Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › My questions about linux
New Posts  All Forums:Forum Nav:

My questions about linux - Page 21

post #201 of 241
On the subject of security, all OS'es can be compromised. At the lowest level, they all work pretty much the same way and are coded in the same languages (C mostly). Windows NT (the kernel) is a monolithic kernel just like Linux. Monolithic kernels are the best for performance but not the best for security. Microkernels are better for security but there aren't many mainstream ones out there.

So if a hacker finds a flaw in some code in the kernel, he can exploit it (depending on a few variables). And if he exploits the kernel, he automatically gets root (pwns the whole system). This has been done on Linux many times.

All code will have bugs. The Linux kernel today has close to 20 million lines of code in it. Humans have not found a way to write perfectly secure code, so once you have 20 million lines of said code, you can rest assured there are a lot of security holes in it. This goes for Microsoft, Apple, Linux, BSD, Sun OS or whatever. All of them will have security flaws in the kernel code. And, again, if you own the kernel, you own the system. High level permissions (user, root) make no difference if a hacker exploits a kernel bug -- he gets root automatically. Even SELinux cannot protect against all of these exploits (though it does help in some cases).

The difference is the Linux security response time seems to be faster than Microsoft's. I've seen bugs be patched within HOURS of them going public before. Ever seen MS do that?

Linux is also open-source, so there are more eyeballs on the actual kernel code. (Although, admittedly, the number of people in the world qualified to review kernel code isn't that large). This makes the job easier for black hats, but it also makes it easier for all the white hats. In the end, I will take open-source all day. It just makes the most sense.

Linux distros used signed repositories which makes spreading malware much harder. Users pretty much only install software from the official distro repository. Even if the repo is hacked (this has happened before), it wont make much difference unless the attacker can also steal the signing key, which isn't going to just be sitting on the server (it will be on the developer's personal machine most likely).

Linux has more tools out of the box for OS hardening. Tools that are superior to anything in the Windows world. You can get as technical as you want depending on your level of knowledge.
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #202 of 241
Quote:
Originally Posted by KarathKasun View Post

Also related...
https://www.debian.org/News/2016/20160604

Note the system wide crypto library fix...
That is just for one distro, security flaws are present in all software. thumb.gif

Here are more from Ubuntu...

http://www.ubuntu.com/usn/

Rijndael is the AES cipher. The way the crypto library was compiled on Debian introduced a timing attack. The source code itself is fine, it's just that it cannot be compiled with certain optimization flags turned on. Doing this makes the cipher behave in some predictable ways and in crypto you don't want predictability. However, like most timing attacks I suspect this can only be exploited if a hacker already owns a machine. And if you own the machine you probably wont need a timing attack.

Timing attacks (and other side channel attacks) are a big problem in crypto and it's a very difficult problem. AES is especially susceptible to this kind of thing. AES was chosen by NIST (and the NSA) to be the new standard back in the 1990's. Many people now believe, in light of Snowden, that the NSA intentionally picked Rijndael as AES because they knew of some weaknesses in this regard. People have suspected this for years but were seen as tin-foil hatters. Now with Snowden, it doesn't sound so crazy.

Unfortunately, outside of NSA's team of experts, there are not many people in the world qualified to review crypto code, compiling practices, etc., Therefore, I do not view computer crypto as truly secure. If I had a life and death situation that I knew had to be confidential, I would never trust a computer in any way, even encrypted communications. The only crypto I trust is a hand written one-time-pad that I share in person with my contact. With computer crypto there's too many variables, too many complicated crypto libraries, too many NSA backdoors in code, too many undiscovered bugs. I don't trust any of it to keep my data truly secure. Better than nothing, sure, but not good enough for national security (for instance).
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #203 of 241
I agree with the crypto post, and mostly with the one before it. It comes down to weather you want to do it yourself or you want to pay for a solution because you dont know what you are doing.

Dont know a lick about security but know something about computers, get windows (or mac), get AV, live behind a router. This also works for quick server deployments, especially if Windows only server side software is needed.

Know what you are doing, comfortable with advanced networking, comfortable with DIY software... get Linux. Want to end MS monopoly... get Linux or a Mac. Want to be a "creator" in the PC space... use a Mac, setup a virtualized environment and run all three so you can cross compile. And finally, if you only use web apps, use Linux or Mac.
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
post #204 of 241
C'mon Karath we're just trying to make sure a self-professed Unix Evangelist doesn't "drink the koolaid" from trying to look TOO conciliatory. biggrin.gif Linux has better security built in. This may turn out to be even more true now that with Win10 EULA, MS can read your email and browser history AND "call home" on unsecured lines even if your entire disk is encrypted. This may get worse for anyone and everyone if Intel's embedded "UEFI on Steroids" becomes a reality.
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #205 of 241
Linux security depends wholly on the distribution. Windows is Windows, Linux OTOH is not just Linux. Some distros don't hold your hand where security or anything else is involved.


If a Linux newbie just does a from scratch install as is possible with Debian, Slack, Arch, or many others... They may end up with inferior security OOTB. Actually that is not too uncommon, but they are saved by obscurity. I love the Unix based OS's, but in modern systems, the difference in security is not what it once was. It mainly comes down to app security flaws and bad user practices in the real world.

