Questions about Defragging or Antivirus? Look here first!

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Re: Questions about Defragging or Antivirus? Look here first!

Postby Sontaran on Fri Oct 16, 2009 2:55 am

Hello,

Can some Windows spyware, keyloggers or other malware run on Linux if Wine is installed?

I've tested running Windows software on Wine without having first installed it through Wine
(basically, just went to the Windows partition and ran it from the Program Files folder).
Some works OK (eg. Irfanview), some doesn't, some works partly.
This led me to suspect that some of the spyware out there might also have this ability.

Are my fears realistic, or does something about Linux or Wine prevent malware exploits through this route?

Thanks!!

Sontaran

(P.S.:
Today, I found the file iexplore.exe in Mint's trash and its size was only about 2.5kB. Obviously, not the real Internet Explorer, and I have no idea how it got there. Upon seeing this, I deleted it, installed Avast for Linux, uninstalled Wine, and went looking for antispyware for Linux, but didn't see one by a reputable source.)
If there's no such thing as a free lunch, and if the best things in life are free, then lunch cannot be one of the best things in life.
User avatar
Sontaran
Level 1
Level 1
 
Posts: 5
Joined: Wed Oct 14, 2009 8:08 pm

Linux Mint is funded by ads and donations.
 

Re: Questions about Defragging or Antivirus? Look here first!

Postby Husse on Fri Oct 16, 2009 4:20 am

A Windows virus can run in Wine and similar, but can not do any harm to your Linux - at worst it can copy files to your home
There is a (very) lengthy thread on the subject in the Ubuntu forums - a couple of years old but still valid
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Questions about Defragging or Antivirus? Look here first!

Postby Sontaran on Sat Oct 17, 2009 2:33 am

Thank you, Husse ! :D

This got me looking in the right direction.

Some of the better bits I found:

http://www.avertlabs.com/research/blog/ ... -in-linux/
"Although it is difficult for malware to autostart in Wine, it is not impossible. Malware can be written to find out if it is running in Wine. It can then either download a Linux binary onto the machine and/or simply add an autostart entry for itself in the Linux desktop environment’s common autostart locations, using the nonroot user’s credentials :shock: ........ IRC/Contact malware drops files and connects to a preconfigured IRC server. :shock: This IRC Trojan, when ran in Wine, connected to the preconfigured IRC server."
"...Do not set the file association for Windows executables with Wine. This would enable the running of Windows executables in Wine by simply double-clicking them."

Also:
http://www.winehq.org/pipermail/wine-de ... html#73505
especially: http://www.winehq.org/pipermail/wine-de ... 73548.html

http://www.psychocats.net/ubuntu/securi ... lantivirus
"There are rootkit detectors in the repositories—rkhunter and chkrootkit, for example." :D

I think I'll leave Wine off my system for now...
If there's no such thing as a free lunch, and if the best things in life are free, then lunch cannot be one of the best things in life.
User avatar
Sontaran
Level 1
Level 1
 
Posts: 5
Joined: Wed Oct 14, 2009 8:08 pm

Re: Questions about Defragging or Antivirus? Look here first!

Postby reaZon on Sun Nov 08, 2009 7:01 pm

nice post dude :D .
reaZon
Level 2
Level 2
 
Posts: 60
Joined: Mon Oct 26, 2009 8:48 am
Location: Egypt

Re: Questions about Defragging or Antivirus? Look here first!

Postby wob on Mon Nov 16, 2009 10:12 am

Thanks for this article. Since I am using Linux, I don't really have any problems with viruses, spyware and other things. It is also very important that you know what are you doing with your PC, which web sites you are surfing on, what are you downloading. Be careful, and you shouldn't have any problem.
Cheers
User avatar
wob
Level 1
Level 1
 
Posts: 28
Joined: Sun Nov 15, 2009 2:23 pm

Re: Questions about Defragging or Antivirus? Look here first!

Postby Sonic-Boom on Mon Nov 16, 2009 7:30 pm

Does the javascript issue affect firefox cause its cross platform? Will we be safer with linux specific browsers
Sonic-Boom
Level 1
Level 1
 
Posts: 33
Joined: Tue Nov 10, 2009 8:36 pm
Location: UK

Re: Questions about Defragging or Antivirus? Look here first!

Postby Husse on Tue Nov 17, 2009 7:00 am

Javascript is the same and with the same possible risks regardless of operating system - it is run in the web browser
BUT - it can't spread in Linux due to the file permission system - it won't get permission to do much anything
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Questions about Defragging or Antivirus? Look here first!

Postby Kaye on Tue Nov 17, 2009 8:46 pm

Exactly. The Javascript issue will really only affect your browser, and you'll know if there's malicious JS code running (it'll be pretty obvious). With Firefox it's very simple to circumvent JavaScript by installing the NoScript plugin, so there isn't much to worry about.
"In somnis veritas"
Antivirus or defragging?
Image
User avatar
Kaye
Level 5
Level 5
 
Posts: 942
Joined: Fri Feb 06, 2009 5:05 pm
Location: Boston College

Re: Questions about Defragging or Antivirus? Look here first!

Postby Husse on Wed Nov 18, 2009 8:14 am

I did not read the whole story but when a Linux server is compromised it's generally because of a config error in Apache (LAMP) or some other "basic" application running on top of the server system
Of course that does not make it less serious
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Questions about Defragging or Antivirus? Look here first!

Postby Grey on Fri Dec 04, 2009 11:16 am

thanx for this thread..this issue (especially defragging) confusing me all day long since i'm new with linux and almost none of my friend using it.. :(
this thread is relieving..thanx
Grey
Level 1
Level 1
 
Posts: 2
Joined: Thu Dec 03, 2009 10:08 pm

Re: Questions about Defragging or Antivirus? Look here first!

