What is Malware?
According to Wiki, Malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.
Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, as for example Regin, or it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker). 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.
Assumption
We assume that Windows and Linux (as well as other operating systems, we take Windows and Linux as example) are up-to-date and all known vulnerabilities have been fixed. Meanwhile, the credentials of all users, including root and admin accounts are in strong password. In addition, all users do not visit any illegal sites, such as porn sites, gambling sites, pirate software/media sites and etc.
Hacking via Browser
Unfortunately, I cannot find any information about browser hacking in Wiki. If you have read my first article, you will know that one of the most common attacks is "Browser attack". Therefore, I will talk about browser here. Browser is a very complicated software which renders the contents of the website to the users and vice versa. There are many ways to attack the browser users. I name some of them here :
- Browser flaw
- Website flaw
- Networking flaw
- Browser plugins flaw
- Human flaw
- Attacker intention
Once any of the captioned elements exists, you will be compromised by malware. No matter your system is Linux or Windows. As in my first article, I also mentioned "Privilege Escalation". I will not go into it in details. Modern Windows and Linux systems are not in admin rights by default. However, there are many ways to do so in any operating system, including Windows and Linux.
Conclusion
I will not go into all attacks in details too. There are many ways to do so and I only mentioned the "Browser Attack" here. Even your Linux system is up-to-date, with strong credentials and do not do any illegal or not ethical activities, you may have chance to be infected by malware.
Linux users are required to protect themselves from being compromised by malware and do not believe the myths. Meanwhile, it is not easy for general users to identify if their system is infected or not, that why there is a technology namely "Linux Forensics". I hereby to rise a signal to all that "LINUX CAN BE INFECTED BY MALWARE".
By the way, to response to @vichui, I did not say that it is totally safe to do what I recommended in my first article. I mentioned that it is what I am currently using only. Be keep in mind that there is no "bullet proof" system in the world at the moment. That's why I always monitoring my Linux systems even I implmented a lot of precaution measurement.
Lastly, @vichui already supports my version as he mentioned at #7 that it is "MORE RISKY" to follow my first article to install the said software. So, his comment is "Linux has a risk to be infected by malware".
Thank you.
Samiux |
簡體版
訂閱頻道
訂閱電子報
發表於 2015-9-17 16:45
| 
