Is Linux still the most secure OS?

Malware

After Linux Mint, I have been reflecting on whether we are still the safest in the world.

Some days ago an attack was discovered that affected the famous Linux Mint operating system. This attack consisted of an attack on the operating system's web, changing the ISO images of the version with Cinnamon, adding malware such as back doors or Trojan viruses.

This news makes one reflect on whether the GNU / Linux group is still the safest operating systems group of all or this situation has already changed. So I'm going to analyze and reflect on this, to clarify whether GNU / Linux systems are more secure than other systems or have become insecure.

Malware on Linux

First of all, it must be clarified that there are viruses in GNU / Linux. As we have ever published, from time to time it appears some malicious program which take advantage of the benefits of free software(to be able to freely modify a source code), to create malicious software. However, this number is very low considering the amount of malware that exists in Windows, therefore, despite these small attacks, Linux is still more secure than Windows in this regard.

Privacy

If we talk about privacy, GNU / Linux is still the king and more so now that Windows 10 it has become the spy operating system by excellence. In addition there are distributions like Tails that are dedicated exclusively to preserving your privacy.

Vulnerabilities

Although this happened with Linux Mint, this really is an exception That doesn't happen often in this world. Instead Windows is full of them, as ridiculous vulnerabilities like the stickykeys and others who have not bothered to correct.

Support

Microsoft has unsupported many users using Windows XP, forcing people to buy a more powerful machine(There is a huge jump in minimum requirements from XP to W7, going from 64 MB to 1024 MB of RAM), making the person who cannot buy it much more vulnerable to attacks. The large number of low-resource systems available from GNU / Linux makes us always have support, whatever computer we have.

Conclusion

The conclusion is that the attack the other day has been an isolated case, that is, that we are still the safest in the world. However, it is always advisable to look carefully and be informed about possible vulnerabilities, distrusting what seems suspicious and always keeping the system updated.


10 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   MZ17 said

    The lesson would have to be that we have to be aware of the news regarding the GNU / Linux world, and in that, pages like this do a great job of informing Spanish-speakers.

  2.   VENUS said

    HACKER EXPLAINS HOW HE PLACED A BACKDOOR IN HUNDREDS OF LINUX MINT DOWNLOADS

    The lone hacker, who took hundreds of users to download a version of Linux with a backdoor installed revealed how everything was done.

    We report here that the project site had been hacked and misled by users throughout the day, serving downloads that contained a "back door" maliciously added.

    Lefebvre said on the blog that only Saturday downloads were committed and they subsequently took the site offline to avoid additional downloads.

    The official hacker, who goes by the name of "Peace," said Zack Whittaker (the author of this article), in an encrypted conversation on Sunday that "hundreds" of Linux Mint installations were under his control - a significant part of the more than thousands of downloads during the day.

    But that's only half the story.

    Paz also claimed to have stolen an entire copy of the forum's website twice - once on January 28, and most recently on February 18, two days before the hack to be confirmed.

    The hacker shared a portion of the forum database, which contains personally identifiable information such as email addresses, date of birth, profile photos, and encrypted passwords.

    These passwords cannot stay that way for much longer. The hacker said some passwords have already been broken, with more on the way. (It is understood that the site uses PHPass passwords to encrypt, which can be broken.)

    Lefebvre confirmed Sunday that the forum had been raped.

    It soon turned out that the hacker had put the entire database file on a "dark web" marketplace, a list that we have also been able to verify exists. The list was roughly 0.197 bitcoin at the time of writing, or around $ 85 per download.

    Paz confirmed that the listing was the Linux Mint website. "Well, I need $ 85," said the hacker jokingly.

    About 71.000 accounts were uploaded to the HaveIBeenPwned breach notification website said Sunday. A little less than half of all accounts were already in the database. (If you think you may be affected by the breach, you can search the database for your email address.)

    La Paz would not give his name, age or gender, but said he lived in Europe and had no affiliations to hacker groups. The hacker, known to work alone, had previously offered private scanning services for known vulnerabilities services on associated private market sites.

    After a detailed discussion, the hacker explained that the attack took place in multiple layers.

    Paz was "just poking around" the site in January when he found a vulnerability granting unauthorized access. (The hacker also said he had the credentials to log into Lefebvre's admin site panel, but was reluctant to explain how the case turned out to be useful again.) On Saturday, the hacker replaces a picture Linux distribution. 64 bit (ISO) with one that has been modified by adding a backdoor, and later they decided to "replace all mirrors" for each downloadable version of Linux on the site with a modified version of their own.

    The "backdoored" version is not as difficult as you think. Because the code is open source, the hacker said it took him only a few hours to package up a version of Linux that contained the backdoor.

    the hacker then uploaded the files to a file server in Bulgaria, which took longer "because of slow bandwidth."

    The hacker then used his access to the site to change the legitimate checksum - used to check the integrity of a file - the download page with the backdoored version checksum.

    "But who checks the f ***** hash?" Said the hacker.

    It was about an hour later that Lefebvre began tearing down the project site.

