User avatar
abishur
Posts: 4477
Joined: Thu Jul 28, 2011 4:10 am
Location: USA
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 7:28 pm

ReCat said:


Abishur said:


Actually, my wife got a virus from visiting Campbell"s website about a year ago.  Didn"t download anything, didn"t give permission for anything to install.  Viruses are getting quite insidious.  I mean you can hide the buggers in a picture.  You"d be amazed at all the data stolen from your browsing trends all because an innocuous ad pops up on the side of a page!


Yep! That"s an exploit in a web browser. Was it an old version of IE by any chance? New versions are quite more secure, and also, sandboxing! This can make anyone completely immune to even direct attacks against a browser exploit like this, just as long as you don't let it through to your system manually.



Nope it was firefox, properly up to date with good settings for security.  I haven't looked into sandboxing yet.  But I did have anti-virus protection.
Dear forum: Play nice ;-)

tcrroadie
Posts: 1
Joined: Thu Feb 09, 2012 7:27 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 7:54 pm

All platforms are at risk of being targeted for malicious software.  But as others here have said, due to Linux's small user base, the risk of you receiving any malicious software on a Linux box (especially on ARM) is extreamely rare.

Unless you are planning on using your Raspberry Pi as a web server, I would not worry about it. I have been using Linux full time for over 5 years and I have never gotten anything installed on my box that I did not ask to be installed.

Gert said:


Hummm… Idea! Has anybody already offered Linux PC cleaners? Boot into a Linux kernel which then scans your PC for PC viruses. I know you can get ready-to-run Linux images in all kinds of format.


Is this what you had in mind?  ClamAV is preinstalled and can be run from the CD.  I use SystemRescueCD to clone my Linux installations but have never run a virus scan from it.  I don't think I have run a virus scan on one of my Linux or Windows boxes in over 6 years.

http://www.sysresccd.org/Syste.....d_Homepage

Lynbarn
Posts: 464
Joined: Wed Jan 04, 2012 11:03 pm
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 8:39 pm

ReCat said:


I can't quite understand how people actually get viruses on their computers. It's been a few years now, for me, that I've gone without getting a virus (unintentionally ), I guess that as long as you know what you're doing well enough, and aren't being directly targeted.. It doesn't happen. O_o

Anyways, What hackers would want to target less than 1% of the computing market share for viruses? That's all. c:



Like I said earlier in this thread. The 'Pi is intended for use in schools. Schools are full of pupils. Pupils like to experiment, break things, take them apart to see how they work. Even secure school networks can have exploitable weaknesses...

Toby Stokes
Posts: 21
Joined: Sat Dec 24, 2011 7:34 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 8:42 pm

Let's remember again this is an education machine. The point is that you can mess around with it until it falls over. If something bad happens then re-flash the card and be done with it.

Please don't store all your treasured data on it.

joeofloath
Posts: 21
Joined: Mon Feb 06, 2012 3:27 pm

Re: Viruses on the RasPi

Fri Feb 10, 2012 12:14 am

Security by obscurity isn't the only reason Linux viruses are rare, remember that about 70% of web servers run Linux, yet there's no market for antivirus there.

Anyway, the open source community is usually pretty good at patching vulnerabilities, if anything gets out into the wild, expect it to be patched upstream within a few days (Or sometimes hours!). As long as the boards are kept up to date, viruses will be obsolete in no time at all.

maigo
Posts: 1
Joined: Fri Feb 10, 2012 1:06 am

Re: Viruses on the RasPi

Fri Feb 10, 2012 1:08 am

It is a bit of misinformation that Linix machines are more secure than Windows. Viruses are generally not targeted for Linux but you can at least “catch” then and pass them on to others unknowingly. Clam is actually pretty good but you have to set a security cron to scan the machine at a regular time. Also set up a firewall and auto update security. The biggest danger for Linux users would be a Root Kit exploit from a hacker. Set up rkhunter and you should be fine. Then of course there is the natural inquisitiveness of students. All in all, I would suggest you take the normal kind of precautions that you would take with any computer network.

steev
Posts: 87
Joined: Fri Jan 27, 2012 5:08 pm

Re: Viruses on the RasPi

Fri Feb 10, 2012 1:24 am

Most (all?) sdcards have a lock switch  to make them read-only.

