Anti spyare software

[Pikidalto]

Ok, now this may seem kinda dumb...ok, maybe very dumb to experienced Linux user, but being the digital security nut that I am, I am wandering if there are any anti-spyware programs for Linux.

[je_fro]

nope, and you don't need them either...

[XiaoKJ]

I don't know about anti-spyware for linux, but anti-virus software for linux does exist.

IMO, those software are not that important as compared to your linux system settings.

[irlandes]

Let me explain for the benefit of newbies who might read this. Anti-virus is not needed for Linux, just as anti-spyware is not needed for Linux. This is because the permission systems for each file make it impossible for operating programs to be modified as needed for viruses, trojans, and spyware to work. Experimenters have written as many as 800 viruses for Linux, and they simply cannot be made to replicate.

Anti-virus is used in Linux when a server, such as a mail server, using Linux, serves Windows machines, thus helping protect the users machines.

[Pikidalto]

So basically, I don't need my antivirus program even though I'm using Windoze programs on my computer?


Spyware doesn't necessarily have to modify my files to work. I can download a program thinking it will help me and install it, then it can run as a process and act like a keylogger; or it can tell me that it needs certain permissions to run, and I'll go and give it the permissions it needs to access my password manager. I'm worried about this because my mother runs all over the Internet paying no mind to where she goes and had always gotten me tons of spyware in Windoze (almost literally since digital tons don't exist).

[je_fro]

In windows, you need all the protection you can get. In linux you don't have to worry about it. Especially since windows is unable to access any virus files that you may have stored on your linux partitions. (Unless you have them of a shared fat32 partition.)

[happybunny]

Why don't you need spyware software for linux?

Social engineering is probably the easiest and most prolific way to spread virus's and spyware in any OS.

So if i send someone running linux a "here's a cool screen saver" and instructions on how to install (chmod +x file.exe, sh file.exe), wont they be "infected"? Or end up installing my spyware/root kit?

What if my file.exe put files in ~user/bin like a new ls command that not only ran /usr/bin/ls, but also emailed any *.doc files in /home/user/* to hackersRus?

So although the normal user could only effect themselves and their own files, and not the system/root account info, isn't that just as bad? What good is a clean system with "infected" or missing user files?

Same with a "virus"..send a user a file with rm -rf ~/* in it and see what happens.

Although these would both be "self inflected", aren't most of todays Windows virus's and spyware dependant on the user doing something stupid?

[retsaw]

You don't need anti-spyware for Linux, because there is no spyware for Linux (at least none that I have heard of). This is likely to continue being not be much of an issue because most (if not all) software on a Linux system is open source and you won't get away with including spyware in open source software, this is in contrast to Windows where there are lots of free but closed sourced add-on bits of software where it is easy and of financial benefit to the author to include spyware.

Sure a social engineering attack could work on Linux, but currently there are very few non-technical users out of an already small userbase that would actually fall for such attacks, that makes such attacks not really worthwhile. There will reach a point when Linux has more widespread usage that this will be an issue, the only real solution for this sort of attack is educating users on best practises for avoiding this sort of thing.

What if my file.exe put files in ~user/bin like a new ls command that not only ran /usr/bin/ls, but also emailed any *.doc files in /home/user/* to hackersRus?

This simply wouldn't work because most (if not all) distros do not have that directory in the PATH so the shell just will not look there when it runs commands. Any user savvy enough to add it to the PATH themselves will not be likely to run dodgy programs that could infect them and they would also likely add it at the end of their PATH (if they have any sense) so the shell will look for "ls" in /usr/bin before ~user/bin, therefore the version in ~user/bin will never be used.

The only real way to stop the "self-inflicted" damage is by restricting what the user can actually do, it could be done but would be rather limiting for the user.

I wouldn't say there will never be a need for anti-virus and anti-spyware on Linux, but there isn't at the moment.

[bwkaz]

I can download a program thinking it will help me and install it, then it can run as a process and act like a keylogger;

No it can't.

