Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Linux

After 8 Years of Remote-Access Trojans Attacks, Can We Still Say Linux is Secure? (linuxsecurity.com) 139

Remember when BlackBerry reported Advanced Persistent Threat groups have been infiltrating critical Linux servers for at least eight years? What's the lesson to be learned?

LinuxSecurity Founder Dave Wreski argues "Although it may be easy to blame the rise in attacks targeting Linux in recent years on security vulnerabilities in the operating system as a whole, this is simply not the truth. The majority of exploits on Linux systems can be attributed to misconfigured servers and poor administration."

Writing for Linux Security, Slashdot reader b-dayyy gathered some additional responses: Some experts argue that it is the popularity of Linux that makes it a target. Joe McManus, Director of Security at Canonical, explains: "Linux and, particularly Ubuntu, are incredibly secure systems but, that being said, it is their popularity that makes them a target." Ian Thornton-Trump, a threat intelligence expert and the CISO at Cyjax, adds: "From an economic and mission perspective, it makes sense for a threat actor to invest in open-source skills for flexibility and the ability to target the systems where the good stuff is happening."

Despite the increasing number of threats targeting Linux systems, there is still a sound argument for the inherent security of Linux, which can be attributed to the core fundamentals of Open Source. Due to the transparency of open-source code and the constant scrutiny that this code undergoes by a vibrant global community, vulnerabilities are identified and remedied quicker than flaws that exist in the opaque source code of proprietary software and operating systems. Threat actors recognize this, and are still directing the majority of their attacks at proprietary operating systems.

These attacks do; however, serve as a much-needed wakeup call for the security community that more needs to be done to protect Linux servers. BlackBerry's report reveals that security solutions and defensive coverage available within Linux environments is "immature at best". Endpoint protection, detection and response products are inadequately utilized by too many Linux users, and endpoint solutions available for Linux systems are often insufficient in combating advanced exploits. Eric Cornelius, Chief Product Officer at BlackBerry, evaluates: "Security products and services that support Linux, offerings that might detect and give us insight into a threat like this, are relatively lacking compared to other operating systems, and security research about APT use of Linux malware is also relatively sparse."

This discussion has been archived. No new comments can be posted.

After 8 Years of Remote-Access Trojans Attacks, Can We Still Say Linux is Secure?

Comments Filter:
  • by Presence Eternal ( 56763 ) on Saturday April 18, 2020 @08:46PM (#59963738)

    I'm not an expert in Linux security permissions, but I do have experience in the utterly asinine Windows permissions.

    "You can't access that directory."
    "I'm an admin."
    "You can't access that directory."
    "Uh, make me the owner of that directory."
    "Ok."

    Why? Just...why?

    • by spongman ( 182339 ) on Saturday April 18, 2020 @09:02PM (#59963794)

      unless you're SYSTEM, you're not an admin.

    • by Gadget_Guy ( 627405 ) on Saturday April 18, 2020 @09:55PM (#59963932)

      "Uh, make me the owner of that directory."

      Like the summary says, it comes down to poor administration if you don't know how to look at and edit permissions of directories on Windows. What you are doing would be like using chown in place of chmod on Linux.

      • I'm pretty sure you're right, and I'm pretty sure you got bogged down in specifics and missed the blindingly obvious point I was making. This is very fitting, given the topic.

      • by Junta ( 36770 )

        We was simply expressing a bit of surprise at Windows security model default configuration. Even an administrator is not administrator any more. However, he can't access a directory, which is confusing as he is admin, but then he can just change ownership and access it anyway, which seems silly.

        In Linux, you can have the makings of this, but by default root is unfettered and non-root can't do anything. Now if you start playing with capabilities, you can have that. So while root user has both chown and DAC

    • I'm not an expert in Linux security permissions, but I do have experience in the utterly asinine Windows permissions.

      "You can't access that directory."
      "I'm an admin."
      "You can't access that directory."
      "Uh, make me the owner of that directory."
      "Ok."

      Why? Just...why?

      With Linux, try reading files you don't own on an NFS mount when you're root. Doesn't work there either.

      • by Junta ( 36770 )

        That is up to the nfs server. A client says they are root and the server by default remaps to nobody because by default it considers the client machine as having no business being root (though you can no_root_squash).

