2

Hi recently I discovered that rootkits are a thing in Ubuntu too, and that their detection is hard. I has been pretty paranoid about getting one since I read about them.

I have my firewall enabled, I only connect to Internet in my home, I mainly download everything from Ubuntu software center and trusted repos/PPAs (libreoffice/noobslab themes) and download some deb packages from trusted sources (Brackets in example) I'm also using an AMP stack for educational propose and everytime I connect to the Internet I stop their services and I have all connections to the Apache denied and only my local ip added.

Is there any risk about the rootkits if I'm a normal user?

How someone can get infected by them if you need to give you conceal to install something?

edwinksl
  • 23,789
IutbaZion
  • 185
  • Related: http://askubuntu.com/questions/548234/how-do-rootkits-get-installed-on-to-a-ubuntu-server Also, this may easy your paranoia https://apps.ubuntu.com/cat/applications/precise/chkrootkit/ – Mark Kirby Sep 30 '16 at 16:27
  • HI Mark thank you for the answers, regarding the first link I already read it and for the second one, did I need a fresh Ubuntu installation to make it work properly? – IutbaZion Sep 30 '16 at 16:32
  • You can just install with sudo apt-get install chkrootkit it should be in the repos, sorry, the links installer is out of date, my bad, should of said in the first comment :) – Mark Kirby Sep 30 '16 at 16:35
  • Found this too http://askubuntu.com/questions/250006/rootkits-should-i-be-concerned?rq=1 might be worth a read. – Mark Kirby Sep 30 '16 at 16:36
  • HI Mark, I also read that post, heck I guess I've read most of the posts about rootkits :). I will check if chkrootkit as soon as I can. Thanks! – IutbaZion Sep 30 '16 at 17:13
  • 1
    There's next to know malware for Linux desktop machines because 1) there are so few of them, 2) they differ too much from each other, 3) *nix' security model makes it harder to trick users to run untrustworthy software, and 4) server machines are more valuable targets and provide a more "unified" attack surface. Unless your computer offers half-heartedly secured, public-facing network service you should be safe. You can configure pretty much all services to only respond to request from the local host and if you're using a NAT router for internet access, they aren't publicly accessible anyway. – David Foerster Oct 01 '16 at 01:44

1 Answers1

5

If you are a normal user no.

Now what do I consider a normal user ?

  1. You only install software from official repositories. When ever you download software from other sources (that includes launchpad) you check if the maintainer is of a good reputation.
  2. You keep your system up to date and stick to a lts or you keep upgrading on normal version.
  3. You do not run a server on your system. Servers do require a monitoring system.
  4. You keep your passwords safe and use good passwords.
  5. Do not let your system unattended or be used by anyone else without you present.
  6. Make your router your 1st defence.
  7. Do not run random terminal commands. Take extra care with wget and FTP commands (and similar commands that download files)

There are probably some more things to consider but this will keep you from harm.

Rinzwind
  • 299,756
  • Thanks! That's exactly what I do! I always keep NY system updated and sticking with supported LTS versions. I only "run" Apache but I have blocked all connections except by my local ip and also I only use it without Internet connection. – IutbaZion Sep 30 '16 at 17:01
  • 2
    Common sense is a big part of keeping your system safe. – Rinzwind Sep 30 '16 at 17:55