kanotix.com
General Support - spyware, trojans and viruses
puzzled - 04.09.2006, 13:50 Uhr
Titel: spyware, trojans and viruses
Hello All,
There's been quite a lot recently, again, in the papers about the fraudulent programs that install themselves on your computer and record your keystrokes.  Access to your credit card details and bank accounts is then quite easy, apparently.
Now I'm worried about this as I bank on line with 'Smile'.  This is a very well protected site with military standard encryption.  But if my keystrokes were to be recorded, this would be before they reach the Smile security bit.
As a happy Kanotix user, who knows nothing about Linux really, am I in danger here?  What can I do to safeguard my computer?  Is Linux at risk in general from malware?
Best,
Puzzled
hubi - 04.09.2006, 15:10 Uhr
Titel: spyware, trojans and viruses
puzzled,
that malware is usually written for windows (tm) systems and usually you have to run windows (tm) with administrator rights (unfortunally XP default) that malware is able to install itself.
Different story: security leaks in browsers often apply to any system the browser is installed on unless the OS is specified.
With linux you should be on the safe side when
- you log in as user, not as root
- use the newest browser version of any browser (here: firefox is usually quicker upgraded than mozilla)
What you cannot solve through technology is your behaviour, eg.
- giving your creditcard data to a backyard brothel
- throwing a receipt with your creditcard data into a bin on a motorway
What you cannot controll either is that your partner is a crook. Or do you trust everybody to whom you give your creditcard data? I usually trust technology more than an underpaid shopkeeper.
hubi
puzzled - 05.09.2006, 00:08 Uhr
Titel: 
Hi Hubi,
So I'm reasonably safe with Linux then.    I also burn all credit card receipts and all documents with my name and address on, at the appropriate time of course.  
What worries me most is the program that reads the keystrokes.  Can they be installed on my computer when I'm only connected to the Web as 'user', and if I don't open attachments from anyone I don't recognise?
Thanks for your reply.
kb0hae - 05.09.2006, 01:00 Uhr
Titel: 
Hi.  My advice is that you shoud NOT EVER EVER EVER open  ANY email attachments even if it says it is from your best friend!!  Why?  Because a virus may have gotten on your best friend's computer.  One thing that many viruses do these days  is to read your address boot, and send out copies of itself attached to emails to everyone in your address book.  If one of your friends opens the attachment, they get the virus, and the process starts over.  The same virus may do other bad things to your computer, such as making your computer part of a "bot net", corrupting files, searchinng for personal info and emailing it to folks that you DON"T want to have that info and other nasty things.  
While Linux (when set up and used properly) is not nearly as vulnerable as Windows, it is not totally imune to viruses, trojans, adware, and spyware.  
That said, if you are carefull yes you are reasonably safe using Linux.
piper - 05.09.2006, 01:06 Uhr
Titel: 
The safest computer is one that does not have internet connection !
Have a look here
hubi - 05.09.2006, 01:12 Uhr
Titel: 
Technologically you should be on a very safe side on Linux. Even on Windows 2000 I never experienced security issues (never started with admin rights, all patches installed, no IE, not needed ports and services turned off).
Linux per default you fire up as simple user, and if you do administration, it is quite easy to give one special program root-rights. Trojan hooks for keyloggers are usually written for IE, and they use unpatched security holes in unpatched Windows boxes which are running with admin rights.
Malware in mail-attachments are usually written for Windows, you cannot install them on a Linux box. Even if there were a malware for Linux, it would be quite a tough job to install it (save it and run a script in a console ... well, you would not do that). 
You can find first informations on Kanotix and security here (scroll down):
http://linux.kopporama.de/en/km_config.html
As a rootkit detection app I usually use rkhunter, which is not mentioned there. But it is very, very unlikely that somebody attacks you with a rootkit, usually a person has to conduct the attack by himself.
Regarding secure browsers, you can also use Opera on Kanotix, you find it here: www.opera.com. They provide an easy installable file for Debian Sid (the main source for applications here), which has the postfix .deb.
More information about security threats for Linux you will find at websites of professional security companies (trend-micro, kapersky, bitdefender, symantec etc.), so you can get a picture on your own about possible security threats on Linux.
About the two types of key loggers:
1. Hardware keyloggers:
well, that's secret service stuff. Somebody has to attach that to your keyboard or whereever. No threat for you.
2. Software keyloggers:
There are of course such programs for Linux, but one has to be root to install them. They more or less cannot be smuggled in. Well, you can install one by yourself, there is at least one in the Debian repository. But you have to be root to do that, it cannot be smuggled in.
