this post was submitted on 02 Mar 2024
17 points (79.3% liked)

Linux

48413 readers
1113 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I secure systems for my day job. That means installing AV software, ensuring Windows Firewall is ON, etc. (Plus many other things...)

I've seen discussions around disk encryption here, but I don't recall much about a malware protection. Maybe a little about personal (desktop) firewalls.

I'm aware of Clam, etc, but is anyone actually using these tools much?

Or are we just presuming we're all immune from the bad guys targeting Windows?

all 17 comments
sorted by: hot top controversial new old
[–] [email protected] 23 points 9 months ago* (last edited 9 months ago) (3 children)
  • On Linux, you don't download random stuff from the internet, e.g. a new browser. You get it from a central source, usually package manager, where it is verified and secure.
  • Most stuff is open source, therefore we can check if it does weird stuff. Proprietary software is often seen critically in our community.
  • Linux is usually always updated because of the central update mechanism, so that vulnerabilities are fixed very quickly.
  • Linux has more granular permissions. There's no "allow nothing" (but still too much) or "give random software access to the whole device" like on Windows. Linux software is written to need only as many permissions as needed, but not much more.
  • Containers are big and crucial, especially when immutable distros grow more popular (even better security!). Many of use use Flatpak because of those pros. With them, we can give or remove every permission, like network access, file system, etc.
  • Antivirus is almost useless, it won't always work reliably, see it more as an additional measure. Many AVs are close to being malware themselfes. They may act as indicator, but not as safeguard for viruses.
  • If you share stuff with people using Windows, ClamAV is still handy.
  • We aren't safe from viruses too, but we try to minimize our attack vector as much as we can with those methods mentioned above.
  • Windows viruses can still be executed with WINE, so use Bottles (container for WINE) when running Windows software.
[–] [email protected] 4 points 9 months ago

the rhel machines at work are terrible specifically because of mcaffe av

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

On Linux, you don't download random stuff from the internet, e.g. a new browser. You get it from a central source, usually package manager, where it is verified and secure

Devs tend to make strong use of packages on GitHub, PyPi etc which have been targeted quite a bit with malware. Malicious snaps and

Linux software is written to need only as many permissions as needed, but not much more.

Hooboi. Depends on who writes the software. There are plenty of dumb devs for either OS, and I've had to yell at many for requiring their commercial software (built in Java with an X11/web front-end and exposed listening ports) run as root, usually because they didn't want to figure out the permissions needed to access a device. There's a surprisingly narrow intersection of devs who understand OS security and networking.

Linux is usually always updated because of the central update mechanism, so that vulnerabilities are fixed very quick

For OS packages, sure, but are all your Docker containers, snaps, flatpaks, and appimages updated whenever one of the underlying libraries had a significant vulnerability? How about that PPA, or the stuff you compiled from source a year ago?

Because people are increasingly using those for software not available on the base repositories

Linux users often have a false sense of security that leads them towards insecure practices, often for the same reasons as Windows users (I just want it to do X and work). While traditional signature-based antivirus doesn't help much for either OS, there are plenty of other controls to fill the space that most people/organizations can - but don't - implement on either OS.

On Linux, that includes strict management/review of software+code sources, SElinux/AppArmor enforcement, remote logging+review, and much more. These often conflict with Linux devs idea of "freedom" and thus area a hard sell.

[–] [email protected] 2 points 9 months ago (1 children)

Immutable distros aren't considered secure or reliable by the industry. You need SElinux to secure a device properly.

[–] [email protected] 3 points 9 months ago (1 children)

Definitely. Having SELinux or AppArmour is very important.
Image based distros still offer some security and reliability benefits, because they are reproducible and therefore issues can be fixed quicker and easier. Also, at least now, due to the read-onlyness of the core parts of the OS, you can't install malware as easily.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

On Fedora Atomic (only) any process running from the wheel user can install software without a password prompt. I am fixing this currently.

Also, SELinux is only in use for system processes, all user processes run unconfined.

[–] [email protected] 18 points 9 months ago

AV software is usually the antithesis of security.

Up-to-date software and especially not giving every random binary you find on the web execution permissions seemed to be much more effective.

