Linux uncrackable...?

[jdow]

On 2012/09/08 17:19, Eddie G. O'Connor Jr. wrote:
> On 09/03/2012 12:35 AM, jdow wrote:
>> On 2012/09/02 20:25, JD wrote:
>>>
>>> On 09/02/2012 08:56 PM, Tim wrote:
>>>> On Sun, 2012-09-02 at 09:46 -0700, jdow wrote:
>>>>> My take away from this is that absolutely nothing except a totally
>>>>> disconnected machine in an impenetrable safe is uncrackable, even
>>>>> Fedora machines. Some form of "AV" tool is called for as well as
>>>>> routine checks with the various system check utilities. Even that
>>>>> won't prevent 100% of all attempts from succeeding. But it will
>>>>> help.
>>>> Nothing is 100% bulletproof, there will always be some weakness.  The
>>>> current state of play is to try an make sure that /that/ weakness
>>>> isn't exposed, rather than eliminate all the weaknesses (which isn't
>>>> really possible).
>>>>
>>> Yet, is it not amazing that with so many capable hackers in the world
>>> poring over the open source software like Linux, looking for these
>>> weaknesses have not publicized major weaknesses that could cripple it -
>>> at least I have not been jolted by such news in a long time. It seems
>>> that the sheer size of the source code all of the free open source
>>> software packages that comprise an installation would be a powerful
>>> enough reason to make most such hackers to grow quickly weary of such
>>> endeavor (to expose weaknesses).
>>>
>>> Cheers,
>>>
>>> JD
>>
>> Guys, consider something for a moment. There are CERT advisories against
>> Linux (and most anything else) from time to time. Now, how were these
>> discovered? Was it experts pouring over the code, was it somebody got
>> cracked, discovered it, and reported it, or was it somebody noticed some
>> odd packets and analyzed the vulnerability they were designed to exploit?
>> Only one of those cases involves a Linux machine that was not cracked. The
>> rest mean a vulnerability has been found one way or another and
>> subsequently exploited or at least attempted in the wild.
>>
>> Deploying more than a minimalist defense gives you a better chance of not
>> owning the first few systems that get exploited before the hole is plugged.
>> Even if the chances are one in a million you'll face an exploit there if
>> every person in Los Angeles owned a Linux machine that means several people
>> in Los Angeles would suffer a bad case of computer flu.
>>
>> I have a "thing" about people who say you don't need an AV or other defense
>> with Linux, "It's safe." That's been a mantra of the know nothings for
>> nearly 20 years now. I've disagreed with it for nearly 20 years now. So
>> when this juxtaposition of an attempted exploit coupled with an
>> advertisement on the site from which the attack took place touting Fedora
>> it sort of amused me leading me to share my amusement with the list.
>>
>> (And, as noted, passwords are the easiest hole to exploit on Linux if the
>> person leaves an SSH port "too open to the world." Thank heavens for my
>> iptables defensive trick. Only two people have figured out how they can get
>> more than one shot at logging into my system. And those I found before
>> they'd had even 100 tries. I locked out their entire domain with a hard
>> lock instead of the soft lockout that happens automatically. And I STILL
>> worry. I am paranoid, perhaps. "They" certainly are out to get me. But it's
>> not personal. They are out to get anybody they can.)
>>
>> {^_^}
> So how would someone who's still a greenhorn to Linux protect their
> machine?...I refuse to install anything that's going to "charge" me for their
>  product....(call it a glitch in my mental processes, but if I'm going to use
>  "Free Open Source Software" then it should be "free"...no?) I cannot get a
> handle on ClamAV, it's too complicated for me, but I haven't seen anything
> that's available for Linux....any advice?...
>
>
> EGO II

rkhunter is one tool. chkrootkit is another. ClamAV is something that can
scan email and web browsing to catch threats that are not brand new.

Threats usually take enough time to spread that rapidly updating AV tools
like ClamAV can keep most people uninfected. The other two tools are
somewhat effective attempts to detect modifications to files or other
droppings that a rootkit or malware might leave lying around your system.
Their effective use depends on you keeping a good diary of changes you
make to your system.

{^_^}