Should a home user worry about this? (malware)

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
User avatar
wutsinterweb
Level 6
Level 6
Posts: 1042
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Should a home user worry about this? (malware)

Post by wutsinterweb »

Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
I've been using Mint for over 4 years, but I'm still a slow learner. I have a website: https://pickfetish.com. It is dedicated to guitar/instrument picks.
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: Should a home user worry about this? (malware)

Post by rene »

No, not worrisome for desktop Linux users. I.e., it's malware, and once it's on your system it's not nice and relatively capable, but clearly once any piece of malware is on your system that's no good. Getting infected with this or any other malware in the first place is what you on desktop Linux have to go far out of your way for (and w.r.t. specifically this malware it's been until now geared towards e.g. corporate espionage; not home users).

Basically this stuff is quite simple: once malware is on your system, you've lost already, be it it dumb or smart malware. It's getting it on your system that's on desktop Linux and in practice a very close to zero chance, what with e.g. the repository model; users very much not being in the habit of downloading and running random executables from the web.

Be careful with even paying attention to these reports out on the web. By nature of the technology there is quite literally no end to conceptual threads out there nor will there ever be. It's the overwhelming lack of translation from conceptual to actual that is of primary interest to desktop Linux users.
User avatar
wutsinterweb
Level 6
Level 6
Posts: 1042
Joined: Tue Feb 28, 2017 2:14 am
Location: Connecticut, USA

Re: Should a home user worry about this? (malware)

Post by wutsinterweb »

That's exactly what I imagined.
I've been using Mint for over 4 years, but I'm still a slow learner. I have a website: https://pickfetish.com. It is dedicated to guitar/instrument picks.
Marie SWE
Level 5
Level 5
Posts: 713
Joined: Wed Feb 28, 2018 7:32 pm
Location: Sweden

Re: Should a home user worry about this? (malware)

Post by Marie SWE »

'
I'm going to play the devil's advocate a bit, i quote your text as you did say somethings i react to... But this post is to all of us. :roll:
I did warn about unsafe download yesterday in here. That tread is gone now.
rene wrote: Sun May 15, 2022 4:55 pm No, not worrisome for desktop Linux users. I.e., it's malware, and once it's on your system it's not nice and relatively capable, but clearly once any piece of malware is on your system that's no good. Getting infected with this or any other malware in the first place is what you on desktop Linux have to go far out of your way for (and w.r.t. specifically this malware it's been until now geared towards e.g. corporate espionage; not home users).
No worry, desktop world is immune.... Something i heard over and over again my first 6 months with linux.
You just paranoid from windows you don't need firewall, you don't need antivirus , you don't need to monitor your system. (No you do not need that to a windows system either IF you don't do anything stuped)
No, virus and malware cant infect Linux desktops.. Linux server, linux IoT and linux-android yes, but not desktop. No worry...
Then evil gnome hit the linux world. and i just smiled. and then Dirtypipe, i still smiled, Then we have all vulnerability's CVE-2022-29799, CVE-2022-29800(list of vulnerabilities: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux) and now this thread with BPFdoor...
and guess what?... I am still smiling. :mrgreen: :mrgreen: :mrgreen:
it is really hard not to smile when those people ho told me: You just paranoid from windows you don't need firewall, you don't need antivirus , you don't need to monitor your system..... now they can eat their own words.. Linux isn't immune :wink:
I had to put up with some, just because I wanted to secure my Linux system.... I didn't listen to them... I continued my quest to harden my linux system.

As I have been saying over and over again.. the user is always the weak link. Not the system. yes, even wincrap=(windows)
An active action from within is almost always needed(exceptions is always what make the rules) if there is a router or hardware firewall between the system and internet.
Examples. Infected update or install ISO or program from a hacked repo as one example. This has happened I don't remember which distro was affected but it's probably a google thing away.
Then all beginners who find sudo commands on all sorts of websites that should solve various problems as they just copy and paste.. not typing.. copying
Cool gadgets(software) to install with a small sodo command and unknown repo to add. (evilgnome)
There are many ways to trick someone into installing or running a sudo command and it does happens that repos get hacked. something on github that's not discovered.... although this is unusual, it does exist.
In the same way this happens in a windows computer.. the user is the weak link.

