Fedora 18 security questions.

Sam Varshavchik mrsam at courier-mta.com
Thu Mar 21 23:56:24 UTC 2013 

William Mattison writes:

> malware.  What does Linux have corresponding to that?  I'm just about  
> certain that my old Linux system is infected with working spyware.

I have never heard of spyware on Linux.

>                                                                   I'd like  
> to have something like security essentials, malwarebytes, etc. on my new  
> Linux system.

Security essentials, malwarebytes, etc.'s sole reason for existence is the  
fundamentally flawed technical design of the underlying operating system,  
namely the fact that it's a single user system, with the user having total  
access to all files an executables on the system. Although recent vintages  
of MS Windows have introduced concepts such as, supposedly, separate user  
and admin accouns, it works about just as well as a bandaid on a constantly  
bleeding wound.

Even let's hypothetically say there's an exploit in Firefox that can be used  
to inject executable code, through a malicious web page, once running the  
code will have no way to overwrite Firefox's binary executable, and implant  
itself in Firefox, or any other operating system executable. As soon as you  
log out or reboot, it's gone. The scope of the damage is limited to wiping  
files in your home directory, and that's about it.

An actual infestation, that's similar in nature as it would be on MS  
Windows, would also simultaneously require an exploit in the Linux kernel  
itself. Although I do recall, offhand, a couple of kernel privilege  
escalation exploits that have come out at some point in the past, I can't  
recall more than 2-3 in the last 20 years, and they've generally been fixed  
up in a matter of days.

Probably the most that could be accomplished, on a persistent basis, would  
be browser-based spyware, a malicious Firefox plugin that installs itself.  
But that would stick out like a sore thumb, in about:plugins, and even if  
the plugin somehow manages to figure out how to corrupt Firefox, once it  
starts, to hide itself, it would still be trivially identifiable, and  
trivially disabled, like Firefox has recently auto-disabled certain  
malicious plugins.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130321/d6cb25f8/attachment.sig>

More information about the users mailing list