I plan on running my R-Pi with a read-only rootfs on the sdcard and storing directories that need to be written to on a USB stick or tmpfs if there is enough RAM.

I'll only turn off the lock switch when installing updates or new software.

I'm no security expert, but that seems to me like a good way to prevent system files from being modified without your permission.

Lynbarn
Posts: 464
Joined: Wed Jan 04, 2012 11:03 pm
Contact: Website

Re: Viruses on the RasPi

Fri Feb 10, 2012 1:43 am

steev said:


Most (all?) sdcards have a lock switch  to make them read-only.

I plan on running my R-Pi with a read-only rootfs on the sdcard and storing directories that need to be written to on a USB stick or tmpfs if there is enough RAM.

I"ll only turn off the lock switch when installing updates or new software.

I"m no security expert, but that seems to me like a good way to prevent system files from being modified without your permission.


Good idea, but do those switches disable writing on the SD card itself, or the SD drive? On floppy disks (remember them?) there was a hole or slot that, if open, allowed the drive (either by electrical contact, or light transmission) to identify if it was allowed to write to the disk or not. If the latter is the case, by disabling the SD drive detection mechanism, it would be possible to stop the 'Pi ever updating any SD card, with updates carried out on a PC, for example. Just a thought…

steev
Posts: 87
Joined: Fri Jan 27, 2012 5:08 pm

Re: Viruses on the RasPi

Fri Feb 10, 2012 2:16 am

Wasn't sure until I googled it, seems to be done by the SD drive/card reader:

http://www.electronics-lab.com.....og/?p=2620

ReCreate
Posts: 48
Joined: Wed Feb 01, 2012 4:51 pm

Re: Viruses on the RasPi

Fri Feb 10, 2012 4:05 am

joeofloath said:


Security by obscurity isn't the only reason Linux viruses are rare, remember that about 70% of web servers run Linux, yet there's no market for antivirus there.

Anyway, the open source community is usually pretty good at patching vulnerabilities, if anything gets out into the wild, expect it to be patched upstream within a few days (Or sometimes hours!). As long as the boards are kept up to date, viruses will be obsolete in no time at all.



Because servers serve! Consumer computers consume! A chef who prepares food will never have to worry if the ingredients he used for a costumer contains a virus, because he doesn't eat it, the customer eats it. now, if he tasted it, was exposed to it/etc, it could be possible to get the virus too. But that's fairly difficult. (metaphorically speaking)

Prometheus
Posts: 308
Joined: Tue Dec 13, 2011 11:09 pm

Re: Viruses on the RasPi

Fri Feb 10, 2012 5:23 am

ReCat said:

Because servers serve! Consumer computers consume! A chef who prepares food will never have to worry if the ingredients he used for a costumer contains a virus, because he doesn't eat it, the customer eats it. now, if he tasted it, was exposed to it/etc, it could be possible to get the virus too. But that's fairly difficult. (metaphorically speaking)

But servers are very valuable to ne'er-do-wells, so joeofloath's point still stands.