So to telling new Linux user "not to worrisome for desktop Linux users".. is a little bit arrogance as Linus desktop is far from immune..
That is why we need to tell that to new users so they DON'T does stupid things as download a customized distro.ISO or software from a internet page that's not trusted..... just because they are rocked into a false security and thinks it can not affect linux desktop.. and when they copy sudo commands of internet everywhere.
This is something that spreads thru different linux community........You are safe, it's Linux... guess again, you not, it's just uncommon.

rene wrote: Sun May 15, 2022 4:55 pm Basically this stuff is quite simple: once malware is on your system, you've lost already, be it it dumb or smart malware. It's getting it on your system that's on desktop Linux and in practice a very close to zero chance, what with e.g. the repository model; users very much not being in the habit of downloading and running random executables from the web.
Yes, that is true... but there is a difference between lost, lost and lost.
You have lost when the computer is screwed up.. but you have lost even more if the malware have sent all your credit card data, recorded your microphone and webcam and send the data...
or your even worst, your computer is just a silent zombie-bot-spyware and you don't even know, as it don't screwed up the computer so you notes anything.... That is really to loose.
rene wrote: Sun May 15, 2022 4:55 pm Be careful with even paying attention to these reports out on the web. By nature of the technology there is quite literally no end to conceptual threads out there nor will there ever be. It's the overwhelming lack of translation from conceptual to actual that is of primary interest to desktop Linux users.
I like this. :mrgreen: Quote: "Be careful with even paying attention".... I do hope it is a typo...
Be careful to even paying attention to malware and vulnerability reports..... oh yes, you can learn linux isn't totally immune if you do pay attention. :lol:

I like to ad. Pay attention.. But i like to quote Startrek: ferengi rule of acquisition 190 "hear all trust nothing"
By that I mean.. listen to the news and to malware and vulnerability reports if things are spreading, but find out the facts before you act on it.
It is unnecessary to react if it does not affect all distros... Remember nooo system in the world is 100% secure not even linux desktop.
Do not trust terminal commands from un-trusted homepages.
Do not trust a customized OS ISOs or software from an un-trusted persons, if you don't trust him/her with all your account-money.. Do background check first.. what is this, ho offer this, what do other thinks.

If if you as new linux user, thinks something is weird or if you find some sudo code on a homepage that you don't understand and does planing to use.. ask open in forums like LinuxMint so those with experience can help you understand and learn. 8)
Quote from Forum RulesThere are no such things as "stupid" questions.
Just remember post them in the right forum topic :wink:
if you want my attention...quote me so I get a notification
Nothing is impossible, the impossible just takes a little longer to solve..
It is like it is.. because you do as you do.. if you hadn't done it as you did.. it wouldn't have become as it is. ;)
t42
Level 11
Level 11
Posts: 3708
Joined: Mon Jan 20, 2014 6:48 pm

Re: Should a home user worry about this? (malware)

Post by t42 »

Marie SWE wrote: Sun May 15, 2022 9:25 pm Then we have all vulnerability's CVE-2022-29799, CVE-2022-29800(list of vulnerabilities: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux) and now this thread with BPFdoor...
How can I get the BPFdoor on my personal system without compiling it from source or being targeted group from "telecommunications provideror entity in the government, education, and logistics sectors" ?
And how many from linked mitre.org list are not of a local user kind or were spotted on a real life Linux desktop?

btw why this thread even in Chat about Linux Mint forum?
Last edited by xenopeek on Mon May 16, 2022 1:40 am, edited 1 time in total.
Reason: topic moved to Chat about Linux
-=t42=-
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: Should a home user worry about this? (malware)

Post by rene »

Marie SWE wrote: Sun May 15, 2022 9:25 pm So to telling new Linux user "not to worrisome for desktop Linux users".. is a little bit arrogance as Linus desktop is far from immune..
Marie, please take your average crap elsewhere.

