What is Digg?Sponsored by Double Your Dating
The "How To Meet Women" Quiz view!
doubleyourdating.com - Three attractive women are standing a few feet away from you at a bar. What do you do? Find out...
99 Comments
- kd420, on 01/21/2009, -1/+42Both Linux and Windows suffer from a big problem: uneducated users. The main advantage Linux has is that most of the time it is malicious commands being used, rather than compiled programs. There is a level of transparency in someone saying "use these commands" and if you ask, they will usually explain it to you. Compare this to a executable file (Antivirus2009.exe) and the advantages are clear.
Ultimately, however, both attacks can be prevented by the user by being smart and not blindly following instructions. Based on my personal experience though, many people are content to try ANY solution offered as long as it is simple and fast. - ThatGeek, on 01/22/2009, -0/+21most problems come from between the keyboard and the chair
- gmuslera, on 01/22/2009, -0/+17The article starts well, then misses big the point.
There are 2 kinds of attacks. Lets name call them vandalism and thievery. In vandalism, because telling you to run a harmful command, or do something wrong and you following that instructions blindly, be that asking for rm -rf /, or telling you that spillign water on the power supply will refrigerate it, or move windows.exe to the trash folder and empty it. OS dont matter there, just people. The "attacker" dont win nothing, and even could see it as a joke, and usually is not widespread
More worrysome are the "thievery" attacks. The ones that steals you information, or even your pc (trojan, botnets, etc). Windows is wildly vulnerable to those attacks, and the user, if well is still a factor, could fall in those even if having some clue on the topic. And to make it worse, there is an economic incentive to do that. And if well linux is still vulnerable to those approachs (still have to see a widespread one), the things are far more complicated than for windows, specially for the people that dont know. - kiderjones, on 01/22/2009, -2/+17http://laptoplogic.com/resources/understand-and-av ...
- bieber, on 01/22/2009, -2/+17Umm...isn't "running malicious code" a pretty big problem in _any_ operating system? I mean, what the hell do you think a virus is? Benign code that just happens to go renegade, trash your computer, and then try to propagate itself?
- KhaaL, on 01/21/2009, -2/+13Server error, that was fast...
- Natnie, on 01/22/2009, -4/+15Anyone else get a 404?
- Ttech2, on 01/22/2009, -1/+10I guess nobody ever heard...
"Never run code in your terminal if you don't know what it does" - Ryan0rZ, on 01/22/2009, -0/+9This article is horrible. As said above, most of the article can be summed up with `man rm`. The real issue here is not understanding what you're doing when you type these commands. There are always going to be lusers who will continue to get pwned, but this article tries to outright scare new users into not using some of the most useful commands bash has to offer. It honestly says not to ever use root. Using root is the key to learning real Linux system administration. How else are you going to fiddle with config files and daemons?
Try the commands. See what they do. Learn why they do it. You'll probably get owned, but you'll be a better Linux user for it. - jakeberglund, on 01/22/2009, -0/+9The whole article could be summed up with "man rm" .
- sneaker98, on 01/22/2009, -0/+8Completely incorrect, yellowfever. Linux/Unix, while not completely immune, is a far more secure setup than Windows. It's all in what the OS allows users to do by default.
- perryc, on 01/21/2009, -1/+9Well, uneducated users are the problem in everything, agreed, but it's all about the user friendly capacity of a system...
- archiesteel, on 01/22/2009, -1/+8Not to nitpick, but as far as I know there are no Linux viruses currently "in the wild."
There have been some Linux worms in the past couple of years (Slapper and Blaster, IIRC), but those aren't technically viruses (though they are malware).
...
Ok, I did nitpick. It's what I do. - smotpoker, on 01/22/2009, -0/+7Don't neglect advantages of trusted computing too, though. Linux distros support the software they provide (to varying degrees). Any software you can find in package management is safe and will remain updated with the latest packages relatively quick.
You are right that ignorant users pose the greatest risk but the potential is still greatly diminished in Linux, where there are almost always tons of safe/trusted solutions in your distros package management, support channels and documentation regarding not only the OS itself but all of it's supported software.
These safe/trusted solutions make it much less likely that a user will simply follow the first instructions or install the first they find on google by following three basic rules: check repos, check bundled documentation, check official forums (where even bad instructions/software are immediately found, flagged and removed) - SacrificialArts, on 01/22/2009, -2/+9Link was dead for me. Figured out it was mistyped: while the link above sends you to:
http://laptoplogic.com/resources/understanding-and ...
