Never Hacked or Infected--Yet (Was: Re: End of life for FC12?)

Michael Miles mmamiga6 at gmail.com
Thu Nov 11 17:16:20 UTC 2010


James Mckenzie wrote:
> Tim<ignored_mailbox at yahoo.com.au>
>    
>> On Wed, 2010-11-10 at 10:36 -0800, Patrick Bartek wrote:
>>      
>>> Lack of the usual indicators, that is, no odd application behavior,
>>> no unusual slow-downs, no excessive CPU usage, no excessive or
>>> abnormal net (or hard drive) activity, no crashes or freezes, no
>>> strange log reports, no reports from friends about receiving spam
>>> e-mails from me that I never sent, etc.
>>>
>>> I've spent enough time fixing friends' infected Windows machines that
>>> I've gotten a "feel" for when something is amiss.  It's not a
>>> definitive feeling, just an indicator to start checking for something
>>> wrong.
>>>        
>> I've seen comments made that the usual things you notice with a hacked
>> Windows installation (where it's horribly sluggish and unstable), really
>> only apply to Windows.  Not to mention that an un-hacked, but otherwise
>> crappily maintained, Windows box behaves just the same.
>>
>>      
> Tim, Patrick, et. al.:
>
> These are all valid points.  I've said that Fedora is 'beta' software in the past.  Every effort is made by RedHat and the Fedora Project to insure that your system is stable, secure and safe.  However, there may be an unknown 'Zero Day' exploit or other security issue.  These exist throughout all operating systems, not just Linux.  Information security should be an ONGOING task.  You, as the system administrator, should know what is 'normal' for your system as far as CPU usage, memory usage and running processes.  Crackers will attempt to hide their activity, but if you know the normal indicators, you can discover them and remove/disable software installed by them.
>
> One of the key provisions of good systems security is never to run unmaintained and unmaintainable software.  When FC12 goes EOL and no longer receives security updates, it is time to update.  FC14 has issues, as does software that is 'bleeding edge' but it is not a bad idea to update to FC13 until the 'bugs' are worked out.
>
> Also, internal and external security software (read Firewalls, IDS/IPS) can be 'hacked' and rendered ineffective and thus should also not be relied upon.
>
> Lastly, there are two types of people in the security realm:
> 1.  Those who have not been breached and will.  Those people tend to say "I'm lucky and I'm not going to improve my security posture."  This includes malware infections (viruses, spyware and worms.)
> 2.  Those have been breached and now look like an armoured tank.  I'm the latter.  I have anti-virus software on my MacIntosh (there is ONE known in the wild virus/worm for the MacOSX platform), anti-spyware on my browser and other items (firewalls/ipfilters).  I was struck by the MonkeyB worm from a supposedly active system with anti-virus installed (but disabled.)  Virus infections can and do come from everywhere.
>
> Folks, please employ best security practices in your everyday computing.  The computer data you may save may be your own.  Windows is NOT the only platform with nasties, just the most popular.
>
> James McKenzie
> SSCP 367830 (yes, I'm a trained and certified security pro with lots of experience)
>
>    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Also, internal and external security software (read Firewalls, IDS/IPS) can be 'hacked' and rendered ineffective and thus should also not be relied upon.

I have been behind a router for the life of this computer and I have not 
had any problems with Fedora 12 being infected in any way. Can't say the 
same for my Win 7 installation on a Virtual Machine.

Does being behind the router make intrusion just harder or does it 
protect my machine better than say just a firewall with lots of rule sets?

I have been thinking of completely disabling my firewall since I do not 
have any computers connected to this computer.

Is this a safe practice or am I setting myself up for intrusion?

Michael







More information about the users mailing list