        • I've never had much luck explaining that to users. They just keep telling me that they "have permission" and I keep telling them that they really don't, and quit trying to run "sudo" commands in your NFS home directory.

    • Yeah, Iâ(TM)ve always loved that one!

      Windows is the ultimate in Security Theater...

    • by rastos1 ( 601318 )

      $ chown rastos /bin
      chown: changing ownership of '/bin': Operation not permitted

      What are you talking about?

    • by AmiMoJo ( 196126 ) on Sunday April 19, 2020 @03:05AM (#59964468) Homepage Journal

      Because the act of taking ownership of a directory requires user interaction in that scenario. With the default settings the screen goes dark and you get a UAC prompt front and centre asking you to confirm that you want to take ownership.

      Therefore any malware running under your user account can't simply take ownership. It would have to trick you into accepting the UAC prompt as well.

      This is a really good idea. Admin accounts should not be all powerful, certain actions should require confirmation even for root.

      And by the way you are doing it wrong. You just need to edit the permissions on the directory, you don't need to take ownership.

    • "Some experts argue that it is the popularity of Linux that makes it a target."

      Oh, the irony...

    • Why? Just...why?

      To trigger a UAC prompt and prevent the user accidentally executing malware under their admin privileges that would be able to do it automatically.

      The extra hoop is a specific security feature. A feature which you may not be using if you disabled UAC. Even admins trigger UAC because an Admin is not "root" they are merely a very privileged poweruser that can trigger certain actions using "system" privileges but can't actually log in with such privileges.

      Years of idiots running Windows as admin users, and Lin

  • FUD (Score:4, Insightful)

    by sixoh1 ( 996418 ) on Saturday April 18, 2020 @08:47PM (#59963746) Homepage

    Excellent work "BlackBerry" - this is the same FUD we got all through the late 90s, remember the slapper worm, that one was "proof" that Linux was insecure, although if you actually read the details the worm is in Apache/OpenSSL. Heartbleed, same thing. I dont recall ever hearing about a kernel level worm...

    • Re:FUD (Score:5, Insightful)

      by phantomfive ( 622387 ) on Saturday April 18, 2020 @09:02PM (#59963796) Journal
      A Trojan is a program that tricks you to install it, then does something malicious (that's the basic idea). A secure OS can have a trojan.

      The headline is not only wrong, the person who wrote it is ignorant to even think it.
    • Re:FUD (Score:5, Insightful)

      by lgw ( 121541 ) on Saturday April 18, 2020 @09:04PM (#59963804) Journal

      remember the slapper worm, that one was "proof" that Linux was insecure, although if you actually read the details the worm is in Apache/OpenSSL. Heartbleed, same thing. I dont recall ever hearing about a kernel level worm...

      Of course, Windows was the same way, for the past 15 years or so. Once the last of the Win95-legacy was put down.

      TFS makes the excuse that the weaknesses are mostly due to poorly configured/administered servers, but usability is a core part of security. If people can't figure out how to lock the door, it's a problem with the design. If people don't bather to lock the door, because it's overly inconvenient, it's a problem with the design. Humans with all our flaws must be included in any security planning. This is why "default to secure" is good. This is why "elevate to the least needed access" is good.

      People will screw up, and people will be lazy. Designing for that is required for good security. Stop designing things where it takes an expert to make it secure. Design things so that it takes an expert to weaken security, where the admin thinks that's the right trade-off.

      • Re:FUD (Score:4, Insightful)

        by Bert64 ( 520050 ) <bert@NOSpaM.slashdot.firenzee.com> on Saturday April 18, 2020 @10:35PM (#59964042) Homepage

        Vulnerabilities in apache/openssl/etc are cross platform and can affect any system where this software has been installed...

        TFS makes the excuse that the weaknesses are mostly due to poorly configured/administered servers, but usability is a core part of security. If people can't figure out how to lock the door, it's a problem with the design

        Usually a Linux server is quite secure by default, it will have at most an ssh service exposed remotely, modern distros will force some level of password strength and won't allow you to login remotely as root. Contrast with windows which even in a non-server configuration runs SMB and a whole bunch of RPC services under a high privileged user by default.

