Spyware Detection for Linux?
Results 1 to 3 of 3

Thread: Spyware Detection for Linux?

  1. #1
    Senior Member
    Join Date
    Feb 2002

    Question Spyware Detection for Linux?

    What someone said in another thread got me thinking about this? Is there anything like Ad-Aware for Linux? If not, how do you go about detecting and defeating spyware in Linux systems?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  2. #2
    Senior Member
    Join Date
    Jan 2002
    There is definitely Ad-ware for Linux. Start off with the free version of the Opera web browser.

    Before trashing the ads, remember that these companies need their money somehow.

    As far as spyware is concerned, yes, there may be a lot of that.

    Clearly if there are Linux tools which behave similarly to Windows application-level firewalls then these will help - at least then you'll be able to determine when a program is attempting to make outgoing connections.

    I don't know of any but I can't see any technical reason why they should not exist.

    Most Linux firewall products are network-level firewalls, intended for protecting hosts behind the Linux box, not specifically the Linux box itself. Also, their rules will usually only take into account source, destination etc, not the originating program, or the user. IPChains-based firewalls work in this way I believe.

    Also I think Realplayer is quite dodgy spy-ware-wise, that sends various info to them.

  3. #3
    Junior Member
    Join Date
    Aug 2002
    No, ipchains/iptables work in the same mannor as a Pix/Checkpoint-1 (just in a simpler way) and i dont think you can trap it down to a program, possibly a user though although unsure on that.
    I think it comes down to the way the ip stack is implemented in linux as to windows.. I have seen some applications that will track traffic in/out to an application (fport) is a good one (i think it compiles under linux) but very little really in the form of application firewalls for linux.
    Mostly network layer based.

    It would not be hard though to track them by using a rarther finely setup IDS to watch for 'None standard' traffic.. But it isnt hard to obfuiscate tcpip data to seem to look valid.

    Has anyone seen a good application layer firewall for linux?
    /* Be scared They ARE watching */

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts