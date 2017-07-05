Become a fan of Slashdot on Facebook

 


Linux Is Not As Safe As You Think

Posted by BeauHD
BrianFagioli writes via BetaNews: Would you be surprised if I told you that threat methods for Linux increased an astonishing 300 percent in 2016, while Microsoft's operating systems saw a decrease? Well, according to a new report, that is true. Does this mean Linux is unsafe? No way, Jose! There are some important takeaways here. Microsoft's Windows operating systems are still the most targeted platforms despite the year over year decline -- far beyond Linux. Also, just because there is an increase in malware attack methods doesn't necessarily mean that more systems will be infected. Let us not forget that it is easier to find a vulnerability with open source too; Microsoft largely uses closed source code. "At the end of November, criminals with other variants of the same Linux malware unleashed devastating attacks against DSL routers of Telekom customers. 900,000 devices were taken down. In October, the Mirai code appeared freely available on the Internet. Since then, the AV-TEST systems have been investigating an increasing number of samples with spikes at the end of October, November and beginning of December," says AV Test of the Mirai malware. "Other Linux malware, such as the Tsunami backdoor, has been causing trouble for several years now and can be easily modified for attacks against IoT devices. The detection systems of AV-TEST first detected the Tsunami malicious code in the year 2003. Although, at that time, practically no IoT devices existed, the Linux backdoor already offered attack functions which even today would be suitable for virtually unprotected attacks on routers: In this manner, Tsunami can download additional malicious code onto infected devices and thus make devices remote controllable for criminals. But the old malware can also be used for DDoS attacks. The Darlloz worm, known since 2013, as well as many other Linux and Unix malware programs, have similar attack patterns which AV-TEST has been detecting and analyzing for years."

Linux Is Not As Safe As You Think

  • Ponderosa Puff (Score:4, Funny)

    by Spy Handler ( 822350 ) on Wednesday July 05, 2017 @07:25PM (#54752067) Homepage Journal

    didn't take no guff
    water ought to be clean and free
    so he fought the fight and he set things right
    with his openBSD

  • slashdot is not as safe as you think!!

  • Of course is it really the fault of the operating system when the PUBLISHER'S WEBSITE is hacked and contaminated distros have to be downloaded for it to work?

    • Re: (Score:1)

      by Anonymous Coward

      Well yeah, of course it's that open sores stolen software's fault. If you bought it on a CD like any God-fearing capitalist, you'd have been safe, but no, you went and downloaded it without paying for it like some sort of Satan-loving communist.

  • Baby Timmy grew 300% but Uncle Bob shrunk 5%. Who is bigger?

  • Fuchs ache! (Score:3)

    by Epsillon ( 608775 ) on Wednesday July 05, 2017 @07:33PM (#54752127) Journal
    This isn't a "Linux problem," it's a "proprietary vendors using Linux and not passing on patches in a timely manner because money problem."
    Linux is exactly as safe as I think it is, though. That's why I'm careful to lock it down just as I would any other system.

  • Not a level comparison (Score:1)

    by Anonymous Coward

    The DSL router issue was /that/ distro, not linux as a whole. That's like lumping Adobe Flash issues in with WinXP issues.

  • isn't as Slashdot as you think.

  • Thank you IoT (Score:3)

    by grilled-cheese ( 889107 ) on Wednesday July 05, 2017 @07:36PM (#54752149)
    Thank you IoT vendors who don't maintain their devices for creating a breeding ground of consumer-grade security holes. Let us all pray that these widgets aren't internet facing in some way and that the consumer grade routers are sufficient at keeping external attack vectors to a minimum. There isn't much we can do for consumers who like to click on internet candy to infect themselves.

  • Compared to what? (Score:1)

    by Anonymous Coward

    Stupidest story ever.

  • this is like saying (Score:3)

    by cas2000 ( 148703 ) on Wednesday July 05, 2017 @07:50PM (#54752249)

    that a particular brand of car can be stolen easily if you leave them parked on the street with the door open and the keys in the ignition.

    because that's what router and IoT etc manufacturers did with default passwords and backdoors and generally undermining security for the sake of convenience (mostly their own convenience, not their customers')

  • Nobody will ever hack CP/M
    Nobody will ever hack MS-DOS
    Nobody will ever hack Windows
    Nobody will ever hack Macintosh OS (iOS)
    Nobody will ever hack.

    Security is not the same as obscurity.

  • What is the percentage of security problems that systemd bugs (or are those 'features'?) [slashdot.org] are responsible for?

  • Potential (Score:3)

    by chill ( 34294 ) on Wednesday July 05, 2017 @08:13PM (#54752391) Journal

    Linux, unlike Windows and Apple's iOS, *can* be made much more secure with a little bit of effort.

    How? By not using monolithic kernels that support every device in creation, and stripping the kernel down to what is installed on the system -- especially with things like IOT devices. If it isn't installed, it doesn't need patched, it can't break, and it can't be exploited.

    Ditto for added software and apps. Take a look at many of the Linux-based router firmwares out there, both sold by commercial vendors and FOSS projects, and you'll see attempts to compete with high-end Cisco feature sets for home or small business use.

    Having that available is great! However, turning all of that on by default, and user thinking they should get something not because it suits their needs but because it supports 10,000 features, gets you a complex, insecure mess.

    With Microsoft and Apple you can't remove many of those features. The company controls it and, Enterprise customer with a decade experience or not, you will damn well have Telemetry and like it! And dozens of other "features" that you'll never use, don't want, and just are waiting to get exploited.

    Linux gives you the ability to shape much of your own system, including making it much more secure than a run-of-the-mill device. Whether or not you take the time and effort to do that is up to you.

    I've seen way to many Linux-based routers and gadgets that are exposed to a network and still have default admin passwords to blame "Linux" for security headaches.

  • Bad Assumption (Score:3)

    by Zero__Kelvin ( 151819 ) on Wednesday July 05, 2017 @08:13PM (#54752393) Homepage
    They have no idea what I think.
  • Almost all the major infections, back-doors and security problems are the result of the userland, improper implementation of the kernel, bad firmwares, lack of security knowledge, improper development, sloppy implementation and etc... etc... etc..

    To say Linux is more insecure then Windows, means that the kernel, as released by Linus, and nothing else, is insecure. Well some security issues are discovered residing in the kernel, almost all other attacks and vectors have nothing to do with the base release

  • Please compare apples to apples...

    >"At the end of November, criminals with other variants of the same Linux malware unleashed devastating attacks against DSL routers of Telekom customers. 900,000 devices were "

    How many routers run MS-Windows?

    > "Other Linux malware, such as the Tsunami backdoor, has been causing trouble for several years now and can be easily modified for attacks against IoT devices."

    How many IOT devices run MS-Windows?

    Routers and IOT devices are notorious about having crappy firmware

  • 3-4 days ago I posted a comment to the same effect. Got modded down to -1 Troll, Offtopic, and a couple other things you don't want to be modded for.