User avatar
Jessie
Posts: 1754
Joined: Fri Nov 04, 2011 7:40 pm
Location: C/S CO USA

Re: Viruses on the RasPi

Fri Feb 10, 2012 5:56 am

Most viruses are spread (or at least started) at the scocial level.  A linux server which is un-manned is way less likely to get a virus even if the playing level was even (assuming there were as many Linux viruses) because it dosn't have a dumb person attached to it.  When discussions about why windows is less secure than anything I always remember a T-shirt I saw at Defcon a number of years agao:  "Socail Engeneering, because there is no patch for human stupidity."

joeofloath
Posts: 21
Joined: Mon Feb 06, 2012 3:27 pm

Re: Viruses on the RasPi

Sat Feb 11, 2012 5:56 pm

Jessie said:


Most viruses are spread (or at least started) at the scocial level.  A linux server which is un-manned is way less likely to get a virus even if the playing level was even (assuming there were as many Linux viruses) because it dosn't have a dumb person attached to it.  When discussions about why windows is less secure than anything I always remember a T-shirt I saw at Defcon a number of years agao:  "Socail Engeneering, because there is no patch for human stupidity."



I need this shirt.

User avatar
Burngate
Posts: 6371
Joined: Thu Sep 29, 2011 4:34 pm
Location: Berkshire UK Tralfamadore
Contact: Website

Re: Viruses on the RasPi

Sat Feb 11, 2012 6:40 pm

joeofloath said:


Jessie said:


"Socail Engeneering,."


I need this shirt.



Just so long as they keep the spelling

SeanD
Posts: 121
Joined: Wed Sep 21, 2011 12:25 am
Contact: Website

Re: Viruses on the RasPi

Sat Feb 11, 2012 7:34 pm

I have followed this thread the last couple of days with some interest to see where it goes.

This is an area that interests me professionally. Now some will say I must be biased as I work for an organisation that makes billions of dollars a year selling security technologies, which many people still believe are unnecessary.  So you can expect me to say that there is going to be a risk to the RPI! Presumably because that way I can help peddle $50 per year solutions aimed at a $35 computer (not a typo, really no point in marketing to a non internet connected device, just because we are commercial does not mean we are stupid).

Let's be clear I am worried about malware on the RPi. Oh, and a quick clarification here, as I know some of you are aware as I can see it in your posts, Viruses are only one class of threat and is why if you are looking to actually protect a machine getting just AntiVirus for it is a waste of time.  Malware is the superset, and covers techniques such as Trojans (applications that contain malicious code or behaviors) that for example are the main attack vector on Android at the moment, Worms that usually self replicate using some form of network based propagation, Adware and Spyware that do not tend to self propagate and hand coded targeted attacks. AntiVirus is predominantly involved in using signature based techniques (mostly regex or hash based) to scan files to see if they contain malicious code.  The history of the virus goes back to the days of the floppy disk when most of these things were passed around by hand. Recently we have seen a revival of this with attacks using removable media, USB pen drive, SD card etc. However if the Malware is not in a file, AV will not find it, and most these days is not.

The majority of threats today come via the web.  In some cases this will be via file download.  In the case of trojans a user will be tricked into downloading a binary or source code that contains the threat, and yes there are examples and increasing ones of open source repositories being successfully targeted and malware introduced into the source, and in some cases going a long time before they are discovered. As has been pointed out above this might be an issue in the classroom environment with code sharing.  Most browser vulnerability based threats target windows of Mac, but from time to time Linux ones exist and because they attack an exploit in the browser they are often more generic than you would think. Open source is helping here but it is a risk reducer not a risk remover.  There have been issues with commercially available browser plug ins that have had serious vulnerabilities.

Server vulnerabilities are what I am really worried about with the RPi, and before you stop reading because you do not intend to use your RPi as a "server" take a moment to understand how an OS works.  Many of the services running on it are listening to the network.  This generates the opportunity to should they be discovered to use exploits in the services to run arbitrary shell code on the device.  This is why commercial anti malware contains firewalls that lock down the comms to the OS and apps and technologies like Host Intrusion Detection (HIDs) and Host Intrusion Protections (HIPs) that look for anomalous behavior at the IP level. If you use a PC with a commercial (unfortunately to create the signatures and engine sto make these things work is massively expensive so no OS project has been able to really do this) AntiMalware on it then these engines will be providing a large and growing part of your protection.