I didn't say anything was immune; the question as posted was explicitly about home-users needing to worry about the described piece of malware. Which as said may be described as relatively capable once it's on your system but where this doesn't even much matter; said explicitly three times -- which I thought was a bit much for such a short post; just goes to show -- since the thing as to desktop Linux is getting it on your system in the first place. In this case moreover about getting this corporate-espionage geared piece of Chinese-government malware onto your desktop-Linux home-user system in the first place.

I am pretty much capable of judging the technology as such, and as again said, there is and always will be by nature of said technology a world of conceptual threats out there. But actual ones are those that matter, and by virtue of having been a Linux user for more than 20 years I'm also by now pretty much capable of judging that far more practically relevant part. You are not. Probably not as to the technology eventually (although I've admittedly seen you say some things which weren't completely technically wrong at least) but sure as <bleep> not as to that "actual" rather than "conceptual" part.

Yet, or in practice unfortunately significantly more commonly as one of characterological paranoia and/or Great InterNet-Saviour syndrome. Sort of rooting for it to in your case be former but it's going to take years to determine: could you in the meantime do (me and...) the newbies on this and other forums the favour of not saddling them with baseless Fear, Uncertainty and Doubt as to "malware" on their home Linux systems? Because I've been countering it for probably around 15 years now and it's getting to be significantly too much. It's each time the same thing and pretty much exactly like, say, being asked over and over to prove that Bill Gates did not in fact put 5G mind-control chips in corona vaccines. "Ha, can't prove that?! Told ya he did!!".

Yah. As said, there are and always will be many conceptual threats out there -- but now learn about the real rather than fairytale world. In that one desktop-Linux home-users do not have to worry about the linked article. If you do not know that to be true, that is precisely what it is: you not knowing that to be true. Newbies on this and other Linux forums should get better.
User avatar
MurphCID
Level 15
Level 15
Posts: 5894
Joined: Fri Sep 25, 2015 10:29 pm
Location: Near San Antonio, Texas

Re: Should a home user worry about this? (malware)

Post by MurphCID »

I do agree with her to some extent because we have been guilty of telling people you don’t need antivirus software you don’t need to worry about malware you don’t need to worry about these things. The computer usually is and always has been the major point of failure in any computer system. What I don’t understand is how the tactical works in this particular exploit. Does your computer user just have to be active and suddenly like Covid it just homes in attacks you? Or do you have to actively do something? As with most of this malware it seems that the computer user has to take some sort of an active part in infecting their own system. Although is there something that all you have to do is visit it infected website? I’m not sure I’m not a virus threat researcher so these articles to me or a little obscure because I don’t understand the terminologies to the extent that I need to I guess?

Also in articles like this what we have to worry about is their written for security professionals, not for people like me. So that causes confusion and uncertainty because we’re not really sure how the attack vector happens, nor what can we do to prevent it from happening. Because in so many of these articles they tell you about the vector, but I never see things that can be done to avoid the risk, or to mitigate the risk, and who the threat is directed at? Is it directed at home users, or is it directed at corporate users, or is it directed at literally everybody? I understand the value of these articles but at the same time they’re not written for the average Joe like me. Also it looks like nothing that your average Linux users does that can be used to stop this apparently it goes right in firewalls and just there’s no defense against us the way the articles written.
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: Should a home user worry about this? (malware)

Post by rene »

MurphCID wrote: Mon May 16, 2022 7:05 am Or do you have to actively do something?
Yes. You have to seek out this particular piece of malware somewhere on the web and then have to install it. Good luck with former (from anything not explicitly showcasing it in the security context of course) and installing and running random crap from around the web is as said not the thing desktop-Linux users do in any relevant measure in the first place.

