Linux security - Is Linux getting to big?

I read this article, 'CommsDesign - Linux and Security: Mission
Impossible?' (http://tinyurl.com/yjfnqqa) and it brings up some good
points. With the kernel being at about 11 million lines of code, it is
becoming unmanageable, and thereby more vulnerable. 

Anyway, I found it an interesting read. Don't think I agree with all
his points.


-- 
'
' (http://thecompletecomputerresource.com/)
------------------------------------------------------------------------



0
Jonathan
10/25/2009 1:46:02 AM
opensuse.org.general 2244 articles. 0 followers. Follow

5 Replies
877 Views

Similar Articles

[PageSpeed] 0
Get it on Google Play
Get it on Apple App Store

Jonathan_R;2055270 Wrote: 
> I read this article, 'CommsDesign - Linux and Security: Mission
> Impossible?' (http://tinyurl.com/yjfnqqa) and it brings up some good
> points. With the kernel being at about 11 million lines of code, it is
> becoming unmanageable, and thereby more vulnerable. 
> 
> Anyway, I found it an interesting read. Don't think I agree with all
> his points.

Ha! Too funny! 11 million lines of code for a kernel is very light now
adays! Windows Vista uses over 29 million lines of code for the basic
and 38 million lines of code for the kernel under ultimate. Linux Kernel
developers should be applauded! 

The article suggests that with that many lines of code and the
frequency of revisional changes it must be unmanageable. I would
therefore contend that maybe M$ and Mac which are both considerably
larger OS's with a much smaller programmer base than worldwide Linux has
would fall under more direct concern.

The article goes on to point out that there is need for concern over
some 5000 to 10000 Kernel failings. Interestingly, they make bold
statements without factual examples or support. True the kernel fails
under various specific formats, but I guess they can squawk and ignore
all the Windows crashes plaguing almost every user at one time or
another.

Yes we all need to be concerned about security of system in use
everywhere. Question is though, how much is due to user/IT configuration
issues, and how much is from either current vulnerabilities or new
threats?

IMHO I'll stick with Linux far more likely than to use the well known
buggy unsecure M$ alternative.


-- 
When your up to your a** in Alligators it's pretty hard to remember you
intended to drain the swamp (author unknown)
------------------------------------------------------------------------
techwiz03's Profile: http://forums.opensuse.org/member.php?userid=30718
View this thread: http://forums.opensuse.org/showthread.php?t=424105

0
techwiz03
10/25/2009 12:36:02 PM
It's the new hype. They have read Linux Torvalds saying something about
the kernel becoming too big, did not read on to read him say that
thinking that is one thing, knowing it's unavoidable (yet) another. The
overall tendency is that it's fashionable to make a big issue out of
linux security..
From everyday real world: the vast majority of webservers are linux
systems, for just one reason: security.


-- 
- AMD Athlon X2 6.0 GHz, 8 GB DDR2-800, 30 GB SSD, 1.5 TB, EVGA 9800GT,
openSUSE 11.2 RC1 KDE4 4.3.2
- ASUS K70IO laptop, GT120M-1GB, 4 GB, 64 GB SSD, opensuse Factory,
KDE4 4.3.2

There's one in every cloud...So leave the cloud in peace.
------------------------------------------------------------------------
Knurpht's Profile: http://forums.opensuse.org/member.php?userid=783
View this thread: http://forums.opensuse.org/showthread.php?t=424105

0
Knurpht
10/25/2009 12:56:01 PM
Well, I guess its healthy to keep looking at these things.

I see someone, through a bit of effort, finally managed to get a virus
run under wine better than they have in the past:   'I Can Haz Virus'
(http://blog.opensourcenerd.com/i-can-haz-virus)

To stop the virus completely, they had to kill Wine.  Although given
most of us have very few windows apps running under wine, I suspect
thats NOT a big issue.  Its also very easy to keep a clean backup of
one's .wine directory.

