Prevent malware Malware (malicious software) is short for malicioussoftware.
Any damage to your computer system or network for the purpose of the program is malicious software. As a GNU/Linux user, to understand the need to prevent what and how to protect your computer, you first need to understand how the malware attacks GNU/Linux, and OS design principles which can help prevent infection by malicious software. Malware to spread between the system and cause damage, you need to execute a program or file. GNU/Linux is designed to avoid the user root (Administrator) account to run; therefore, the programs and files without explicit permission, cannot perform. In the login State, because there is no user license cannot execute programs, malicious software cannot by GNU/Linux system self installation or distribution. User license security features were built-in in GNU/Linux, is to prevent the spread of malicious software by one of the most effective tool. As Windows write malware cannot in GNU/Linux running on your computer. Just like the MicrosoftOffice cannot directly in GNU/Linux system running, because of its binary executables for Windows, these malicious programs and files on GNU/Linux system could not be run. If you try to GNU/Linux environment started to write a malicious program Windows, then this program will not know what to do, because the directive is based on Windows schema for read, write, and execute. This also helps prevent someone write GNU/Linux malware, because the operating system release changes enough to allow some malicious software failure. Although some aspects of malicious software and GNU/Linux desktop-independent, but still have reason to let you focus on it. Actively scans for malicious software and helps prevent it spreading. Even if not in GNU/Linux on the execution of malicious programs, you are still likely to be malicious programs spread to other computers. For example, if you are using multiple conditions, then easily via email, USB device or a Samba share one infected file from GNU/Linux system to the Windows System. Another example is based on the host operating system to make a different response, cross-platform malware. If the malware detected by Windows, you have made the corresponding attack. If detected, RedHat, you run a different command. There was also a need to consider some platform-independent environment of increasingly popular, for example openoffice.org, Perl and Firefox. Malicious software can be designed to take advantage of tools platform-independent of a specific vulnerability. For example, a worm will MSIL.Yakizake e-mail sent to the host in Thunderbird address book for everyone. The message according to the DNS suffix for the customization so that the language of the message is correct. Finally, attention must be devoted to GNU/Linux written by malicious software package. Rootkit has long are GNU/Linux administrator's Achilles ' heel. They belong to the same with the Trojan software family. Rootkit is to allow an attacker to gain access to your computer's root (Administrator) account of a tools set. These malicious software package has a different name, such as tOrn and the ARK, but the end result is the same: your computer or network is no longer protected by your control. Install antivirus software: ClamAV to resist the growing malware issue, in this section, you will install on your computer and ClamAV, rkhunter, then learn how chrootkit configuration and scan your system to identify those that may endanger the safety of malicious files. When you install ClamAV, about how to run the program has two options. The first method is to manually scan files and folders. The second method is ClamAV is connected to a daemon, so it has been run. For desktop computers, the latter approach is the ideal method of installation. First, turn on the system and log on to the computer. Then, follow these steps: 1. from the menu bar, choose Applications > Accessories > Terminal. 2. start the Terminal, enter the following command: sudoapt-getinstallclamav-daemon3. press Enter. You need to enter a password. Enter the correct password, and then press Enter. This will install a package called clamav-freshclam; this is application upgrade package. 4. When prompted to install the software and the amount of disk space that will be used. Type Y and then press Enter. Start the installation process; it should only take a few minutes to complete. When the installation process is complete, the program will warn you of the virus database has expired x days, you should update it as soon as possible. In addition to computer antivirus software installed, update the virus definition is a file against malware infection in the most important step. Virus definitions are different malicious program-specific code model. When the antivirus scanner found in the database and the code matches the definition, it warns the computer has been infected files. Malware authors daily releases new infectious file, update the virus definition database is very important. If a malicious software definitions are not in the database, then the anti-virus scanner will not know that it is malicious code that it continues to run and conducted in accordance with established procedures. Update virus definitions because you with ClamAV installed freshclam, so you can immediately update the virus definitions from the Terminal. Follow these steps: 1. at the prompt, enter the following command: sudofresclam2. press Enter. Similarly, you will be prompted for a password; enter the correct password, and then press Enter. Running this command will enable virus definitionsUpdate to the latest database. But to understand it, this does not mean that the virus definitions are updated automatically — you must run freshclam to get the latest definitions. 