Active web-content isn't a general attack vector. For example JavaScript runs inside of a (very) limited "interpreter virtual machine" inside of the browser-process, i.e., with few possibilities to interact with the system as such; beyond explicitly intended ones none even -- other of course than for bugs and/or oversights in said browser's implementation. Those exist, and e.g. the family of side-channel attacks on CPU caches from a few years ago (although variants of it are being found to this day) was in theory as a timing-based attack available from active content. Browsers at the time immediately locked that possibility further down but even before they did it wasn't a practical attack-vector in any sense and as far as I'm aware there was literally never a web-site found that even tried to maliciously exploit the issue.

And that's the point where people take the wrong turn. Sure, there's theoretical threats out there -- but good <bleeping> luck trying to turn them into actual ones on desktop-Linux. As to drive-by threats I remember really but one half-way interesting one; a bug in an obsolete and obscure graphics library for an even more obscure legacy-gaming simulator, I believe it was. That one will probably have come close to being conceptually applicable to 0.001 percent of desktop-Linux users, i.e. those that had said obscure and obsolete software installed in the first place, and still to 0.000 percent if we then intersect with those that would've visited malicious websites constructed to exploit the issue -- and as far as those existed in the first place.

This is the thing each time. You're a nice guy, but you can not objectively "agree" or not with this stuff since you lack technical skill to do so with. Human beings being what they are they immediately go into thread-response mode if something happens the individual specimen does not understand -- better safe than sorry, right?! -- but if you have as said a few times a field in which conceptual threats always will exist by nature of the technology whereas actual ones do not in fact, then the balance shifts most fundamentally.

So whom do you believe if you have not the technical prowess not only to judge the technology itself but also not as to whom to believe as to said technology? My favourite answer is always along the lines of "yourself, after spending a few years in a school or library" but in cases where such is determined non-feasible I'd personally advise to go with the more experienced advisor. Admittedly not as matter of coincidence, that's here and in this case me.
Last edited by rene on Mon May 16, 2022 10:51 am, edited 1 time in total.
t42
Level 11
Level 11
Posts: 3708
Joined: Mon Jan 20, 2014 6:48 pm

Re: Should a home user worry about this? (malware)

Post by t42 »

Some specifics: this is an earlier sample of BPFDoor source code. For those interested: it is delivered to compromised systems manually.
https://pastebin.com/kmmJuuQP
-=t42=-
User avatar
MikeNovember
Level 7
Level 7
Posts: 1839
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: Should a home user worry about this? (malware)

Post by MikeNovember »

Hi,

This malware analysis is interesting but, like many analyses, it does not tell how the malware can be installed in your system.

There are several ways a malware can install on your system:

- 1st method: It scans for open ports (ssh, telnet, vnc...), then, once found, it makes an attempt to guess the password (brute-force attack: it tests several passwords, hundreds of thousands or millions, until it finds it); finally, once connected to the system, it attempts to gain privilege escalation using a known exploit (an unpatched security weakness). Once the privilege escalation gained, a malicious program can be installed on your system without the need to know the required password.

- 2nd method: You browse internet and reach a specially malformed web page with malicious code; this code will use a known exploit of the browser (examples: buffer overflow, memory write in a reserved zone...), this exploit will let the system in an unstable state from where a privilege escalation will be gained.

- 3rd method: the user himself installs the malicious program; the program can be downloaded from an untrusted source (think to "untrusted PPA") or from an e-mail attachment; in each case there is some kind of "social engineering" to convince the user the program is a legit one.

Once the malware on your system, it is too late.

So, how to protect yourself against this? As usual with security problems, there are three steps: prevention, detection and emergency measures.

Prevention:
- Update your system and your programs as soon as possible. --> prevention 1st and 2nd kinds of attacks.

- Uninstall unused services, use a firewall to block incoming connections, use a very strong password when opening a listening service. --> prevention of 1st kind attack.

- Use browser, and more generally any internet connecting application, in a sandbox (Firefail, flatpak, snap) or in a container (docker) that will isolate the application from the operating system; use safe browsing ("/etc/hosts" used as an IP addresses filter; use of extension such as uBlock Origin set to protect against malware). --> prevention of 2nd kind attack.

