360 Security defender for Linux usage results

Test a handful, the results show 360 basic to Linux community norms and security common sense does not give a fuck.

Random packing

First of all, this Deb package is a random package, the dependency is not ready:

$ dpkg-deb-i 360safeforlinux-3.0.0.66-stripped.deb [...]  Package:360safeforlinux version:3.0.0.66 architecture:amd64 maintainer:qihu360 company installed-size:23617 Depends: LIBC6 (>= 2.14), libglib2.0-0 (>= 2.38), python2.7 (>= 2.7.6), OpenSSL (>= 1.0), Curl,libqt4-network (>= 4.8.5), Libqt4-sql (>= 4.8.5) section:gnome priority:required essential:yes description:360 safe for Linux

But also actually relies on libpython2.7 and LIBQTGUI4 two libraries are not indicated, want me to fix manually.

Misuse of Essential

This package also creates the hassle of uninstalling by abusing the essential tag.

[Email protected]:/home/user# apt-get Remove 360safeforlinux[...] The following packages would be removed:  360safeforlinuxwarning:the following essential packages would be removed. This should isn't being done unless you know exactly what is doing!  360safeforlinux[...] **you is about to does something potentially harmful.**to continue type in the phrase ' Yes, do as I say! '?] Abort. [Email protected]:/home/user# aptitude Remove 360safeforlinuxThe Following packages would be removed:    360safeforlinux [...] The following ESSENTIAL packages'll be removed!  360safeforlinux warning:performing This action would probably cause your system to break!         Do not continue unless you know exactly what is doing! To continue, type the phrase "I'm aware that's a very bad idea":

With regard to the essential packaging policy, Debian and Ubuntu are reserved only for the most essential packages.

Feel free to use setuid

After the installation of dpkg configuration, its postinst script is added directly to the setuid. Using setuid so casually, can you claim to be safe?

If ["$" = "Configure"];then    chmod u+s/opt/360safeforlinux/s360safeforlinux[...] Fi

This means that if you run this thing with normal user privileges, it will become root:

[Email protected]:~$ iduid=1000 (user) gid=1000 (user) groups=1000 (user), (CDROM), (floppy), (audio), (DIP), 44 ( Video), (plugdev) [email protected]:~$ start360 &[1] 4512[email protected]:~$ pstree-uinit─┬─dhclient     ├─5*[ Getty]     ├─login───bash (user) ───startx───xinit─┬─xorg (root)     │       └─x-window-manage[...]     ├─URXVTD (user)     └─urxvtd (user) ─┬─bash───start360 (root) ─┬─{backendtaskthre}       │        ├─{browserhomepage}       │        ├─{cpumemusestate}       │        ├─{filewatcher}       │        ├─{isolatezone}       │        ├─{ Logcleanthread}       │        ├─2*[{mythread}]       │        ├─{vdupload}       │        └─3*[{start360}]       └─bash───pstree

Kernel modules?

Dpkg's prerm script also has strange things:

Rc= ' Lsmod | grep "rk360" | Xargs echo ' If [-n ' $rc '];then  rmmod rk360 2>/dev/null 1>&2  Rm-rf/etc/360safe/360safe.ko 2>/dev/n ull 1>&2firc= ' Lsmod | grep "Immu" | Xargs echo ' If [-n ' $rc '];then  rmmod immu 2>/dev/null 1>&2  Rm-rf/etc/360safe/immu.ko 2>/dev/null 1 >&2fi

360 not only does it not satisfy root privileges, but also uses kernel modules? However, these two kernel modules are not found in this use.

The strange state of running

Start360 starts, and then there are two runtime monsters present:

1. Save the PID to/etc/360safe/360safeforlinux.pid. Will you abide by FHS?
2. Crazy scan system files, powertop show idle state 30 wake per second, notebook battery life is dead. Will you use INotify?

The truth of the function

It provides a number of features.

• Full scan. All files are designed according to the standard, which malicious which does not mean that the 360 can decide.
• One-click Cleanup. You can use this command instead: Rm-r ~/.adobe ~/.cache ~/.local ~/.macromedia ~/.thumbnails/tmp/*. But these temporary files are useful and do not occupy much space.
• Optimization acceleration. is to encapsulate the update-rc.d/chkconfig with a graphical interface.
• Software Butler. 360 of the Sihuo App Store.
• File shredding. What is a "stubborn" file that cannot be deleted under Linux? Or have you re-invented Coreutils's/usr/bin/shred? Try to delete/proc?
• NET Shield. is the plugin for Firefox and Chrome.

  ./etc/360safe/urlcheck./etc/360safe/urlcheck/normalize.py./etc/360safe/urlcheck/firefox./etc/360safe/urlcheck/ Firefox/[email protected]./etc/360safe/urlcheck/lcloud.ini./etc/360safe/urlcheck/browserextensionsinstaller.py. /etc/360safe/urlcheck/chrome./etc/360safe/urlcheck/chrome/360webshield.crx

• There is also the "cloud Avira" of the binary library, the QEX engine, the Bitdefender engine. Do not know what is the use.

License Enumeration

360 only a little hard work, is a lot of non-GPL license:

license/zlib_license.txtlicense/c-ares_license.txtlicense/qt_license_lgpl.txtlicense/unrar_license.txtlicense/ sqlite_license.txtlicense/elftoolchain_license.txtlicense/libcurl_license.txtlicense/7-zip_license.txtlicense/ boost_license.txtlicense/openssl_licnese.txtlicense/minizip_license.txtlicense/jsoncpp_license.txtlicense/ Protobuf_license.txtlicense/noto Fonts_license.txtlicense/qt_lgpl_exception.txt

So people have no right to ask for source code. However, a security product unfairly open source code, and then use setuid to take root and to engage in kernel modules, who knows what you want to do? In short, 360 of Linux community norms and security knowledge basic not give a fuck.

Why is there a lack of safety knowledge?

First of all, with setuid to a graphical network program to the overall right to root is a self-feeding loophole, the whole body is a hole, as long as the discovery of a, is the remote root.

Second, the user interface will never need root, the right to take specific actions specific configuration has Polkit, update system configuration file can have Facl can have selinux/apparmor, kernel-level file scanning can have AUDITD, These mechanisms do not require a user interface that is run as root to create a huge attack surface.

Third, running a binary file downloaded with root privileges is the origin of all viruses. This is especially true if there is no source code to audit, and no digital signature to verify authenticity.

Note: This site has some changes to this article. Originally from: http://www.v2ex.com/t/158380

• This article from: Hobby Linux Technology Network
• This article link: http://www.ahlinux.com/news/17124.html

360 Security defender for Linux usage results