        Generally when a linux server is insecure, it's because the user has explicitly unlocked the door, not left it unlocked. These days linux servers are typically being compromised via insecure webapps and weak passwords. This is not a case of totally clueless people putting default installs out there, this is people who think they're more competent than they really are, or who know what they're doing but aren't given the time/budget to do things properly.

        And exploiting linux servers hasnt just happened for 8 years, people have been attacking them for a lot longer than that. Back in the 90s, linux distributions would typically come with all kinds of unnecessary services by default and exploits of the default configuration were very common

        • by lgw ( 121541 )

          Contrast with windows which even in a non-server configuration runs SMB and a whole bunch of RPC services under a high privileged user by default.

          Consumer windows has a lot of consumer convenience stuff running, but then Ubuntu isn't exactly stripped down either. Don't compare a Linux server distro to consumer Windows. Windows Server is very bare bones by default. (And of course it doesn't run SMB, which is a reverse-engineering of CIFS.)

          Generally when a linux server is insecure, it's because the user has explicitly unlocked the door, not left it unlocked. These days linux servers are typically being compromised via insecure webapps and weak passwords. This is not a case of totally clueless people putting default installs out there, this is people who think they're more competent than they really are, or who know what they're doing but aren't given the time/budget to do things properly.

          Sure, but Windows is no different. There a reason that, even in the consumer space, threats have largely changed to browser attacks and trojans. OK, really, threats have mostly moved to the phone, but even then

          • Re:FUD (Score:4, Insightful)

            by Bert64 ( 520050 ) <bert@NOSpaM.slashdot.firenzee.com> on Sunday April 19, 2020 @12:01AM (#59964198) Homepage

            Windows server has the "server core" option now, but very few people seem to use it...
            The full install is anything but bare bones, and basically has all of the consumer junk too.

            And yes windows does still have SMB by default, even on server core. Even if a linux system does have smb installed, it's a userland program and not tightly integrated into the system so the risks are lower.

            • by dwywit ( 1109409 )

              "but very few people seem to use it"

              That's because you have to install the "desktop experience" and its whole attack vector if you want to use and manage WSUS.

              Everything else can be run on server core and managed remotely.

          • by tippen ( 704534 )

            (And of course it doesn't run SMB, which is a reverse-engineering of CIFS.)

            No, SMB was the original protocol developed by IBM/Microsoft (not 100% sure which of the two actually created it, but they both used it). It was later renamed to CIFS (Common Internet File System) and Microsoft submitted at least some of the specs to the IETF as drafts.

            Samba is the server that came from reverse-engineering the SMB protocol used by LAN Server.

      • Of course, Windows was the same way, for the past 15 years or so. Once the last of the Win95-legacy was put down.

        That’s a trifle simplistic. Neither Blaster nor Slammer had anything to do with legacy Windows 95 compatibility.

    • by Z00L00K ( 682162 )

      From my own experience one of the primary headaches when it comes to security issues are packages like PHP. There's always something that's written for an older version of PHP that can't be easily upgraded and which prevents upgrading that damned thing. So when someone decides to break backwards compatibility for an application that is used for public exposure they are themselves creating a security issue for a huge number of sites. It's not a simple task to upgrade to new versions of all the applications w

  • Is secure? (Score:5, Insightful)

    by hcs_$reboot ( 1536101 ) on Saturday April 18, 2020 @08:49PM (#59963750)
    Linux is secure? Linux is more secure.
    • BSD is most secure.
    • That's true.

      Also if you care to be pedantic, to say something "is secure", in the sense that it can be mathematically proven, one must first rigorously define what "secure" means. There are several definitions, different types of security that can be mathematically proven and disproven similar to a geometric proof.

      Any kernel with a lot of proven security guarantees must be tiny at this point, and therefore not useful on a general PC. Windows and CentOS are much too large and too complex to be an to do pro

    • Anything not airgapped is insecure... And then you rely on physical security.

    • I will tell you how to make it more secure, Add an effective TRAP packetfilter capable of on-the-fly packet edits. That way information egress becomes a problem. Microsoft will never add it, because telemetry is their new gravy.
  • It's when you start adding services and applications and libraries that things can get hinky.

    Especially when you're grabbing all kinds of app libraries to support what you're trying to do, from who knows where, and you're not constantly checking the code, or what is actually running on a system.

