Am I free from spywares

[tanmoy_rajguru2005]

I have started using linux for a few days. I know that linux is free from viruses. now what I want to know is it free from spywares? specially those who eat my internet bandwidth a lot. and what about adwares?
if I need any additional software please name those.

[~Phenom~]

yes , no spywares in linux. enjoy.

[mehulved]

Only real threat I know of in linux is getting infected by a rootkit. But, that's a very meagre chance. And these rootkits can't be installed by some script kiddies or such. It requires a decent knowledge of the OS and ways to get into other person's computer.
That doesn't mean there are no viruses or such for linux. But the no. of such malware, as much as I know, can be counted on your fingers. And then the variety of softwares installed on different system makes it difficult to write a malware that can affect different distros or even different machines running the same distro.
In short, with linux the chances of your PC getting compromised are very low but nonetheless, there is a small chance so follow safe computing practices like don't install from unverified sources, run a firewall, beware of phishing attacks which never depend on OS. In a server environment few more security tools are required like tripwire, nessus, etc.

[~Phenom~]

^^ thanx for the info , so any anti root kits ????

[Arsenal_Gunners]

does noone has time to make some sht for linux also?

[mehulved]

chkrootkit, rkhunter and a couple more. Check the repos of your distro.
But, it's better to use such softwares from a live cd. If someone breaks into your system with malicious intent, they maybe good enough to hide the rootkits from your system. But, if you check your filesystem with such tools from a live cd, there's no chance of compromise. But, these tools aren't really worth it. As far as I know, 90% of the time you have to format your computer to get rid of rootkits.
There was a nice discussion about such security measures on gentoo forums. Here's the link http://forums.gentoo.org/viewtopic-t...be3880e39c713d
__________

Quote:

Originally Posted by vimal_mehrotra

does noone has time to make some sht for linux also?

Can you be more clear. I didn't get your question at all.

[~Phenom~]

can the softwares be installed while using live cd???? more importantly , can we connect to net using live cd???
also, what are the indications of our system being affected by rootklits????

[Arsenal_Gunners]

i am trying to say why there are no spywares or less viruses for linux.are people not interested in making viruses for linux?

[mehulved]

Quote:

Originally Posted by ~Phenom~

can the softwares be installed while using live cd????

yeah see puppy linux

Quote:

Originally Posted by ~Phenom~

more importantly , can we connect to net using live cd???

Why not?

Quote:

Originally Posted by ~Phenom~

also, what are the indications of our system being affected by rootklits????

Not so easy to recognise as such. But if you see something really weird going on you can scan for rootkits. But, not every rootkit can always be detected.
Others might be able to give more info on this. I remember eddie and Satissh helping me out with this. They maybe able to add more.

[~Phenom~]

thanx . waiting for satissh and eddie to reply...

[mehulved]

Quote:

Originally Posted by vimal_mehrotra

i am trying to say why there are no spywares or less viruses for linux.are people not interested in making viruses for linux?

There are many reasons. One of course being that linux doesn't have the biggest user base. But, it isn't such a big reason.
Few other reasons I can think of right now are
1. Thorough testing of softwares by huge population
2. Strong *nix framework
3. Great security softwares
4. Insistence on using of non-root account
5. Software installation system which when used judiciously leaves very less chance to install malicious softwares.
6. non-standard systems. unlike windows where there is a set of software that is exactly the same in every user having the same version, in linux there are so many permutations and combinations of softwares, so finding the same setup is very difficult
7. The most important one and the one that is many people take as unimportant - that linux is Open Source. Lots of people never realise that the method of working of FLOSS community makes FLOSS products more secure.
The source code is open. Now many people say that this means that hackers(I know it should rather be crackers, but hackers is what people use) can see the code and easily find vulnerabilities to attack the OS. But, they don't see the fact that there are 1000's of times more people who also scan the code for vulnerability and report it or work upon patching it up. The no. of days it takes to patch up a vulnerability after discovering it is lot lesser than in closed source softwares.
There is no doubt in my mind that the biggest reason why not only linux but other open source operating systems are secure is because of the freedoms they offer.

I will try to find a few links to explain this in a lot better way. Try to understand whatever you can from this for now. Some 'gurus' should be able to explain this nicely.
__________

Quote:

Originally Posted by ~Phenom~

thanx . waiting for satissh and eddie to reply...

Till then read the thread on gentoo forum. It will take some days to go through it fully.

