Will Linux protect you from ransomware attacks?
Ransomware attacks are all the rage these days among hackers, and many people are worried about becoming victims. Are Linux users secure against such attacks?
This topic came up recently in a thread on the Linux subreddit, and the folks there had some interesting thoughts to share about Linux and ransomware attacks.
Rytuklis started the thread with this post:
I am sure you guys heard the news about that huge hacker attack that locks peoples personal fines and demands ransom. Is Linux secure enough to protect against such attacks?
I thought I was safe on Windows in Lithuania where such attacks are very rare but saw this hack also hit Lithuania pretty hard too, so it makes me contemplate Linux again.
His fellow redditors responded with their thoughts about Linux and security:
Chrisoboe: “These attacks only worked because people didn’t update their Windows, or used an out of support version. Every operating system is insecure if you don’t update it or if you use out-of-support versions. Linux distros usually provide security updates way faster than Microsoft, but that doesn’t matter much when users decide not to do updates. ”
ArcadeStallman: “Linux and Windows are both secure enough if you exercise caution and keep your system updated. It’s easier to keep Linux updated, though, since you can update with one or two commands and not have to restart immediately.
This particular attack won’t affect Linux AFAIK, but attacks targeted at Linux systems do happen occasionally.”
Tscs37: “Short answer: No.
Long answer: No, but not many people find it profitable or lucrative to make Linux-based ransomware.
No software is 100 percent bulletproof. Linux may be a bit better but it’s hard to estimate by how much in hard numbers. CVE’s are a good start but don’t cover possible exploits or overall security at all.”
Destiny_functional: “More secure than Windows.
Windows has a 20 year history of leaving its users vulnerable on the internet. Frequent major vulnerabilities too. We had MSBlast which easily could have been ransomware too if it had been invented / famous then. MSBlast basically made any new Windows 2000 or XP version that you would connect directly (i.e. not behind a router) to the internet useless within a minute. I don’t see that much has changed.
Seeing which Windows version patches were released for the last couple of days you see how extremely old (XP era) vulnerabilities carry over from version to version seemingly. That’s Microsoft for you and has always been.
Is Linux secure enough? Security always can be (and needs to be) improved.
Anyway, if you have backups you have nothing to fear.”
Perillamint: “MO, limit scope to this issue, Linux is better then Windows.
At least, nobody (unless they’re crazy enough and smart enough to patch kernel) runs SAMBA on Ring 0 on Linux unlike Microsoft did (and allowed RCE to Ring 0 :( ).”
Audioen: “Security needs to be designed in, and then the implementation itself must be correct. Linux shares the history with Windows in that its security resembles that of an egg: a hard exterior meant to keep intruders out, but once through the shell, you meet a soft interior that offers little resistance.
Many Windows vulnerabilities require a vector that allows code execution, then the payload facilitated by that tends to use any of the numerous unpatched security holes to do whatever it wants on the system. Additionally, recovery to uncompromised state requires treating the machine to a complete reinstall. Categorically, Linux is very much in the same boat in that services running on the system can serve as the vector to inject a payload, which can then burrow into the system so deep that the only way you can be sure you have got rid of it is by reinstalling the OS. (In fact, some proof-of-concept virus-type programs are so advanced that they can in infect e.g. certain hard disk firmwares, in which case reinstalling does not necessarily help.)
However, many vectors used on Windows are not working well on Linux: e.g. people don’t usually download random executables from the web and run them, people don’t blindly execute attachments they received by email, etc. Still, the situation is not ideal and requires constant vigilance, and there are tools you’re supposed to install by sudoing a Bash script you download from GitHub etc. At the current state of security, allowing users to learn to do things like that invites disaster.
A hardened operating system would be basically impossible to destroy by any user action, and could be brought back to a known-safe state at any point the user wants. It would probably substantially remind one of iOS, Android, or ChromeOS in that the user (and by extension any program the user can run) always has less than full control of the machine, and even then security can fail due to implementation errors.”
Ironfish: “Linux, just like Windows, is as secure as you make it. I’ve seen plenty of Linux boxes get rooted over the years so it’s not a magic bullet to just switch to another OS.”
Turin231: “Both OSs can be secure enough if you follow good practices. Basically keep everything updated.
Linux is just more secure because vulnerabilities are patched faster (easier to find and cannot be hidden by the developer), CVE practices tend to be more complete, and there is usually no data-mining software that can be potentially exploited by third parties.
But more secure does not mean fully secure. No system can provide this.”
Ars Technica reviews Ubuntu 17.04
Ubuntu 17.04 has been out for a while, but reviews are still trickling in from various sites. The latest review is from Ars Technica.
Scott Gilbertson reports for Ars Technica:
There’s quite a bit of new stuff in this release, but possibly the best news is that Ubuntu is now using Linux kernel 4.10. That means your Kaby Lake processors are fully supported (as are AMD Ryzen chips for those who love rooting for the underdog). There’s also some support for Nvidia’s Tegra P1 and some improvements to the open source Nvidia (Nouveau) drivers.
Another big change that most people will never even notice is that Ubuntu 17.04 switched from a swap partition to a swap file. You could see some speed improvements from that in some situations, and it makes your swap partition unnecessary, which saves a step in the installation process. The exception here is Btrfs, which does not support swap files. If you’re using Btrfs, you’ll need to opt for manual partitioning and create a swap partition yourself.
Also worth mentioning is Ubuntu 17.04’s support for the new “driverless” printers. These printers use the IPP Everywhere and Apple AirPrint protocols, and connecting them to your Ubuntu desktop should be, in Canonical’s words, “as easy as connecting a USB stick” (I don’t have a printer to test with).
This release also sees the usual slew of application updates for Ubuntu’s stock apps. GNOME-based apps have mostly been updated to GNOME 3.24, though there are a few that linger at older versions (Terminal and Nautilus for example).
Ubuntu has a login screen security flaw
Security is on everybody’s mind these days, particularly after the WannaCry ransomware attacks on Windows systems. It turns out that the venerable Ubuntu has a security flaw of its own via its login screen.
Adarsh Verma reports for Fossbytes:
A flaw of medium priority has been found in Ubuntu Linux operating system. Due to a bug in the LightDM display manager, the guest sessions aren’t properly confined. This problem stepped in when user session handling moved from Upstart to Systemd in Ubuntu 16.10. Canonical has released a patch for this vulnerability and you need to install security updates to get the fix.
After the widespread havoc caused in the closed world of Windows by the WannaCry ransomware, it’s time for Ubuntu Linux users to update their systems and patch a medium priority flaw that has the potential to do a considerable amount of damage. The issue being talked about here deals with LightDM, the display manager that powers the Unity Greeter login screen.
Reported by OMGUbuntu, the affected versions are Ubuntu 16.10 and Ubuntu 17.10. Due to this flaw in LightDM, the login screen doesn’t correctly configure and confine the guest user session which is enabled by default on Ubuntu Linux. By exploiting the same, a nefarious hacker with physical access can grab the files and gain access to the other users on the system. Please note that the files in a user’s home directories can also be accessed.
Did you miss a roundup? Check the Eye On Open homepage to get caught up with the latest news about open source and Linux.