Forgot your password?
typodupeerror
Security Education Linux

Damn Vulnerable Linux — Most Vulnerable Linux Ever 227

Posted by timothy
from the in-context-it's-barely-vulgar dept.
An anonymous reader writes "Usually, when installing a new operating system, the hope is that it's as up-to-date as possible. After installation there's bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different; it's shipped in as vulnerable a state as possible. As the DVL website explains: 'Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop – it's a learning tool for security students.'"
This discussion has been archived. No new comments can be posted.

Damn Vulnerable Linux — Most Vulnerable Linux Ever

Comments Filter:
  • Re:Big deal (Score:5, Insightful)

    by magsol (1406749) on Saturday July 17, 2010 @07:30PM (#32939868) Journal
    Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?
  • Re:Big deal (Score:5, Insightful)

    by keatonguy (1001680) <keaton@prower.gmail@com> on Saturday July 17, 2010 @08:21PM (#32940092)

    Don't be obtuse, he raises a good point. Linux is not infallible and shouldn't be treated as such even in light of it's advantages and the personal support we all have for it. Criticism breeds improvement. Keep that in mind, mods.

  • Re:Or (Score:4, Insightful)

    by maxwell demon (590494) on Saturday July 17, 2010 @08:21PM (#32940094) Journal

    To be fair, if you download run random stuff from the web, your Linux computer isn't too secure either.

  • Re:Or (Score:5, Insightful)

    by tuxgeek (872962) on Saturday July 17, 2010 @09:41PM (#32940408)

    To be fair..
    most malware available for download on the web is designed to be run on windows
    It doesn't do anything much less run in linux

    Windows is such an easy target for exploit and success, it's everywhere and run by every bone-head idiot on the planet
    Linux on the other hand is most used by advanced individuals and can be very difficult to exploit making it a waste of time for the black hats, it can be done, but rarely successful

  • You just know MS is going to count the vulnerabilities in this distro against Linux just like how they count one vulnerability which affects 10 distros as 10 vulnerabilities because 10 warnings get sent out.

  • Re:Big deal (Score:3, Insightful)

    by causality (777677) on Saturday July 17, 2010 @10:11PM (#32940520)

    Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?

    That has since been modded some more and now sits at +4 Funny at the time of this post.

    Had he denigrated Apple or its products, it would have gone down to -1 and remained there.

  • Re:Big deal (Score:5, Insightful)

    by causality (777677) on Saturday July 17, 2010 @10:39PM (#32940606)

    Don't be obtuse, he raises a good point. Linux is not infallible and shouldn't be treated as such even

    Did it occur to you that the more experienced/advanced/technical users who tend to gravitate towards Linux are very much aware of this, that they administer their systems accordingly, and that this is in fact a big reason why successful malware "in the wild" is all but unheard-of on this platform? Compare to "buy the next version of Windows, it's easier and more secure than ever!" that carries the strong implication of "oh, security is someone else's problem". Not noticing or appreciating that difference would also be obtuse.

    What I am getting at is that there are both technical and cultural differences between the two platforms.

  • Re:Or (Score:5, Insightful)

    by bigstrat2003 (1058574) * on Saturday July 17, 2010 @10:53PM (#32940668)

    That's not the point. The point is that even if OS security were perfect, there would still be machines which were completely fucked. No amount of OS security will stop the user from wanting free kitten screen savers.

    This doesn't excuse vulnerabilities that do exist in operating systems, but since Co0Ps specifically mentioned that he/she was actively agreeing to download certain pieces of malware, it bears mentioning.

  • Semi-dupe (Score:5, Insightful)

    by Improv (2467) <pgunn@dachte.org> on Saturday July 17, 2010 @11:11PM (#32940724) Homepage Journal

    This was in the list of "most interesting linux distros" posted here maybe two weeks ago. Sigh.

  • by jellomizer (103300) on Sunday July 18, 2010 @12:11AM (#32940898)

    Yes the random poke at Microsoft...
    Lets stay blind dumb and happy with our Linux.

    Linux isn't any more secure then Windows is. However Linux users like to get bragging rights because they release fixes to security glitches fixes (a good thing) much faster then Windows does. However security patches isn't the only thing...

    Usually the reason for most Vulnerabilities in Windows is due to stupid Administration. Being that windows is easier to maintain by the average joe, means that a lot of Windows Server Networks are being administered by people who really don't have any rights administering a network. Having Poor Security procedures, buzzword based security settings, Firewall with holes.

    Linux users are either the Old time Unix administers or people who actually think about technology as a bit more of a means to an end, actually on the average are at least bit better then the laimo Windows Server non-administrators.

