Home 0P3N Blog Is Kali Totally Safe?
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Is Kali Totally Safe?

January 1, 2016
authors profile image
January 1, 2016
I was wondering if there are viruses for kali too?Or can it be compromised?i mean ,never heard of it. Any relevant comments are appreciated. it prone to virus, and other things.....it not secure as you think. But when a virus is in the wild in the linux world it is quicker patch then windows and macs. If you want to hardern your system then you disk encryption, VPN, and update and upgrade daily to make sure you all patch up. thanks @NERV By disk encryption u mean the full disk encryption which i was prompted at the very beginning of installation of kali..??if thats the case then i think this is the only thing i m left with(full encryption). Kali Linux was never built/designed to be "safe"; the default account is the Root account. Kali is a platform for Penetration Testing, nothing else. Using the distro as a main desktop is a foolish idea. One of the best things to keep it "safe" is to use it as it was intended, preferably as a VM. This way you can (read should) use a snapshot of a know good configuration if something go astray. Locking Kali down can interfere with some of the tools. All Operating systems, Linux (which Kali is) included, are vulnerable to viruses. With Kali using the Root account for everything a virus has the ability to actually do damage/harm a lot easier than if it was/is executed with a non-privileged account. Kali isn't for protecting you, it's for exploiting others. If you want to be "safe," and are Unix-capable, then something like HardenedBSD (down-stream fork of FreeBSD which implements a lot of PaX/GRsecurity features from spec) or OpenBSD may be what you're after. But then, by safe, I mostly just mean less unsafe. But if you log into one of those things as root, download random code from the internet, ever pipe curl to bash, etc. then you're eventually going to end up popped. The internet is full of compromised Linux/Unix servers sending spam and mining bitcoin without the admins ever even taking the time to check. It isn't just Windows that is vulnerable. Completely agree with the previous statements, any OS is vulnerable to any kind of attack and malware. It depends entirely on what you are doing with the OS and how paranoid you are. If you are attached to the internet you are going to have some kind of issue and depending on what you do on the internet means you are just as vulnerable as any other user. There is no way to be completely "safe" in any connection to the internet but good practice is not downloading from dodgy sources, running AV scans on anything you download, keeping a decent AV installed and up to date will make sure its libraries will be up to date and most importantly making sure your kernel is up to date as well. Thank You all for Your Precious Replies.I ve done some digging too and now i know that a system is secure till its kept idle(Power off).Once it is up and connected to a network there are tons of ways by which it can be compromised without the owner even or ever knowing it.Well even if its the system we can somehow manage to make a bit secure,then there are humans being even more vulnerable than the systems , One just have to think a way around these...... Again> The security of Kali starts at its source. While Offensive Security does a really good job keeping their downloads safe, many Kali computers that I have seen haven't had operating systems downloaded and verified from that site. They are often taken from a burnt disc that someone "got from a friend" or worse, some have actually paid for it off of sites like eBay and others. These are often riddled with security issues from the burnt image. If your image is clean, than the next issue is that Kali runs in root. Many things that it does require root privileges and since it isn't designed to be used as a normal activity OS, this is just fine. Kali is designed to be fired up, used for specifically security purposes, then powered off. Sometimes it takes a good cleaning after using. If using Kali for security testing, it is fairly secure for what it was designed for. My Kali machine gets completely redone after every use. I have no fear of lingering virus' or a compromised system. I use it specifically as a tool for a purpose and I have never even checked email on it, I don't think. Using it as a regular OS invites some security issues into your machine and network. Once someone compromises it, they also have access to the tools and toys that are available on it, while it is connected to your own network. The best penetration test I have ever seen was a tester took a tour of an organization and saw a laptop turned on with a Kali sticker on it. While he couldn't see what OS was actually on it, it gave him an area to look at. He compromised the network and slowly found the machine which was always powered on and connected to the network. It was set up poorly, and after a few months he had access to many things. An administrative password list was kept on the machine, along with the Cisco credentials to access the routers and switches. I don't have the patience to do that myself, but reading his report was eye opening to say the least. As said NERV get a good protection. I suggest proxy server, [https://buy.fineproxy.org/eng/index.html](https://buy.fineproxy.org/eng/index.html) . There you can choose the package that suits your needs. It helps to protect the important information from getting hacked by hackers. On top of what is said here, you can also install Kali to a bootable USB drive, and there's ways to make it so that it can't be saved/read to, so once you shut down anything you might have downloaded will be wiped out. It is what I do with another distro I have to use. **I was going to post some very good details, however, my post was blocked each time!** :( Oh well, cut my post right down! Many times, I have answered calls from scammers if it's the so-say Microsoft Technical Support and they try to send me malware they normally go the cmd route but mine is modified to send them malware. They also login to a VM, which I just restart after they put the phone down on me! :) Other calls like the ones about I have had a car accident in the last 3 years, I give them a nice story.I normally say something along the lines of "Well, it must have been a really bad accident because I don't even remember it!" - They put the phone down on me abruptly!! I only use Kali in VM. I don't think it's smart to use it as main system because, you know, it's an offensive system, not defensive. Often, offensive tests have violents returns. So, it's careful to separate assualt platform from the rest of your workstation.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry