TR Forums

I just watch half this video and author has brought some myths of Linux and busted them.
https://www.youtube.com/watch?v=y_lhqg_p21k
Such as the Linux has no viruses myth. He shows that it does and proves it.

Speaking of which, I should run Bitdefender just to be on the safe side...

How widespread is that myth, anyhow? Anyone who still believes that malware can't affect Linux has been living under a rock the past few years. As Windows has cleaned up their act security-wise, Linux has also become a more attractive target for malware writers, especially when it comes to server-side exploits (due to its ubiquity in web infrastructure roles). And don't get me started on the whole IoT/embedded device botnet clusterf**k.

More widespread than you think. I had a few A1Medcab drivers(and other people) who use Linux recently tell me that Linux doesn't get viruses.

I'd be willing to bet that it is still less likely to be hit, at least on the desktop (since typical desktop users aren't running the services that are usually exploited by Linux malware). But it is by no means immune.

Just learn something new, now days with most modern distros you can't swap your HDD/SSD out of one computer and be able to boot Linux on another one. This really sucks...

First I've heard of it. I still do it routinely.

Well he swapped the SSD from his laptop and installed on his desktop and and it wouldn't boot. He's using Arch Linux.

Sounds like they are doing Secure Boot too then?

As he points out it's a UUID error from the fstab.  Using a /dev configuration instead fixes the problem.

That aside, I suppose it's hypothetically possible that a sysctl configuration might would break carrying Linux from one machine to another.  It also seems probable that there could be a corner case driver bug that might make a given install unsuitable for one specific hardware configuration to another.

Yup, someone even targeted my (Linux) computer with something cross-platform recently. He did a right sloppy job of it and it didn't work, but there was collateral damage, including another Linux computer on the network. Trying to reverse engineer the technical parts of the attack would have been interesting, but I didn't have the time or environment handy for it.

Ryu Connor wrote:

As he points out it's a UUID error from the fstab.  Using a /dev configuration instead fixes the problem.

The UUIDs in the fstab refer to matching UUIDs in the meta-data (superblock) of the file systems being referenced. If you move a system (boot) disk from one system to another, the UUIDs in the fstab still match the UUIDs in the file systems on the drive, and there is no problem.

In a multi-drive system it gets a little trickier; if you have a system with multiple drives (say one drive with the OS and another one with the user home directories), and you move just the OS disk (expecting it to see an existing 2nd drive in the destination system as the home FS), yes it will have trouble unless you edit the fstab. But this does not seem to be the case he's talking about in the video.

In a single-drive system, or a multi-drive system where all disks are moved across, there is no fstab UUID issue, since the UUIDs all remain internally self-consistent. The video is simply incorrect on this one.

Ryu Connor wrote:

That aside, I suppose it's hypothetically possible that a sysctl configuration might would break carrying Linux from one machine to another.  It also seems probable that there could be a corner case driver bug that might make a given install unsuitable for one specific hardware configuration to another.

Yes, GPU driver issues could prevent the GUI from coming up, leaving you to re-install the GPU driver from a CLI console. If you're unfamiliar with how to do this, it could indeed be a problem.

Major distros typically auto-detect all of the other drivers during boot though, so unless you've got an unusual system configuration (stripped down custom kernel with unused drivers removed, specific drivers manually blacklisted, or an oddball disk controller that requires an out-of-tree driver), the system should still be able to at least boot to a CLI session.

If you normally use a static network config, you may find the network connection defaulting back to DHCP. This is because the network settings are associated with a physical NIC; if the system sees a different NIC, you get a fresh default network config. But this won't prevent booting (though it may prevent the system from getting onto the network).

just brew it! wrote:

Ryu Connor wrote:

As he points out it's a UUID error from the fstab.  Using a /dev configuration instead fixes the problem.

The UUIDs in the fstab refer to matching UUIDs in the meta-data (superblock) of the file systems being referenced. If you move a system (boot) disk from one system to another, the UUIDs in the fstab still match the UUIDs in the file systems on the drive, and there is no problem.

In a multi-drive system it gets a little trickier; if you have a system with multiple drives (say one drive with the OS and another one with the user home directories), and you move just the OS disk (expecting it to see an existing 2nd drive in the destination system as the home FS), yes it will have trouble unless you edit the fstab. But this does not seem to be the case he's talking about in the video.