To get this virus to run under wine, Firefox tried to stop the user 3
times before they even saw the infected file.  Then they had to
downloaded it, and run it manually under wine as a regular user. To do
the amount of harm they would have to run it under wine with root
permissions (who would every do that ? ).  The virus would then proceed
to do its "evilnesses", but of course it could be killed just as easily
by removing the infected .wine.

So the virus would be limited to wine apps, and would have a hard time
propagating, ... but goes to show, if nothing else, that wine is getting
better and better at allowing Windows apps to run. :)


-- 
oldcpu
------------------------------------------------------------------------
oldcpu's Profile: http://forums.opensuse.org/member.php?userid=77
View this thread: http://forums.opensuse.org/showthread.php?t=424105

0
oldcpu
10/25/2009 1:06:01 PM
Oldcpu, your conclusion made my day, seeing virusses as an improvement
of wine.


-- 
- AMD Athlon X2 6.0 GHz, 8 GB DDR2-800, 30 GB SSD, 1.5 TB, EVGA 9800GT,
openSUSE 11.2 RC1 KDE4 4.3.2
- ASUS K70IO laptop, GT120M-1GB, 4 GB, 64 GB SSD, opensuse Factory,
KDE4 4.3.2

There's one in every cloud...So leave the cloud in peace.
------------------------------------------------------------------------
Knurpht's Profile: http://forums.opensuse.org/member.php?userid=783
View this thread: http://forums.opensuse.org/showthread.php?t=424105

0
Knurpht
10/25/2009 1:16:02 PM
The more one learns about Linux, the more I suspect one can comprise
Linux via a combination of Trojan horse methods.  The trick is initially
penetrating one's system, and then hacking further.

A couple weeks ago, someone was successful in hacking my 83-year old
mother's password on Facebook via a phishing attack.  They did this by
sending her an email with a note that there was a post for her on
facebook, with a Link for her to sign in. Even though I hold told her to
always ignore such emails, she clicked on the link, and was taken to a
page that looked like the facebook log in page and asked for her
username and password for facebook. She entered it, and they then had:     
- her ip address
- her facebook user name
- her facebook password 
Her friends started complaining about Facebook posts from her, and
Facebook eventually discovered her account had been hacked, and
suspended it, forcing her to reopen with some special questions.

But I was then immediately worried that her Linux PC could have been
hacked because they had her "ip address".  Turns out she used the same
password on facebook as she did on her PC (a mistake). Fortunately her
user name was different, although not that different.  It was possible a
clever bot could have guessed her PC user name, based on her facebook
user name.

Hence a bot could have hacked into her PC via ssh with that
information.

I immediately got paranoid as soon as I heard of this, and I logged
into her PC in Canada from here in Europe (via ssh/vnc) and checked her
logs and such for suspicious activity. I also changed her passwords.  I
also had her change her HotMail password.

What concerned me was someone could put a clever batch file called
"passwd" under /home/mothercpu/bin such that any command to change the
"passwd" for root or for a regular user would be intercepted as soon as
"passwd" was run. The batch file could then clean itself up and further
launch a root kit, with root permissions. And her Linux PC would then be
totally compromised, with a re-install being necessary to repair.  

Now thats a rather obvious hack, but IMHO it could succeed in
compromising the PC of an 83-year old grandmother, where with me in a
different continent would mean it is very difficult for me to help.

Fortunately I found no nefarious activities, ... but it did give me
pause for thought.


-- 
oldcpu
------------------------------------------------------------------------
oldcpu's Profile: http://forums.opensuse.org/member.php?userid=77
View this thread: http://forums.opensuse.org/showthread.php?t=424105

0
oldcpu
10/25/2009 1:26:01 PM
Reply:

Similar Artilces:

How to get linux 12.5.2 for linux ?
How to get linux 12.5.2 for linux ? thanks. ...