[–] [email protected] 9 points 9 months ago* (last edited 9 months ago)

Scanning for malware is not really that effective and it probably shouldn't be relied apon. For Linux systems themselves I would look into SElinux as it can tightly control privileges.

Also many features of legitimate software could be considered malware. That includes things like Google analytics and DRM.

[–] [email protected] 5 points 9 months ago

On Linux, you install things from a repository, which is harder to install or execute a malicious binary. Reducing the risk of running binaries from unknown sources from internet, the risks are minimum if you keep your system always up to date, and on Linux is easier than on Windows, a single command to update each and any component on your system.

[–] [email protected] 4 points 9 months ago

I don't really bother with AV on my linux system. What I do is just use trusted software from my repos and run containerized applications.

What I am currently working on is using secure boot with a Unified Kernel Image (already doing that) that boot into a read-only /usr/ partition with verity + signature (one UKI only loads a certain partition with a specific signature, or nothing at all). Any other things I need I create a systemd sysext that gets overlayed ontop of /usr/ (also read-only) or they get installed as flatpak. For development I would just be using nspawn containers and podman/OCI containers for services that are outside of the other scopes.

This is all based on https://0pointer.net/blog/fitting-everything-together.html which is a nice write down of what I am doing/following.

That already covers a lot of different attack vectors by just not having my system be modifyable outside of my control or apps just being containerized.

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)

Disk encryption is purely for preventing local access to your data. Nothing else.

Then you only download software from official repos and flathub (see my list on how to only allow verified or FOSS apps)

You mount the entire rest of the system non-executable and you have no malware!

Also you should not have a sudo user, use a seperate admin with wheel/sudo group.

Those things dont work well yet, so be careful.

[–] [email protected] 3 points 9 months ago

What industry? Are you not already maintaining compliance with some security framework? https://www.bitsight.com/blog/7-cybersecurity-frameworks-to-reduce-cyber-risk

[–] Throwaway1234 2 points 9 months ago

Computing practices (like installing packages from trusted maintainers and the deliberate use (through filling in passwords) for granting privileged access etc.) on Linux are different than on Windows. This already ensures that -simply by the virtue of using Linux as it's intended- a Linux user is protected from complete classes of attacks.

Furthermore, the average Linux user is a lot more computer savvy compared to the average Windows user. And I haven't even mentioned the focus on FOSS, the security benefits through obscurity etc.

Of course, Linux isn't impenetrable. In fact, one might argue that its security frameworks on desktop are lacking compared to macOS and perhaps even to Windows (S mode).

Nonetheless, Qubes OS (i.e. the worlds most secure desktop OS) heavily relies and utilizes Linux to do its bidding.

To conclude, there's a lot of nuance to secure computing on Linux. But as long as its user (i.e. the biggest attack vector) holds on to best practices, it should be more than safe. Unless..., you seek protection against sophisticated adversaries and their targeted attacks. At that point, I wouldn't trust any desktop OS besides Qubes OS anyways.

[–] [email protected] 1 points 9 months ago (1 children)

<Or are we just presuming we're all immune from the bad guys targeting Windows?>

Yes, I find that does tend to be the attitude among most Linux articles/videos/etc I see on the subject. There's some truth to it, in that from what I understand Linux is immune to much of it, but it's not entirely true. Malware for Linux does exist, so IMO people should not be as complacent about malware as many seem to be, but the community based open-source nature of most Linux software helps mitigate it SOMEWHAT (NOT entirely, because it's dependent on trusting the community to both want to defend against it and have the skill to do so). Unlike Windows malware defense (to a degree, Windows patches have gotten leagues better than in the past), the primary way Linux stops malware is removing vulnerabilities before they can be exploited. It's another reason you won't see nearly as much Linux malware showing up as on Windows: it can't spread if there's no exploit to spread through. I do still run Clam and a firewall primarily for my own peace of mind because on my system aside from Clamd using a crap-ton of RAM they don't really slow it down to a visible degree. Long story short, Linux malware is indeed much rarer than Windows malware, but it does exist and I'm not keen on Linux media people giving the impression that security isn't something to watch for with Linux for the average user.

[–] [email protected] 3 points 9 months ago

The biggest threat on Linux is social engineering. It doesn't take much to get someone to open a file on Linux.