In a single-drive system, or a multi-drive system where all disks are moved across, there is no fstab UUID issue, since the UUIDs all remain internally self-consistent. The video is simply incorrect on this one.

Thanks for making this more clear, and providing a workaround if needed.

Really, you only tend to get into trouble when you start playing "mix-n-match" with drives (and especially cloning of individual partitions) from different systems. The one I've hit most frequently is where the bootloader (grub) configuration has the wrong UUID for the root partition because I cloned a root partition from elsewhere; you've got to make sure grub, fstab, and the root filesystem itself all agree on the UUID!

But just to reiterate, if you're moving a physical drive across in a one-drive system, or all of the drives in a multi-drive system, this should be a non-issue -- it normally "just works", since all of the UUIDs are internally self-consistent among the drive(s) being moved.

All of this is making me wonder what other Linux myths needs to be busted?

whm1974 wrote:

All of this is making me wonder what other Linux myths needs to be busted?

Or which "myths" have been incorrectly busted and need to be un-busted?

just brew it! wrote:

whm1974 wrote:

All of this is making me wonder what other Linux myths needs to be busted?

Or which "myths" have been incorrectly busted and need to be un-busted?

You tell me, I'm sure you have more much more experience about this sort of thing then I do.

just brew it! wrote:

whm1974 wrote:

All of this is making me wonder what other Linux myths needs to be busted?

Or which "myths" have been incorrectly busted and need to be un-busted? :lol:

Given how the video author phrased it and the direct website claim he was responding to. I'd say he basically got it right.

The claim was basically, "It just works!"

The reality is it should actually say: "It just work!"*

*In certain hardware configurations, please see this obscure bit of documentation that exemplifies the maddening descent of Linux into the weeds of unfriendliness and an OS built by developers for developers.

Ryu Connor wrote:

*In certain hardware configurations, please see this obscure bit of documentation that exemplifies the maddening descent of Linux into the weeds of unfriendliness and an OS built by developers for developers.

If you want to talk about the dumpster fire that is the state of GPU drivers on Linux, fine. Yes, it's still a mess, all these years later. GPU driver quality/stability is a significant factor in SteamOS struggling to get any real traction.

I also agree that all the other myths he busted were indeed myths. And yes, the general "it just works" claim is demonstrably false in many cases. But that doesn't make the boot disk one right.

The claim that moving the system disk from one PC to another will result in a non-bootable system due to a UUID discrepancy is simply untrue. Yes, there's a chance the system will have issues (mostly likely with the GPU, if you've switched from NVIDIA to AMD or vice-versa), but it has absolutely nothing to do with UUIDs or /dev entries. His entire explanation of this "myth" isn't just misleading, it's flat-out wrong and shows that he's got some fundamental holes in his understanding of how disk UUIDs and fstab work in Linux.

Even his comment about older systems that use /dev entries not having this issue is wrong. Using /dev entries will actually *cause* the kind of problems he describes when moving disks around, since the /dev names assigned to devices can change depending on which ports the drives are connected to, and the order in which the drives get enumerated on boot. That's *why* Linux has switched to UUIDs in fstab -- to *prevent* the exact issue he claims it causes. He's got it completely backwards!

With as pedantic as you can be (and yes, I'm guilty of it too...), I'm a little surprised you're willing to give the guy a pass on disseminating blatantly incorrect information (with comments disabled, no less!) just because it happens to support the "No, it doesn't always just work!" argument.

just brew it! wrote:

With as pedantic as you can be (and yes, I'm guilty of it too...), I'm a little surprised you're willing to give the guy a pass on disseminating blatantly incorrect information (with comments disabled, no less!) just because it happens to support the "No, it doesn't always just work!" argument.

I'd go with the pedantry leading us down this path still.

It started with a claim that was already out there.  Like many of the claims he pointed to, it was another one of those items that needs a big asterisk by it.

He points out it doesn't work with a UUID error.  He mentions that a /dev might not have this problem, but he's definitely wrong about that.

IIRC he really just stopped at it, "this doesn't always work like the claim states."

That were even discussing it and having to dive into the weeds about it all, makes me feel like we've succeeded in making his point for him.

http://www.whylinuxisbetter.net/

That's the site in question by and by. There's plenty to pick apart there.

Ryu Connor wrote:

IIRC he really just stopped at it, "this doesn't always work like the claim states."

If that was how it had been presented I wouldn't have an issue with it. What he actually says is "That is completely false. Most of the time it won't even boot." And therein lies the problem, since that's a load of BS even before you get to his /dev nonsense.

