Questions about Defragging or Antivirus? Look here first!
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Re: Questions about Defragging or Antivirus? Look here first!
Hello,
Can some Windows spyware, keyloggers or other malware run on Linux if Wine is installed?
I've tested running Windows software on Wine without having first installed it through Wine
(basically, just went to the Windows partition and ran it from the Program Files folder).
Some works OK (eg. Irfanview), some doesn't, some works partly.
This led me to suspect that some of the spyware out there might also have this ability.
Are my fears realistic, or does something about Linux or Wine prevent malware exploits through this route?
Thanks!!
Sontaran
(P.S.:
Today, I found the file iexplore.exe in Mint's trash and its size was only about 2.5kB. Obviously, not the real Internet Explorer, and I have no idea how it got there. Upon seeing this, I deleted it, installed Avast for Linux, uninstalled Wine, and went looking for antispyware for Linux, but didn't see one by a reputable source.)
Can some Windows spyware, keyloggers or other malware run on Linux if Wine is installed?
I've tested running Windows software on Wine without having first installed it through Wine
(basically, just went to the Windows partition and ran it from the Program Files folder).
Some works OK (eg. Irfanview), some doesn't, some works partly.
This led me to suspect that some of the spyware out there might also have this ability.
Are my fears realistic, or does something about Linux or Wine prevent malware exploits through this route?
Thanks!!
Sontaran
(P.S.:
Today, I found the file iexplore.exe in Mint's trash and its size was only about 2.5kB. Obviously, not the real Internet Explorer, and I have no idea how it got there. Upon seeing this, I deleted it, installed Avast for Linux, uninstalled Wine, and went looking for antispyware for Linux, but didn't see one by a reputable source.)
Re: Questions about Defragging or Antivirus? Look here first!
A Windows virus can run in Wine and similar, but can not do any harm to your Linux - at worst it can copy files to your home
There is a (very) lengthy thread on the subject in the Ubuntu forums - a couple of years old but still valid
There is a (very) lengthy thread on the subject in the Ubuntu forums - a couple of years old but still valid
Re: Questions about Defragging or Antivirus? Look here first!
Thank you, Husse !
This got me looking in the right direction.
Some of the better bits I found:
http://www.avertlabs.com/research/blog/ ... -in-linux/
"Although it is difficult for malware to autostart in Wine, it is not impossible. Malware can be written to find out if it is running in Wine. It can then either download a Linux binary onto the machine and/or simply add an autostart entry for itself in the Linux desktop environment’s common autostart locations, using the nonroot user’s credentials ........ IRC/Contact malware drops files and connects to a preconfigured IRC server. This IRC Trojan, when ran in Wine, connected to the preconfigured IRC server."
"...Do not set the file association for Windows executables with Wine. This would enable the running of Windows executables in Wine by simply double-clicking them."
Also:
http://www.winehq.org/pipermail/wine-de ... html#73505
especially: http://www.winehq.org/pipermail/wine-de ... 73548.html
http://www.psychocats.net/ubuntu/Sucuri ... lantivirus
"There are rootkit detectors in the repositories—rkhunter and chkrootkit, for example."
I think I'll leave Wine off my system for now...
This got me looking in the right direction.
Some of the better bits I found:
http://www.avertlabs.com/research/blog/ ... -in-linux/
"Although it is difficult for malware to autostart in Wine, it is not impossible. Malware can be written to find out if it is running in Wine. It can then either download a Linux binary onto the machine and/or simply add an autostart entry for itself in the Linux desktop environment’s common autostart locations, using the nonroot user’s credentials ........ IRC/Contact malware drops files and connects to a preconfigured IRC server. This IRC Trojan, when ran in Wine, connected to the preconfigured IRC server."
"...Do not set the file association for Windows executables with Wine. This would enable the running of Windows executables in Wine by simply double-clicking them."
Also:
http://www.winehq.org/pipermail/wine-de ... html#73505
especially: http://www.winehq.org/pipermail/wine-de ... 73548.html
http://www.psychocats.net/ubuntu/Sucuri ... lantivirus
"There are rootkit detectors in the repositories—rkhunter and chkrootkit, for example."
I think I'll leave Wine off my system for now...
Re: Questions about Defragging or Antivirus? Look here first!
Thanks for this article. Since I am using Linux, I don't really have any problems with viruses, spyware and other things. It is also very important that you know what are you doing with your PC, which web sites you are surfing on, what are you downloading. Be careful, and you shouldn't have any problem.
Cheers
Cheers
Re: Questions about Defragging or Antivirus? Look here first!
Javascript is the same and with the same possible risks regardless of operating system - it is run in the web browser
BUT - it can't spread in Linux due to the file permission system - it won't get permission to do much anything
BUT - it can't spread in Linux due to the file permission system - it won't get permission to do much anything
Re: Questions about Defragging or Antivirus? Look here first!
Exactly. The Javascript issue will really only affect your browser, and you'll know if there's malicious JS code running (it'll be pretty obvious). With Firefox it's very simple to circumvent JavaScript by installing the NoScript plugin, so there isn't much to worry about.