My title was one of the predefined ones from way back. My main draw to Unix and Linux is the ease of stripping it down for higher performance in the specific role the PC will be serving. Which is only tangentially related to security.
Edited by KarathKasun - 6/15/16 at 4:13am
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
post #206 of 241
That's just a problem of expectations. Linux is not supposed to be an "out of the box" OS and the distros going in that direction are throwing their users under the bus by failing to explicitly clarify right off the bat that there is a limit to user-friendliness and really using Linux requires a lot of RTFM.

Still there are distros doing a good job of mixing spoonfeed-the-noob with RTFM, they just aren't the distros that newcomers think of because the garbage rises to the top and steals mindshare away from less user-friendly but more education-friendly distros.
Black & Green
(12 items)
 
Dev Box
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T ASRock 970 Extreme3 Gigabyte GTX 750 Ti mushkin Blackline PC-12800 DDR3 
Hard DriveCoolingOSMonitor
Samsung 850 EVO Cooler Master Hyper 212 EVO Debian -nosystemd- LG Flatron 
KeyboardPowerMouseAudio
MechanicalEagle Z-77 Corsair CS650M Kinzu V2 Pro Asus Xonar Essence STX 
CPUMotherboardRAMHard Drive
Core2 Duo E7400 Asus P5Q Hyper-X  Sandisk 
OSPower
Fedora 22 Thermaltake 650W 
  hide details  
Reply
Black & Green
(12 items)
 
Dev Box
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T ASRock 970 Extreme3 Gigabyte GTX 750 Ti mushkin Blackline PC-12800 DDR3 
Hard DriveCoolingOSMonitor
Samsung 850 EVO Cooler Master Hyper 212 EVO Debian -nosystemd- LG Flatron 
KeyboardPowerMouseAudio
MechanicalEagle Z-77 Corsair CS650M Kinzu V2 Pro Asus Xonar Essence STX 
CPUMotherboardRAMHard Drive
Core2 Duo E7400 Asus P5Q Hyper-X  Sandisk 
OSPower
Fedora 22 Thermaltake 650W 
  hide details  
Reply
post #207 of 241
Quote:
Originally Posted by Petrol View Post

That's just a problem of expectations. Linux is not supposed to be an "out of the box" OS and the distros going in that direction are throwing their users under the bus by failing to explicitly clarify right off the bat that there is a limit to user-friendliness and really using Linux requires a lot of RTFM.

Still there are distros doing a good job of mixing spoonfeed-the-noob with RTFM, they just aren't the distros that newcomers think of because the garbage rises to the top and steals mindshare away from less user-friendly but more education-friendly distros.

I pretty much agree with you there, and that's why most consumers use Windows. They are too lazy to RTFM, They just want it to work. Linux needs an idiotproof distro, its not there yet.
Edited by KarathKasun - 6/15/16 at 7:43am
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
post #208 of 241
Quote:
Originally Posted by enorbet2 View Post

The reason I am even interested in doing this, is because most of the computers that come to me for repair, are inundated with viruses and malware, and this is typically the cause of the user's unhappiness with their computer. A linux distro will pretty much put a stop to all of that, and without the need for constant updates and patches like a windows machine would need in order to fend off all of this.

Why do they get the infection in the first place? Social engineering or genuine software vulnerability?

If your clients get infected because they clicked on the latest and greatest free movie downloader or make-money-at-home client, don't be surprised when they come to you because what they click on no longer work.
post #209 of 241
Quote:
Originally Posted by KarathKasun View Post

I pretty much agree with you there, and that's why most consumers use Windows. They are too lazy to RTFM, They just want it to work. Linux needs an idiotproof distro, its not there yet.

the idiotproof distro is Android, although Google has treated it more like a means to an end (trojan horse for Google services) but still the JVM acts as a decent security shim and porting over utils from Linux is made very easy by Android Studio, which greatly simplifies being able to slap a front-end on and make advanced security tools accessible to end users
Black & Green
(12 items)
 
Dev Box
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T ASRock 970 Extreme3 Gigabyte GTX 750 Ti mushkin Blackline PC-12800 DDR3 
Hard DriveCoolingOSMonitor
Samsung 850 EVO Cooler Master Hyper 212 EVO Debian -nosystemd- LG Flatron 
KeyboardPowerMouseAudio
MechanicalEagle Z-77 Corsair CS650M Kinzu V2 Pro Asus Xonar Essence STX 
CPUMotherboardRAMHard Drive
Core2 Duo E7400 Asus P5Q Hyper-X  Sandisk 
OSPower
Fedora 22 Thermaltake 650W 
  hide details  
Reply
Black & Green
(12 items)
 
Dev Box
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T ASRock 970 Extreme3 Gigabyte GTX 750 Ti mushkin Blackline PC-12800 DDR3 
Hard DriveCoolingOSMonitor
Samsung 850 EVO Cooler Master Hyper 212 EVO Debian -nosystemd- LG Flatron 
KeyboardPowerMouseAudio
MechanicalEagle Z-77 Corsair CS650M Kinzu V2 Pro Asus Xonar Essence STX 
CPUMotherboardRAMHard Drive
Core2 Duo E7400 Asus P5Q Hyper-X  Sandisk 
OSPower
Fedora 22 Thermaltake 650W 
  hide details  
Reply
post #210 of 241
The simplicity of social engineering on Android, however...

Completely taking control of an Android system through remove access is difficult. But you can easily get a lot (from an average Joe) without doing any level of cracking. You only need to get them to click the green button.
Edited by MrKoala - 6/15/16 at 10:21am
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › My questions about linux