On the most commonly attacked platforms (Windows and Mac) there are also other techniques that we use to detect malware that use heuristics and behavioral analysis of running processes to find things that have slipped past the other defenses.  There are a few interesting but small OS projects I have seen that are working on some of this.

So given all of the above the question is why would someone want to attack an RPi?

Simple answer is that many attacks do not care about what the machine is, they just want to pwn it for various reasons, in the case of Linux boxes as relatively few of them are used as desktops this is so they can be used by a "Bot Herder" as part of a BotNet and subsequently leased out to be used for activities such as spam or DDOS attacks.  In the case where the box has port 80 open the Bot may make your machine part of a content delivery network and have you hosting content that is either used as part of other attacks (such as hosting pages used to execute drive by downloads) or in some cases hosting unsavory or otherwise illegal material. There are unfortunately some very nasty people out there and as the money that can be made in Cybercrime has sky rocketed organized crime has found a new income source. I am aware of instances where compromised machines have been found containing material of the most depraved kind.

So how are we going to protect RPis?

The first thing to do is to create an iptables config (in fact configs) to provide some basic lock down.  I have done this before for other projects but I do not have free time in abundance at the moment however I will see if I can find some time to start a project and there is lots of stuff available for re-use.  Configuring Linux to be more a client and less of a server will get you a very long way, and Netfilter is good and solid, so if you get the config right the kernel is doing all the hard work for you.

The second thing to do is to have a project (perhaps as an extension to the current wiki) to document best practice and known secure solutions.  One of the things I personally have found most challenging with Linux is creating a known secure browser configuration.  Giving people advice on how to do this would be sensible.

The third.  Use the RPi as a platform to teach kids about Information Security and Privacy.

Disclaimer: All of the above whilst derived from my professional experience are my own opinions and not those of my employer. In the interests of disclosure I am the CTO for Enterprise Security Products and Services at Symantec the worlds largest "AntiVirus" vendor.



User avatar
esbeeb
Posts: 151
Joined: Sun Feb 05, 2012 12:23 am

Re: Viruses on the RasPi

Wed Feb 22, 2012 4:46 pm

andyl said:


Main things to remember
1. install security updates regularly


I think it behooves us to dwell on security updates a bit more.

Can we safely assume at this time that those security updates are just going to magically come from somewhere (for both Fedora and Debian)?

In the case of Debian, I trust (but cannot yet verify, as I have no Raspberry Pi yet) that security updates will be automagically released by Debian proper, and installed in an automated way (similar to the way Ubuntu does, with its "Update Manager").  Please correct me if I'm wrong.  My assumption here comes from knowing that ARM is a "first-class citizen" architecture at Debian.  Debian, after all, has been developing for ARM for years.

But what about Fedora?  Can anyone offer assurance that Security Updates for Fedora will be "automagically" installed in a timely manner, as well?  Who will make those Security Updates?  Fedora proper?  Or the Seneca college guys developing for the RPi?

Knowing the reliability and level of commitment of the source of the Security Updates means a lot to me, as it assures me that the OS will be supported, with respect to basic security, for many years to come.  Although I'm definitely cheering for them, I'm not quite ready to trust the Seneca College folks, nor the RPi Foundation, at this time, as a source of timely and comprehensive security updates for Fedora or Debian.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 27415
Joined: Sat Jul 30, 2011 7:41 pm

Re: Viruses on the RasPi

Wed Feb 22, 2012 7:23 pm

No I don't think you can  make some of those assumption. I'm not sure what the default is, but automatically doing security updates may NOT be what the end users wants. I think it shoud be an opt in option to do this automatically, not by default. It should of course be very easy to opt in (as it is with Ubuntu), but using someone's net connection (if indeed you are connected) without explicit permission should not be a default setting.