- Install programs only from trusted sources (Linux Mint and Ubuntu repositories, software authors websites with good reputation, "official" PPAs); check the address of all websites to confirm they are legit in order to avoid phishing; do not click on links inside an email with unknown origin; in case of doubt, scan for viruses attachments and downloaded files, using a web service such as VirusTotal (and remind that "if there is a doubt... there is no doubt there is problem"); use your brain! --> prevention of 3rd kind attack.

Detection:
- A rootkit checker such as rkhunter checks for rootkits presence (with low detection rate, since it is outdated), but also makes hashes of your system files, during the 1st use; during following uses, it will compare the hash with the 1st one, stored, and will detect if file has changed; user will have to decide if change is normal (in case of file update; Synaptic will help with its history) or not. Of course, the 1st use of rkhunter should be done on a freshly installed secure system.

- The use of an antivirus, such as Clamav, might help to detect installed malware when doing a complete system scan; however:
* Clamav detection rate is low, it should be completed by Clamav unofficial signatures,
* using an antivirus program from an infected computer might arrive to non-detection (virus/malware could use "countermeasures"), and Clamav should so be installed and used from an external boot disk,
* a possible solution is to use "Antivirus Live CD", http://antiviruslivecd.4mlinux.com/:
Antivirus Live CD is an official 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses. Ethernet, WiFi, PPP and PPPoE are supported by Antivirus Live CD to enable automatic updates of its virus signature databases. All partitions are mounted during the boot process so that they can be scanned by ClamAV. The Antivirus Live CD ISO images are fully compatible with UNetbootin, which can be used to create an easy-to-use Antivirus Live USB.
Emergency measures:
- Once a malware on your system, you should re-install it (from scratch).

- Once the system re-installed, you should copy your home files in your "/home" directory; this means you need to periodically backup your home files, when they are secure and sane.

If one of the three steps (prevention, detection, emergency measures) is missing, you will be in trouble:
- Without prevention, the risk of malware infection increases strongly.

- Without detection, you might back up compromised files over secure ones.

- Without backup, you might be unable to recover your user files.

Regards,

MN
Last edited by MikeNovember on Mon May 16, 2022 10:58 am, edited 1 time in total.
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
User avatar
151tom
Level 4
Level 4
Posts: 477
Joined: Fri Oct 20, 2017 5:57 pm
Location: "The Sooner State"

Re: Should a home user worry about this? (malware)

Post by 151tom »

I'm no Linux guru so I know nothing about any of this.

I suggest running your browser inside of Firejail Sandbox.

https://easylinuxtipsproject.blogspot.c ... ndbox.html

I also suggest installing from here and not the Linux repository.

https://sourceforge.net/projects/fireja ... b/download
Last year we said, 'Things can't go on like this', and they didn't, they got worse.
[Will Rogers]

There are two theories to arguing with a woman. Neither works.
[Will Rogers]
User avatar
MurphCID
Level 15
Level 15
Posts: 5894
Joined: Fri Sep 25, 2015 10:29 pm
Location: Near San Antonio, Texas

Re: Should a home user worry about this? (malware)

Post by MurphCID »

Ok, these are the good sort of responses I expect here. For normies like me, these bulletins are written outside of my realm of expertise. All too many of us, and I am included in this group are trying to do something on a Linux box and find the instruction: "Type sudo apt install XXXXXX and then do this blah blah blah in terminal and it will take care of your issue. I can see that being a bad thing. Most of us who are not Power users or Linux gods need a little more explanation of what the heck these things mean. I'm not stupid, just inexperienced.
Marie SWE
Level 5
Level 5
Posts: 713
Joined: Wed Feb 28, 2018 7:32 pm
Location: Sweden

Re: Should a home user worry about this? (malware)

Post by Marie SWE »

rene wrote: Mon May 16, 2022 6:28 am
Marie SWE wrote: Sun May 15, 2022 9:25 pm So to telling new Linux user "not to worrisome for desktop Linux users".. is a little bit arrogance as Linus desktop is far from immune..
Marie, please take your average crap elsewhere.