For one, you don't download random software from random sites, you use your distro's repositories instead. This isn't Windows; the distros already have a version of just about every Linux program, in a form that actually works better with the rest of the distro. So not only is it counterproductive to download it from the original author (because you don't get the distro integration), it's dangerious (because you can't verify that the software is actually legit). The distros verify that it's actually legit for you -- because if they didn't, they'd lose their users.

Second, keyloggers require root privileges on Linux. The only process that has raw access to the keyboard is the X server (or the kernel, if you don't use X), and those two pieces can only be changed by root. Yes, I know, there are other things that spyware can do, but for keylogging, it isn't going to happen. Sure you can write a process that logs all keypresses that get sent to it, but you can't force the user to give that process focus, so by default nothing will get sent to it. And you can't install system-wide hooks unless you're root.

I'm worried about this because my mother runs all over the Internet paying no mind to where she goes and had always gotten me tons of spyware in Windoze (almost literally since digital tons don't exist).

If she can figure out that she doesn't need to install *anything* (or if you don't give her the root password (!), just install everything beforehand), then she should be fine.

This simply wouldn't work because most (if not all) distros do not have that directory in the PATH so the shell just will not look there when it runs commands.

Right: another Linux advantage is its genetic diversity. In a monoculture like Windows, it's easy for viruses to spread, because all the machines are the same. Linux has a lot more differences between distros than Windows even has between versions.

[Pikidalto]

No it can't.

For one, you don't download random software from random sites, you use your distro's repositories instead.

My distro's repositories don't have every single program that I could possibly get for Linux. It's just not possible. Nor is my distro's repositories up-to-date (except for they're beta set of repositories because they're currently working on the next beta version), so I had to download the most recent FireFox, Flash, Java, and Adobe Reader myself. If you want to check this, go to http://arklinux.osuosl.org/.

This isn't Windows; the distros already have a version of just about every Linux program, in a form that actually works better with the rest of the distro.

Actually, my distro's Java is so outdated my browser kept crashing, so I had to update it from www.sun.com. Also, again, it's impossible to have every single program. You can check here for package requests for my distro: http://forum.arklinux.org/.

[quote}So not only is it counterproductive to download it from the original author (because you don't get the distro integration), it's dangerious (because you can't verify that the software is actually legit).[/quote]
Again, my Java example: It was better for me to download the version from Sun than to keep my distro's becuase my browser kept crashing. Also, I don't download anything unless I can confirm it comes from the official site for the program.

The distros verify that it's actually legit for you -- because if they didn't, they'd lose their users.

Second, keyloggers require root privileges on Linux. The only process that has raw access to the keyboard is the X server (or the kernel, if you don't use X), and those two pieces can only be changed by root. Yes, I know, there are other things that spyware can do, but for keylogging, it isn't going to happen. Sure you can write a process that logs all keypresses that get sent to it, but you can't force the user to give that process focus, so by default nothing will get sent to it. And you can't install system-wide hooks unless you're root.

Knowing my mother, she would probably give everything what they needed to do their work if she knew how because she's just that stupid.

If she can figure out that she doesn't need to install *anything* (or if you don't give her the root password (!), just install everything beforehand), then she should be fine.

With the exception of MS Office, I did install everything myself. She installed that into Wine in her own user folder herself. Her own folder is just about as much write access as I've given her, and luckily for her, Wine let's her create virtual disks in her own folder to "try" to install Windoze programs for herself.

Right: another Linux advantage is its genetic diversity. In a monoculture like Windows, it's easy for viruses to spread, because all the machines are the same. Linux has a lot more differences between distros than Windows even has between versions.

That's one of the reasons I switched to Linux-there are so many distros with so many mods that it's hard to write a good virus for Linux. But it's still possible, and it's also possible to trick a complete noob into giving a program the priveleges it needs to install something to act like spyware. I didn't even know that most of the software I would need were stored in a special place for download in apt-get until after I had failed about five times to install Wine.

