Malware found in Gnome screensaver
Vahis
Vahis
--
"Sunrise 9:17am (EET), sunset 3:09pm (EET) at Espoo, Finland (5:52 hours daylight)"
http://waxborg.servepics.com
Linux 2.6.25.20-0.5-default #1 SMP 2009-08-14 01:48:11 +0200 x86_64
6:36pm up 41 days 23:37, 15 users, load average: 1.04, 0.54, 0.37
SM
> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html
Installing software Windows-style yields Windows-style results.
--
kasmra
:wq
MarcB
> 2009-12-11, Vahis skribis:
>> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-
ubuntu.html
>
> Installing software Windows-style yields Windows-style results.
>
So this leads to the conclusion that linux is not very much safer than
windows. If in windows people only install SW from trusted sources,
there is no malware or virus problem either.
Linux virusses or malware cannot access the system itself without root
permissions, but they have access to the home directory where
user data is stored, and this user data may contain usefull info
for criminals to enable them to do identity theft things.
I dumped windows for some time now, but if I read this, it seems
that the only additional linux security perimeter is the trusted repo's
from the distro itself, and more things like SELINUX which is too
complex to configure for average PC users.
--
MarcB
SM
> SM wrote:
>
>> 2009-12-11, Vahis skribis:
>>> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-
> ubuntu.html
>>
>> Installing software Windows-style yields Windows-style results.
>>
> So this leads to the conclusion that linux is not very much safer than
> windows. If in windows people only install SW from trusted sources,
> there is no malware or virus problem either.
To a much lesser extent, I'd imagine. OTOH, such scenario is not likely
to exist.
> Linux virusses or malware cannot access the system itself without root
> permissions, but they have access to the home directory where
> user data is stored, and this user data may contain usefull info
> for criminals to enable them to do identity theft things.
>
> I dumped windows for some time now, but if I read this, it seems
> that the only additional linux security perimeter is the trusted repo's
> from the distro itself, and more things like SELINUX which is too
> complex to configure for average PC users.
Despite Linux being inherently more secure than Windows, as you point
out, the main problem still exists between the chair and the keyboard.
Installing random .debs (cool-screensaver.deb???) from the Web, running
havoc as root and other similar Linux newcomer mistakes eventually mess
up one's system, whichever the OS. Kind of a worn out fact, but still
valid.
--
kasmra
:wq
J.O. Aho
> SM wrote:
>
>> 2009-12-11, Vahis skribis:
>>> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-
> ubuntu.html
>> Installing software Windows-style yields Windows-style results.
>>
> So this leads to the conclusion that linux is not very much safer than
> windows. If in windows people only install SW from trusted sources,
> there is no malware or virus problem either.
Microsoft has released versions of their OS with viruses presintalled on the
install CD, so no, I wouldn't say that it would be as safe as use as Linux (if
we would disregard all the other problems with microsofts products).
> Linux virusses or malware cannot access the system itself without root
> permissions, but they have access to the home directory where
> user data is stored, and this user data may contain usefull info
> for criminals to enable them to do identity theft things.
Usually you can only access one users data this way, compared to accessing all
users data in a microsoft system. Far better that they get just one bank login
in than both.
> I dumped windows for some time now, but if I read this, it seems
> that the only additional linux security perimeter is the trusted repo's
> from the distro itself, and more things like SELINUX which is too
> complex to configure for average PC users.
You never know what a 3rd party has done with software, regardless of the OS
you use, at least in the Linux world you have a high number of applications
that has been checked for your to be free of trojans, how many third party
applications does microsoft or Apple check for you?
Don't forget that even a default GNU/Linux is securer to use than what you get
from microsoft, of course if you have the time to configure SELinux, then you
get something that is more secure than microsoft can offer.
--
//Aho
Mike Jones
> SM wrote:
>
>> 2009-12-11, Vahis skribis:
>>> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-
> ubuntu.html
>>
>> Installing software Windows-style yields Windows-style results.
>>
> So this leads to the conclusion that linux is not very much safer than
> windows.
If you follow propogated M$ FUD output that is.
So, some end users installed software from an online resource not famous
for it's software integrity checking, and something went wrong. All that
does is highlight that sloppy administration leads to problems. Thats not
a Linux problem, its an admin problem.
As always, Linux is as secure as it's admin makes it, or as insecure as
it's admin makes it, while Windows continues to be a virus magnet and the
same old rehashed maleware platform it always has been.
