How compromised is Linux?

Discussion in 'Serious Discussion' started by can_script-kiddie, Sep 19, 2013.

  1. can_script-kiddie

    can_script-kiddie MDL Novice

    May 12, 2011
    22
    1
    0
    Will all the things floating about, with the NSA and Microsoft, Apple, Google, etc... now it has been reported that Microsoft have worked on the Linux kernel.

    So my question is, how do we know if there is any hidden back-doors or weak points placed inside Linux itself directly or in-directory by the NAS?

    As I am not a coder, I have no way of finding this out myself.
     
  2. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    Where is it reported? Well if M$ should have worked on it, the sources have to be published. There is nothing like 'the Linux kernel', there are different sources to compile.
    On Android for instance there are Linux kernel specialists using sources to compile their own with extra modules and features.

    You need to specify the Linux distribution. I for instance run a special media server (Enigma 2). I know the community and I'd say I can be 100% sure that it is not compromised.

    Open source is the future and makes it harder for institutions and monopolies to enforce their interests. The code is open and can be viewed by a lot of different individuals which have no own capitalistic interests.
    Open source is actually an effective weapon against control. But at the other hand each monopolist can (ab)use the code as well (google on Android). These are mainly commercial interests.
    The OS is open and probably clean, but they run their markets / maps and other commercial stuff on it. To remove them one has to make an effort as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. gorski

    gorski MDL Guru

    Oct 21, 2009
    2,848
    734
    90
    I would hope so, too!!!

    But isn't this, by definition, giving away the game, into the open, so it is possible to easily devise attacks, as we see all the time...

    Linux uses Flash, Java etc. We all know that all of those are very buggy and quite unsafe, if one is a hacker...

    Moreover, countries with great resources can hack into anything, really... We keep seeing the reports...

    But, realistically, just how interesting are you and me?!? :D :D :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. can_script-kiddie

    can_script-kiddie MDL Novice

    May 12, 2011
    22
    1
    0
    #4 can_script-kiddie, Sep 21, 2013
    Last edited: Sep 21, 2013
    (OP)

    All good points, but as I said, I am not a coder and I wouldn't really have a clue what I am looking at if I was to take a peak under the hood. Sorry, I should have said the kernel. Look here: http://www.pcworld.com/article/253100/look_whos_working_on_linux_now_microsoft.html

    Sorry, I also didn't seem to really word, my first post all that well.

    As for the NSA and Microsoft, well its a little more complicated that just the two company's, http://www.theguardian.com/technology/2013/jun/10/apple-google-giants-nsa-revelations http://www.bbc.co.uk/news/technology-24173977 I have been reading up about this, damn well as i was growing up, but I think when leaked papers, where toss out for all the world to see, I think this is a little more solid then someone on the street saying, "The end is coming"

    *Added*

    On another note, I wish to thank any Microsoft Employees; for any level of contribution towards the Windows Loader. And I also most say, I uttley regret buying Windows 8, even if it was just the upgrades.
     
  5. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    4,668
    4,251
    150
    Never heard of hiding in plain sight have you :p
     
  6. gorski

    gorski MDL Guru

    Oct 21, 2009
    2,848
    734
    90
    :D Hehehe... :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,078
    60
    Lex Luthor has.

    I don't see why linux couldn't be compromised, the absence of malicious code is not necessarily proof it is safe. For example, if someone wrote code knowing it would create an exploitable buffer, it wouldn't raise any flags.
     
  8. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    Well there is a difference when speaking of 'security holes' / vulnerability and malicious code. The latter is a product that comes from a absolute (bad) intention.
    Like the attack of MDL. Vbulletin introduced a vulnerability, the attacker the malicious code (exploit).
    A security hole itself is not harmful whereas malicious code has this propose only.
    It would be different when the 'security' hole is a sort of interface that allows secret services to spy. But then the security hole is introduced with an intention and not due to the lack of knowledge.

    At open source there can be introduced a vulnerability sure, also due to lack of knowledge and standards.
    But when speaking of malicious code there must be an active interest shared with others.

    The 'delocalisation' and publication of interests / development structure of open source community (anti-monopolistic) makes it harder to have a bigger group of same interests which could work unnoticed.

    To me the problem is somewhere else. To get personal data one has different places to attack. It hasn't to be locally on a PC with a potentially injected exploit. The NSA rather stores by tapping wires.
    The web is based on the IP. There are used different communication protocols such as HTTP, FTP, HTTPS, SFTP.

    The S stands for security, but it has become a joke now. No matter which OS as soon as data move through the web it has to use those protocols.

