linux systems has not been as much of a problem as it
> is for windows. You may still want to flush the cookies you collect (or
> disable them entirely, your choice), that seems to be one type of
> spyware that allows them to track you.
>
> There are a couple of programs you may want to install.
>
> chkrootkit is a good one as well as rkhunter. These look for
> indications that your system has been hacked and one of the many
> different root kits have been installed on your system. Good to run
> periodically or if you suspect a problem.
>
> Another good one is tripwire. Tripwire generates a database that is
> used to look for changes on the system. Once you have it setup
> completely it will run a report nightly looking for changes to critical
> files both binaries and configuration files. If any changes are
> detected it will report them to you and you can investigate further.
> Takes some effort to setup correctly. I have setup a filter that marks
> the reports as read or not read depending on if they are clean or not.
> That way each morning I know immediately if something has changed on my
> system without having to even open up the report.
>
> Besides that use good passwords, don't login as root (use su - only when
> needed), use iptables, put a NAT/firewall between your LAN and the cable
> modem, and don't trust anyone.
>
> Remember: Paranoia is not just a state of mind, it is a life style. :)
>
It is impossible to totally eliminate cookies but I use session
cookies and this helps to keep the count down. I do have my Mozilla
setup to allow me to accept or refuse cookies as I prefer. This
limits some of the tracking. Of course on some sites this is not
allowed so I just go someplace else.
--
Robin Laing
More information about the users
mailing list