The key difference is that no matter how hard you try, and how much money
you spend trying to secure Windows, failure is built in at the root,
whereas Linux requires deliberate action to compromise what is otherwise
still a rock solid and well secure(able) OS.
FWIW, what started out as a joke does seem to be manifesting into a
reality though, as clicky-bot "Do it for me" Windows migrants do the same
dumb things with (typically Ubuntu) Linux as they did with Windows. You
can almost hear the cry of all those Linux developers, "Oh noes! Look
what they did to my dream!"
Score to date (recent), Linux (theoretical) virus problems = possibly
two, Windows, more than you can count, daily. Effects? Linux plus dumb
admin = some, occassionally, with Windows, many, often, and ongoing.
IOW, consider your assumptions challenged. ;)
--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
MarcB
My post was in no way ment as linux bashing,
If it looks like that, I am sorry for that but English is not my
native language, so I'm glad this post did not end up in a flame war.
It was just the feeling I had when reading the malware
post like "Oh no, the same thing is now propagating to linux".
I changed to Linux just to get rid of the virus/malware and because
I know linux from my work at a telecom operator (almost all telephone
exchanges of major manufaxtureres like Alcatel and Avaya run on linux)
I am still experiencing the virus and malware hell with my daughters
laptop. She clicks on everything that comes across and each few months
I need to reload a disc image because her PC slows down to a level that
makes it unusable.
--
MarcB
Mike Jones
No flames sought or desired.
FWIW, while that repeated virus infestation problem is occuring, you have
no idea just what is being done to or with your daughter's laptop. It may
be being used as a relay for any kind of illegal stuff, and you and her
names will be permanently in many security databases as a result as
suspects as a result.
This is something that constantly amazes me about the average
click'n'pray WinBot, that they consider malware to be nothing more than a
computer version of house dust that just needs vacuuming up every so
often when it becomes a problem too large to ignore. Each and every
infestation is one too many, and you will have no idea what its actually
doing on that internet connected machine your daughter types all kinds of
details into about herself, her friends, and her family.
The fact she collects so much, so fast, so often, should be ringing alarm
bells for you, surely? Just what kind of internet resources is she and\or
her peer group connecting to to get hit so often and so much?
Can you see what I'm looking at here?
Jasen Betts
> SM wrote:
>
>> 2009-12-11, Vahis skribis:
>>> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-
> ubuntu.html
>>
>> Installing software Windows-style yields Windows-style results.
>>
> So this leads to the conclusion that linux is not very much safer than
> windows. If in windows people only install SW from trusted sources,
> there is no malware or virus problem either.
with the notable exception of "0 day exploits" but the same applies to
linux
> Linux virusses or malware cannot access the system itself without root
> permissions, but they have access to the home directory where
> user data is stored, and this user data may contain usefull info
> for criminals to enable them to do identity theft things.
> I dumped windows for some time now, but if I read this, it seems
> that the only additional linux security perimeter is the trusted repo's
> from the distro itself, and more things like SELINUX which is too
> complex to configure for average PC users.
Ubuntu ships with selinux installed, I didn't know it was there until
I wanted to create a script to open a custom email client to mail a
PDF when the user prints something.
Phil Gilmer
you from getting malware when you explicitly install it. What was done
here was social engineering where you were tricked into installing it.
What Linux does protect you from (and Windows doesn't, at least by
default) is to protect you from software that you DIDN'T install.
Because you a) don't normally run with elevated privileges and b) don't
run Windows, you are safer from malware than are folks who do.
Nothing will help if you don't know what it is you install.
Jasen Betts
> Despite Linux being inherently more secure than Windows, as you point
> out, the main problem still exists between the chair and the keyboard.
> Installing random .debs (cool-screensaver.deb???) from the Web, running
> havoc as root and other similar Linux newcomer mistakes eventually mess
> up one's system, whichever the OS. Kind of a worn out fact, but still
> valid.
havoc?
SM
> On 2009-12-12, SM <kas...@ne-spamon.gmail.com> wrote:
>> Installing random .debs (cool-screensaver.deb???) from the Web, running
>> havoc as root and other similar Linux newcomer mistakes eventually mess
>> up one's system, whichever the OS.>
>
Creating directories outside userland such as /My Photos,
careless sudoing (mostly *buntu-related) in similar manner, "how can I
login to GNOME session as root?" etc etc...
Actually all of the above sounds *buntu-related :P
--
kasmra
:wq