If you are not happy with either Seneca or the Foundation supplying updates (and I have no knowledge of what will happen here), then you really should not be buying the board at this stage.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

andyl
Posts: 265
Joined: Tue Jan 10, 2012 11:05 am

Re: Viruses on the RasPi

Wed Feb 22, 2012 7:33 pm

esbeeb said:


andyl said:


Main things to remember
1. install security updates regularly


I think it behooves us to dwell on security updates a bit more.

Can we safely assume at this time that those security updates are just going to magically come from somewhere (for both Fedora and Debian)?

In the case of Debian, I trust (but cannot yet verify, as I have no Raspberry Pi yet) that security updates will be automagically released by Debian proper, and installed in an automated way (similar to the way Ubuntu does, with its "Update Manager").  Please correct me if I"m wrong.  My assumption here comes from knowing that ARM is a "first-class citizen" architecture at Debian.  Debian, after all, has been developing for ARM for years.


update-manager and update-notifier are in Debian.


But what about Fedora?  Can anyone offer assurance that Security Updates for Fedora will be "automagically" installed in a timely manner, as well?  Who will make those Security Updates?  Fedora proper?  Or the Seneca college guys developing for the RPi?


Fedora has a similar automagic update facility.


Knowing the reliability and level of commitment of the source of the Security Updates means a lot to me, as it assures me that the OS will be supported, with respect to basic security, for many years to come.  Although I"m definitely cheering for them, I"m not quite ready to trust the Seneca College folks, nor the RPi Foundation, at this time, as a source of timely and comprehensive security updates for Fedora or Debian.


Well both for Fedora and Debian on x86 that kind of support is provided by volunteers.  These aren't proper companies who you can hold responsible.  However they are pretty damn good at tracking and fixing security vulnerabilities.  Mostly (but not universally) it is the upstream project that patches and the distro guys incorporate their patches into the security updates.

biohazard35
Posts: 1
Joined: Fri Feb 24, 2012 3:11 pm
Contact: Website

Re: Viruses on the RasPi

Fri Feb 24, 2012 3:17 pm

joeofloath said:


Jessie said:


Most viruses are spread (or at least started) at the scocial level.  A linux server which is un-manned is way less likely to get a virus even if the playing level was even (assuming there were as many Linux viruses) because it dosn't have a dumb person attached to it.  When discussions about why windows is less secure than anything I always remember a T-shirt I saw at Defcon a number of years agao:  "Socail Engeneering, because there is no patch for human stupidity."


I need this shirt.


This is off topic, but I found the shirt: http://xian.spreadshirt.net/so.....t-A6936295

Ampix0
Posts: 94
Joined: Sat Oct 22, 2011 3:03 am

Re: Viruses on the RasPi

Fri Feb 24, 2012 4:12 pm

Im on windows and haven't gotten a virus in.. years.. many years. Windows in not the problem. the user is.

SeanD
Posts: 121
Joined: Wed Sep 21, 2011 12:25 am
Contact: Website

Re: Viruses on the RasPi

Fri Feb 24, 2012 5:13 pm

Ampix0 said:


Im on windows and haven't gotten a virus in.. years.. many years. Windows in not the problem. the user is.


How do you know?  In the lat 6 years the majority of malware has become silent.

User avatar
abishur
Posts: 4477
Joined: Thu Jul 28, 2011 4:10 am
Location: USA
Contact: Website

Re: Viruses on the RasPi

Fri Feb 24, 2012 5:30 pm

To be fair, there's a difference between "malware" and "virus", though I would beg to differ on your opinion that malware has become silent (i.e. runs in the background).  I mean the very definition of malware is a piece of malicious software whose purpose is to disrupt normal operation of a computer.

If you're including tracking software (such as cookies) in with malware then I can see where you're coming from, but if you're including that then not even linux has been immune to that form of malware.  Of course if we're talking about that form of malware, each and every one of us with a smart phone are continuous victims of malware... and frankly our ISPs would also be guilty of running malware to track our activities as well!
Dear forum: Play nice ;-)

Return to “General discussion”