Tuesday, 28 February 2017

4 Surprising Linux Security Issues You Should Be Aware Of

You left Windows behind because of security issues. The sensible option was to move to Linux, famously more secure. But is it as secure as you think it is?
Throughout 2016 we’ve learned of a whole new dimension to Linux. Security threats can occur just as they do for Windows. While old-fashioned viruses might not be a problem on Linux, Trojans, ransomware, and browser security are all issues that you need to be aware of.
So, what are these threats? Let’s take a look.

1. Linux Trojans and Backdoors

Trojan packages usually deliver backdoor access, botnet malware, or ransomware to a computer. But there can’t be any Trojans that run on Linux, surely?
While scripts designed to damage system data (viruses and worms) by assuming root privileges are largely protected against in Linux (thanks to the robust kernel design), other problems have been encountered. For instance, in August 2016, the Linux.Rex.1 Trojan was discovered. Capable of self-distribution, sending spam emails, DDoS attacks and even targeting specific content management systems online, the Trojan is also equipped to coordinate infected machines as a peer-to-peer botnet.

While traditional botnets rely on a command-and-control server (which can be shut down by law enforcement), Linux.Rex.1 is designed to exist autonomously. This allows it to persist and propagate in the wild.
So what can you do?
The best option here is to ensure that your Linux PC has some antivirus software installed. A full suite would be overkill; tools to detect botnet clients, on the other hand, are wise. Two options are open to you here, so use both:
  1. Install clam-tk and clam-av to scan your Linux PC for any malware, including botnet clients that turn your PC into a zombie.
  2. Use a packet sniffer (netstat, for instance) to detect outgoing traffic heading to the same unidentified address.

2. Be Aware of Ransomware

You may know that ransomware requires elevated privileges to install and encrypt your data. And you may know that it is extremely unlikely for this to happen with a Linux operating system.
We’ve already seen the Linux.Encoder.1 ransomware in 2015, and the likelihood of Linux-targeted ransomware increasing seems likely, especially given the platform’s provenance in web servers. While Linux.Encoder.1 had a fatal flaw for the developers (a faulty implementation of the AES encryption system made it relatively simple to crack), such mistakes are unlikely in future.
Staying safe from ransomware, like other malware, is vital. As such, we recommend being extremely careful when installing software from non-official repositories and PPAs. If you have to do this, make sure you check the relevant forums and discussions for any signs that other users have reported of suspicious activity.

3. Physical Theft Remains a Problem with Linux

Do you keep your Linux PC or laptop locked up when not in use? Is it safe? Because if not, you have a potential problem on your hands. A stolen Linux PC might not be particularly attractive to the vast majority of thieves, but if they have the skills to reformat the HDD (or replace it entirely) before selling it on, then your device and data will both be truly lost.

Countering this is as difficult on Linux as it is on other platforms. Perhaps there is a slight difference with the likelihood of it happening (and the potential for an unsuspecting thief to return the device once it is discovered to be running Linux rather than Windows or macOS) but physical device security remains as important for Linux devices as it does for any other.
Keeping it in a car? Make sure it’s locked, secure and out of sight. In the office? Then keep your Linux PC secure with a Kensington locking cable, and laptops protected from theft by securing them in a heavy duty draw or cupboard.
At home, the same applies. And if you haven’t already installed the Prey tracking software on your Linux PC, do so. It’s available from for Ubuntu and other Linux flavors. Once installed, you should be able to track a stolen computer, and use the information to retrieve, or delete it.

4. Dual Booting With Windows

While viruses are unlikely, the data on your Linux PC could be at risk if you dual boot with Windows. Essentially, you’re giving a would-be intruder an additional opportunity to access your PC.

All they need is the username and password to one of the accounts.

Thanks to special software that can be used to read Linux partitions, your Linux data is at risk from unauthorized access to your Windows partition. For instance, as a dual booter, I use Diskinternals Linux Reader occasionally to retrieve files that I need quick access to that are stored my Linux partition.
With poor security on my computer, anyone could switch it on, find themselves unable to sign into Linux, and try their luck with Windows. If successful (which would naturally require my Microsoft online account, or local Windows account to be compromised) any data stored on my computer would be at risk, regardless of whether it is stored in the NTFS or the Ext4 partition.
In short, don’t assume that running Linux keeps you safe. There will always be a way for cybercriminals to infect or steal data, regardless of the operating system.
And these security issues facing Linux PC owners don’t even touch upon the various issues that have been detected on internet servers, most of which run Linux.

No comments:

Post a Comment