    The other things I've seen is not putting systems behind firewalls, or loading up servers (physical or virtual) with many different applications (web, db, file transfer services, mail...) all on the same instance.

    If

    • by Bert64 ( 520050 )

      The other things I've seen is not putting systems behind firewalls,

      Or assuming that simply having "a firewall" is a magic bullet...

      What is a firewall? in most cases it's an embedded linux system these days anyway, so by adding a firewall you now have an additional system that could be attacked, that you have to manage and patch incase it gets exploited.

      Then consider the machines you'd put behind the firewall... Lets say i have a webserver, it has ports 80 and 443 open so i'd need to allow those ports through the firewall... Maybe i need to manage it remotely so it also has

  • .... then the system is secure, it only is in indication the users that aren't.
  • "The majority of exploits on Linux systems can be attributed to misconfigured servers and poor administration." So the basic linux layout allows for misconfiguration. Im not a programmer or sys admin, but where this kind layout occurs in indastry at large, accidents happen all the time. Keep it Simple.
    • The report mentioned in TFS requires registration. Do we have any clue on the basic idea behind the attacks? Do they need a low level (regular user) access? Any particular software/version at risk?
    • Linux allows you to configure it in ways that some will not find useful because it is meant to do everything.

      Any OS (or kernel) of which that is not true is limiting you somehow.

      Linux provides several mechanisms to limit configuration so that you don't shoot yourself in the foot. If you don't use them, that's your problem.

    • by Junta ( 36770 )

      The problem being that in this context, any platform will be abused. Linux is particularly popular in this age of very fluid spin up of containers and VMs because the licensing is permissive. Windows licensing for such a dynamic circumstance is obnoxious, even if you were willing to pay.

      To the extent a platform offers security, it gets overlooked because generally enhanced security means harder/more tedious to use/develop for. You have to be more explicit about what your program is expected to do (to some

  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Saturday April 18, 2020 @09:32PM (#59963866) Homepage Journal

    It's more secure than Windows or OSX. It's not impervious, but what is? And when a hole is found, it's patched faster, too.

    Sure, there are more secure operating systems, but none of them are realistic for desktop or handheld use, and few are reasonable choices even for limited-purpose servers.

    • by lgw ( 121541 ) on Saturday April 18, 2020 @09:49PM (#59963920) Journal

      What makes, say, Ubuntu more secure than modern Windows? Or a Linux server distro more secure than Windows server? Both are most vulnerable when a user decides to install something outside of the recommended install process. Admittedly, it's more culturally accepted on Windows to just download and install software from some non-curated place, and maybe you can blame Windows itself for that. Anyone know if you can install Firefox through the Windows store?

      But in terms of the actual OS design, both have secure kernels where actual kernel vulnerabilities are quite rare. Both have explicit user elevation to admin/root required to do dangerous things. The one advantage I see for the Linux side is that it's a lot easier for a third party to hook their update mechanism to the OS's built-in update mechanism, instead of everyone rolling their own.

      The days when Windows ran everything as admin by default are a distant memory now. Hopefully no one keeps an XP box around that's still on the internet.

      • by Bert64 ( 520050 )

        What makes, say, Ubuntu more secure than modern Windows?

        From an end user perspective, the issue you point out - that users install from random places instead of through a repository. Linux distros have used a repository model for many years, and if you look at slashdot comments from the late 90s and early 2000s you will see this often claimed to be a weakness of linux because users "want to install random software they've downloaded or bought", until ios/android came along and demonstrated on a mass scale that the repository model works extremely well for non te

        • by lgw ( 121541 )

          windows users are far more likely to be installing dubious drivers supplied with a cheap peripheral they bought from china, or kernel drivers installed as part of a game etc.

          Custom drivers, user installed, are largely a thing of the past, being beyond the technical competence of the average user. Games almost always come from walled gardens, such as Steam.

          In theory the Windows store can fix the remaining issues, but I don't know if there's been much adoption of it. It certainly remains a weakness until most of the common free downloads can be installed from there.