Re: Questions about Defragging or Antivirus? Look here first!
I did not read the whole story but when a Linux server is compromised it's generally because of a config error in Apache (LAMP) or some other "basic" application running on top of the server system
Of course that does not make it less serious
Of course that does not make it less serious
Re: Questions about Defragging or Antivirus? Look here first!
DrHu wrote:
There is a 'BetterPrivacy' add-on for Firefox.And for the browser specifically, the LSO (Local shred object) should be eliminated
Re: Questions about Defragging or Antivirus? Look here first!
I split off the discussion about the word newbie and moved that to the open chat section here
Re: Questions about Defragging or Antivirus? Look here first!
Hi Guys!
I have a question about the Linux-Mint8.iso, when I ran antivirus on it, found it a treat(?):
Linux-Mint8.iso/casper/filesystem.squashfs Error while scanning The file is a decompressing bomb.
I use Avast! Home Ed updated, runing on Ubuntu 9.04
Is that a false positive?
Any ideas?
I really concern about that because already have 2 netbooks with Linux Mint 8....one mine, the other belongs to my boss..
Regards,
Jamaica Joe
I have a question about the Linux-Mint8.iso, when I ran antivirus on it, found it a treat(?):
Linux-Mint8.iso/casper/filesystem.squashfs Error while scanning The file is a decompressing bomb.
I use Avast! Home Ed updated, runing on Ubuntu 9.04
Is that a false positive?
Any ideas?
I really concern about that because already have 2 netbooks with Linux Mint 8....one mine, the other belongs to my boss..
Regards,
Jamaica Joe
Re: Questions about Defragging or Antivirus? Look here first!
A decompression bomb floods the computer with compressed data. Many scanners will report such large install files falsely as bombs. If you are concerned install to a virtual machine and check that install.
Re: Questions about Defragging or Antivirus? Look here first!
You should expect the iso to almost be a type of "decompression bomb" for the exact reason that monkeyboy just said. It makes a lot of sense if you think about what the installer is doing.
Re: Questions about Defragging or Antivirus? Look here first!
I've just noticed that the firewall listed in Control Center / System is disabled. Surely, by default, it should be switched on...? (I've enabled it now).
Re: Questions about Defragging or Antivirus? Look here first!
I don't know the details of NTFS, but under the FAT32 (and older) Windows file system, the reason for defragging has nothing to do with recovering space. Yes, hard drive space was allocated in clusters of several sectors. If the file size was not evenly divisible by the cluster size, space would be wasted. Defragging did not fix this.
The reason for defragging was performance. The FAT in FAT32 refers to the "file allocation table". This is a block of data at the beginning of a hard drive partition that maps all those file fragments to scattered sectors. When reading a large file, the hard drive would have to seek back to the FAT to get the next entry every time it reached the end of a fragment. Seeking (moving the read head to a different track) is much slower than reading contiguous data.
I don't know linux file systems very well, but I know they don't use a FAT Regardless, the point is that linux wastes much less time when navigating from one fragment to the next because it doesn't have to keep thrashing back and forth to and from the FAT. Fragmentation carries a smaller penalty, so there's less to be gained by fixing it.
IDE drives also threw a new variable into the mix. The cylinder/head/sector mapping reported to the OS may not correspond to the physical mapping. Do contiguous logical sectors necessarily map to contiguous physical sectors? Not any more. Of course, the drive vendors care about performance, so they aren't going to just scatter sectors randomly.
The reason for defragging was performance. The FAT in FAT32 refers to the "file allocation table". This is a block of data at the beginning of a hard drive partition that maps all those file fragments to scattered sectors. When reading a large file, the hard drive would have to seek back to the FAT to get the next entry every time it reached the end of a fragment. Seeking (moving the read head to a different track) is much slower than reading contiguous data.
I don't know linux file systems very well, but I know they don't use a FAT Regardless, the point is that linux wastes much less time when navigating from one fragment to the next because it doesn't have to keep thrashing back and forth to and from the FAT. Fragmentation carries a smaller penalty, so there's less to be gained by fixing it.
IDE drives also threw a new variable into the mix. The cylinder/head/sector mapping reported to the OS may not correspond to the physical mapping. Do contiguous logical sectors necessarily map to contiguous physical sectors? Not any more. Of course, the drive vendors care about performance, so they aren't going to just scatter sectors randomly.
Re: Questions about Defragging or Antivirus? Look here first!
Looks similar to the same tactic used to kill Windows systems there ikey.
Re: Questions about Defragging or Antivirus? Look here first!
nice post ikey, currently searching for NoScript
Re: Questions about Defragging or Antivirus? Look here first!
https://addons.mozilla.org/en-US/firefox/addon/722stevefed5291 wrote:nice post ikey, currently searching for NoScript
Re: Questions about Defragging or Antivirus? Look here first!
lol, thank you but I managed to find it
Re: Questions about Defragging or Antivirus? Look here first!
I was under that assumption, but still posted the link for everyone else wanting it to get it.stevefed5291 wrote:lol, thank you but I managed to find it