Interest: If ever there was reason to uninstall mono, this is it

Chat about Linux in general
User avatar
catweazel
Level 19
Level 19
Posts: 9884
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Interest: If ever there was reason to uninstall mono, this is it

Post by catweazel »

https://www.itwire.com/security/86727-a ... claim.html
The Mono framework, a free system that lets users run Windows applications on other operating systems, including macOS, is allowing malicious attackers to infect Apple systems with Windows malware.

Mono was developed by Miguel de Icaza, a co-founder of the GNOME desktop project, a DE that is used by Linux systems. De Icaza is now employed by Microsoft.

The security firm Kaspersky Lab pointed out that malicious attackers were collecting data about Apple systems and feeding it into adware using files with an .exe extension – files which normally run only on Windows.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
DAMIEN1307
Level 10
Level 10
Posts: 3430
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico, USA

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by DAMIEN1307 »

pjotr has for years now recommended to always uninstall mono/orca as one of the first things to do with a new install as it would be able to open your system up to windows malware baddies...this proves him right and one of the first things i ever learned about linux, as well as dont use wine, dont copy and paste unknown code from random websites, dont disable sudo password for "ease of use" etc., and be wary of PPAs not from a well known trusted source...DAMIEN
ORDO AB CHAO
"I refuse to be assimilated, I refuse to become one with the Borg Collective"
User avatar
kc1di
Level 16
Level 16
Posts: 6394
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by kc1di »

+1
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
rambo919
Level 4
Level 4
Posts: 255
Joined: Wed May 22, 2013 3:11 pm

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by rambo919 »

And this is surprising? If you use windows software you are vulnerable to windows viruses.... just also install a proper AV ffs
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by gm10 »

It remains a terrible argument. With that reasoning you gotta uninstall Python, too (among many other things).

(just in case: don't do it, you'll break your system)
User avatar
catweazel
Level 19
Level 19
Posts: 9884
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by catweazel »

DAMIEN1307 wrote:
Thu Apr 18, 2019 8:10 am
pjotr has for years now recommended to always uninstall mono/orca as one of the first things to do with a new install as it would be able to open your system up to windows malware baddies...this proves him right
Orca has nothing to do with this, it's a screen reader. Pjotr's tip to remove it is to prevent unsuspecting persons from getting a shock when their machine talks at them. But, yes, he's quite right about the risk posed by mono. I wouldn't go so far as saying "proves him right", but the article certainly justifies Pjotr's extreme caution with mono.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
DAMIEN1307
Level 10
Level 10
Posts: 3430
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico, USA

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by DAMIEN1307 »

yeh, im aware that is orcas purpose, i just remember that the original code he used to use a few years back included orca as well as mono in the same line and i wasnt interested in orca anyways...and i would say, "extreme caution" is a fair term to use here as well when referring to mono usage...DAMIEN
Last edited by DAMIEN1307 on Thu Apr 18, 2019 8:20 am, edited 2 times in total.
ORDO AB CHAO
"I refuse to be assimilated, I refuse to become one with the Borg Collective"
altair4
Level 20
Level 20
Posts: 10262
Joined: Tue Feb 03, 2009 10:27 am

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by altair4 »

From the article:
To add to the irony, this was done with pirated copies of the Little Snitch firewall and users who tried to avoid paying for a licence ended up with malware instead, researcher Leonid Grustniy said.
The "licence" in question costs $45 which would be the smallest expenditure a typical Mac user would ever make for his system.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
User avatar
Moem
Level 20
Level 20
Posts: 11955
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by Moem »

Does Mono by itself run .exe files if there is no Wine installed?
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by gm10 »

Moem wrote:
Thu Apr 18, 2019 8:20 am
Does Mono by itself run .exe files if there is no Wine installed?
Sure, assuming the .exe is compiled with Mono. Just like your system would run any other supported malicious code that you download and execute.
User avatar
catweazel
Level 19
Level 19
Posts: 9884
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by catweazel »

Moem wrote:
Thu Apr 18, 2019 8:20 am
Does Mono by itself run .exe files if there is no Wine installed?
The article isn't fully clear on the point, but yes, it could run without Wine, which is the purpose of having mono.

