Re: virus on linux?

To: debian-user@lists.debian.org
Subject: Re: virus on linux?
From: Allen <GedankeZauberer@comcast.net>
Date: Tue, 1 Dec 2009 06:45:18 -0500
Message-id: <[🔎] 200912010645.18340.GedankeZauberer@comcast.net>
In-reply-to: <[🔎] 4B14CBC7.2040508@utu.fi>
References: <[🔎] 46688cb90911302323r5b945b50we311d0624a51065@mail.gmail.com> <[🔎] 4B14CBC7.2040508@utu.fi>

After all the help I've received on here I finally get to give some heh:

On Tuesday 01 December 2009 02:54:47 am Juha Tuuna wrote:
> abdelkader belahcene wrote:
> > Hi,
> > I am asking if there is a virus on my machine how to detect it.
>
> Try scanning with Clamav

This is a good idea if you're worried about this for some reason, but in 
almost a decade I've not once worried too much about a virus or much else on 
any machine I have running Linux or BSD. The reason I don't worry is that 
first, I install security fixes. I run this about twice to three times a day:

apt-get update && apt-get upgrade

That takes care of security patches, but no one stops there and thinks it's 
fine. I also watch the sites I go to. Not as much as I do in Windows, but the 
web browsers I use, I've customized. I don't allow Javascript to do much 
which is a small thing, but I also pay attention to my machines.

I don't run anything as root except apt-get, and I have multiple user accounts 
for myself, so just in case, I can wipe an account, and start fresh. If you 
install all the security patches, and you have AV scanners for Linux, and 
you're careful, it's REALLY hard to have a problem.

>
> > the command ps aux  gives all  running processes, all really all? or it
> > may be a hidden process running on background.
>
> There might be a hidden process using rootkit techniques. For rootkits, try
> chkrootkit, rkhunter and unhide.

Correct. A rootkit, or someone with the skill to do Kernel coding can easily 
fool those tools, but they always leave a trace. The stuff I said to try 
above, grows into checking log files. If someone did something, they almost 
always leave a trace of some sort. Check logs, learn what's normal, and when 
you see someone logging in to your machine, well, did you tell them it was 
OK? Did you set up a server they were simply using? Or were they running 
stuff and trying to log in a lot? A lot of log ins could be a few things but 
when you see an IP that isn't yours trying to get in as root, copy the IP, do 
a whois on it, and send their abuse department an email and some logs.
>
> > Until now, I considered that a virus doen't affect a system if you work
> > as simple user,
> > and can't damage system without root permission, am I right,  or virus
> > can get root privileges ??

> A malware program can get root access via a security hole in the system.
> One reason to install security updates frequently.

If you're totally patched up, and you take simple precautions, there's very 
little risk.

> > another thing on linux, the program can't run if it not executable, it
> > must have the "x" permission, if we copy a file normally it looses the x
> > permission.
> > This is what I believe up now, am I right??
> > thanks for help
> > bela

For this and the below text, yes, you should watch what you're doing. Now, 
Perl says you need to make the .pl file executable with chmod, but that 
doesn't mean you have to do it on every little thing.

Did you by chance maybe download something you weren't sure about and think 
that's why you're infected with something? Or have you maybe had weird things 
happen while online? I'm curious as to why you're seeming to think you've 
infected your machine. By the way, if you scan with ClamAV, just remember 
that it also looks for Windows Viruses that may not be able to infect you at 
all in the first place.

Linux and BSD viruses are so rare that the AV software for Linux and BSD, 
generally look for Windows viruses so you don't accidentally infect a friend 
running Windows, or, they can be used on a mail server to prevent the same 
thing. So if you scanned and found a Windows Virus, it's not that you're 
infected, think of it like a "carrier" lol. And obviously, take the 
appropriate precautions.

Anyway, did something happen that worried you? Or are you more or less just 
curious as to how it works?

> Usually yes but some interpreters (like php and perl) run scripts without
> the execute bit set.
>
> --
> Juha Tuuna

-- 
http://www.myspace.com/farmacyofhorror
Digital Horror Punk - Music I make! All done with LMMS
All done with Linux and FreeBSD

Reply to:

Follow-Ups:
- Re: virus on linux?
  - From: Alex Samad <alex@samad.com.au>

References:
- virus on linux?
  - From: abdelkader belahcene <abelahcene@gmail.com>
- Re: virus on linux?
  - From: Juha Tuuna <juha.tuuna@utu.fi>

Prev by Date: custom post-install hook for specific package?
Next by Date: pppd
Previous by thread: Re: virus on linux?
Next by thread: Re: virus on linux?
Index(es):
- Date
- Thread