    However Linux is still quite vulnerable. Updates may not be run as often as they should, legacy code needing older versions of software to run. The fact that they think they are immune makes sure fixing these problems are a less of a priority.

    I have seen man Linux Systems hacked into more then I have seen windows systems, why because the administrators of the Linux systems were Lazy and bought into the fact that Linux is SO MUCH MORE SECURE THEN WiNDOWS and let the Servers Run Bragging about their huge uptimes while it keep on getting rooted. Yes the times I have seen Windows get compromised it is often a bigger problem then when it happens to Linux, as windows vulnerabilities make it more possible to spread viruses across the unsecured intranet.

    But the moral of this post is. Don't put your faith in the software for security, Keeping a secure network is up to a human hopefully they are skilled to keep it secure.
     

  • Re:Big deal (Score:5, Insightful)

    by CAIMLAS (41445) on Sunday July 18, 2010 @01:15AM (#32941078) Homepage

    Criticism, even if inaccurate?

    You can still run a multiple-year-old and barely-updated Linux distro on a public network and not fear being exploited. Sure, it can happen, but I'll be honest in saying the only times I've seen a Linux machine exploited was when it was horribly out of date (2.0 kernel in the early 2.6 kernel days) and was running samba... on a public network. That said, the exploit employed was over 6 months old at the time when the machine got exploited.

    Unless you're running a PHP based CMS or the like, it's pretty uncommon for a Linux machine to get exploited. PHP = bad.

  • Re:Or (Score:5, Insightful)

    by rsborg (111459) on Sunday July 18, 2010 @02:35AM (#32941256) Homepage

    That's not the point. The point is that even if OS security were perfect, there would still be machines which were completely fucked. No amount of OS security will stop the user from wanting free kitten screen savers.

    You know, I'm going to get flamed to hell and back for this, but if you download (ie, buy a free app of) free kitten screensavers in iOS, you will likely have no security impact to your device... some (lots of) folks just can't be trusted outside walled gardens, and that's why Apple is doing so well.

  • by kolbe (320366) on Sunday July 18, 2010 @03:00AM (#32941304) Homepage

    At my last job, the "boss" was too cheap to purchase a descent VPN solution (I later convinced him to buy a Cisco ASA5520), so I deployed a series of IPCop servers... one as a firewall and one as a VPN server. Between the firewall and VPN Server I had fronted an old Pentium 2 based Windows 2000 server in the DMZ to give the appearance that an attacker, had they gotten through, would have figured they hit the "honeypot". I ran this configuration for almost a year and had one attacker get through because I had not patched my IPCop firmware soon enough to cover a LAMP exploit running on it, but they none the less only stopped at the Windows 2000 server and loaded a bunch of mail relays on it. One quick re-format, an IPCop patch, and some E-mails to SORBS and I was good to go again.

    Distributions such as Damn Vulnerable Linux will not only help students, they will be a great asset to SMB's wanting something to do front similar topologies as mine to keep the bad guys out. I am sure there are other uses for DVL out there.

    Good job DVL team!

  • Re:Or (Score:4, Insightful)

    by Co0Ps (1539395) on Sunday July 18, 2010 @05:36AM (#32941596)
    I have to disagree. If an OS had good security, just running an executable should not give it permission to disable system configuration and mess with system files. In XP if you had an administrator account (everyone did), even screensavers had full permissions. Yes, I surfed on possibly-malicious sites and opened possibly-malicious executables. After that, trying to open task manager gave me "Permission Denied". Also, If an OS has a PERFECT security model (which Linux hasn't), everything should be run sandboxed. In such an OS, you shouldn't be afraid of installing potentially malicious software, just like you're not afraid of visiting web pages with a secure web browser.
  • by Risen888 (306092) on Monday July 19, 2010 @03:04AM (#32947970)

    Being that windows is easier to maintain by the average joe

    Obviously it is not. It is easier to fuck up. That's a different thing altogether.

  • Re:Or (Score:1, Insightful)

    by Anonymous Coward on Monday July 19, 2010 @10:25AM (#32950692)

    That's not the point. The point is that even if OS security were perfect, there would still be machines which were completely fucked. No amount of OS security will stop the user from wanting free kitten screen savers.

    You know, I'm going to get flamed to hell and back for this, but if you download (ie, buy a free app of) free kitten screensavers in iOS, you will likely have no security impact to your device... some (lots of) folks just can't be trusted outside walled gardens, and that's why Apple is doing so well.

    You can't download free kitten screensavers in iOS.

    It's against Apple's guidelines for published apps in the App Store.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...