          Then you have things like SMB and RPC

          The do have a history of exploits, but that's mostly history. Perhaps there's more cruft running on consumer Wind

          • by Bert64 ( 520050 )

            User installed custom drivers are extremely common, take this story from just a few days ago talking about a kernel driver installed as part of a game:
            https://www.extremetech.com/ga... [extremetech.com]

            SMB security holes are certainly not history, a new vulnerability was discovered just last month:
            https://nakedsecurity.sophos.c... [sophos.com]
            No linux distro has something so complex, opaque and deeply intwined inro the system running by default.

            And yes the complexity... All the millions of undocumented registry keys, all the years of cru

            • User installed custom drivers are extremely common

              No their not.

              SMB security holes are certainly not history, a new vulnerability was discovered just last month:

              No linux distro has something so complex, opaque and deeply intwined inro the system running by default.

              Is this any different than NFS which has over its history had a functionally equally abysmal security record?

              And yes the complexity... All the millions of undocumented registry keys, all the years of cruft and multiple versions of libraries, the various ways to do things... The internals of windows are massively more complex than linux, which gives plenty of scope for further vulnerabilities to be found.

              How many display servers, window managers and desktop systems are there for Linux? Today it's basically impossible to compile non-trivial software and have it run on any other Linux system without stipulating specific versions and distributions. It's why all of the software is prepackaged (and often severely outdated) or you have to compile it yourself... otherwise it won't run at all.

              • User installed custom drivers are extremely common

                No their not.

                SMB security holes are certainly not history, a new vulnerability was discovered just last month:

                No linux distro has something so complex, opaque and deeply intwined inro the system running by default.

                Is this any different than NFS which has over its history had a functionally equally abysmal security record?

                Well, yes. What is wrong with you? "Installed by default, unremovable and OS won't boot without it" is very very different from "Installed by user only when they want it, easily removed and OS doesn't notice if it is there or not".

                Alternate way of looking at it: All windows installations have SMB, a tiny fraction of Linux installations of NFS.

                • Well, yes. What is wrong with you? "Installed by default, unremovable and OS won't boot without it" is very very different from "Installed by user only when they want it, easily removed and OS doesn't notice if it is there or not".

                  I don't agree with the characterization. Linux distros universally have the RPC server installed and running whether you ever decide to use NFS or not.

                  In Windows Network filesystem access defaults depends entirely on the network type you select. It's all inaccessible behind a stealth mode firewall BY DEFAULT when you select public network.

                  Alternate way of looking at it: All windows installations have SMB, a tiny fraction of Linux installations of NFS.

                  My experience is most Linux systems will have some form of file system access installed. NFS, SMB, SCP. It's a little disingenuous to say well there are a whole bunch

                  • by Bert64 ( 520050 )

                    Fresh install of debian performed 10 mins ago:

                    # ps aux | grep rpc
                    root 2339 0.0 0.0 6076 896 pts/0 S+ 12:45 0:00 grep rpc

                    no rpcbind running...

                    The only listening network service is SSH:

                    And i had to explicitly choose to install that during the installation, it wasn't enabled by default.

            • by lgw ( 121541 )

              talking about a kernel driver installed as part of a game:

              That's not a user installing a driver, that's a user installing a game. Games for almost everyone come from walled gardens, such as Steam. "Custom kernel driver" sounds like "obnoxious anti-cheat rootkit", which consumers are generally aware of, so if your argument is "Windows is unsecure because people knowingly install root kits to play games", them, um, OK?

              MB security holes are certainly not history, a new vulnerability was discovered just last month:

              And there was one in 2017. This concerns you? Whatever OS you run, it will need patching monthly. No getting around that.

              And yes the complexity... All the millions of undocumented registry keys, all the years of cruft and multiple versions of libraries, the various ways to do things...

              All the init systems and

  • Incorrect title (Score:5, Insightful)

    by Sebby ( 238625 ) on Saturday April 18, 2020 @09:44PM (#59963904)

    Title: After 8 Years of Remote-Access Trojans Attacks, Can We Still Say Linux is Secure?

    Summary:"Although it may be easy to blame the rise in attacks targeting Linux in recent years on security vulnerabilities in the operating system as a whole, this is simply not the truth. The majority of exploits on Linux systems can be attributed to misconfigured servers and poor administration."

    Proper title: After 8 years of Remote-Access Trojans Attacks, Linux Administrators have still not mastered their craft

  • by rebill ( 87977 ) on Saturday April 18, 2020 @09:54PM (#59963930) Journal

    Linux can be secure-ish, but it takes work, monitoring and maintenance. Or as one professor put it some 31 years ago:

    The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.

