Linux uncrackable...?

Sun Sep 9 00:19:42 UTC 2012

On 09/03/2012 12:35 AM, jdow wrote:
> On 2012/09/02 20:25, JD wrote:
>>
>> On 09/02/2012 08:56 PM, Tim wrote:
>>> On Sun, 2012-09-02 at 09:46 -0700, jdow wrote:
>>>> My take away from this is that absolutely nothing except a totally
>>>> disconnected machine in an impenetrable safe is uncrackable, even
>>>> Fedora machines. Some form of "AV" tool is called for as well as
>>>> routine checks with the various system check utilities. Even that
>>>> won't prevent 100% of all attempts from succeeding. But it will help.
>>> Nothing is 100% bulletproof, there will always be some weakness.  The
>>> current state of play is to try an make sure that /that/ weakness isn't
>>> exposed, rather than eliminate all the weaknesses (which isn't really
>>> possible).
>>>
>> Yet, is it not amazing that with so many capable hackers
>> in the world poring over the open source software like Linux,
>> looking for these weaknesses have not publicized major
>> weaknesses that could cripple it - at least I have not been
>> jolted by such news in a long time.
>> It seems that the sheer size of the source code all of the free
>> open source software packages that comprise an installation
>> would be a powerful enough reason to make most such hackers
>> to grow quickly weary of such endeavor (to expose weaknesses).
>>
>> Cheers,
>>
>> JD
>
> Guys, consider something for a moment. There are CERT advisories against
> Linux (and most anything else) from time to time. Now, how were these
> discovered? Was it experts pouring over the code, was it somebody got
> cracked, discovered it, and reported it, or was it somebody noticed some
> odd packets and analyzed the vulnerability they were designed to exploit?
> Only one of those cases involves a Linux machine that was not cracked.
> The rest mean a vulnerability has been found one way or another and
> subsequently exploited or at least attempted in the wild.
>
> Deploying more than a minimalist defense gives you a better chance of
> not owning the first few systems that get exploited before the hole is
> plugged. Even if the chances are one in a million you'll face an exploit
> there if every person in Los Angeles owned a Linux machine that means
> several people in Los Angeles would suffer a bad case of computer flu.
>
> I have a "thing" about people who say you don't need an AV or other
> defense with Linux, "It's safe." That's been a mantra of the know
> nothings for nearly 20 years now. I've disagreed with it for nearly 20
> years now. So when this juxtaposition of an attempted exploit coupled
> with an advertisement on the site from which the attack took place
> touting Fedora it sort of amused me leading me to share my amusement
> with the list.
>
> (And, as noted, passwords are the easiest hole to exploit on Linux if
> the person leaves an SSH port "too open to the world." Thank heavens
> for my iptables defensive trick. Only two people have figured out how
> they can get more than one shot at logging into my system. And those I
> found before they'd had even 100 tries. I locked out their entire
> domain with a hard lock instead of the soft lockout that happens
> automatically. And I STILL worry. I am paranoid, perhaps. "They"
> certainly are out to get me. But it's not personal. They are out
> to get anybody they can.)
>
> {^_^}
So how would someone who's still a greenhorn to Linux protect their 
machine?...I refuse to install anything that's going to "charge" me for 
their product....(call it a glitch in my mental processes, but if I'm 
going to use "Free Open Source Software" then it should be "free"...no?) 
I cannot get a handle on ClamAV, it's too complicated for me, but I 
haven't seen anything that's available for Linux....any advice?...


EGO II