Re: [OT] DNS problem

On Thursday 14 October 2010 08:06 in comp.os.linux.networking, somebody
identifying as sl@exabyte wrote...

What I mean is virus on my PC. Possible ? Thanks

Only if it runs Microsoft Windows. There are no viruses for GNU/Linux
in the wild.

Attempts at creating viruses for GNU/Linux have been undertaken in the
interest of science - read that as: "so as to find out whether
GNU/Linux could be a potential market for proprietary antivirus
software" - but all of those required the deliberate cooperation of the
root user to get the virus installed and have execute permission.

What *is* /always/ possible of course is that your machine has a rootkit
on it, which means that someone somewhere with bad intentions has
obtained access to your machine (and as the root user) and has replaced
several of your system binaries with modified binaries which hide the
specified malevolent processes from the user's view. Although not
trivial, it is generally possible to diagnose this through some
cleverness. For instance, the phony binaries will typically be much
larger than the bonafide ones.

There are also several things one can do in order to make it more
difficult for a cracker to get into the system. For starters, use
strong enough passwords, and deny root logins over ssh, forcing the use
of "su" or "sudo". In addition, do not grant "su" and "sudo" access to
every user of your system.

There is more you can do, but most users will object to these measures
because it implies a lot of work for those who regularly wish to update
packages on their systems and/or install new software, e.g. having
certain filesystems mounted read-only during normal operation -
e.g. "/boot", "/usr", "/usr/local", "/opt" - and either setting up a
read-only root filesystem - which is difficult, but not impossible - or
setting the "immutable" flag on directories containing executables and
libraries, and on those executables and libraries themselves - see
the /man/ page for "chattr" on that.

Do however not be alarmed by the above. Although rootkits do exist and
the above does take place on a regular basis, crackers generally don't
waste the time and the effort to install a rootkit on a regular
end-user workstation/PC on the internet. They generally target higher
profile machines - such as internet servers - and on such machines, the
sysadmins are often - not always, but all too often - very lax at
implementing proper security precautions out of sheer laziness.

(registered GNU/Linux user #223157)

Relevant Pages

  • Re: Linux, why?
    ... the virus gets installed by the root user; ... the kernel and libraries of modern GNU/Linux systems ... have already been patched against vulnerability towards these viruses long ...
  • Re: How to properly manage a custom profile?
    ... there is being cautious and there is being paranoid. ... spyware, adware, trojans, viruses or whatever on GNU/Linux just so they ...
  • Re: free spyware and virus checker for Linux?
    ... GNU/Linux is to prevent prevalent viruses from spreading. ... EMail with a virus attached. ...
  • Re: ClamAv: is anyone paying attention?
    ... So far there are no real GNU/Linux viruses, ... installation without anti-virus. ... When he transitions from Windows to GNU/Linux then he needs to accept ... scanners, aegis-virus-scanner is in the universe repo and others can be ...
  • Re: Terminal and X
    ... Aragorn wrote: ... Shark". ... He was, among others, a regular of alt.os.linux.mandrake and ... GNU/Linux, he also had a very strong sense of humor. ...