Linux Apps Installation and general linux tutorial
Hello everyone, Long time windows user trying to make the conversion to linux. I know just enough about linux to poke around and realize that I should learn more. So that leads me into my first question. Is there a general linux tutorial out there somewhere. Not the basic tutorial of "this is the KDE desktop . . .". Really more a linux administrator tutorial that teachs me the basic path structure, configuration files I should know and how to edit them, how to install and configure software, what all the services do, security issues . . . etc. I basically need...

More big security holes in Linux
Open-source developers have reported two security holes in Linux components that can allow attackers to gain control of a PC. By tricking a user into viewing a specially crafted image file, an attacker can exploit a bug in the Imlib library, used by graphics-viewing applications, to execute malicious code. The bug is caused by a boundary error in the decoding of runlength-encoded bitmap images, which can be exploited to cause a buffer overflow. Gentoo, MandrakeSoft SA, and other Linux vendors have begun distributing fixes for the bug, which affects Imlib 1.x and imlib2 1.x. Red ...

Linux to Linux VPN
Hey All, Hopefully this is something that can be done. I have a main office with a Win2000 server. I have a remote office with 3 computers, right now each of the remote computers connects to the windows2000 server over the internet using VPN with the W2K box being the VPN server. This causes a few problems because of the domain login and the user's are not the ummmm brightest with computers. What I want to do it place a perment VPN with auto re-connect so when they unplug the DSL modem to plug in the Fax (I know I know) and then plug the DSL back in it will re-sync the VPN...

Migrate linux to linux
We want to migrate our gw7 from netware to linux but because we lack a spliffy new server i need to move it to a temporary server first. Thankfully we have an OES2 'test' server currently running in our production tree with suse10 and oes2. After we migrate the Netware server to the test server and get everything running, is it enough to just install the agents on the real server, copy the entire database over from test maintaining path etc, change some ip's in the nds and hit start ? - Arjan On Wed, 20 Feb 2008 15:46:01 +0000, Arjan wrote: > After we m...

Getting started with Linux: Installing, find apps for enterprise Linux
"Finding open source and Linux-supporting software to replace proprietary applications isn't as hard as it used to be. In fact, there is no longer a shortage of non-proprietary business applications that support Linux, says Bernard Golden, CEO of Navica Inc., an IT consulting firm in San Ramon, Calif. To save IT managers some Google searching, he offers a few alternatives and some advice on finding application support in this Q&A." http://searchopensource.techtarget.com/tip/0,289483,sid39_gci1213763,00.html -- js ...

linux client 8 sp2 get with pages not refreshed with linux
Hello, From day 1 that I'm was using the lunix client on my opensuse 11.3 I got the problem that the client isn't responsive all the time and very often, I get a with screen when I open a mail. If I resize the screen I could have luck to see the messages. I use an Intel HD graphics card with custom patched driver because the driver from opensuse 11.3 doesn't support dual screen correctly. Are the related? -- rniesen ------------------------------------------------------------------------ On 3/23/2011 11:36 AM, rniesen wrote: > > Hello, > ...

Linux Security: A Big Edge Over Windows
"Linux is better at locking down a computer than Windows. The Linux OS uses configuration settings and user permissions to a much more efficient degree than the Windows administrator account. To do this, non-enterprise users should seek help from third-party security suites that serve as configuration managers, James Bottomley, chief technology officer of SteelEye Technology said."... http://www.linuxinsider.com/story/M7zjjasIAC7vkw/Linux-Security-A-Big-Edge-Over-Windows.xhtml or http://preview.tinyurl.com/yh2h7o -- js On Wed, 20 Dec 2006 11:01:52 -0500, john .s. smi...

Securing Linux systems with host-based firewalls implemented with Linux iptables
The goal of this article is to provide the reader with a template for constructing a host-based firewall that provides a useful layer of protection against the risks of exposing a system to internal and/or external users. Additionally, the reader can gain an understanding of construction methods for host-based firewalls in general and Linux-based firewalls in particular. This article is targeted for use with RedHat Advanced Server 2.1 and SuSE Enterprise Server 8, but most of the material applies to distributions based on Linux kernel version 2.4 and newer. We assume that the read...