One thing I must say about my distro is that even though a couple of the packages in my distro's repositories are outdated, I can always update from the beta repositories. They're nearly done debugging everything, and most of the beta stuff is stable. Also, my distro is probably the fastest distro out there. Just check my distro's forums:
Index - http://forum.arklinux.org/index.php
Feedback - http://forum.arklinux.org/viewforum.php?f=11

Search in other places on the forums, and you'll see people claiming it's one of the best, it's just not very well known.

[je_fro]

try using openoffice instead of ms office....it's SO much easier...

[bwkaz]

My distro's repositories don't have every single program that I could possibly get for Linux.

Well, my first reaction is "you may want to change distros then".

I know Debian has tons of stuff, for instance... </shameless plug>

It's just not possible.

Why not? The distros exist for that very reason -- to provide the end user with a single system that they can use to do whatever they need. If they're not filling that role, then they probably need to change.

(The split between developers and distro providers is actually a very important one: it's part of what stops Linux from fragmenting into a hundred little incompatible Unix clones, like the commercial Unix-en did. The GPL also helps, because if one distro starts to fork all the programs, the developers will pick those changes back up, because the GPL allows them to. But the separation between devs and distros helps too, because the distros can make choices for the user that the user may be ill-equipped to make, and if you don't like the choices your distro is making, then you are free to switch distros.)

Nor is my distro's repositories up-to-date (except for they're beta set of repositories because they're currently working on the next beta version), so I had to download the most recent FireFox, Flash, Java, and Adobe Reader myself.

Sounds like another job for Debian-unstable to me.

(And note that Adobe Reader is just about the worst piece of software I know of. Symantec's BackupExec 11d is probably worse, and Windows itself is probably worse, but Acrobat is pretty far up there. Is there some reason that xpdf and/or kpdf and/or kghostview and/or the other myriad native Linux PDF readers (that you can get source for) aren't good enough?)

Again, my Java example: It was better for me to download the version from Sun than to keep my distro's becuase my browser kept crashing.

That's your distro's fault.

Knowing my mother, she would probably give everything what they needed to do their work if she knew how because she's just that stupid.

Good thing you can prevent that, then, isn't it.

... Wine...

Ah, I think I see where some of your questions are coming from now. As far as I'm aware, Wine will in fact run some Windows viruses. Depends on what the virus uses, though (obviously if it tries to install kernel-mode drivers, for instance, that will fail).

But if you can get rid of Windows and all the software that runs on it, in favor of open-source stuff, and keep that stuff up to date, you won't need virus scanning or anti-spyware.

and it's also possible to trick a complete noob into giving a program the priveleges it needs to install something to act like spyware.

That's why you don't give the complete-noob the root password. He can't give it to the malware if he doesn't know it.

(Note that this assumes you're talking about adminning someone else's machine. If you're talking about running your own machine, then that's of course a different story. But see, for instance, Rick Moen's take on this kind of dumb-user pervasiveness (scroll down to "3)"): "The difference between "hostile" executables (such as viruses) and others is academic, when a root-account user can already shoot off his/her foot or other vital parts, with one of myriad, brief commands. Put the other way, the same survival skills by which you, as a novice sysadmin, will cease destroying your system directly will also, more generally, dissuade you from doing unwise things as root, thereby incidentally keeping viruses and their kin off your system." See also further down, where he says: "(And, by the way, what's going to protect you from subverted or just dangerously defective virus checkers, themselves wielding root authority?)". Also see most of the other stuff he writes there, it's all good. )

One thing I must say about my distro...

I've heard of Ark, actually. Never really tried it though; LFS is fine for me. (But I'm weird, too. )

[happybunny]

That is a good read, but i must make my point again:

If some untrustworthy code you've downloaded and decided to run backgrounds itself and performs nasty tricks on others and/or hammers away at possible system weaknesses until it finds a way to escalate privilege, it's your fault

What virus isn't the users fault no matter what OS it is?

Although the virus getter has no one to blame but him/herself, they still have lost their files, they still have crap running even though it runs only as them and effects only their stuff....

And i get that the user can only infect themselves, and that they shouldn't run as root and that they don't effect others on the machine, but who else is on your home machine? Noone. Even your work desktop/laptop is single user.

Do you still argue that virus/spyware protection is not needed?