Ryu Connor wrote:

http://www.whylinuxisbetter.net/

That's the site in question by and by. There's plenty to pick apart there.

Indeed. I've been saying for years that Linux evangelists are often their own worst enemies. In fact, I think I've been saying that for about as long as I've been a Linux user.

just brew it! wrote:

Ryu Connor wrote:

http://www.whylinuxisbetter.net/

That's the site in question by and by.  There's plenty to pick apart there.

Indeed. I've been saying for years that Linux evangelists are often their own worst enemies. In fact, I think I've been saying that for about as long as I've been a Linux user.

I have been guilty of this myself. I am trying to be more mindful about this when promoting Linux and FOSS.

Hahaha that proof is quite ironic. The scan in that video found stuff in .dll and .exe files, those are obviously windows files.
Either some stuff he just had lying around or part of one of those lame ports that just uses wine and launches a windows binary through it.

To clarify afaik "linux doesn't get viruses" is just a typical misunderstanding of the original point which goes more like: "viruses have very limited infection potential under unix-like systems due to memory protection, separate user accounts and limited privileges" in contrast to lets say windows 98 or amigaos. You can probably see how it's easy to shorten that into "linux get no viruses";)
Note that this mostly applies to multi-user setups (e.g. universities, work).

Finally I'm sure someone would misinterpret what I just said so preemptively: Yes of course you can make and there exists malware for linux.
It's just orders of magnitude less of a problem, mainly because there's very few reasons to bulk target personal linux systems.

I haven't watched the video, but it could be that his issue with moving the system drive was UEFI on one system and legacy BIOS on the other. And that would be a problem no matter the OS.

timon37 wrote:

Hahaha that proof is quite ironic. The scan in that video found stuff in .dll and .exe files, those are obviously windows files.
Either some stuff he just had lying around or part of one of those lame ports that just uses wine and launches a windows binary through it.

To clarify afaik "linux doesn't get viruses" is just a typical misunderstanding of the original point which goes more like: "viruses have very limited infection potential under unix-like systems due to memory protection, separate user accounts and limited privileges" in contrast to lets say windows 98 or amigaos. You can probably see how it's easy to shorten that into "linux get no viruses";)
Note that this mostly applies to multi-user setups (e.g. universities, work).

Finally I'm sure someone would misinterpret what I just said so preemptively: Yes of course you can make and there exists malware for linux.
It's just orders of magnitude less of a problem, mainly because there's very few reasons to bulk target personal linux systems.

I'm just going to point out that "viruses have very limited infection potential under unix-like systems due to memory protection, separate user accounts and limited privileges" is true for Windows as well since Vista.

if someone is going to click yes on UAC to install a virus, they'll put their password in for sudo too.

(in general, I suspect linux is still better about security where it isn't the users fault. I expect it's hard to gain elevated privileges, but I couldn't be certain).

BobbinThreadbare wrote:

since Vista.

Further back than that.  The entire NT family.

With regard to security as a whole, the Linux community is having a big discussion about that.  There are implications that Linux is weaker than Windows at this time.

Elegant 0-day unicorn underscores “serious concerns” about Linux security - Scriptless exploit bypasses state-of-the-art protections baked into the OS.

The kernel of the argument - Fast, flexible and free, Linux is taking over the online world. But there is growing unease about security weaknesses.

The Linux is more secure, FOSS is more secure argument, may have had some level of momentum behind it more than a decade ago.  Today though, there's a tough discussion to be had about Linux and FOSS security.

Ryu Connor wrote:

BobbinThreadbare wrote:

since Vista.

Further back than that.  The entire NT family.

With regard to security as a whole, the Linux community is having a big discussion about that.  There are implications that Linux is weaker than Windows at this time.

Elegant 0-day unicorn underscores “serious concerns” about Linux security - Scriptless exploit bypasses state-of-the-art protections baked into the OS.

The kernel of the argument - Fast, flexible and free, Linux is taking over the online world. But there is growing unease about security weaknesses.

The Linux is more secure, FOSS is more secure argument, may have had some level of momentum behind it more than a decade ago.  Today though, there's a tough discussion to be had about Linux and FOSS security.

No OS or any software for that matter is exploit proof or 100% secure.