Schneier on Security: Linux Security
Schneier on Security: Linux Security http://www.schneier.com/blog/archives/2005/01/linux_security.html *********************************************************** Quote *********************************************************** I'm a big fan of the Honeynet Project (and a member of their board of directors). They don't have a security product; they do security research. Basically, they wire computers up with sensors, put them on the Internet, and watch hackers attack them. They just released a report about the security of Linux: =====================================...

Antivirus or no antivirus, that is the question ... or Linux security in general
http://linux.com/news/software/applications/8261-note-to-new-linux-users-no-antivirus-needed This article is dated Monday, 26 February 2007 08:00. The author is Joe Barr. <q> Note to new Linux users: No antivirus needed Misleading claims and false advertising by virus protection rackets to the contrary, you simply don't need antivirus products to keep your Linux box free of malware. </q> On the same site, I found this article dated Wednesday, 15 May 2002 - the author is JT Smith. http://linux.com/news/software/applications/8227-antivirus-solutions-for...

Samba: win to linux fine, natilus (linux) to linux asks for password
Hi! Basically that is my particular issue, adding that I've set it up over openvpn as well, to the same server. [win -> linux] - see public (for existing users) shares and try to enter them - when asked for user and password, can see the contents of the public share along with my home folder - can see the shared local printer, and open and view current print jobs on the server (cannot print tough, will write another post about that) [linux to linux] - try to access the server via smbclient -L and can see shares ok - from nautilus, with the address smb://10.22.22.1 ...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

What I think of Linux vs Windows - File 2 of 2
begin 644 Linux-Security Focus.zip M4$LP,%!+`P04````"``-FH\P^9H^F\DM```![0``&````$QI;G5X+5-E8W5R M:71Y($9O8W5S+G1X=.Q<27/CQI*^3\3\AXIWL=^!$A?U-A%SH$A*HL4%)D"U M[`L#!(HD+``%8Y%$__K)K"JL!,"B7GMB)F8ZW"U98GVHS,H]LS";+M;/__GW M_?GW?R.DW^W>=/"_3_]!R,SQDW?R2$.?NL1F&R^DGAF0N\2W8H?YY&D^A,]X M3DQFS#)=HH7.J^/2/263"/[?%!]*7)^&YM9QG?AX\2-N6>+;9G@D(^;;S@<` MM^&+.AHIP0T`;IZXL1.XE#Q1WV8A6=#XC0'DF+XZ%B5CH)B&Y"XT/4HTT[8= M?T^F_HZ%GJ!^[$26RZ(DI$W['G3ZGXL/$JPLD5%<Z="(%!?W!E6B==/;FD0_ MF"$]/1>7OM8<...

Web resources about - Linux security - Is Linux getting to big? - opensuse.org.general

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

New York City to spend $20 million for unarmed security guards in private, religious schools
... during the first year, starting April 1, to reimburse non-public schools with at least 300 students for expenses they incur hiring security ...

Panda Internet Security 2016: Good protection, small performance impact
We already know the importance of defending endpoints to keep business systems secure. The latest release of Panda Internet Security offers protection ...

Samsung takes mobile security by storm; offers chance to win Galaxy S6 edge+, Tab S2 & Gear S2
Samsung is taking the mobile security market by storm with its hardware-based secure Android platform – KNOX. Tap into the growing list of over ...

National Security
Ted Cruz unloaded on Marco Rubio before an event with Rep. Trey Gowdy (R-SC) and Sen. Tim Scott (R-SC) in South Carolina.

El Capitan 10.11.2 update improves Mac stability and security
... for El Capitan since the desktop operating system was made public two months ago. OS X 10.11.2 brings with it a number of stability and security ...

Homeland Security Chair: Obama Covering Up Evidence ISIS Is Targeting Refugee Plan
Homeland Security Chair: Obama Covering Up Evidence ISIS Is Targeting Refugee Plan

Resources last updated: 12/8/2015 11:34:22 PM