(I'm not trying to pick a fight, but I have not found an answer to my questions yet)

[Pikidalto]

Well, my first reaction is "you may want to change distros then".

I know Debian has tons of stuff, for instance... </shameless plug>

Even Debian can't have every single little possibility.

Why not? The distros exist for that very reason -- to provide the end user with a single system that they can use to do whatever they need. If they're not filling that role, then they probably need to change.

There are so many programs out there that it's just plain impossible. If it is possible, I'd like to know how.

(The split between developers and distro providers is actually a very important one: it's part of what stops Linux from fragmenting into a hundred little incompatible Unix clones, like the commercial Unix-en did...)

I had always thought that this was because they were made from the same exact kernel. From my understanding, the kernel provides everything except a GUI and a boot loader, and that people just added whatever features and commands they wanted and modified what they needed to their own needs.

Sounds like another job for Debian-unstable to me.

Actually, the repositories were prefectly up-to-date before they started on the beta, and it's been made harder by the fact that the boss of the lead developper was laid off of his job and now is stuck with an Internet connection to work with.

(And note that Adobe Reader is just about the worst piece of software I know of. Symantec's BackupExec 11d is probably worse, and Windows itself is probably worse, but Acrobat is pretty far up there. Is there some reason that xpdf and/or kpdf and/or kghostview and/or the other myriad native Linux PDF readers (that you can get source for) aren't good enough?)

It's not that they aren't good enough, it's just that I've always preferred to use the "official" program, and Adobe Reader has never given me any problems on Linux, and it's interface is good enough for me.

That's your distro's fault.

Actually, updating Java and Flash fixed all of my browser troubles.

Good thing you can prevent that, then, isn't it.

Yes, but for a complete noob who never used Linux and just installed it and has absolutely nobody to admin their system, they can easily destroy it (I actually crashed Linux quite a few times before I started getting the hang of things).

Ah, I think I see where some of your questions are coming from now. As far as I'm aware, Wine will in fact run some Windows viruses. Depends on what the virus uses, though (obviously if it tries to install kernel-mode drivers, for instance, that will fail).

I've always make sure to be careful what programs I use, and I always scan for viruses and spyware after installing Windoze programs.

But if you can get rid of Windows and all the software that runs on it, in favor of open-source stuff, and keep that stuff up to date, you won't need virus scanning or anti-spyware.

Well, until I'm out of college and in my own room, I can't get rid of MS Office and AOL because my mother uses those programs all the time (she refuses to use anything else no matter what I tell her). As for World of Warcraft and Dungeon Siege, those are Windoze programs and I play them both, and I much prefer the Windoze version of AIM over the Linux version and the other AIM-compatible clients. But outside of those three programs, I'm not planning on using ANY Windoze programs once I'm out of college (with the exception of a game I'll be designing with a friend).

That's why you don't give the complete-noob the root password. He can't give it to the malware if he doesn't know it.

Here's a scenario for you: My mother is living by herself. She's a complete computer noob; she just barely knows how to turn on the computer, check her email, pay bills, type-spell check-save-print a document, and shut down. She installs Linux, is trying to figure out how to adjust to it and do all her Windoze tasks in Linux, and manages to enable the root account.

She would have great potential to do a lot of damage to herself, wouldn't you think?

(Note that this assumes you're talking about adminning someone else's machine...

Nope, just my own computer. I've left anti-spyware and anti-virus software and and a firewall on her computer. If she chooses not to use them herself, it's not my problem any more, I'm not using her computer any more for the sake of privacy. If she doesn't want to do thinks herself, I'm not doing it for her anymore, I've shown her how so many times even my 82-year-old grandmother could do it.

I've heard of Ark, actually. Never really tried it though; LFS is fine for me. (But I'm weird, too. )

Well, it's currently the fastest and most stable I've used, my only objection is that I don't have 3D support in my video card driver.

[je_fro]

Even Debian can't have every single little possibility.

There are so many programs out there that it's just plain impossible. If it is possible, I'd like to know how.

if you're wanting to install some oddball little program, it would behoove you to google "./configure make make install"