    -- Gene Spafford, 1989.

    Anyone looking for a computer that they can set up and then forget can be breached.

    • by Bert64 ( 520050 )

      Any system requires work, competent initial setup, competent ongoing maintenance and competent monitoring.

      In this regard linux is better than windows in a variety of ways...

      Initial setup - the system being more modular and flexible allows you to strip away everything you don't need, giving a smaller attack surface and a lower ongoing support burden.
      Maintenance - with a smaller system, less maintenance is required, with the repository model its easier to apply necessary updates and verify that files have not

    • Linux can be secure-ish, but it takes work, monitoring and maintenance.

      I tend to think it takes work to make Linux insecure. Out of the box sane clean installs have nothing, or next to nothing installed that would make them insecure. It's the effort (or lack thereof) of the administrator installing and misconfiguring services that changes that state.

      Of course the same can be said for many operating systems. It all comes down to the user.

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Saturday April 18, 2020 @10:30PM (#59964032)
    Comment removed based on user account deletion
    • deploy the code? make the CI user sudo.

      They even laughed that I was shocked by it!

    • by Junta ( 36770 )

      You forgot:
      -sudo won't work in automation, add NOAPSSWD to sudo, then take comfort that you are secure because "at least you aren't running as root'

      -npm/pip/gem install random libraries from random sources whenever the developer provides an update

      -npm/ip/gem lock a dependency to something ancient because no one wants to test updates and live with any vulnerabilities

  • People like to make the "opensource is inherently more secure" argument, but I don't think I've ever seen it proven with numbers. It seems to be a belief rather than a fact, "it must be more secure because of the way it is".

    If you look at the actual number of exploits, and admittedly this doesn't take severity into account, it just isn't true. Linux distros or the Linux kernel almost always have more vulnerabilities than Windows: https://www.cvedetails.com/top... [cvedetails.com]

    • What facts would you accept? Scientific analysis of the nature of vulnerabilities, which are rarely reported pulicly for closed source tools? Audits of the number of vulnerabilities reported?

  • by onyxruby ( 118189 ) <onyxruby AT comcast DOT net> on Saturday April 18, 2020 @10:49PM (#59964066)

    The premise was flawed to begin, born from the hubris of Windoze sucks. Security is very much like TQM, it isn't something that you achieve and walk away from. Security is a process that continually evolves and improves and by definition is never solved. Microsoft had their egg on their face. They moved on years ago, but a lot of other people never did.

    Only a fool gets religious about an OS. No OS is fundamentally secure. Pwn to own and other competitions pretty consistently take down all contenders in short order. By their nature they have to be used and opened to production use cases. In the real world CIS server hardening standards exist for a fair range of modern server class operating systems.

    You can make pretty much any server class OS fairly secure with CIS server standards as your baseline, but it takes a lot more than that to keep it secure. Any organization worth their salt will use a lot more than the OS itself to secure their servers.

    I am reminded of when I worked at a very large university that has thousands of Apple Mac computers. They composed about 30% of the user base and at least 75% of security related tickets. Why - because the people who had them could not be bothered to maintain them or practice safe hex since "Mac OS doesn't get viruses or hacked". Your security practices and users make more of a difference than the OS itself.

    • by Junta ( 36770 )

      It wasn't absurd when it first was said, back in the 90s when home computers were running OSes without any *real* multi-user support and as such every person was really admin (MacOS classic and DOS/Windows 3.x/9x).

      Even as Windows XP marked the switchover to a credibly multi-user design, it still deserved some criticism as it failed to cope with an ecosystem that made every consumer basically have to be admin still.

      From Vista onward, Windows largely had the fundamental security architecture down. Of course t

      • You are right that Windows security was horrible back then, I clearly remember just how bad things were - Code Red and Nimda in particular come to mind. The 9.x series was completely hopeless. I remember Larry Ellison hiring every bug exterminator in Seattle to drive around the Microsoft campus when W2K was released due to how buggy it was. Sloppy programming practices for bugs impacted security just as badly as system stability. Amusingly Oracle never got their own memo and still has buggy software and the

  • Linux may be more secure. But a fool will always cause their own trouble. Linux is easier to secure because it doesn't hide things. The default configuration is of course more secure. But that doesn't prevent the user from sudo'ing and running the wrong thing. In Windows, this is not required - you can simply install without doing anything.
    • by dwywit ( 1109409 )

      You should differentiate between Windows in a domestic situation, and windows in a business/enterprise. Windows Home *does* put up a feeble warning about "software from the internet could damage your computer", but it's better than nothing, AKA the bad ol' days.