I didn't say anything was immune; the question as posted was explicitly about home-users needing to worry about the described piece of malware. Which as said may be described as relatively capable once it's on your system but where this doesn't even much matter; said explicitly three times -- which I thought was a bit much for such a short post; just goes to show -- since the thing as to desktop Linux is getting it on your system in the first place. In this case moreover about getting this corporate-espionage geared piece of Chinese-government malware onto your desktop-Linux home-user system in the first place.

I am pretty much capable of judging the technology as such, and as again said, there is and always will be by nature of said technology a world of conceptual threats out there. But actual ones are those that matter, and by virtue of having been a Linux user for more than 20 years I'm also by now pretty much capable of judging that far more practically relevant part. You are not. Probably not as to the technology eventually (although I've admittedly seen you say some things which weren't completely technically wrong at least) but sure as <bleep> not as to that "actual" rather than "conceptual" part.

Yet, or in practice unfortunately significantly more commonly as one of characterological paranoia and/or Great InterNet-Saviour syndrome. Sort of rooting for it to in your case be former but it's going to take years to determine: could you in the meantime do (me and...) the newbies on this and other forums the favour of not saddling them with baseless Fear, Uncertainty and Doubt as to "malware" on their home Linux systems? Because I've been countering it for probably around 15 years now and it's getting to be significantly too much. It's each time the same thing and pretty much exactly like, say, being asked over and over to prove that Bill Gates did not in fact put 5G mind-control chips in corona vaccines. "Ha, can't prove that?! Told ya he did!!".

Yah. As said, there are and always will be many conceptual threats out there -- but now learn about the real rather than fairytale world. In that one desktop-Linux home-users do not have to worry about the linked article. If you do not know that to be true, that is precisely what it is: you not knowing that to be true. Newbies on this and other Linux forums should get better.
I wish I could write as good in English as I can in Swedish. So I had a bigger vocabulary and better grammar.
(take your average crap elsewhere) you say.
I guess you also denying that Evilgnome never existed?
https://www.securityweek.com/evilgnome- ... inux-users
https://en.wikipedia.org/wiki/Linux_malware
I didn't say anything was immune
Yes i know that.. and if you have bother to read my first two rows.
I'm going to play the devil's advocate a bit, i quote your text as you did say somethings i react to... But this post is to all of us. :roll:
I did warn about unsafe download yesterday in here. That tread is gone now.

Do you notice this two things?
And did you notice this?
No worry, desktop world is immune.... Something i heard over and over again my first 6 months with linux.
You just paranoid from windows you don't need firewall, you don't need antivirus , you don't need to monitor your system.


I newer did talk to you those first 6months of my step in to the linux world.. so that was as the rows above. (this is to all of us)
Did you also notice? (This is something that spreads thru different linux community........You are safe, it's Linux...)
That is not Mint specific meant.. it is the whole wide world of linux communities i meant.

Its always better to be safe then sorry.. MikeNovember did a really-really good post on this.
and i like the scouts motto: always be prepared

I don't understand why one should wave away IT security so easily in Linux Desktop but not in MacOS or in the Linux server world.
Yes linux has very few viruses and malware and that is only because the linux desktop world is so small that it is not worth investing large resources in making the Desktop world a target........... yet!
But attacks on linux are increasing every year and it is only a matter of time before the desktop world becomes a target... so why not use the scouts motto: be prepared
Macs have very few viruses and malware as well, but they have good antivirus software for prevention.
So why doesn't Linux desktop have it as the risk of becoming infected is almost equal to mac.. The reason is the arrogance. Linux Desktop can't get infected.. you're totally safe till 99.9999999% no worry.
I have a concealed gun permission, so I can't get mugged. :roll:

You seem to know a lot about linux Desktop and you seem to have half the arch wiki in your head. And i have given you compliments for the posts you've made. I am impressed of your knowledge of Linux desktop and i hope to get to that level with time.
But when it comes to IT security and critical thinking then you get an F.