By navigating through the homepage, I found this address to work:
http://laptoplogic.com/resources/understand-and-av ...
Hopefully one of those will consistenly work. If not, it should be on the homepage. - blinktude, on 01/22/2009, -0/+6Did you even read his user name?
- BiocDkT, on 01/22/2009, -2/+8Things to Watch For
There are some bash commands that will key you off to a possible malicious threat. This list is certainly not exhaustive, but it will help you recognize the most common threats to your system, and help you make a decision about running a command.
RM is a bash command that means "Remove Files". You can see how this could end badly for your system.
RMDIR is another dangerous bash, and it means "Remove Folder[s]". This can be just as dangerous.
In conjunction with RM and RMDIR, look for these symbols, in the form of rm-rf:
# " / " A forward slash means all your files will be erased.
# " . " A period means the directory you are in will be toast.
# " * " The asterisk means the files inside the folder you are in will be deleted.
# " `/ & " Run this and your home directory will be destroyed.
# "*.*" Delete all the files in the folder you're in
MKFS is a common culprit of destroyed installs. It means "Make a Filesystem", and will format a partition on your hard drive or your entire hard drive. There are many variations of this--do not run anything with MKFS.
DD is another command to watch out for. It can be used to horribly cripple your hard drive. Unless you know exactly what you are doing, do not run something with DD in it. There are many various of this, with some writing random data over your HDD, others corrupting a few blocks of the hard drive, etc.
A symbol-laden attack is called the fork bomb, and looks like so: :(){:|:&};: This, unfortunately, catches many users attention and just begs to be run. It will cause your system to overload with processes and freeze, at which point you will have to do a hard reset. This is also seen as "fork while fork"
.
Similar to a fork bomb is a decompression/Tar bomb. A decompression bomb results when you extract a tar.gz archive and a huge amount of files explode from it, infiltrating the directory you are in and possibly expanding rapidly until your hard drive is full and crashes. Do not open a tar.gz(bz2) from someone you do not trust.
Often, a malicious command will seek to cause harm to your hard drive--usually erasing it-- so watch for these following lines, which indicate your hard drive:
/dev/hda
/dev/hda1
/dev/hdb
/dev/sda
/dev/sda1
/dev/sdb
....Etcetera
All of these indicate your hard drive, or one of your drives, and is a very good warning that you are messing with potentially fatal code. An example of a potentially maslicious code using the above is SHRED /DEV/HDA.
Another method of attack comes in the form of Shellscripts. Beware of what you download (look at the URL in wget), and do not execute code unless you know what it does and/or who it is coming from. A shell script can be used to execute any attacks above.
Finally, the above attacks can also be run on your system via source code. Do not run or compile code unless you know the person it is coming from. A long piece of source code could be nothing more than rm-rf / or similar, and destroy your system. - inactive, on 01/22/2009, -0/+6"..Linux is a very secure operating system, immune to Windows viruses and trojans..."
Linux is immune to Windows viruses? You don't say... - inactive, on 01/22/2009, -0/+5Learn how to use your OS fully and you won't have these problems.
- tmsbrdrs, on 01/22/2009, -2/+7Doesn't user friendly also imply that the system will keep running unless the user does something stupid to it? Running Windows, I did nothing stupid to it and got viruses and trojans just surfing around. I had one massively bad attack by doing something stupid but otherwise I was smart, ran a real antivirus program, ran the antimalware program recommended by the tech I spoke with who represented Microsoft when I called to fix my virus infestation and I kept up with virus trends. Yet, I still got trojans and viruses. Working on Linux, I still run an antivirus program, yet I haven't been infected, haven't had anyone else do anything to my computer. Now I actually have to do something stupid, not just be attacked. In my book, that's user friendliness.
- adkenc, on 01/22/2009, -2/+7...yet.
but that's not entirely true either. - coldkill3r, on 01/22/2009, -0/+5Did you even read the article?
- Kisama, on 01/22/2009, -5/+10404!
- inactive, on 01/22/2009, -2/+7Listen, I'm glad you love your Mac. Please put things in to perspective - there isn't a huge industry for exploiting operating systems that aren't considered popular on a large scale. You could probably write a novel describing the technical side of that but there's no need to because it's simple common sense. Windows holds nearly 90% of the market, that's something like 600 million "vulnerable" pc's.