Even if Linux would be worthwile for an attack, because so many users are having Linux on there Desktops, it still would be very difficult:
a) it is very difficult to attack a Linux box because of it's structure
b) there is so much diversity (so many distributions, so many applications)
c) you can even enhance structural security e.g. with SE Linux
More or less all distributions are very secure by default installation (no tweaking needed), you can increase security by using a router, and when you get into the system, possibilities for hardening Linux for protecting critical information are sheer endless. As normal desktop user you usually just need to install patches and updates (here at Kanotix upgrades - but that's the special beauty of Kanotix with Debian Sid).
For your needs, probably any other OS than Windows is quite secure per default (Linux, BSD Unix, Mac OS X), and even an XP Pro you get get quite secure, but that needs some tweaking, because the standard install prefers usability over security.
Greetings
hubi
hubi - 05.09.2006, 01:16 Uhr
Titel: 
piper,
don't forget to put the box into a military grade bunker (no windows, doors, wireing to the outside world).  
And your link is very informative, thx for that.
hubi
piper - 05.09.2006, 01:49 Uhr
Titel: 
The following are viruses in the Linux Group
DeepDayze - 05.09.2006, 02:19 Uhr
Titel: 
The only way to get infected with those viruses is to be running your system as root. If running as an ordinary user, they would not really work.
piper - 05.09.2006, 02:19 Uhr
Titel: 
hubi
hehe, very true lol
piper - 05.09.2006, 02:21 Uhr
Titel: 
DeepDayze hat folgendes geschrieben::
The only way to get infected with those viruses is to be running your system as root. If running as an ordinary user, they would not really work.
The point was how many there are period for linux  compared to  rootkit  errrr  windows or you can be running wine or vmware
 compared to  rootkit  errrr  windows or you can be running wine or vmware
Swynndla - 05.09.2006, 02:24 Uhr
Titel: 
To inadvertently install a keylogger, please do the following simple steps:
1) Stumble across an app that has a keyloger hidden inside.  What? ... you only install open source? ... then how will you find an app the has one secretly inside?  Please make sure you find a closed source app.  Especially stumble away from the debian repo's, as thousands of paranoid security people read through those sources.  Heaps for windows, but can't find one for linux? ... well maybe if you're lucky enough, one day someone might send you one from a dodgy place.
2) Without realizing what you're doing, save the closed source app that came from the non-reputable place on your pc.  No, no, no, viewing or "double-clicking" the attachment in an email just wont do, linux doesn't have that feature sorry.
3) Then, by complete accident, open up a command line shell and change the permisions of the file to be executable.  You have to do this accident or the app wont run  
4) Now that app wont have any real power unless you do one more mistake.  Get a bad case of fat-finger-syndom and instead of typing "security benefits of linux" in google, log into the shell command line as root, and give root password by the same fat-finger-syndom, and then give the command to run the app.
That's why you see so many trojans in linux, because it's so darn easy to slip up and click the wrong thing or press the wrong button as above and be caught completely unawares.  You'd think they would have designed linux better.
piper - 05.09.2006, 02:32 Uhr
Titel: 
Swynndla
Now I have to clean my monitor   
windows users....................and their windows problems ..........................
DeepDayze - 05.09.2006, 03:06 Uhr
Titel: 
I'd still think that careful computing, regardless of OS(whether Windows or Linux) is the safest defense from nastyware.
THINK BEFORE YOU CLICK  
puzzled - 05.09.2006, 10:00 Uhr
Titel: 
Hello Fellas,
Well, I had no idea that the subject was so wide and so complex.  And I also had no idea that people used keyloggers voluntarily on their own computers for their own purposes.
I am  re-assured that I'm pretty safe using Kanotix but I shall still study closely what you all have posted to make sure it gets into me noggin. It will take me a little time as I ain't the man I used to be when I was younger.  But starting from now I'll never open an attachment again....
I'm impressed with the cleverness and knowledge that you've shared with me and want you to know that I am really grateful for this.  Many, many thanks.
Best wishes,
puzzled
kb0hae - 07.09.2006, 05:25 Uhr
Titel: 
Piper...Don't forget putting the computer inside a grounded Faraday Cage!  That way no one can read the RF emmissions from the monitor, processor etc...  
 
For those who don't know what a Faraday Cage is, its a cage (that completely surrounds the selected room(s) and/or objects) made from verr fine copper screen where each wire in the screen is bonded to every other wire it touches and the whole thing is well grounded.  This is done to eliminate RF signals from getting in or out of the cage.
piper - 07.09.2006, 15:20 Uhr
Titel: 
kb0hae
Damn, how did I forget that, very, very important !!!!  roflmao  
The_Seeker - 07.09.2006, 18:35 Uhr
Titel: 
Like Gene Hackman's character in Enemy of the State?   
Alle Zeiten sind GMT + 1 Stunde
PNphpBB2 © 2003-2007