3. check to see if there is a new definition, at the prompt enter the following command: sudofreshclam-v through the returned information may know your definition is most new or has expired. At this point, you have to update the virus definitions, then you can start ClamAV. At the terminal prompt, enter: clamscan and press ENTER. The command to run on the main folder for the manual scan and report the number of directories and files to be scanned. It also tells you how many found an infected file. Because you installed a version of ClamAV daemon, you can also select a terminal prompt enter clamdscan. Press Enter, then creates a user named ClamAV. If you want to make ClamAV scan system file, so you can add the user to have to scan a file group. GUI for ClamAV installed because this tutorial is written for beginners, this section will explain how to use a GUI to configure ClamAV ClamTK. In order to install it, you need to follow the following steps: close Terminal, and select Applications > Add/Remove. In the resulting Add/RemoveApplications window, you need to change the appearance of the application. At the top of the screen, from the Show drop-down menu, select AllOpenSourceapplications. In the search box, enter the word Clam, and press Enter. When you Add/RemoveApplications found ClamTK in the window of the main areas it as VirusScanner (see Figure 1). Select the check box next to the VirusScanner. You may be prompted to enable the community to maintain software installation. Then you can click the Enable button. Figure 1 using Add/Remove Tools install ClamTk click lower right corner of the ApplyChanges, and then click Apply. You will be asked to enter your password; enter your password, and then click OK. After the installation is complete, you may see a pop-up window indicates that the installation is complete. Click Close to continue. You can choose Applications > SystemTools > ClamTK VirusScanner start from your desktop. However, if you want to scan certain files, or want to update feature (virus definitions), the program may be told you need to login as root in order to do so. Because you are not logged in as root, you must use a different method to open ClamTK in order to be able to use this program. To open the ClamTK, pressing enter gksuclamtk Alt-F2,, and then click Run. This will allow the program to run the required privileges to start ClamACVGUI. In this window, you can use the find command on the menu. This allows you to select from a tree to scan files or directories without having to enter a path in the Terminal. And most commercial scanner, ClamTK in window side lists the files that appear next to the status of the file. Figure 2 shows the wait for the scanning of the file. If the list of files in the file is infected, it will mark out. At the bottom of the window, displays the number of files scanned, and the discovery of the number of infected files. 2. use ClamTkGUI scan malware if you found the file is malicious software infections, before you delete it should ensure that it is not a critical system files. When using dual-boot computer, this is especially important, because you can use the GNU/Linux and ClamAV scan MicrosoftWindows directory. Prevent rootkitGNU/Linux users face the most dangerous malware may be a rootkit. In order to prevent the adoption of rootkits and other malware attacks, in this section, you will install the chkrootkit rkhunter and to desktop scanning an attacker to take control of your computer and installation of suspicious files. Rkhunter installation rkhunter to install, follow these steps: 1 returned to the Terminal, choose Applications > Accessories > Terminal. 2 in a Terminal shell, enter the command to install rkhunter: sudoaptitudeinstallrkhunter3 press Enter, the installation program begins. You will be informed that the software will be used. Type y and press Enter to start the installation of the software. Rkhunter successfully after installation, you can run it to check your desktop, to detect malicious software. At a terminal prompt enter sudorkhunter--check, and then press ENTER to begin the scan. When it is running, you should see a series of directory, the directory is the word OK or next to the Warning. Check out these directories will require you to press ENTER to continue scanning process. Rkhunter next scan may be installed on the desktop of known malicious software. During this process, the terminal will display a list, as shown in Figure 3. After the scan is complete, press Enter again. This time, rkhunter scan computers used in the back door access port. Figure 3. scan of Rkhunter rootkit scanning port after you Enter scan startup files, groups and accounts, the system configuration file and the file system. Then, press Enter to check the application on your computer. When the scan is complete, rkhunter will provide a report, and create a log file for later viewing. And ClamAV, rkhunter, needs to be updated in order to discover the latest vulnerabilities and malicious software.In Terminal, enter the sudorkhunter--update, press Enter, and then enter the password. This command will update installed on the system of rkhunter version. Most anti-virus software can not be other anti-virus programs running at the same time, however it can rootkithunters. In order to get a more comprehensive protection, you can install chkrootkit and let it run together with rkhunter. Install chkrootkit follow these steps: 1 remains in the Terminal, at the prompt enter the following command: sudoaptitudeinstallchkrootkit2 press ENTER to begin the installation process. 3chkrootkit after the installation is complete, you can run it as running rkhunter. At the prompt, enter sudochkrootkit, and then press Enter. Chkrootkit immediately begin scanning for known vulnerabilities and malicious software. The scan is completed, you will return to the terminal prompt. If chkrootkit rkhunter or unusual, they will notify you, but the program does not remove files from your computer. If the program warns you, then you can search for the reported vulnerability or malicious software. First, make sure that the found thing is not a false positive. Then, decide to adopt the necessary steps to eliminate threats to your desktop. Sometimes, you only need to update your operating system or other software. But at some point, you have to find malicious programs, and have it removed from the system.
No comments:
Post a Comment