Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Linux / any OS that is much less prone to ransomware / malware than Windows

Is RHEL or any specific OS that allows us to browse Internet and yet
highly not prone to ransomware & malware

Wanted to use it as 'jumphost' for browsing Internet
Avatar of John
John
Flag of Canada image

NO. You get ransomware by opening strange emails. You can do that on Windows. MAC or Linux. If the payload will not open on your machine, you may escape it, but crooks are getting wise to that as well.
Avatar of btan
btan

Not really going to be bulletproof for the jumphost (for Linux there is "Linux" crypto-ransomware) as they are also the key target for attacker to bridge across network and application - If I will to see it most jumphost is mainly serving as a privileged access controller or web proxy into internet (or untrusted zone) which is why further more, it needs to be better managed, monitor and assess the necessary measures to make it "less attackable" - in fact it is most vulnerable point in the security design. Consider below for the "jumphost"
a) Hardening it with unnecessary service and account disabled or removed (reduce exposure)
b) Least privileged principle and adopt minimal remote admin and all remote access is via 2FA
c) Application whitelisting and anti- malware is still preferred as part of the system HIPS
d) Monitor the jumphost as part of the central OPS managing the SIEMS collecting all log within architectures

For info on the Lynis scanner - https://linux-audit.com/linux-and-the-rise-of-ransomware/

You may consider anti-ransomware technique that include setting up deception traps (see TrapX's CryptoTrap - http://trapx.com/product/, better to engage them if interested as not sure if it support Linux/Unix system)
SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Kinda sorta... It's not that one OS is really more secure than another, and it's not user incompetance necessarily. It's that M$ is a wide target, and your odds are better when your have 100 windows users to 1 linux/mac user ratio. Java viri and malware work on all OS's, and while that may take a bit more effort for some, for others it's easy.
Your better off in linux in that most expolits are targeted for windows, but it's not that it's more or less secure. It's what most people know, and attackers are also getting better at every part of exploiting, it's not just spam and wait to see - Now you make the emails more beliveable, or use malicious Ad's, Search Engine Optimization... and the tools to help you do that are easy to come by, esp for windows. Previous to windows 7 I'd say windows was less secure, by default you were an administrator, but windows 7 (and vista tried) you were not admin by default. Linux and others have this pricipal of least priv too, you don't check your email as root or use a browser as root, or view a pdf as root, if you do, your no better than windows.
-rich
I agree with a majority of what you said, but I do not open strange emails (most of them get trapped by my spam filter) and I do not get any ransomware. I would not switch operating systems because I am careful and do not have any issues.
Avatar of sunhux

ASKER

Actually Fireeye told me Windows has a lot more malwares & exploits compared to Linux.

THing is if I use a Linux as this 'reverse jumphost', there is very little realtime/on-access
AV for Linux or does McAfee has one?  We use McAfee
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
People attack the biggest targets - that is true, but (for the most part) it is the user that invites viruses in and switching operating systems won't change that.

To put it another way, change operating systems if you wish, but you are not safer because you to.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Antivirus on linux ..... NO its not required!
If you need  anti-virus use ClamAV from http://www.clamav.net/ but is not distributed or supported by Red Hat. Red Hat provides a high level of security  in OS/packages. They are updated in a way which keeps potential risk to a minimum.
in any case of OS platform, patches need to be timely patched and that is important as compared to having to hassle with AV signature update if we are to prevent targeted malware. If you are talking about zero day vulnerability none of the AV or OS patch will be available to stop the penetration. You should adopt the defense in depth and reduce your attack footprint and exposure.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
There are also POC instance of Linux such as BashCrypt and open source, so it not hard to leverage on this to further exploit the platform. It is that is modeled after CryptoWall 3.0/4.0 https://github.com/SubtleScope/bash-ransomware