I can almost bet that MikeNovember either works with IT infrastructure or IT security or has an extreme interest in security.
You should always be prepared for things to happen. Why else bother to make disk backup to an offline disk for personal data-partitions if nothing ever can happen???
why not just settle for Raid1 if it's just a "disk crash" you're worried about?
and use btrfs/timeshift/testdisk if you just worried about deleting documents and photos by mistake?
We don't need a offline disk for personal data, no ransomware can hit us anyway.

No... I do expect something to happen.. better safe than sorry.
I do follow MikeNovember post but with a few additions. one, as I do what to be able to detect suspicious activity's on all of my computers, not only in the network traffic. two and I also have outbound firewall rules on every computer as spyware sends data out in the background and its often by it's own processes/programs. also remote access is often create through a tunnel from the inside and out, to bypass firewalls as they often is default set to allow all outbound traffic. I have a few more additions that i wont publish online.
On the blue team you try to come up with new ways to protect yourself and on the Red team you just trying to bet the Blue team to create new ways to beat the system.

that's how I look at all systems whether it's linux, mac or windows.
Linux Desktop may not YET be a target to hackers.. but it will in time.

So yes you can use the 2nd rule of community fight-club rules i wrote about in post viewtopic.php?p=2174122#p2174122
But it's still a fact that we all should learn new Linux Desktops users to use a critical thinking about IT security as Linux desktop doesn't offer so much tools to protect us from when we does stupid things.. as copy sudo commands from a anonymous website.
Not to worry is a stupid thing..... It does not happen to me, so why should I wear a seat belt when I drive a car, when I am such a good driver.
IT-security isn't a joke to just wave away.
if you want my attention...quote me so I get a notification
Nothing is impossible, the impossible just takes a little longer to solve..
It is like it is.. because you do as you do.. if you hadn't done it as you did.. it wouldn't have become as it is. ;)
Marie SWE
Level 5
Level 5
Posts: 713
Joined: Wed Feb 28, 2018 7:32 pm
Location: Sweden

Re: Should a home user worry about this? (malware)

Post by Marie SWE »

MikeNovember wrote: Mon May 16, 2022 9:04 am Hi,

This malware analysis is interesting but, like many analyses, it does not tell how the malware can be installed in your system.

There are several ways a malware can install on your system:
(...)
I love your post. :mrgreen:
Just superb made.
Last edited by Moem on Mon May 16, 2022 4:50 pm, edited 1 time in total.
Reason: Trimmed a quote. Please quote selectively.
if you want my attention...quote me so I get a notification
Nothing is impossible, the impossible just takes a little longer to solve..
It is like it is.. because you do as you do.. if you hadn't done it as you did.. it wouldn't have become as it is. ;)
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: Should a home user worry about this? (malware)

Post by rene »

<very deep sigh>

Read the question that was asked in the original post and describe how that described piece of malware realistically gets onto poster's system if he/she follows my advise to not worry about it.

Do that or can the FUD.
User avatar
Samarian Sunset
Level 4
Level 4
Posts: 206
Joined: Fri Sep 27, 2019 9:09 pm

Re: Should a home user worry about this? (malware)

Post by Samarian Sunset »

rene wrote: Mon May 16, 2022 8:05 am ...Active web-content isn't a general attack vector. For example JavaScript runs inside of a (very) limited "interpreter virtual machine" inside of the browser-process, i.e., with few possibilities to interact with the system as such; beyond explicitly intended ones none even -- other of course than for bugs and/or oversights in said browser's implementation. Those exist, and e.g. the family of side-channel attacks on CPU caches from a few years ago (although variants of it are being found to this day) was in theory as a timing-based attack available from active content. Browsers at the time immediately locked that possibility further down but even before they did it wasn't a practical attack-vector in any sense and as far as I'm aware there was literally never a web-site found that even tried to maliciously exploit the issue.

...As to drive-by threats I remember really but one half-way interesting one; a bug in an obsolete and obscure graphics library for an even more obscure legacy-gaming simulator, I believe it was. That one will probably have come close to being conceptually applicable to 0.001 percent of desktop-Linux users, i.e. those that had said obscure and obsolete software installed in the first place, and still to 0.000 percent if we then intersect with those that would've visited malicious websites constructed to exploit the issue ...
Thanks for putting that into a logical, clear perspective, very helpful to read and good to know.