      For business/enterprise, it's a trivial exercise to roll out a group policy to stop users installing whatever they want.

  • by notdecnet ( 6156534 ) on Sunday April 19, 2020 @12:07AM (#59964208)
    Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android [slashdot.org]

    Compromising Linux web servers allows for the exfiltration of massive amounts of data that can be obscured within the high volume of daily web traffic

    How is the Linux web servers compromised in the first place?

    Linux’s command-line interface also makes it less widely accessible .. so most security companies have focused more of their research and development on products for the front office as opposed to the server rack.

    What is this anti Open Source Microsoft FUD doing on slashdot?

    The combination of poor security solution coverage for Linux and highly tailored, complex malware has resulted in a suite of adversary tools that has largely - if not entirely - gone undetected for years.

    PWNLNX1 was designed to work with a Local Kernel Module (LKM), which enabled it to perform a number of rootkit functions

    How does this PWNLNX1 backdoor get onto the computer in the first place?

    Akamai observed that the botnet grew in size after using brute force attacks to obtain the password for the target Linux server

    What is this decades old, anti Open Source FUD doing on slashdot?

    BlackBerry Moves to Make Money From Its Patents [fool.com]: “Another pillar of BlackBerry's turnaround is its effort to monetize its portfolio of over 44,000 patents through royalties and licensing fees
    • It's here because lessons have to be relearned or retested as software changes. Windows, for example, has gotten bett4er. Not necessariliy good enough, but the browsers and mail clients have stabilized.

  • Endpoint protection, detection and response products are inadequately utilized by too many Linux users, and endpoint solutions available for Linux systems are often insufficient in combating advanced exploits.

    I will not invest in training for my employees, to use the tools available, correctly - there is enough open tuts out there and there is stack/buffer-overflow.

    Eric Cornelius, Chief Product Officer at BlackBerry, evaluates: "Security products and services that support Linux, offerings that might detect and give us insight into a threat like this,

    Our software is so shitty and we invest no resources into implementing testing and logging. So we need to rely on behind-last-line-of-defense-systems (remember LoTR: the brawl inside the stronghold)

    are relatively lacking compared to other operating systems, and security research about APT use of Linux malware is also relatively sparse."

    We would like others to invest in securing, investigation, and researching our shit - not us ofc - we'd like to put out apps not security.

  • there is still a sound argument for the inherent security of Linux, which can be attributed to the core fundamentals of Open Source. Due to the transparency of open-source code and the constant scrutiny that this code undergoes by a vibrant global community, vulnerabilities are identified and remedied quicker than flaws that exist in the opaque source code of proprietary software and operating systems.

    Interesting, I always considered the architecture and goals of Linux and open source developers to be sup

  • Yes, Linux did have vulnerabilities that allowed a hacker to penetrate systems... but the fact that the hack stayed on for 8 years was actually because of incompetent staffs, not because of Linux. How the fuck do you manage an environment for 8 years and not know it has been compromised? My guess is that these guys let servers run indefinitely without OS patch, they don't run any security scans and they definitely don't know what they were doing. I bet you the uptime command shows the number of days in 4 di
  • The drivers from VMware included in the kernel are generally all you need to hack most Linux systems of interest.They are great since the code is so incredibly poorly written. It's practically an invitation. I gave up trying to report these problems to them a long time ago.

    sk_buff is a pretty little beast. It's such a shitty piece of code that it's impossible for people to understand how to use it properly. The documentation is almost always out of date and because people keep trying to "fix it" they genera
  • by gweihir ( 88907 ) on Sunday April 19, 2020 @06:56PM (#59966622)

    The claim is that Linux can be secured much better and much more easily by a competent admin than the alternatives. An incompetent admin can do arbitrary damage, because Linux assumes that competent admin.

grep me no patterns and I'll tell you no lines.

Working...