5

Introduction

Hello, I'm kinda new to Ubuntu but I have switched to it from windows since I have heard that its more secure and more virus-free in the last few months I have read a lot about computer viruses and it probably made me a bit more paranoid.

The problem

We all know that Linux is more virus-free but it still contains some viruses but what are the chances about getting a Remote Access Trojan (RAT) I have noticed several times that when I left my room for a while another window/program I didn't touch was opened and since my computer contains a lot of source codes I would consider it as 'end-of-my-life' if something like this would happen

Additional Information

  • I have uninstalled VNC (vino) from my machine right after the system installation

  • I have not download anything unknown from the internet, only a few well-known programmes using official packages with apt-get install

  • I haven't visited any websites I wouldn't be sure about (my ubuntu is only used for programming)

  • I use ClamAV scanning tool every morning clamscan -r --bell -i /

  • I have also used rkhunter to scan for possible rootkits - nothing was found

Solutions I have already heard about but I haven't really tested them

  • Using wireshark to monitor traffic (I am not experienced with using this tool I would like to know what kind of data should I be looking for)
  • I have also heard that iptables might be useful

Ending

I know that you can never be 100% sure that your computer is virus free, but I think having a RAT in your computer is kind of 'extreme virus' to be honest I doubt that someone would really be controlling me pc since I am sure there is no real way for him to it but on the other side I'm still paranoid about this is there any way I can really check it and then finally close this case which eats a lot of my time searching security forums etc... ?

My opinion: I personally doubt that the small group of existing viruses on Linux contains virus of this type but maybe I am wrong.

Community
  • 1
Tomas
  • 1,217
  • Comments are not for extended discussion; this conversation has been moved to chat. – Mitch Sep 04 '16 at 17:54
  • Can you name me a RAT that targets Ubuntu (or Linux). The top 20 I found are all Windows. Except for Turla (that is a government backed trojan) but that one you can only install by installing it yourself ;) – Rinzwind Sep 04 '16 at 19:09
  • What window(s)/program(s) were opened? (Things like software updaters are normal.) Is there anyone else living in your house? You have backups of your data so a single data-loss incident isn't catastrophic, right? Do you have issues with paranoia in other areas of your life? – Nick Weinberg Sep 04 '16 at 19:13

3 Answers3

12

Linux, by design, is already extremely secure because of its permissions model and its core design principles. Unlike Windows, Linux was built with security in mind, which made it very hard to actually penetrate.

With this in mind, penetrating any system is not impossible, but there are a few easy steps you can take to prevent most any virus from ever reaching your computer.

  • Keep your system up to date!
    If a security vulnerability is found in any well-maintained package, it will be patched exceedingly quickly. Just run sudo apt update && sudo apt full-upgrade every so often to keep all of your packages up-to-date.
  • Avoid PPAs like the plague!
    PPAs are insanely useful for people, but unless you can be 100% sure that they're run by reputable people and are not compromised, do not add them to your system. Malware through APT isn't really in the realm of average possibility, so you'll be safe.
  • Use a Firewall!
    Remember I said that occasionally a bug can be found in a program which may be exploited? Install ufw from APT, and then run this command: sudo ufw default deny incoming. This command will block any incoming connections to your computer. If you need to allow some incoming connection, just add another firewall rule.
  • Scan for Viruses/Rootkits Occasionally!
    Just to play on the safe side, you should use clamav and rkhunter occasionally regularly. Once every two weeks will likely be more than enough for 99.9% of people.
  • Use Common Sense!
    The absolute best anti-malware in existence is common sense! Don't visit strange websites, don't download and run unknown files, and the like.
  • Keep Backups!
    In the case of the worst possible incident (something being infected), just wipe your system and restore from a clean backup. If you want to be really safe, you can even make your backups offline (through a live boot) so malware won't have a chance to spread to your drive, except in its raw file form.
  • Encrypt, Baby, Encrypt!
    If you have sensitive data on your drive, it's often a good idea to encrypt it. Decrypt the data when you need to work on it, and re-encrypt it the second you're done. You can even store the encrypted data on a separate drive. This ensures that if malware does somehow get on your machine, its window of opportunity is very small.

Keeping these simple tricks in mind, you should be safe from 99.999% of all malware on Linux. You're already on a secure OS, and I assume you haven't made drastic changes to permissions. You'll be just fine!

Community
  • 1
Kaz Wolfe
  • 34,122
  • 21
  • 114
  • 172
  • You can also mention clamtk, clamav's GUI, since OP seems to be a newbie. – EKons Sep 04 '16 at 20:53
  • 1
    +1 for common sense. It is so often underestimated. Common sense will keep you out of the vast majority of issues. – Seth Sep 04 '16 at 21:09
  • Kaz Wolfe is very experienced man i agree with everything he told me , here and also in our chat on stackoverflow , for all the people here i keep in mind all the things he wrote so please do not consider me as someone who doesnot know about these security rules , we were discussing advanced hacker techniques i have stated several times that my computer accepts all these rules to prevent it from getting infected but the activity was suspicious too so once again: my computer is suspicious even if i followed all of these rules – Tomas Sep 04 '16 at 21:17
0

IRL its bound to happen eventually, so here are some ways to detect and recover.

RECOVER : OS space and user space Backups can be a lifesaver, and good backups cover a multitude of goofs.

DETECT : how to detect a goof up like a virus or trojan that compromised your security.

Are mysterious programs in nethogs listing malware ? Specifically how to determine if mysterious programs in nethogs listing "acting like" a malware virus ? May want to see my previous post here : How to scan if Ubuntu is infected? server attack

PREVENTION : See above.

BTW yes running VNC with default settings is a huge risk so generally best to remove it, or at least change the default port, and set password before connect to internet etc. etc.

Everything here and above will likely cover the most common issues.

HTH

Marc Cox
  • 31
0

While linux is "safer" than other OSs it's only due to a smaller attack vector and open communities. IMO it is much easier to hack a linux system purely based on the fact that its what the nefarious entities use themselves to create these tools. Fortunately (for us *nix users) developing malware for Windows is still a bit more profitable. That being said:

  1. Update/Upgrade regularly.
  2. Update/Upgrade again.
  3. install htop and watch your system when you think something looks funny \ then google.

  4. ufw is a great/ easy tool to lock down network traffic. it is default in the debian/ubuntu variants.

    sudo ufw allow <port>/<protocol>
sudo ufw allow 80/tcp
sudo ufw allow google-chrome #if you wanna allow a whole application.

The final and most important thing:

sudo apt update && sudo apt upgrade
rimraf
  • 101