martes, 15 de junio de 2010
Linux users...BEWARE! Trojans Ahead!!
I've been discussing about using one's OS with a critical eye always fixed on it. Mostly, I've referred to Windows users who, thinking that their system is the best, let all kinds of threats compromise their security. Now it's turn to say the same about Linux users.
It is a fact that Linux is much less a target of viruses and malware, but that does not mean Linux is an impenetrable fortress. There are many Linux users out there who feel they own a totally invulnerable super-system and simply forget the First Commandment when going online:
"Thou Shalt not trust any site or any download easily "
As I said it before, many Linux users, with their chests full of pride and their heads empty of critical thinking, forget to take full charge of their beloved penguin's security, especially when they engage in risky Internet behaviors such as chatting or P2P downloading.
Simple logics dictates that any Internet interaction between 2 or more computers that involves sharing files may be risky enough. Still, cases of Linux users who, totally convinced that Linux security is unbeatable, leave simple root passwords and get their systems hijacked have occurred.
"But that is another PICNIC example. Clearly, those users were to blame, not Linux", some may say. That's true. However, it was confirmed that a new Linux Trojan going by a phony "Unreal IRC" identity has infected lots of Linux machines already. It appears someone replaced the actual "Unreal IRC" download with a powerful Trojan in the mirrors of that Internet Chat Relay platform.
What does the Trojan do? Apart from granting a stranger out there all access privileges and control of your computer, nothing much. Even the Unreal IRC Webmasters were baffled. They were so sure of Linux Security that they didn't even check periodically the integrity of the download at the mirrors. The news is here.
If you use Linux and like IRC, then you must make sure you install files from your official repositories. If Unreal IRC is not there, consider seriously not installing it from anywhere else. Fortunately, MEPIS does not offer it.
Again and again, any user must take an active role in his/her computer's protection. Remember Uncle Ben's wise words, also cited by my Console any time I attempt to fiddle with my system from the root:
"With great power comes great responsibility."