    What is the point to have an absolute secure OS with 100% clean code when my data leaves it through HTTPS which can be stored and decrypted?
    We are here at a place where open source is powerless. Powerless because there are too many consumers of products of monopolies.

    What would be if the open source community develops a far more secure 'S' standard for HTTPS (better than SSL /TLS), but nobody of the servers (providers / sellers / banks) are 'forced' to introduce it?
    The power of monopolists is preventing this AND it is probaly out of interest of governments.
    To develop a new security standard and enforce its use you would need the strength of a monopolist.
    But then you have all the issues a monopoly brings with it and the probability that secret services become involved (again) is greater.
    Also why there comes a browser with windows? The mainstream is not deeply technically involved into PC stuff. Most use what is already installed. Open source alternatives are only found with some efforts.

    To get alternatives with more security one has to get some technical knowledge to install and configure.
    It is sad, but to gain more security one has to get technical knowledge and the mainstream is usually overchallenged with that. So they stick to the one in all ready to use pack that comes from a monopolist. They are literally helpless and unaware and the monopolists are taking benefit of it.

    It is a fact: Everybody who supports a monopolist supports their interests and supports that nothing changes.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,078
    60
    Microsoft even encourages piracy of it's products so that people do not learn free-ware alternatives like linux.

     
  10. can_script-kiddie

    can_script-kiddie MDL Novice

    May 12, 2011
    22
    1
    0
    Well, I have come across that before, see even Sony even allowed piracy of there games, but they also proudly posted record sales of CD/DVD burners, while crying over people copying there Movies and Audio CD's.

    Also have you come across the news regarding a large group of mega company's, including Microsoft crying foul over Android pricing? http://fsfe.org/activities/policy/eu/20130729.EC.Fairsearch.letter.en.html
     
  11. jean_phile

    jean_phile MDL Junior Member

    Sep 13, 2008
    68
    62
    0
    believe that a system is tamper-proof, let me laugh!

    There's nothing on, it is from la to improve security!

    same open source is a doubt, thousands see million lines, it is impossible to know everything.

    Security is always to doubt its safety (even open source)!

    Sorry for my English, I'm French.

    good week :)
     
  12. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    One needs to publish the source. It easily can be 'tampered' but the chance that it becomes public and known by others is very high.
    Once I used a custom Android ROM. It sent the IMEI to a special server. It took some time, but it has been detected.

    At that case it was different, though. When using a custom ROM it comes with apps which might be compromised.
    That is the reason why I always have a stock image on my phone. When booking I boot into recovery and restore it for my booking session.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,029
    60
    It's a case of personal preference of what people choose between vanilla Roms or custom Roms.

    And Also to say Linux has been compromised is very ambiguous. Linux really doesn't have a target rich consumer base as opposed to windows (as a market share). Regarding the android apps some of them are poorly made which makes it easy to exploit some portion of the code. However its far too ambiguous too say linux has been compromised without referring to the linox flavor.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. can_script-kiddie

    can_script-kiddie MDL Novice

    May 12, 2011
    22
    1
    0
    I should have said it in my first post, but Microsoft have worked on the Linux kernel, while I do know and have known for some time that it is publicly available, has the latest version been review?
     
  15. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,078
    60
    Linux is still susceptible to social engineering.

     
  16. Mikorist

    Mikorist MDL Member

    Dec 26, 2012
    201
    139
    10
    #16 Mikorist, Oct 3, 2013
    Last edited by a moderator: Apr 20, 2017
    I am not a security expert at all. :D

    But NSA is.....

    My answer to this topic is in citation from NSA ( Security-Enhanced Linux page fusnot)

    The most secure operating systems in World:



    Does NSA/US government use Linux as their main operating system?? http://forums.mydigitallife.net/vb4_style/smilies_default/rolleyes.gif

    http://www.nsa.gov/research/selinux/

    NSA collaborate with (RHEL) Linux... :D

    SELinux Godfather:
    http://people.redhat.com/dwalsh/

    SELinux (you probably read right now --- > SELinux=NSA )http://forums.mydigitallife.net/vb4_style/smilies/biggrin3.gif
    is a policy security mechanism on your gnu slash linux system
    which apply to all processes and files.


    NSA really want to help EVERYONE LINUX users with security? :D

    We will never not know that for sure....:rolleyes:

    But your tax dollars are paying for SELinux package! :smokecowboy:


    The SELinux package you can disable or enable it.

    Code:
    # cat /etc/selinux/config
    SELINUX=disabled
    SELINUXTYPE=targeted
    SETLOCALDEFS=0
    

    If NSA need a secure OS internally, and that is the RHEL Linux
    we can take to be relatively secure in Linux as home desktop users.

    ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...