My two cents is linux users should probably be more concerned about power surges from lighting strikes than the malware described in the OP of this thread...Once lighting did strike a tree by my house and fried some electronics that were plugged in at the time.
t42
Level 11
Level 11
Posts: 3708
Joined: Mon Jan 20, 2014 6:48 pm

Re: Should a home user worry about this? (malware)

Post by t42 »

PCDoctor wrote: Mon May 16, 2022 5:07 pm So is this thing getting onto your computer by bypassing the firewall
Or is it getting on some other way and bypassing the firewall
To upgrade itself
As explained above several times* it is not getting onto your computer. But "it" can be installed manually by evil maid https://en.wikipedia.org/wiki/Evil_maid_attack.

*your question is still valid. Every security thread here is usually hijacked by generalizing without knowing specifics, by talking from the name of abandoned and ignorant unspecified "we" and even copying full text of their 2nd year lectures or old executive summaries and as a bonus even an attempt to preach Firejail.
Last edited by t42 on Mon May 16, 2022 5:35 pm, edited 1 time in total.
-=t42=-
User avatar
MurphCID
Level 15
Level 15
Posts: 5894
Joined: Fri Sep 25, 2015 10:29 pm
Location: Near San Antonio, Texas

Re: Should a home user worry about this? (malware)

Post by MurphCID »

I remember removing stuff from the kids laptops as they were growing up from all the random clicking they did. I remember getting rid of at least six to eight toolbars in the browser on IE at one point. I guess it is the same issue here.

Also too much of this stuff is treated like internet bubonic plague, where all you have to do is hear about it and then boom! your computer is infected. But you have to be reasonably careful, but some of these things read like all you have to do is be on the internet and it homes in like a heat seeking missile and destroys you. For that I blame the way these bulletins are written, in their own way they spread fear because they are at such a high level of generalization and not written for normies.
User avatar
RollyShed
Level 8
Level 8
Posts: 2434
Joined: Sat Jan 12, 2019 8:58 pm
Location: South Island, New Zealand
Contact:

Re: Should a home user worry about this? (malware)

Post by RollyShed »

I've said it before, yes we have here had malware on a computer until it totally wiped the computer.
Written by?
Who else, Microsoft, who called it Updates. And they keep doing it too.
At least it doesn't, hasn't so far, happened with Linux.
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: Should a home user worry about this? (malware)

Post by rene »

MurphCID wrote: Mon May 16, 2022 5:34 pm For that I blame the way these bulletins are written, in their own way they spread fear because they are at such a high level of generalization and not written for normies.
And for that reason I've been somewhat insisting that people who'd post "security" issues to the forum mention attack vector alongside; for example viewtopic.php?p=2043284#p2043284. And why I still relatively frequently do comment supplying that information; for example the recent viewtopic.php?p=2169286#p2169286 or even this very thread -- although admittedly in this case initially sort of implicit, only answering the direct question.

Thing is that local attack is by and large always required; untrusted local user or malware. Neither is relevant to likely quite literally every single Linux Mint forum user -- but you see what happens: each and every time someone feels the urge to conjure up a lot of either outright technical nonsense or, almost at best, to the specific situation inapplicable generalities once a threat being not an actual threat is pointed out. That then however worries those that feel themselves incapable of judgement and needs long follow-ups again, c.f for example this thread.

It's an untenable situation. I mean; just look at the length of the posts that I "had" to again follow-up with here after having given the only in fact relevant reply immediately as the original response. Every single time, every single general-internet forum. It's as said above; by and large always the attack vector is local; untrusted local user or malware, and anyone who can in fact discriminate between them will immediately sound the alarm when something more interesting comes along. The base-attitude can otherwise simply be to not worry; you are not under any form of attack on desktop Linux.

Cue Marie SoWillinglyErrant saying that's just silly. Cue me going to bed...
Locked

Return to “Chat about Linux”