[Arsenal_Gunners]

thanks.being open source has a great advantage

[~Phenom~]

^^ true . me too realised that recently , thanx to people like mehul.

[eddie]

The best way to avoid getting rootkitted is running a firewall, keeping a strong password and closing all of your ports. If you need to keep a few of them open (for example: 631 for CUPS) then keep their access limited to localhost. It is very difficult to rootkit a home PC running nil servers.

How to tell if you've been rootkitted? Well very difficult..the sure shot way is to scan your system using a Live CD which has already been mentioned by Mehul. Another way could be to regularly scan your system logs for any unusual activity. Though, a Pro cracker will leave no footprints but a script kiddie may leave somethings for you to see.

[~Phenom~]

thanx a lot , I have heard that there is a inbuilt firewall in linux "iptables" , is it ON by default or we need to turn it ON , if yes how ??? how to check which ports are open , how to close them and which among those to close them , should I close them all except 8080 and 21 that is http and ftp????
is there any LIVE CD which have anti root kit preinstalled ??? or which live CD will u recommend , i mean which is easy to use ????
I m currently using ubunty edgy installed on system.

[mehulved]

Quote:

Originally Posted by ~Phenom~

thanx a lot , I have heard that there is a inbuilt firewall in linux "iptables" , is it ON by default or we need to turn it ON , if yes how ???

AFAIK, some distros have firewall on some don't. I guess ubuntu doesn't have it on. I don't know much about iptables so can't help here. But there are lots of documents out there and also man pages, which you can refer to.

Quote:

Originally Posted by ~Phenom~

how to check which ports are open , how to close them and which among those to close them , should I close them all except 8080 and 21 that is http and ftp????

Using netstat. That's what eddie had told me, if I remember right, it was

Code:

netstat -atp

Quote:

Originally Posted by ~Phenom~

is there any LIVE CD which have anti root kit preinstalled ??? or which live CD will u recommend , i mean which is easy to use ????

Check any 'Security' Live CD's. I have seen it in hackin9 and PHLAK live CD's. See http://www.livecdlist.com/?pick=All&...ity&sort=&sm=1 and http://www.livecdlist.com/?pick=All&...ics&sort=&sm=1

[~Phenom~]

thanx , will try these and tell u...

[praka123]

Another possibility to save urself from rootkits etc are using SElinux-though not necessary for a Desktop User.
An interesting interview with rkhunter devel:
http://lwn.net/Articles/104380/

[eddie]

Quote:

Originally Posted by ~Phenom~

how to check which ports are open , how to close them and which among those to close them , should I close them all except 8080 and 21 that is http and ftp????

You don't need to keep HTTP or FTP ports open until you are running a HTTP or FTP server on your system. To check which ports are open on your system, install nmap and then issue the following command as root

Code:

# nmap -P0 -O localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2007-01-01 22:40 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1695 closed ports
PORT     STATE SERVICE
631/tcp  open  ipp
3306/tcp open  mysql
No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=4.20%D=1/1%OT=631%CT=1%CU=40114%PV=N%DS=0%G=Y%TM=45994089%P=i686-
OS:pc-linux-gnu)SEQ(SP=C9%GCD=1%ISR=CE%TI=Z%II=I%TS=A)SEQ(SP=CA%GCD=1%ISR=C
OS:E%TI=Z%II=I%TS=A)OPS(O1=M400CST11NW3%O2=M400CST11NW3%O3=M400CNNT11NW3%O4
OS:=M400CST11NW3%O5=M400CST11NW3%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W
OS:4=8000%W5=8000%W6=8000)ECN(R=Y%DF=Y%T=40%W=8018%O=M400CNNSNW3%CC=N%Q=)T1
OS:(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=8000%S=O%
OS:A=S+%F=AS%O=M400CST11NW3%RD=0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
OS:R=Y%DF=N%T=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=
OS:G)IE(R=Y%DFI=N%T=40%TOSI=S%CD=S%SI=S%DLI=S)


Uptime: 0.022 days (since Mon Jan  1 22:08:48 2007)
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 11.488 seconds

You will get output similar to mine. As you can see, I have two ports open on my system. One is for CUPS while the other one is for MySQL server. I have limited access to both these servers to localhost only.

Now what you need to see is what kind of open ports you have on your system. You can close them by turning off the services that keep them opened. Either nmap will report the name of the services or you can google. If you don't get any results on google, post your nmap output here and we will tell you which services are opening which ports.

[mehulved]

You can also install nmapfe that's a GUI frontend for NMAP, if you don't like CLI.