    The site was down for most of Sunday, potentially missing thousands of downloads. The distribution has a large following. There are at least six million Linux Mint users at the latest official count, thanks in part to its easy-to-use interface.

    Paz said the first episode of the hacking began in late January, but peaked when it "started spreading backdoored images early in the morning [on Saturday]," the hacker said.

    The hacker said there was no specific target for the attack, but said his main motivation for the backdoor was building a botnet. The hacker malware has been dubbed Tsunami, an easy-to-implement backdoor that, when activated, silently connects to an IRC server, where it awaits orders.

    Yonathan Klijnsma, Senior Threat Research Analyst with Dutch security firm Fox-IT, said:

    Tsunami is often used to bring down websites and servers - sending a "tsunami" of traffic to hit your detour. "[Tsunami] is a simple, manually configurable robot talking to an IRC server and joining a predefined channel, with a password, if set by the creator," Klijnsma said. But it is not only used to launch web-based attacks, it can also allow its creator to "execute commands and download files to the infected system to work later, for example," he added.

    Not only that, malware can uninstall affected computers to limit evidence traces left behind, said Klijnsma, who helped evaluate and verify some of the hackers' claims.

    For now, the reason for the hacker was "general access only," but he did not rule out using the botnet for data mining or any other means on his computer. However, the hacker botnet is still up and running, but the number of infected machines "has dropped significantly since the news came, of course," confirmed La Paz.

    Lefebvre did not return to the email address for comment Sunday. The project site is up in the air again and hopefully with improved security.

    1.    azpe said

      The benefits of open source are sometimes used for these things unfortunately ...
      Botnets are used for many things, to tear down sites, to mine cryptographic currencies such as bitcoin ... Anyway, that's why you have to format at a low level and reinstall

  3.   JUAN said

    GZIP compression could play against Tor servers and users

    A researcher has discovered hidden information in the configuration of the GZIP compression used in HTTP that would allow obtaining relevant details about the servers located in the Tor network and therefore negatively affecting the users who make use of this network characterized by guaranteeing the privacy of users.

    Juan Carlos Norte, developer of the eyeOS virtual desktop, has been in charge of reporting on this discovery that could have a negative impact on the privacy of this network, offering the authorities a way of accessing very relevant information. As a starting point, he talks about how long ago web servers began to support understanding of HTTP requests and responses. In the negotiation process when a user contacts a web server thanks to his browser, he asks if he supports this understanding and what type he wants to use from that moment on.

    Nowadays web servers support two types of understanding GZIP and DEFLATE, allowing a more or less fast process and a size of the data sent quite reduced. It is the first of these that could present security problems for servers on the Tor network.
    GZIP headers would contain valuable information

    The expert has discovered that the servers that make use of this understanding, in addition to packaging the data, together with these add a header that has information related to the date on which the process was carried out, and this belongs to the time of the server in which said packaging and its subsequent compression has been carried out. Surely many of you think that it is not such a serious problem, and obviously it is not if we are talking about an advertising server, for example, but it is for a server that is on the Tor network and as you know it stands out for Privacy.

    Although using this one could only know the time zone of the server, with the help of other information that a protocol used in Tor could offer, much more could be specified about the server.
    The default configuration defends servers from this problem

    It will be one of the few times that a default configuration offers something good. On this occasion, the researcher adds that the servers with the default configuration in this header do not write any type of information and only fill in the fields with zeros. He adds that some administrators of the Tor network have changed this configuration and slightly more than 10% would be offering time information without knowing it.

  4.   OSCAR said

    The NSA would like to keep existing zero-day vulnerabilities hidden

    It seems that everything had already been in limbo when the NSA itself once again warmed up the atmosphere. From the US agency they have stated that they are discoverers of more than 91% of zero-day vulnerabilities and that they will not reveal any type of related information, trying to make them available as long as possible.

    The EFF (Electronic Frontier Foundation) has also been involved in this controversy as the party that has accused the agency of not revealing enough information about security flaws detected in a large number of software products. It has taken the case to court demanding that information about these vulnerabilities be published so that those responsible for them are able to solve the problem and publish an update. However, from the NSA they are not collaborating and affirm that as far as they are concerned they are not going to give more details than are strictly necessary. They add that they understand that the foundation's purpose is to publish these problems in order to put an end to it in some way but until the opposite is said, they will delay offering details about zero-day vulnerabilities as long as possible.

    Although this past January it seemed that the situation was looking very expensive for the interests of the EFF, the reality has been very different and the agency has published a document detailing what steps will be followed by the NSA to publicize some bugs, however, others will remain hidden for the time being.

    While the position of the foundation is clear, that of the agency has remained clear after this latest movement, trying to take advantage of those failures to get information from the teams without the need to develop applications in the form of back doors.
    The EFF believes that it is necessary to know how these vulnerabilities are used by the NSA

    From the foundation they believe that it is vital to reach a successful conclusion with the cause that the role played by these security flaws in espionage tasks is understood and what the agency's activity is with respect to these detected problems, being its gateway both in the users' computers and in those that are in companies.

