[Solved] Potentially unwanted programs

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
matthekc
Level 2
Level 2
Posts: 61
Joined: Mon Jan 15, 2007 5:13 am

[Solved] Potentially unwanted programs

Post by matthekc » Wed Jan 27, 2016 2:49 am

I found I had an ad injector last night. For anyone that does not know they are little programs or scripts on your computer that add advertisements to your browsing and may do other things as well...
I ran ClamAV and found some potentially unwanted programs in my Firefox cache and deleted the everything in my Firefox cache.
Over the next few days I will be running ClamAV on everything with multiple passes.
I already run Noscript and the uncomplicated firewall. Is there a way to force Firefox to always start in incognito mode? That would have prevented my potentially unwanted program from sticking around correct?
What other security recommendations do you guys have for us "normal users"?
Last edited by matthekc on Sat Jan 30, 2016 5:53 am, edited 1 time in total.

User avatar
xenopeek
Level 24
Level 24
Posts: 24096
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Potentially unwanted programs

Post by xenopeek » Wed Jan 27, 2016 4:15 am

I'd recommend you not bother yourself with the PUA list, ClamAV is silly enough to flag cookies even. Virus scanners on Linux are primarily useful to users that forward files from one Windows user to another, or that use Windows software on Linux (e.g., wine, playonlinux, etc.).

Add uBlock Origin to block ads, as most malware is distributed through ad networks. You could also disable Firefox' disk cache (set browser.cache.disk.enable to false). Perhaps add Self-Destructing Cookies to delete cookies after you close the last tab of a website. With that I don't think you need to go private browsing mode all the time.

But if you want, to always start Firefox in private browsing mode, go to Preferences > Privacy and enable that option there.
Image

matthekc
Level 2
Level 2
Posts: 61
Joined: Mon Jan 15, 2007 5:13 am

Re: Potentially unwanted programs

Post by matthekc » Wed Jan 27, 2016 4:17 am

What can a malicious script in the cache do other than inject ads into websites I am viewing?

Also thanks for the quick reply Xenopeek.

User avatar
xenopeek
Level 24
Level 24
Posts: 24096
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Potentially unwanted programs

Post by xenopeek » Wed Jan 27, 2016 4:31 am

The script is cached for that website. Whether it is cached or not is irrelevant. The next time you visit the website, and it needs to load that script, and it isn't in the cache, it will just download it anew. Also private browsing mode doesn't stop the script from being downloaded :)

You can use Firejail to run Firefox (or any other application) in a security sandbox. That way Firefox, or scripts running in Firefox, can't access most directories and files in your home directory, and will have a lot tougher time to do damage to your system. I have a tutorial for installing and using Firejail here: http://forums.linuxmint.com/viewtopic.php?f=42&t=202735. Malicious scripts could still mess up your browser itself, but can't escape your browser to do damage outside of it and except for your Downloads directory can't modify files on your system.
Image

matthekc
Level 2
Level 2
Posts: 61
Joined: Mon Jan 15, 2007 5:13 am

Re: Potentially unwanted programs

Post by matthekc » Wed Jan 27, 2016 5:10 am

You rock!

Hoser Rob
Level 14
Level 14
Posts: 5498
Joined: Sat Dec 15, 2012 8:57 am

Re: Potentially unwanted programs

Post by Hoser Rob » Wed Jan 27, 2016 8:33 am

Often those kind of things are flash or LSO cookies, which aren't stored the same way as regular cookies so auto deleting cookies doesn't work. I've had them before. Installing the Better Privacy firefox plugin fixed that.

Post Reply

Return to “Newbie Questions”