Code: Select all

mono moems_malware.exe
Or, as a shell script:

Code: Select all

#!/bin/sh
/usr/bin/mono /usr/lib/moems_malware/moems_malware.exe "$@"
That's all it would take.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
User avatar
catweazel
Level 19
Level 19
Posts: 9884
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by catweazel »

gm10 wrote:
Thu Apr 18, 2019 8:25 am
Moem wrote:
Thu Apr 18, 2019 8:20 am
Does Mono by itself run .exe files if there is no Wine installed?
Sure, assuming the .exe is compiled with Mono. Just like your system would run any other supported malicious code that you download and execute.
I have to agree.

Edit: I avoided saying it so as not to complicate matters. I got the impression from the article that they confused the .exe extension with being a Windows only thing, but mono can build .exe files.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
User avatar
Pjotr
Level 22
Level 22
Posts: 15898
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by Pjotr »

gm10 wrote:
Thu Apr 18, 2019 8:12 am
It remains a terrible argument. With that reasoning you gotta uninstall Python, too (among many other things).

(just in case: don't do it, you'll break your system)
I disagree that it's a terrible argument.... Removing Mono makes your system less vulnerable, at a very low price (the loss of a few applications that can usually easily be replaced by non-Mono alternatives).

I wouldn't of course advise to remove Python, because the price you pay would be far too high (namely a broken system).

Perfect computing security is unfortunately unattainable in this valley of tears we call earth. C'est la vie.... :mrgreen:
But we can achieve a remarkably high level of computing security, without sacrificing too much for it.

Complete security is a pipe dream. Risk management is horse sense. I love horse sense.
Last edited by Pjotr on Thu Apr 18, 2019 8:56 am, edited 1 time in total.
Tip: 10 things to do after installing Linux Mint 20 Ulyana
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
User avatar
catweazel
Level 19
Level 19
Posts: 9884
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by catweazel »

Pjotr wrote:
Thu Apr 18, 2019 8:53 am
gm10 wrote:
Thu Apr 18, 2019 8:12 am
It remains a terrible argument. With that reasoning you gotta uninstall Python, too (among many other things).

(just in case: don't do it, you'll break your system)
I disagree that it's a terrible argument...
I agree with you. Removing mono reduces the potential attack surface area.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by gm10 »

catweazel wrote:
Thu Apr 18, 2019 8:56 am
Removing mono reduces the potential attack surface area.
Naturally, but it's marginal. Even if there was a lot of malware compiled with mono, which I strongly doubt, the real problem is the user executing the malware in the first place. Whether you run a malicious mono application or even just a malicious shell script really makes no difference at that point, you're compromised either way. Furthermore, I have no doubt that users would confirm to install mono when the malware asks them to do it, anyway.
User avatar
catweazel
Level 19
Level 19
Posts: 9884
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by catweazel »

gm10 wrote:
Thu Apr 18, 2019 9:04 am
catweazel wrote:
Thu Apr 18, 2019 8:56 am
Removing mono reduces the potential attack surface area.
Naturally, but it's marginal. Even if there was a lot of malware compiled with mono, which I strongly doubt, the real problem is the user executing the malware in the first place. Whether you run a malicious mono application or even just a malicious shell script really makes no difference at that point, you're compromised either way. Furthermore, I have no doubt that users would confirm to install mono when the malware asks them to do it, anyway.
You are, of course, quite right but those of us not silly enough to do such things ought to ring the warning bells for those who would listen. What gets me about malware discussions in relation to linux is that too many people who ought to know better claim there is little to no chance of linux malware to the point of it having immunity, yet there is a plethora of linux malware out there. Desktop users have been fortunate only in that linux servers are the main target, targeted for OpenSSH exploits, and android devices, targeted for kernel exploits. Linux malware is big business because the cloud is big business, and nearly all of it runs on linux.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
gm10
Level 20
Level 20
Posts: 10999
Joined: Thu Jun 21, 2018 5:11 pm

