Questions about Defragging or Antivirus? Look here first!

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Sontaran

Re: Questions about Defragging or Antivirus? Look here first!

Post by Sontaran »

Hello,

Can some Windows spyware, keyloggers or other malware run on Linux if Wine is installed?

I've tested running Windows software on Wine without having first installed it through Wine
(basically, just went to the Windows partition and ran it from the Program Files folder).
Some works OK (eg. Irfanview), some doesn't, some works partly.
This led me to suspect that some of the spyware out there might also have this ability.

Are my fears realistic, or does something about Linux or Wine prevent malware exploits through this route?

Thanks!!

Sontaran

(P.S.:
Today, I found the file iexplore.exe in Mint's trash and its size was only about 2.5kB. Obviously, not the real Internet Explorer, and I have no idea how it got there. Upon seeing this, I deleted it, installed Avast for Linux, uninstalled Wine, and went looking for antispyware for Linux, but didn't see one by a reputable source.)
Husse

Re: Questions about Defragging or Antivirus? Look here first!

Post by Husse »

A Windows virus can run in Wine and similar, but can not do any harm to your Linux - at worst it can copy files to your home
There is a (very) lengthy thread on the subject in the Ubuntu forums - a couple of years old but still valid
Sontaran

Re: Questions about Defragging or Antivirus? Look here first!

Post by Sontaran »

Thank you, Husse ! :D

This got me looking in the right direction.

Some of the better bits I found:

http://www.avertlabs.com/research/blog/ ... -in-linux/
"Although it is difficult for malware to autostart in Wine, it is not impossible. Malware can be written to find out if it is running in Wine. It can then either download a Linux binary onto the machine and/or simply add an autostart entry for itself in the Linux desktop environment’s common autostart locations, using the nonroot user’s credentials :shock: ........ IRC/Contact malware drops files and connects to a preconfigured IRC server. :shock: This IRC Trojan, when ran in Wine, connected to the preconfigured IRC server."
"...Do not set the file association for Windows executables with Wine. This would enable the running of Windows executables in Wine by simply double-clicking them."

Also:
http://www.winehq.org/pipermail/wine-de ... html#73505
especially: http://www.winehq.org/pipermail/wine-de ... 73548.html

http://www.psychocats.net/ubuntu/Sucuri ... lantivirus
"There are rootkit detectors in the repositories—rkhunter and chkrootkit, for example." :D

I think I'll leave Wine off my system for now...
reaZon

Re: Questions about Defragging or Antivirus? Look here first!

Post by reaZon »

nice post dude :D .
wob

Re: Questions about Defragging or Antivirus? Look here first!

Post by wob »

Thanks for this article. Since I am using Linux, I don't really have any problems with viruses, spyware and other things. It is also very important that you know what are you doing with your PC, which web sites you are surfing on, what are you downloading. Be careful, and you shouldn't have any problem.
Cheers
Husse

Re: Questions about Defragging or Antivirus? Look here first!

Post by Husse »

Javascript is the same and with the same possible risks regardless of operating system - it is run in the web browser
BUT - it can't spread in Linux due to the file permission system - it won't get permission to do much anything
Kaye

Re: Questions about Defragging or Antivirus? Look here first!

Post by Kaye »

Exactly. The Javascript issue will really only affect your browser, and you'll know if there's malicious JS code running (it'll be pretty obvious). With Firefox it's very simple to circumvent JavaScript by installing the NoScript plugin, so there isn't much to worry about.
Husse

Re: Questions about Defragging or Antivirus? Look here first!

Post by Husse »

I did not read the whole story but when a Linux server is compromised it's generally because of a config error in Apache (LAMP) or some other "basic" application running on top of the server system
Of course that does not make it less serious
rijnsma

Re: Questions about Defragging or Antivirus? Look here first!

Post by rijnsma »

DrHu wrote:
And for the browser specifically, the LSO (Local shred object) should be eliminated
There is a 'BetterPrivacy' add-on for Firefox. :wink:
Husse

Re: Questions about Defragging or Antivirus? Look here first!

Post by Husse »

I split off the discussion about the word newbie and moved that to the open chat section here
JamaicaJoe

Re: Questions about Defragging or Antivirus? Look here first!

Post by JamaicaJoe »

Hi Guys!

I have a question about the Linux-Mint8.iso, when I ran antivirus on it, found it a treat(?):

Linux-Mint8.iso/casper/filesystem.squashfs Error while scanning The file is a decompressing bomb.

I use Avast! Home Ed updated, runing on Ubuntu 9.04

Is that a false positive?
Any ideas?

I really concern about that because already have 2 netbooks with Linux Mint 8....one mine, the other belongs to my boss.. :( :(

Regards,

Jamaica Joe
monkeyboy

Re: Questions about Defragging or Antivirus? Look here first!

Post by monkeyboy »

A decompression bomb floods the computer with compressed data. Many scanners will report such large install files falsely as bombs. If you are concerned install to a virtual machine and check that install.
Kaye

Re: Questions about Defragging or Antivirus? Look here first!

Post by Kaye »

You should expect the iso to almost be a type of "decompression bomb" for the exact reason that monkeyboy just said. It makes a lot of sense if you think about what the installer is doing.
sam500

Re: Questions about Defragging or Antivirus? Look here first!

Post by sam500 »

I've just noticed that the firewall listed in Control Center / System is disabled. Surely, by default, it should be switched on...? (I've enabled it now).
sgarnett

Re: Questions about Defragging or Antivirus? Look here first!

Post by sgarnett »

I don't know the details of NTFS, but under the FAT32 (and older) Windows file system, the reason for defragging has nothing to do with recovering space. Yes, hard drive space was allocated in clusters of several sectors. If the file size was not evenly divisible by the cluster size, space would be wasted. Defragging did not fix this.

The reason for defragging was performance. The FAT in FAT32 refers to the "file allocation table". This is a block of data at the beginning of a hard drive partition that maps all those file fragments to scattered sectors. When reading a large file, the hard drive would have to seek back to the FAT to get the next entry every time it reached the end of a fragment. Seeking (moving the read head to a different track) is much slower than reading contiguous data.

I don't know linux file systems very well, but I know they don't use a FAT :) Regardless, the point is that linux wastes much less time when navigating from one fragment to the next because it doesn't have to keep thrashing back and forth to and from the FAT. Fragmentation carries a smaller penalty, so there's less to be gained by fixing it.

IDE drives also threw a new variable into the mix. The cylinder/head/sector mapping reported to the OS may not correspond to the physical mapping. Do contiguous logical sectors necessarily map to contiguous physical sectors? Not any more. Of course, the drive vendors care about performance, so they aren't going to just scatter sectors randomly.
_h_

Re: Questions about Defragging or Antivirus? Look here first!

Post by _h_ »

Looks similar to the same tactic used to kill Windows systems there ikey.
stevefed5291

Re: Questions about Defragging or Antivirus? Look here first!

Post by stevefed5291 »

nice post ikey, currently searching for NoScript :)
_h_

Re: Questions about Defragging or Antivirus? Look here first!

Post by _h_ »

stevefed5291 wrote:nice post ikey, currently searching for NoScript :)
https://addons.mozilla.org/en-US/firefox/addon/722
stevefed5291

Re: Questions about Defragging or Antivirus? Look here first!

Post by stevefed5291 »

lol, thank you but I managed to find it :)
_h_

Re: Questions about Defragging or Antivirus? Look here first!

Post by _h_ »

stevefed5291 wrote:lol, thank you but I managed to find it :)
I was under that assumption, but still posted the link for everyone else wanting it to get it. :)
Locked

Return to “Beginner Questions”