    In short, every time they find something wrong in a software from the agency, they will not release a pledge whatever the type of vulnerability, in this case zero-day being the ones that interest the NSA.

  5.   JORGE said

    Zephyr, the Linux Foundation's new operating system for the Internet of Things

    IoT, or the Internet of Things, is increasingly present on a day-to-day basis. More and more objects or household appliances are connected to the Internet daily in order to allow the user to take advantage of the potential of the cloud for a use that, until recently, would be unthinkable. From televisions to washing machines and even thermostats are already connected to the Internet, however, each manufacturer uses its own protocols, something that can be a real impediment when trying to share information between two devices connected to the network.

    The Linux Foundation is aware of this problem, so it has been working on Zephyr for some time, a new real-time operating system that seeks to solve the compatibility and communication problem between protocols. This operating system is supported by various platforms such as NXP Semiconductors, Synopsys, and UbiquiOS Technology and licensed under a Aparche 2.0 license.

    Some of the main features of this operating system are:

    Scalability, capable of adapting to virtually any connected device.
    All connected devices will work under the same cloud.
    The kernel used in Zephyr can run on devices with as little as 8 KB of memory.
    The operating system is prepared to work with third-party modules.
    Only a single license document will be used, sent equally to everyone. In this way, conflicts and license clashes will be avoided.

    In addition to the above characteristics, this operating system is designed to work without problem with the main current technologies, such as Bluetooth, Bluetooth Low Energy, IEEE 802.15.4, 6Lowpan, CoAP, IPv4 / IPv6, NFC, Arduino 101, Arduino Due, Intel Galileo 'Gen 2, and even with less conventional boards like NXP FRDM-K64F Freedom.

    Zephyr is characterized by being a scalable, customizable, secure and, above all, open operating system. This will allow manufacturers to implement it in practically any type of architecture, thus solving the main current limitations of the different systems (generally proprietary) of the Internet of Things. This operating system also seeks both low consumption and high processing speed, something very important considering the limited hardware of the devices.

    Zephyr, a system designed for IoT security

    One of the main problems of the Internet of Things is security. Hackers are increasingly trying to take control of these modern devices, posing a danger to their proper functioning. The Linux Foundation wants to put an end to all this, and for this reason it has created an open source operating system, which can be considered more secure than other proprietary systems while allowing any interested user to inspect the code for bugs, vulnerabilities and even debug the code to improve its performance.

    As we have said, the Internet of Things is increasingly present among us, however, the problem of using proprietary protocols and technologies prevents the IoT from continuing to grow and evolve with a single ecosystem. Zephyr will undoubtedly be a small step towards this unique ecosystem.

  6.   Bitpochuelo said

    Linux is still MORE secure How much and to what extent?

  7.   Anya said

    From my perspective GNU / Linux stopped being a more secure OS for a while. Being open source it is easier to find vulnerabilities and take advantage of them. In Windows you have to use reverse engineering which usually throws you an assembly language code that is not always completely exact, while in GNU / Linux you have access to the source code without problems. The myth that a thousand eyes watch the source code is that, just a myth. The truth is that there are very few trained and knowledgeable people to do this and the vast majority of them are too busy with their own affairs to go over everything. If you don't believe me, explain to me how Compiz is practically dying already. Why is there no Compiz in Debian 8 and derivatives? Simple, there are no people working on it.

    In DeepWeb there are many tutorials on how to hack a Debian, CentOS, RedHat server in less than 5min. There are also tutorials on how to exploit vulnerabilities in PHP, MySQL. As well as several tutorials to exploit vulnerabilities in flash and in FireFox and Chromium browsers. In addition to specialized hacking distros such as Kali Linux or Parrot OS. And many tutorials on how to exploit vulnerabilities and escalate privileges.

    Not to mention various tutorials on hacking and social engineering to infect GNU / Linux, especially Ubuntu, PPAs and .DEB or .RPM files are very dangerous. I recommend not using any PPA that is not from the developer's official website, if you see the PPA on a blog, better not install it at all. It is quite easy to infect GNU / Linux through social engineering. You only create a PPA of a theme or beautiful or very striking icons, or you do the PPA on a version of a more recent and updated program than the one found in the official repositories, you put that in a blog and you already have a lot of pcs zombies.

    ClamAV is bad at detecting viruses, Trojans, and malware, so no need to worry about that mediocre antivirus. But the best weapon is that the linuxer thinks himself immune to viruses and malware.

    1.    Sebas said

      This comment saves the entire article.
      It is rare to see realism, sincerity and rationality in a linux place so characteristic all for delusions and extremists.

  8.   osandnet said

    I agree that Linux is the safest OS there is, because among the news that I have received for quite a while, I have not seen important security updates. But I would have liked you not only to talk about Linux vs Windows in this article. It would be nice if you comment on MacOSX and its myth of being the most secure of the OS and it has been proven that it is not. Last month it fixed more than 140 vulnerabilities to name just one. The av-test site has an article dedicated to it and among its antivirus tests it also includes MacOSX. All the best.