Postby rijnsma on Wed Dec 09, 2009 9:43 am

DrHu wrote:
And for the browser specifically, the LSO (Local shred object) should be eliminated

There is a 'BetterPrivacy' add-on for Firefox. :wink:
Qiana.... mind your backup..
User avatar
rijnsma
Level 4
Level 4
 
Posts: 291
Joined: Wed May 06, 2009 7:28 am
Location: NL

Re: Questions about Defragging or Antivirus? Look here first!

Postby Husse on Sun Dec 13, 2009 4:07 pm

I split off the discussion about the word newbie and moved that to the open chat section here
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Questions about Defragging or Antivirus? Look here first!

Postby JamaicaJoe on Sun Jan 10, 2010 11:50 pm

Hi Guys!

I have a question about the Linux-Mint8.iso, when I ran antivirus on it, found it a treat(?):

Linux-Mint8.iso/casper/filesystem.squashfs Error while scanning The file is a decompressing bomb.

I use Avast! Home Ed updated, runing on Ubuntu 9.04

Is that a false positive?
Any ideas?

I really concern about that because already have 2 netbooks with Linux Mint 8....one mine, the other belongs to my boss.. :( :(

Regards,

Jamaica Joe
JamaicaJoe
Level 1
Level 1
 
Posts: 1
Joined: Sun Jan 10, 2010 11:35 pm

Re: Questions about Defragging or Antivirus? Look here first!

Postby monkeyboy on Mon Jan 11, 2010 12:19 am

A decompression bomb floods the computer with compressed data. Many scanners will report such large install files falsely as bombs. If you are concerned install to a virtual machine and check that install.
If you don't like it, make something better
If you can't make something better, adapt
If you can't do either ball your panties up and cry.

Complaining is like masticating most anyone can do it.
However doing it in public is really hardcore.
User avatar
monkeyboy
Level 5
Level 5
 
Posts: 778
Joined: Mon Oct 13, 2008 11:30 am

Re: Questions about Defragging or Antivirus? Look here first!

Postby Kaye on Mon Jan 11, 2010 2:43 am

You should expect the iso to almost be a type of "decompression bomb" for the exact reason that monkeyboy just said. It makes a lot of sense if you think about what the installer is doing.
"In somnis veritas"
Antivirus or defragging?
Image
User avatar
Kaye
Level 5
Level 5
 
Posts: 942
Joined: Fri Feb 06, 2009 5:05 pm
Location: Boston College

Re: Questions about Defragging or Antivirus? Look here first!

Postby sam500 on Mon Feb 22, 2010 9:28 am

I've just noticed that the firewall listed in Control Center / System is disabled. Surely, by default, it should be switched on...? (I've enabled it now).
LMDE
sam500
Level 1
Level 1
 
Posts: 29
Joined: Wed Feb 03, 2010 9:19 am
Location: Tokyo, Japan

Re: Questions about Defragging or Antivirus? Look here first!

Postby sgarnett on Mon Mar 01, 2010 6:26 pm

I don't know the details of NTFS, but under the FAT32 (and older) Windows file system, the reason for defragging has nothing to do with recovering space. Yes, hard drive space was allocated in clusters of several sectors. If the file size was not evenly divisible by the cluster size, space would be wasted. Defragging did not fix this.

The reason for defragging was performance. The FAT in FAT32 refers to the "file allocation table". This is a block of data at the beginning of a hard drive partition that maps all those file fragments to scattered sectors. When reading a large file, the hard drive would have to seek back to the FAT to get the next entry every time it reached the end of a fragment. Seeking (moving the read head to a different track) is much slower than reading contiguous data.

I don't know linux file systems very well, but I know they don't use a FAT :) Regardless, the point is that linux wastes much less time when navigating from one fragment to the next because it doesn't have to keep thrashing back and forth to and from the FAT. Fragmentation carries a smaller penalty, so there's less to be gained by fixing it.

IDE drives also threw a new variable into the mix. The cylinder/head/sector mapping reported to the OS may not correspond to the physical mapping. Do contiguous logical sectors necessarily map to contiguous physical sectors? Not any more. Of course, the drive vendors care about performance, so they aren't going to just scatter sectors randomly.
sgarnett
Level 1
Level 1
 
Posts: 7
Joined: Thu Nov 12, 2009 9:27 pm

Re: Questions about Defragging or Antivirus? Look here first!

Postby _h_ on Sat Mar 06, 2010 5:11 pm

Looks similar to the same tactic used to kill Windows systems there ikey.
OS: Ubuntu 10.04 Lucid Lynx Beta 1 64bit
_h_
Level 1
Level 1
 
Posts: 47
Joined: Sun Feb 21, 2010 4:14 pm
Location: USA

Re: Questions about Defragging or Antivirus? Look here first!

Postby stevefed5291 on Sat Mar 06, 2010 7:44 pm

nice post ikey, currently searching for NoScript :)
Image
Website, Blog, and stevefed5291 on IRC
User avatar
stevefed5291
Level 3
Level 3
 
Posts: 132
Joined: Mon Feb 09, 2009 8:33 pm
Location: United States

Re: Questions about Defragging or Antivirus? Look here first!

Postby _h_ on Sat Mar 06, 2010 7:47 pm

stevefed5291 wrote:nice post ikey, currently searching for NoScript :)


https://addons.mozilla.org/en-US/firefox/addon/722
OS: Ubuntu 10.04 Lucid Lynx Beta 1 64bit
_h_
Level 1
Level 1
 
Posts: 47
Joined: Sun Feb 21, 2010 4:14 pm
Location: USA

Linux Mint is funded by ads and donations.
 
PreviousNext

Return to Newbie Questions

Who is online

Users browsing this forum: djochims, ElStellino and 29 guests