So indeed do I, but none of it runs on Linux. And even if it did it needs my password to run with any dangerous authority.
And of course, upgrading a pi OS isnt going to make it less vulnerable to malware anyway.
No, it requires more than that. Unless you run a windows network. But we are talking about a PI here. It wont get infected from windows even if the windows network is hopelessly compromised.
I dont think you understand what security fixes to an OS actually are.
-- Gun Control: The law that ensures that only criminals have guns.
All that is needed is for one vulnerable machine inside the firewall to become infected and the firewall is bypassed.
Do you check that every piece of source code you download, compile and install is what it should be ? Do you check the MD5s and verify that the reference isn't compromised. It is certainly possible to socially engineer malware onto *any* system where downloaded code is installed - and that is just about everything with a processor these days. It is *easier* to do so with Windows but that is all.
This turns out not to be the case.
I understand them rather better than most, you included it would seem. Security fixes close exploit vulnerabilities some of which require a local user, some of which can be initiated remotely. Often a successful attack will exploit multiple vulnerabilities - something remote that allows arbitrary code execution followed by something local that provides privilege escalation.
Consider the following scenario - a Windows (or any other vulnerable machine - that dodgy apk on the rooted phone for example) inside the firewall becomes host to a botnet endpoint (by any means) via which various probe and infect tools are downloaded to the host in order to probe for vulnerable systems from the *inside* of your firewall. So now everything inside your network with a remote exploit (including that PI which hasn't been upgraded because it's in a safe place) is now in reach of the botnet which has penetrated the firewall you were depending on to protect your insecure devices.
This is not theoretical, I have seen this kind of attack succeed, admittedly the targets weren't Raspberry Pis, they were Sun servers. This basic design of an attack mechanism is at least twenty years old (that's when I read the paper describing it). These days it's probably considered crude or at least basic.
-- Steve O'Hara-Smith | Directable Mirror Arrays C:>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
But is Raspbian included in this, i.e. does Debian armhf mean Raspbian?
-- Chris Green
That is actually NOT true!
Today, the most dangerous malware is the crypto trojan. A Linux version would be able to run under your user account only, true. But: that will mean it can "only" encrypt the files owned by you, not the system files. However, those are likely to be the only files that are of value to you! The system files can be easily recovered from many sources on the net, but your own files can only be recovered from your own backups, which you might not even have.
So, don't assume that privilege separation is going to do you any good when protecting against malware. The only thing that helps you right now is that the end-user running Linux is a too small target group for the malware developers to focus on. However, cross-platform trojans written in Java or Javascript have been demonstrated and Javascript malware that works on Windows is already quite active.
Actually, the Windows system has a capability that I have been implementing for years but is now slowly appearing in the main press: you can actually configure at which locations in the filesystem software is allowed to exist, using several different rules like pathname matches, file hashes, file signing etc. Using that, you can configure the system to allow software in the Windows and Program Files directories, for example, but not in the parts of the disk that are writable for the user. (documents directory, temporary directory etc)
This severly limits the vulnerability to driveby-download and mail attachment malware. An equivalent feature is not available in Linux. You can mount filesystems with no-execute but it is quite impractical to setup a protection system using that, and denying the execute bit has other side-effects than preventing program execution. (in fact, it does not even prevent program execution via interpreters)
Yes, it's a low level library for smartcard readers.
Interesting but *very* old, 15 years old in fact.
True, but it could well stop working if libraries it uses change.
-- Chris Green
Booting from a USB stick is NOT the only way that software can be executed! I can build you a USB stick that registers itself as a keyboard, then inputs the characters "rm -rf /" for you. How is Linux going to protect you against that?
and if the linux directory is mapped by a windoze box an infected windoze pc can encrypt it (this happened to a friend of mine). no security patches are going to protect against this as it look like legitimate traffic. I believe there is now a product that attempts to reduce the threat by monitoring for suspicious activity but i am not sure if that runs on the client or the server.
but files saved for e-mail attachments would not have the execute bit set so still need user intervention
once the user is involved all bets are off
-- Matter cannot be created or destroyed, nor can it be returned without a receipt.
True in the normal shell, but when you have one of those fancy desktop file explorers that conveniently map certain file "extensions" to an application, just like Windows does, this will no longer protect you.
E.g. when .pl is automatically fed to /usr/bin/perl, the .pl file does not need to have its x bit set to be executed.
that's still user intervention.
-- memo, n.: An interoffice communication too often written more for the benefit of the person who sends it than the person who receives it.
Javascript.
---druck
All this before you get to non-executable attachments designed to exploit vulnerabilities in whatever processes them in order to get code executed (think document macros, buffer overruns in media players or image viewers and so on).
-- Steve O'Hara-Smith | Directable Mirror Arrays C:>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
So instead it types in a little shell script that uses uname to identify your machine and wget to download some suitable exploit for you. Or perhaps it just installs autossh and opens a tunnel into your machine. Once you've allowed an uncontrolled virtual keyboard onto your system your security is gone.
-- Steve O'Hara-Smith | Directable Mirror Arrays C:>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
I won't be running as root, so rm -rf / really isn't all that worrying, even if it did get typed into a terminal rather than a browser or word processor. You do keep regular copies of your work and configuration on unmounted partitions or removable storage devices, don't you? If BadUSB was ever much more than a proof of concept threat I expect we'd just routinely block the automatic addition of HIDs to a system.
Compile a statically linked version?
For readers that think Rob has a good idea but are not familiar with Microsoft group policies there is CryptoPrevent . It decides on the group policies for you even on Windows Home Editions. Of course, I have no idea if CryptoPrevent works. My files have not been encrypted before or after I installed it.
Most domestic grade ADSL modem/routers rely on NAT to provide a firewall. There's nothing wrong with that, except that a number of them exposed their sysadmin interface to the outside world. Some probably still do. If you have one of these devices, everything on your internal LAN that doesn't run a firewall is potentially toast.
If you don't know whether your ADSL modem/router is one of the dodgy ones, you can do a lot worse that using Shields Up at Gibson Research to check. The URL is
Or use nmap at
-- martin@ | Martin Gregorie gregorie. | Essex, UK org |
Yes, OK, but if it uses things other than actual libraries there are still possible issues.
-- Chris Green
Is nobody maintaining it? If that's the case, can you grab the code and install it locally?
That should mean that a recompile will usually fix mismatches with changed libraries and, if it doesn't, you're still no worse off than if you'd written it yourself.
-- martin@ | Martin Gregorie gregorie. | Essex, UK org |
Yes, I heard about that too. Nice to see that it is made easier for the average user to implement this scheme. It is quite trivial to configure it without that tool in a domain environment, but help for the home user is welcome.
It is easy to test that! Just put a harmless .exe file (e.g. a copy of ipconfig.exe) in a place that you have protected (e.g. your temporary directory or appdata directory) and try to run it.
I do make backups, but even on my system such a command run as normal user would cause more damage that I would like. There appears to be a "nothing can happen to me because I use Linux so a virus cannot affect my system", but usually people forget that a trojan may do quite some damage even without modifying system files.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.