Not to mention that the *majority* (not all!) of people using a Linux distribution are going to understand a computer better than the average user. I can't say the same about Mac users but if 600 million people owned one the current problem would be just as severe. - inactive, on 01/22/2009, -0/+5The defective component exists between the chair and the keyboard.
- ahlatimer, on 01/22/2009, -0/+4If Linux is 3% of the market share, then 3% of viruses should be written in Linux. The fact of the matter is that Linux (and Unix) is inherently a more secure OS than XP and before.
- Ryan0rZ, on 01/22/2009, -0/+4Those smilies look fun, I think I'll paste them into my command prompt.
- adkenc, on 01/22/2009, -0/+4it was dead before the clicks eve...beh nevermind. yeah my guess is it was removed to avoid digg effect.
it's a shame. i was hoping for some good discussion on the subject. the description was a good start...seems to be in the spirit of openness... - starkraving, on 01/22/2009, -0/+4I do agree with a couple of things in this article: I do feel a sense of security in Ubuntu versus in Windows, and I also see just how easy it is to follow malicious advise. Luckily I'm pretty much set up now, so I was able to escape unscathed and now have my one series of commands I need to get everything running.
- TecChief, on 01/22/2009, -1/+5quoth the server 404.
- captinherb, on 01/22/2009, -0/+4Works for me
- socokoolaid, on 01/22/2009, -1/+4I was hoping for some good info...Instead I fought to see... another lame article about how not to be tricked into running malicious commands....
- SeamoreB, on 01/21/2009, -2/+5Works again....
- SteveMax, on 01/22/2009, -0/+3Bash has a very informative explanation of possible attacks. Just type:
:(){ :|:& };:
on the terminal
/sarcasm, don't run the above code. It will crash your machine. - nero147, on 01/22/2009, -0/+3Having something be mainstream does not mean that it has enhanced capabilities. Also you can have a popular product that is not unduly vulnerable. Look at Solaris. It has a huge market share, and has quite a few exploits, but they get patched quickly. Also it is a fairly secure operating system.
- TsarDusan, on 01/22/2009, -0/+3I love it when something can look so harmless yet rock your socks.
Remember kids, you can't outrun a forkbomb - mrBitch, on 01/22/2009, -0/+3RE: " In Linux, the user has to run the malicious code himself to get the effect. In Windows, the code runs itself."
Simplified, but you are correct. - fuzzlog2, on 01/22/2009, -0/+2yup, we call that a code 5 where I work!
- Aurabolt, on 01/22/2009, -1/+3EVERYTHING worth having in life is free.
- sageerrant, on 01/22/2009, -0/+2But you could try hiding in a fridge...
- glinsvad, on 01/22/2009, -0/+2http://209.85.229.132/search?q=cache%3Ahttp%3A%2F% ...
- Frostek, on 01/22/2009, -0/+2Also, PEBKAC...
I thought Code 5's were vampires? (see : Ultraviolet) - Frostek, on 01/22/2009, -0/+2Congratulations - have a cookie.
- djbon2112, on 01/22/2009, -0/+2Has anyone noticed that this fork bomb DOESN'T crash recent Ubuntu releases? I tried running it one day to test and it just stopped after a few seconds. I think it's a good start, along with preventing "rm -rf /"
- grungegbunny, on 01/22/2009, -3/+5404 Not Found
Oops, what you're looking for isn't here. The page you requested is not here but you can visit the homepage to check out the latest and greatest in tech.
Looks like he accidentally ran some malicious code. - Matt2k, on 01/22/2009, -0/+2Except for any piece of who-know's-what software with a remote arbitrary code exploit, like windows has thousands of, you'd be correct.
- robdiggity, on 01/22/2009, -0/+2Nothing in life is worth everything!
(Now who's going to take us home?) - inactive, on 01/22/2009, -1/+3Terminal*
- liquidjamm, on 01/22/2009, -1/+3Why don't you go fork yourself?
- santixx, on 01/22/2009, -0/+2That's because the number of processes you can run as a user is limited (as it should be, the Ubuntu team just sets the limit for you).
See /etc/security/limits.conf -
Show 51 - 100 of 102 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is