Reynaldo Posted February 6, 2014 Share Posted February 6, 2014 (edited) Perhaps you folks know more than me on this subject, i've found this particular email on my spam that emulates the website of one of the banks on my country, i knew right away that it was a phishing link (years ago my friend did this with facebook and i learnt about it) the thing is i went to the site and wrote fake username and fake password like "myuseris" password "notyours" just for the fun of it, anyway that got me thinking, can i actually be exploited via an email with HTML code on it? and if that is so, how much of my system is compromised? Any way to know if chromium is actually being hijacked? Edited February 6, 2014 by Reynaldo Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted February 6, 2014 Share Posted February 6, 2014 Read this --> Five Things to Know About Linux Security It's a little old, but still accurate. Never say "never", but I've been using Linux as my primary OS for nearly 8 years now. I've NEVER had any issues with malware, browser exploits, virii, root kits, etc. of any type in that time. Here's how I do things... I do NOT have Java installed on my systems anywhere. I use some safeguards in Firefox: Adblock+, NoScript, FlashBlock, BetterPrivacy, DoNotTrackMe, and HTTPS Everywhere. I use a DNS provider (OpenDNS) other than my ISP's. I run chkrootkit and rkhunter at least once a month. I have redundant backups of my entire /home partitions on separate internal hdds and on external media (DVD/RW). I have complete rsync'd /(root) partitions on separate internal hdds. All my browser and email client profiles are stored on a common partition on a separate drive from my OS hdd. Those profiles are constantly backed up (weekly via rsync, and monthly on DVD/RW). There have been numerous discussions and debates around here regarding viruses in Linux. My research and reading have shown that there are very, very few viruses in the wild that can affect Linux. There have been some laboratory experiments with virii/trojans and Linux, but those tests were done under certain circumstances and always with access to root level permissions. As Brockmeier says in that article above, "Linux doesn't have problems with the same kind of viruses and malware that Windows does." That is the bottom line. The OS is just inherently more secure than MS Windows. Nothing's perfect, but I'd trust my Slackware Linux OS in dangerous shark-infested online waters (such as P2P sites, illegal movie/music downloading sites, pornography sites, etc.) much more than I would my MS Windows 7 (and definitely NOT Win XP), regardless of the 3rd party add-on security applications installed in my Windows. Anyway... hope that helped you a bit, Reynaldo. ~Eric 4 Quote Link to comment Share on other sites More sharing options...
sunrat Posted February 6, 2014 Share Posted February 6, 2014 i went to the site and wrote fake username and fake password like Now they know your IP address and email. You should just delete crap like that and ignore it. 1 Quote Link to comment Share on other sites More sharing options...
Reynaldo Posted February 6, 2014 Author Share Posted February 6, 2014 (edited) i think they knew my email already.. and my ip is not a problem, i was on the university internet at that moment. Edit: also Eric, thanks, your post are always so informative, just ran Rkhunter and checked all the false positives, one question is chkrootkit just a bash script? Edited February 6, 2014 by Reynaldo Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 6, 2014 Share Posted February 6, 2014 Chrootkit is an application but is no longer in the Arch repos as it has not been updated in 5 years. Rkhunter on the other hand, is a good app. http://www.chkrootkit.org/ Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted February 6, 2014 Share Posted February 6, 2014 Chkrootkit is a command line app only, as far as I know. I still run it (along with RKHunter) because it checks for older hacks that are still viable but not being checked for by RKHunter. Although, I haven't checked on that lately, RKHunter may actually be all you need. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.