Adam McMaster wrote: > [...] > Installing a rootkit would require the attacker to already have > access, or to have some way of running arbitrary code. No-one's saying > this is impossible under Linux, but rootkits aren't anything special > and their existence doesn't make Linux "as vulnerable" as Windows. > Having said that, I do recommend rkhunter for anyone wanting to check > for rootkits -- I use it on my servers. > > As for being attacked by botnets, what in the default Ubuntu install > would they be attacking? There are no services running...
Hello, Adam. There's a balance to be struck between scaremongering and complacency in the realm of computer security. What concerned me about the discussion going on here was the impression I got from reading it that some people think Unix/Linux is not vulnerable to attack because it's not vulnerable to Windows viruses etc. All you have to do is run a java-enabled web browser on your Linux box and be tricked into downloading a malicious Java applet or application to expose your system to platform-independent attack. For example: http://www.tenebril.com/src/spyware/malicious-java.php It's common sense that as Linux increases in popularity it will be targeted more and more by cross-platform virus and Trojan writers. Many attacks exploit known weaknesses in software such as buffer overflows etc. to gain root access. In my own recent(!) experience, a security weakness in PHP resulted in a botnet attack penetrating my defences. All I was doing was running a website using the TikiWiki PHP-based CMS... Security gaps plugged now, but I can tell you it pays to be vigilant! A good way to attack your own defences is to run a port scan using Gibson Research's ShieldsUP!: http://www.grc.com/ I think it's a mistake to suggest that Ubuntu is 'safe' because there are 'no' services running on it by default. What you probably mean is there are no externally accessible services. All you have to do is use an insecure IRC client to expose your system to attack by botnets, In the end, the simplest thing to do is use a router with a firewall to connect to the internet. It's people who make computers insecure by the way they use them and I'm as guilty of that as anyone else. However, it does help me to know that if I accidentally expose my system to attack there are some defences in place to minimise the damage to my system. Tony. -- Dr. A.J.Travis, | mailto:[EMAIL PROTECTED] Rowett Research Institute, | http://www.rri.sari.ac.uk/~ajt Greenburn Road, Bucksburn, | phone:+44 (0)1224 712751 Aberdeen AB21 9SB, Scotland, UK. | fax:+44 (0)1224 716687 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/