The point here is that Linux is probably less secure than Windows these days when ignoring the effects of market share and there's no user involvement (no "hey I'm a totally legit program, gimme root!"). I'd say Linux still wins easily if you're paranoid and want to put special effort towards security, and non-paranoid joe sixpack is a whole lot less likely to pick up malware through casual use, but it isn't an unqualified win like it used to be.

A fun note on that recent Linux infection: there was plenty of circumstantial evidence, but it really made its presence obvious when it tossed up a UAC-style prompt asking for root without explaining itself any further (no info on what program was making the request, etc). It appears that Linux allows attackers more opportunities to not have to do that, but for quite a few reasons, a random request for root on Linux carries a whole lot more weight than a random UAC prompt.

I do find it interesting that Microsoft appears to have only stepped up their security game once it became clear to all that it was overdue. It's ancient history, I know, but the terribleness of things in the XP era feels like the only major reason they're doing so well today.

Any system can be hardened if you know how to do it, but the issue should really be what mechanism are there by default if somebody doesn't do any hardening. And Microsoft did fix a lot of things, because it was needed or they wouldn't be where they are today I believe. An no matter why something was done, it shouldn't detract from the actual discussion of the state of an OS today. Something that is quite common on both sides in discussions of which has better security. Although one could argue that having to do something by necessity can be both a good thing or a bad thing. But if you have a certain level of security, that's pretty much quantifiable, no matter if it was come by, from forethought, or from getting hit hard and having to redo your way of development. As long as both end products are secure code, of quality, then it doesn't really matter for the current end user.

And I think that the FOSS side of things have started to wake up as well to a lot of things, especially considering all the things that has come up as a result of so many things using OpenSSL in the belief that it was secure and it turned out it was a sieve. That's quite a lesson / cold shower to learn after so long. And having been on the side of things of having to patch I don't know how many appliances that used the libraries in one form of another, despite being an appliance, I can appreciate just how much of a cold shower it was for so many developers and manufacturers.

What I wonder is how this did not get caught earlier. One would think that due diligence for including a library in what is essentially a security product, which are most of the appliances I work with, would've have been a through code review of any external code/library being used.

curtisb wrote:

I haven't watched the video, but it could be that his issue with moving the system drive was UEFI on one system and legacy BIOS on the other. And that would be a problem no matter the OS.

That could be it. Maybe his weird "explanation" is even the result of getting "UUID" and "UEFI" mixed up, and taking that confusion to its illogical extreme.

Ryu Connor wrote:

BobbinThreadbare wrote:

since Vista.

Further back than that. The entire NT family.

He's probably thinking of UAC.

Ryu Connor wrote:

With regard to security as a whole, the Linux community is having a big discussion about that. There are implications that Linux is weaker than Windows at this time.

Elegant 0-day unicorn underscores “serious concerns” about Linux security - Scriptless exploit bypasses state-of-the-art protections baked into the OS.

The kernel of the argument - Fast, flexible and free, Linux is taking over the online world. But there is growing unease about security weaknesses.

The Linux is more secure, FOSS is more secure argument, may have had some level of momentum behind it more than a decade ago. Today though, there's a tough discussion to be had about Linux and FOSS security.

It is probably still more "secure" (note the scare quotes!) on the desktop due to security through obscurity. The combination of tiny market share and the large number of different distros/versions that would need to be targeted means the ROI just isn't there for the malware writers. Malware is big business these days; it's not just cyberspace vandals doing it for the laughs any more.

If you look at server, embedded, and mobile (Android), Linux has seen a huge increase in exploits over the past few years. These are all areas where Linux market penetration is much higher (making it a more attractive target), and where the deployed systems tend to be more homogeneous both in terms of software and hardware (making widespread exploitation of a flaw easier once it is found).

Having read through all the comments, I will add my 2 cents: Linux, on the desktop, in general, is more secure than Windows for one very simple reason: default configuration.

Consider, if you do a clean install of any Windows OS, XP, Vista, Win 7/8/8.1/10, you install the OS and it defaults to a root account, with full control and ability to change any setting, registry key or install/remove/run any software as you see fit.

With Linux distros it's quite different, Fedora won't continue the installation unless you create a root account (with password) and a separate user account (with password) and it strongly encourages the creation of strong passwords. Drives/partitions are not automatically mounted upon bootup, SELinux required that you entire a password to mount and access partitions and all admin processes, such as installing/removing software require a password.

