April 27th, 2002, 11:31 PM
Spyware Detection for Linux?
What someone said in another thread got me thinking about this? Is there anything like Ad-Aware for Linux? If not, how do you go about detecting and defeating spyware in Linux systems?
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
April 28th, 2002, 01:30 AM
There is definitely Ad-ware for Linux. Start off with the free version of the Opera web browser.
Before trashing the ads, remember that these companies need their money somehow.
As far as spyware is concerned, yes, there may be a lot of that.
Clearly if there are Linux tools which behave similarly to Windows application-level firewalls then these will help - at least then you'll be able to determine when a program is attempting to make outgoing connections.
I don't know of any but I can't see any technical reason why they should not exist.
Most Linux firewall products are network-level firewalls, intended for protecting hosts behind the Linux box, not specifically the Linux box itself. Also, their rules will usually only take into account source, destination etc, not the originating program, or the user. IPChains-based firewalls work in this way I believe.
Also I think Realplayer is quite dodgy spy-ware-wise, that sends various info to them.
September 5th, 2002, 04:36 AM
No, ipchains/iptables work in the same mannor as a Pix/Checkpoint-1 (just in a simpler way) and i dont think you can trap it down to a program, possibly a user though although unsure on that.
I think it comes down to the way the ip stack is implemented in linux as to windows.. I have seen some applications that will track traffic in/out to an application (fport) is a good one (i think it compiles under linux) but very little really in the form of application firewalls for linux.
Mostly network layer based.
It would not be hard though to track them by using a rarther finely setup IDS to watch for 'None standard' traffic.. But it isnt hard to obfuiscate tcpip data to seem to look valid.
Has anyone seen a good application layer firewall for linux?
/* Be scared They ARE watching */