Solved

Linux / any OS that is much less prone to ransomware / malware than Windows

Posted on 2016-08-28
16
104 Views
Last Modified: 2016-09-15
Is RHEL or any specific OS that allows us to browse Internet and yet
highly not prone to ransomware & malware

Wanted to use it as 'jumphost' for browsing Internet
0
Comment
Question by:sunhux
  • 6
  • 4
  • 2
  • +4
16 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 41773700
NO. You get ransomware by opening strange emails. You can do that on Windows. MAC or Linux. If the payload will not open on your machine, you may escape it, but crooks are getting wise to that as well.
0
 
LVL 61

Expert Comment

by:btan
ID: 41773701
Not really going to be bulletproof for the jumphost (for Linux there is "Linux" crypto-ransomware) as they are also the key target for attacker to bridge across network and application - If I will to see it most jumphost is mainly serving as a privileged access controller or web proxy into internet (or untrusted zone) which is why further more, it needs to be better managed, monitor and assess the necessary measures to make it "less attackable" - in fact it is most vulnerable point in the security design. Consider below for the "jumphost"
a) Hardening it with unnecessary service and account disabled or removed (reduce exposure)
b) Least privileged principle and adopt minimal remote admin and all remote access is via 2FA
c) Application whitelisting and anti- malware is still preferred as part of the system HIPS
d) Monitor the jumphost as part of the central OPS managing the SIEMS collecting all log within architectures

For info on the Lynis scanner - https://linux-audit.com/linux-and-the-rise-of-ransomware/

You may consider anti-ransomware technique that include setting up deception traps (see TrapX's CryptoTrap - http://trapx.com/product/, better to engage them if interested as not sure if it support Linux/Unix system)
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 90 total points
ID: 41773710
It is mainly user incompetence that makes a system more prone to attack and not the OS.

But Linux does have less malware that will execute on it, particularly because it isn't used as much by the normal user, so it also isn't targeted as much.

But for example, Android is the most common OS used by smart-phones, and it is based on Linux kernels. Malware that runs on Android is pretty common.

One thing though which speaks heavily for linux, is that most distributions exist as Live-Media, which means you can download the iso, burn it to DVD, and then boot the PC from that DVD any you will have a fully running Linux environment, without having installed the OS. Live Media is read only, that means nothing is saved to the DVD after a reboot, so your OS won't get infected. But data can still be written to any internal HD of your PC, or attached storage, or to the LAN provided your LAN is insecure and can be used without logon. But with LiveMedia this is unlikely.

I suggest you use MakuluLinux LinDoz 11http://makululinux.com/, which is very easy to use and comes as LiveMedia:

http://makululinux.com/
0
 
LVL 61

Assisted Solution

by:btan
btan earned 110 total points
ID: 41773761
Building on segregate to a number of jumphost such that group of key users or ops systems maybe via a different jumphost compared to the general mass users surfing.

Keeping jumphost as clean slate is another area to invest in. If you deem as long term and for seek of compliance and assurance together with continuous oversight, you may consider Deepfreeze for servers. Mainly for Windows.

http://www.faronics.com/en-uk/products/deep-freeze/server/

For info on an open source software called OFRIS that does sort of "deepfreezing"
An open source application that can freeze your Linux, it is like Deep Freeze in Microsoft Windows operating system. So, you can lock your system by using this application. Feel free and open with this application.
http://sourceforge.net/projects/dafturnofris-id/

See also Deep Freeze-like application for Ubuntu alternative solution
Lethe is a Deep Freeze-like partition freezing software for Debian GNU/Linux and Lihuen GNU/Linux (May work on other Debian-based GNU/Linux distributions). Lethe makes the partitions behave like a Live CD: all changes made on the file system will not be saved on the disk but in RAM and when the system restarts, all the content saved in the previous session is "forgotten" and lost and the disk / partitions are restored to their original state.
http://www.webupd8.org/2009/07/deep-freeze-like-software-for-ubuntu.html

You may even consider this jumphost as an AWS instance which is running as a "service"  gateway for your Web hosting secured with VPN channel btw your premise and AWS. Create the VPS for this instance and restrict the network flow to Internet and does content filter etc.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 41774643
Kinda sorta... It's not that one OS is really more secure than another, and it's not user incompetance necessarily. It's that M$ is a wide target, and your odds are better when your have 100 windows users to 1 linux/mac user ratio. Java viri and malware work on all OS's, and while that may take a bit more effort for some, for others it's easy.
Your better off in linux in that most expolits are targeted for windows, but it's not that it's more or less secure. It's what most people know, and attackers are also getting better at every part of exploiting, it's not just spam and wait to see - Now you make the emails more beliveable, or use malicious Ad's, Search Engine Optimization... and the tools to help you do that are easy to come by, esp for windows. Previous to windows 7 I'd say windows was less secure, by default you were an administrator, but windows 7 (and vista tried) you were not admin by default. Linux and others have this pricipal of least priv too, you don't check your email as root or use a browser as root, or view a pdf as root, if you do, your no better than windows.
-rich
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41774651
I agree with a majority of what you said, but I do not open strange emails (most of them get trapped by my spam filter) and I do not get any ransomware. I would not switch operating systems because I am careful and do not have any issues.
0
 

Author Comment

by:sunhux
ID: 41775721
Actually Fireeye told me Windows has a lot more malwares & exploits compared to Linux.

