Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › How safe is Ubuntu?
New Posts  All Forums:Forum Nav:

How safe is Ubuntu? - Page 5

post #41 of 97
Quote:
Originally Posted by chemicalfan View Post
Doesn't stuff like SELinux and AppArmor help defend against exploits?
yeah but they end up more annoying than helpful for an experienced user... BUT they are worth having if you are worried about it
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
post #42 of 97
Quote:
Originally Posted by chemicalfan View Post
Doesn't stuff like SELinux and AppArmor help defend against exploits?
For a large part, yes. This article is a somewhat dated AppArmor vs. SELinux showdown. Of course, a couple of years ago Novell laid off everyone who was working on AppArmor. I have no idea who, if anyone, is maintaining it.

Quote:
Originally Posted by randomizer View Post
Not unless you give it execute privileges. User error is largely the reason for the spread of malware on any platform Always RTFS
Stop blaming me!
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
post #43 of 97
Hi guys

Welcome to Ubuntu. Hope you enjoy your stay. I can see you guys are windows users and probably been using it since windows 3.1

No you really don't have much to worry as far as virus/spyware problems where Ubuntu is concerned. Just be careful to avoid running services if you don't need them. That sort of thing. Spyware? You really shouldn't have to worry. The only thing to keep an eye out for is maybe the odd phishing scam, you know, someone sending you an email asking you to click a link and then validate an account password, that sort of thing. Also, just be careful to install packages from trusted sources only, keep your system up to date with apt and you should be fine.

Email hacks are easily done when your password reset is sent to another email.
Lot of people use a old flimsy email acount as backup where they password gets sent with a password created in the days where 123456 were still a safe password. As times moved on they forgot to change the password but use the same email as backup. Which in the end means in some cases your whole privacy and sometimes financial security relies on that flimsy email box of gala.ru or wapmail.crapmail.com. So watch out for that
post #44 of 97
well, honestly, i can't say how your hotmail acct got hacked... someone might have brute-forced it or M-I-M you at some point. i wouldn't count on your "school network" to be secure... they are often not. Universities use to get hacked all the time... that's why a lot of older IT security folks have backgrounds as IT people from universities. If your "school" is a high school, I would have even less confidence of it being secure.

Ubuntu is about as secure as any modern OS... it also depends on how you configure it, what programs you've installed, and how you use it. The operating system is just a tool... use it incorrectly, and you'll have problems.

although, one of the posters above makes a good point in that most of the script kiddie hackers out there seem to still be more interested in the Windows platform than they are about Ubuntu or Linux in general. don't get me wrong, there are plenty of exploits available for vulnerabilities found in many Linux based OSes.

if your hotmail got hacked, and you were using a really good password, then I might worry about having malware or trojan. but honestly, if you had a crappy password (often the case) i wouldn't be surprised if someone just brute-forced it.

use strong passwords, be security concious (don't visit rogue sites, don't click on **** you don't know, don't accept SSL/TLS websites that have bad certificates unless you know for sure 100% it is ok to accept, etc.), follow some procedures online to secure your OS (whatever it is, Ubuntu or otherwise) and you're not likely to get hacked.
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
post #45 of 97
Quote:
Originally Posted by error10 View Post
Of course, a couple of years ago Novell laid off everyone who was working on AppArmor. I have no idea who, if anyone, is maintaining it.
There's several people still maintaining it. I hang out in the AppArmor IRC channel and chat with them from time to time. IIRC, at least one or two of them work for Canonical directly.
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #46 of 97
Quote:
Originally Posted by Klue22 View Post
Ubuntu has a very small percent of the market share. Technically speaking it isn't really much safer than windows, but its so obscure that no smart hacker is going to try to exploit it. Ask yourself, 'if you were a hacker, would you make a trojan for 10,000 PCs, or 30 million? I would guess that somebody just blindly guessed your password or your recovery questions.
Not entirely true, Linux systems handle permissions far better than windows. Windows has recently been trying to get better by creating UAC, but it's still not the same. Even if Ubuntu were more popular than Windows, it would still have better security just based on this alone. Plus, no registry..
Edited by W4LNUT5 - 4/23/11 at 7:23am
    
CPUMotherboardGraphicsRAM
I5-2500k 4.8Ghz @ 1.38v Z68X-UD4-B3 PNY 480 8GB Dominator 1600's 
Hard DriveOptical DriveOSMonitor
Intel 510 + 300GB Velociraptor LG DVD RW Server 2012 HP 25" + HP 20" 
KeyboardPowerCaseMouse
Deck Legend TX850W XClio Coolbox Mamba 
Mouse PadAudio
Dolica HD550's 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
I5-2500k 4.8Ghz @ 1.38v Z68X-UD4-B3 PNY 480 8GB Dominator 1600's 
Hard DriveOptical DriveOSMonitor
Intel 510 + 300GB Velociraptor LG DVD RW Server 2012 HP 25" + HP 20" 
KeyboardPowerCaseMouse
Deck Legend TX850W XClio Coolbox Mamba 
Mouse PadAudio
Dolica HD550's 
  hide details  
Reply
post #47 of 97
Quote:
Originally Posted by Cheetos316 View Post
Newb Ubuntu user here.