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by gm10 »

catweazel wrote:
Thu Apr 18, 2019 9:19 am
What gets me about malware discussions in relation to linux is that too many people who ought to know better claim there is little to no chance of linux malware to the point of it having immunity, yet there is a plethora of linux malware out there. Desktop users have been fortunate only in that linux servers are the main target, targeted for OpenSSH exploits, and android devices, targeted for kernel exploits. Linux malware is big business because the cloud is big business, and nearly all of it runs on linux.
I'm completely with you there. Linux has more mitigating factors than Windows as far as malware distribution goes but structurally I've always argued that desktop Linux is even less secure than desktop Windows. To claim "Linux is safe" is reckless and ultimately doing a great disservice to Linux.
User avatar
Pjotr
Level 22
Level 22
Posts: 15898
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by Pjotr »

gm10 wrote:
Thu Apr 18, 2019 9:04 am
catweazel wrote:
Thu Apr 18, 2019 8:56 am
Removing mono reduces the potential attack surface area.
Naturally, but it's marginal. Even if there was a lot of malware compiled with mono, which I strongly doubt, the real problem is the user executing the malware in the first place. Whether you run a malicious mono application or even just a malicious shell script really makes no difference at that point, you're compromised either way.
Yes, but the point of removing Mono is, that its malware risk is potentially bigger than usual. Because it allows for cross-platform malware from the heavily infected Windows ecosystem.
gm10 wrote:
Thu Apr 18, 2019 9:04 am
Furthermore, I have no doubt that users would confirm to install mono when the malware asks them to do it, anyway.
Some would, some wouldn't. :mrgreen:

As the saying goes: familiarity breeds contempt. We're very familiar with Linux, so we're also aware of its security deficiencies. That might lead to over-relativism, which in its turn might lead us to undervalue the fact that Linux is in fact very secure by comparison.

And I don't mean theoretical comparison, but practical comparison. Real life. Both feet firmly planted in the mud.
Tip: 10 things to do after installing Linux Mint 20 Ulyana
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
User avatar
Portreve
Level 10
Level 10
Posts: 3384
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by Portreve »

Hey Pjotr:
Pjotr wrote:
Thu Apr 18, 2019 10:14 am
Yes, but the point of removing Mono is, that its malware risk is potentially bigger than usual. Because it allows for cross-platform malware from the heavily infected Windows ecosystem.
So, some thoughts and general feedback...

Your set of how-to pages are fantastic. Ever since I bought first (and still current) SSD, your page on doing LM SSD optimization is my Bible. I can't begin to thank you enough. However, it is as I have said only since I bought an SSD that I was even aware of it.

I think a discussion may well be had — and probably should be — about how many people bother to do any of this, and therefore how many of those who do know about your pages. I imagine you have data on usage, of course, but that's not really the point I'm trying to make.

Likewise, and mind you I'm a technology enthusiast since the 1980s, even I have never looked on your pages for anything to do with Mono. In my own case, I don't make any kind of use of it, so this discussion is the first I've heard about the situation.

There needs to be a better way of going about all of this. Your pages should have, I think, visibility here on LMF.
Your humble Portreve.

Running Linux Mint Cinnamon 20.0

Problem solved? Mark your thread [SOLVED] | There’s no place like ::1
I used to be a natural people person, then people ruined it.

Recommended Keyboard Layout: English (intl., with AltGR dead keys)
User avatar
michael louwe
Level 10
Level 10
Posts: 3295
Joined: Sun Sep 11, 2016 11:18 pm

Re: Interest: If ever there was reason to uninstall mono, this is it

Post by michael louwe »

catweazel wrote:
Thu Apr 18, 2019 8:56 am
Interest: If ever there was reason to uninstall mono, this is it.
Shouldn't mono be removed by the Linux kernel, Gnome and/or distro developers since it is a big security risk.?
Post Reply

Return to “Chat about Linux”