Ubuntu disables the root account entirely, with no easy way of activating it, you create a suer account with a password, you do have the option of making the account an "admin" account and logging in automatically sans a password but even if you choose those options, partitions/drives are not automatically mounted (though you can mount them sans a password) but you still need a password for many things.

If Linux has one weakness that can potentially be a big security hole it's use of repositories for the installation of software; for example installing software from the official Fedora free and non-free repo but what about software that may not be available from the official repos, where you manually add a repo? Same thing with ppa's, the potential for abuse is significant. In all fairness though, the movement to distribute software via AppImage's, FlatPak's, Snap's and the like, should greatly mitigate, if not eliminate this avenue of attack, thanks to apps basically being sandboxed.

Windows security on the desktop is an illusion, I have been using both Windows since the Win 95 days (I remember having to create a boot disk to partition and format the disk, then copying installation files onto the disk to run setup) and Linux since RedHat 5.2 and a short while later running RedHat with the Ximian Gnome desktop. There was a time I was firmly in the Windows camp in the Win-Linux debates, arguing that Windows was the superior OS, you could lock down Win 2k and later pretty tight, or so I thought.

A few years ago I was running a Win 7 install with all the updates and service packs, Windows firewall set to max settings, both Win Defender and Microsoft Security Essentials updated with the latest definitions and the most aggressive settings, UAC set to max settings and I would not log in with the Admin account, instead using a standard user account. I used Firefox with adblock for browsing, I had the Windows Scripting Host disabled (I had Win XP installations that were infected with VB viruses that caused quite a few problems) and one would think that this would be a fairly safe configuration and would be immune to most attacks.

Was I in for a surprise. I've had virus infections with 2k/XP/XP64/Vista/7 but I had never had my computer hijacked, until one day I had left my PC running and went to lay down and take a nap (I was going to get back to work in a bit) when all of a sudden I hear the cpu fan running at full blast and my harddrives grinding (I had not yet switched to SSD's) away. I went to investigate and task manager reported my network activity as using all my available bandwidth. I shut down the PC, rebooted, everything was fine and within a few minutes same thing happened. Virus scans would show nothing, i started sniffing packets using WireShark and found that my PC was sending out massive amounts of data to 1 IP and receiving small amounts of data from another PC. I concluded that my PC was part of a botnet, a so-called "zombie" PC and was probably being used to ddos some target.

I immediately disabled the network, got what I thought was a clean Win 7 copy from Digital River and did a complete format and clean install and again configured everything the same way. Everything was ok for about a month and then deja vu, I left the PC running idle while I went to grab a drink, came back to hear the hard drive grinding away and the cpu fan at full blast. I'm thinking to myself "not again" but this time is was that crypto-ransomware, my screen was locked with that picture that says your files are encrypted and if you want them unlocked you have to pay (I forget how much they wanted, I think it was like $300-$400 in bitcoin) and if I didn't pay in like a day or two the files would be lock forever and they also gave you the option to unencrypt one file for free as proof that they could do it but in the meantime you could hear the disk grinding away and the cpu fan at full blast as the files where being encrypted. I just shutdown and inspection revealed that less than a dozen files had been encrypted.

This made me switch the Win 8.1, where I ran into a rather nasty virus that would let you log in, you could move the mouse, but the moment you tried to click on the start menu or taskbar the pointer would get locked to the upper left hand side of the screen and neither the keyboard or mouse would work. I was never able to clean that virus, only a clean install would take care of it and after getting one of those silly pieces of malware that has a web page that goes full screen and says that your PC is locked by the FBI or some other entity for some supposed illegal activity and if you don't call some number to pay them the cops will come and arrest you, I just had it with Windows and switched to Linux full time at home.

Funny enough, a while back I was testing out Linux Mint 17.1 on a spare laptop I have, just to see what's it's like and while browsing and following those stupid links for "top 25 pics of something or other", I Firefox on Mint was actually attacked with one of those silly web pages that mimics a BSOD that said "your Windows PC has experienced an internal error, to prevent further damage call tech support at xxx and our techs will help you fix the problem", I just laughed and shut down the page and one other time I landed on another site that tried to get the web page to go full screen and claim that my files where now encrypted and if I wanted them unencrypted I would need to contact them for the pass key, best part is it said "your Windows files" and "Windows PC".

I won't go back to Windows anytime soon, the only thing I miss just a bit is some Windows games, but I would rather buy a console and game on that then deal with all the malware and crap that targets Windows computers.