THing is if I use a Linux as this 'reverse jumphost', there is very little realtime/on-access
AV for Linux or does McAfee has one?  We use McAfee
0
 
LVL 61

Assisted Solution

by:btan
btan earned 110 total points
ID: 41775749
Windows has a large pool of user and no surprise FE will say that. It is already known fact Win platform is an easy target. Being another OS such as Linux does not mean attack surface is reduced, targeted attack will still penetrate and bypass it - hardening in any platform is the baseline and should be at continuous monitoring and response on alert and suspicious events.

McAfee AV  for Linux
Supported Distributions for 32-bit Platforms/64-bit Platforms
◾Red Hat Enterprise 5, 6, and 7
◾SuSE Linux Enterprise Server/Desktop 10, 11, and 12
◾Novell Open Enterprise Server 2 and 11
◾Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04, and 14.10
◾CentOS 5, 6, and 7
◾Oracle Linux 5, 6, and 7 (Both Red Hat compatible and Unbreakable Enterprise Kernel)
◾Amazon Linux 3.2 Kernels and above
◾Support for public cloud such as Amazon EC2
◾Supports para-virtualization
-- http://www.mcafee.com/sg/products/virusscan-enterprise-for-linux.aspx
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 90

Expert Comment

by:John Hurst
ID: 41776123
People attack the biggest targets - that is true, but (for the most part) it is the user that invites viruses in and switching operating systems won't change that.

To put it another way, change operating systems if you wish, but you are not safer because you to.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 200 total points
ID: 41776128
It all depends on who you ask, but Linux has been had security built-in for much longer than windows in the way it's been architected. ASLR (since 2001 in linux), DEP (2001), as well as many other features that have been part of the kernel for a long time. The main problem is with windows is it's monoculture, read: https://www.schneier.com/blog/archives/2010/12/software_monocu.html
Linux has some severe flaws, most recently HeartBleed, "ShellShock", Glibc - These bugs were very bad, and again there are going to be more. No one is looking as hard at linux as they are windows from a criminal aspect. FireEye themselves has some issues, and they run linux :)
https://www.fireeye.com/content/dam/fireeye-www/support/pdfs/2015-q4-security-vulnerability-advisory.pdf
https://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html
(there are more)
There are a lot of AV's that work on Linux, Symantec, Kaspersky, McAfee, ClamAV, Sophos, and many others.
If you run as a non-admin on windows, have EMET installed and keep patched, your doing better than most organizations that I encounter :)
-rich
0
 
LVL 61

Assisted Solution

by:btan
btan earned 110 total points
ID: 41776192
I do advocate EMET as well and even that can be centrally managed at GPO level (https://blogs.technet.microsoft.com/kfalde/2014/04/29/configuring-emet-via-gpogpp-wo-using-the-admx-files/)

Event then, the whole gist is not about OS type but is to secure by default and be aware there is no silver bullet and move ahead to employ layer (not duplicate like multi-AV) of defence as deterrence to the targeted attacks. Key is to also consider not to unnecessarily burden the system into being incapable to maintain optimal operational readiness as the "defences" impact the system with slow performance and high resource req (like memory etc). there should be consideration for DDoS protection against that single point of failure too..
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 50 total points
ID: 41776193
EMET still works, but in Windows 10, many of the EMET functions are being built into Windows 10.
0
 
LVL 25

Expert Comment

by:madunix
ID: 41784543
Antivirus on linux ..... NO its not required!
If you need  anti-virus use ClamAV from http://www.clamav.net/ but is not distributed or supported by Red Hat. Red Hat provides a high level of security  in OS/packages. They are updated in a way which keeps potential risk to a minimum.
0
 
LVL 61

Expert Comment

by:btan
ID: 41784741
in any case of OS platform, patches need to be timely patched and that is important as compared to having to hassle with AV signature update if we are to prevent targeted malware. If you are talking about zero day vulnerability none of the AV or OS patch will be available to stop the penetration. You should adopt the defense in depth and reduce your attack footprint and exposure.
0
 
LVL 27

Assisted Solution

by:tliotta
tliotta earned 50 total points
ID: 41790728
I'm only aware of two ransomwares that Linux is currently susceptible to. Both of them apparently target Linux web servers.

First is Linux.Encoder.1. Only around since maybe Nov 2015, it is an encryption-style ransomware; but its encryption schemes have already been cracked three times. It apparently exploits a Magento (shopping cart) vulnerability to get itself installed. Though Magento has long since been patched, any number of small sites still haven't applied the fix.

Second is FairWare Ransomware, which has really only been seen in the past few weeks. I think that its current attack vector has been been uncovered -- some hacked Redis servers. It seems to be more of a scam than actual ransomware. It claims that some of the server's web or data folders have been moved to a remote server location and that a 2-Bitcoin ransom must be paid to get them back. As far as is known, though, the folders have simply been deleted and not stored elsewhere, so there is no "recovery" via ransom.
0
 
LVL 61

Expert Comment

by:btan
ID: 41791219
There are also POC instance of Linux such as BashCrypt and open source, so it not hard to leverage on this to further exploit the platform. It is that is modeled after CryptoWall 3.0/4.0 https://github.com/SubtleScope/bash-ransomware
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now