I've been running Ubuntu 10.04 for a few months now and am very happy with it, but my hotmail account recently got hacked (sent out a lot of spam to my contacts and deleted all of my emails ). Now I'm concerned. Is it possible that I have some kind of trojan or malware on here or is it an external hack? The only other time I check email is at school but I figure my school's network should be safe....

Is there anything I can do to check if my machine has been compromised?

Thanks!
This is not likely a flaw with Ubuntu or even a local security issue on your end at all. It is a Hotmail problem. I visit a lot of computer security forums and I know a lot of people have been *****ing lately about Hotmail sending out spam to their contacts. Just because someone is sending out spam with what appears to be your e-mail address does not mean your computer is compromised.

Really, most of this is beyond our control. E-mail addresses are inherently very easy to spoof. The SMTP protocol does not have any authentication built-in so anyone can make an e-mail look like it was sent from whitehouse.gov. If I were you I would look at the source (headers) of one of these e-mails and see if the sending IP is the same as your IP. If it's not then someone has either broken into your hotmail account (gotten the password somehow) or simply spoofed the e-mail header with your address.
Edited by thiussat - 4/23/11 at 7:38am
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #48 of 97
It is possible you have some trojan... it doesn't sound like something that requires admin rights, so it shouldn't cause any happy stuff to happen. It's very unlikely though - it would have to target you specifically. Linux trojans aren't very common.

What you should be asking is - How safe was my password?
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
Reply
Akiyama Mio
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6420 @ stock, 0.98v Asus P5N-E SLI Gainward GTX 460 1GB @ 800/1600/1900 2x2GB Kingston @ 800MHz 5-5-5-15 2T 
Hard DriveOptical DriveOSMonitor
WD 250GB, 320GB SATA/3, 16MB Cache, Seagate 1TB LG GSA-H62N 18x SATA Ubuntu 9.10 x86 & Win7 x86 Asus VW222U 
KeyboardPowerCase
Logitech Classic Corsair 650HX NZXT Apollo Black 
  hide details  
Reply
post #49 of 97
Quote:
Originally Posted by W4LNUT5 View Post
Not entirely true, Linux systems handle permissions far better than windows. Windows has recently been trying to get better by creating UAC, but it's still not the same. Even if Ubuntu were more popular than Windows, it would still have better security just based on this alone. Plus, no registry..
I'm a long time Linux user and a big fan of Linux and Unix systems. But I think you are mistaken if you think Unix/POSIX file system permissions is more advanced than what Windows NTFS can do. NTFS is by FAR a more advanced permissions control system than POSIX file permissions. Even when you add POSIX ACL capability, NTFS provides more flexibility in terms of permission controls. That's the technical side of it at least....

In reality, and in practice, the problem is that POSIX file permissions are easy, even though they are less flexible and they have a longer history of separating root/administrator from users. NTFS has the disadvantage that it is complex and harder to configure securely because it has so many options. Add on top of that, the history and legacy that it had to follow Windows 98 and the permission control system of FAT/FAT32 (or lack of). This resulted in Windows NT/2K/etc having insecure default settings/permissions... even though the technology was more advanced. It's like having the state-of-the-art security lock on your door, but leaving the door unlocked and wide open all the time.

It was mostly due to the capabilities of NTFS (and the audit features in WinNT) that allowed Windows NT in the mid 90's to achieve a C2 security rating based on the US DoD security standards. Linux with ext2 and basic POSIX permissions wasn't even close back then....

As far as UAC stuff, the Linux/Unix equivalent would be sudo or su... and neither of those are really great solutions from a security standpoint. It is why those programs have to be setuid root, which is what really allows it to escalate permissions. If you ever take a course on hacking Unix systems for local privilege escalation, you'll know that the 1st targets are all the setuid root binaries.

In any debate about security of operating systems, you have to put it into context.... history aside, most of the modern operating systems have the capability to be very secure. The problem is usually because of people/politics/etc.... who either choose (for convenience or unwillingness to change) to be insecure or are ignorant on how to configure their OS and applications to be secure.
Edited by BLinux - 4/30/11 at 12:48am
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
post #50 of 97
Quote:
Originally Posted by BLinux View Post
In reality, and in practice, the problem is that POSIX file permissions are easy, even though they are less flexible and they have a longer history of separating root/administrator from users. NTFS has the disadvantage that it is complex and harder to configure securely because it has so many options. Add on top of that, the history and legacy that it had to follow Windows 98 and the permission control system of FAT/FAT32 (or lack of). This resulted in Windows NT/2K/etc having insecure default settings/permissions... even though the technology was more advanced. It's like having the state-of-the-art security lock on your door, but leaving the door unlocked and wide open all the time.
Quote:
Originally Posted by W4LNUT5 View Post
Not entirely true, Linux systems handle permissions far better than windows. Windows has recently been trying to get better by creating UAC, but it's still not the same. Even if Ubuntu were more popular than Windows, it would still have better security just based on this alone. Plus, no registry..
/confused

Quote person
Say they're wrong
Have long post that confirms their point, but with more detail
???
Profit

The tech behind the security is no good if it's not used. So, even though NTFS might be technically more secure, Linux appears to be better at effectively using the security at it's disposal.

So, essentially, although Windows has the potential to be more secure, it's not. Right?
Edited by Bluescreen_Of_Death - 4/30/11 at 6:42am
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › How safe is Ubuntu?