How can I detect malicious packages/software?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
trope
Level 4
Level 4
Posts: 221
Joined: Tue Feb 19, 2013 1:10 pm

How can I detect malicious packages/software?

Post by trope » Tue May 21, 2019 9:00 pm

I assumed that packages installed from the terminal come from a repository that is examined for malicious software, but found out that this is not the case. I have not really checked that anything I have installed is safe, which would also include commands I ran in the terminal based on websites to troubleshoot problems. Is there any way to check if I have any malicious software or if I have run any untoward code?

My current laptop is about 6 months old and I do not recall running much code compared to previous linux laptops that I have had for years, nor do I suspect anything in particular. If I ran code from a website, it definitely would not have looked too shady because I would have noticed it, but surely some con jobs are very slick. Possibly I could have run code from commenters to an article if code in the article did not work.

Same question for Python packages. The only list I could find of malicious software was https://www.zdnet.com/article/twelve-ma ... from-pypi/, and I manually checked with what I have installed with "pip3 list", with no matches.

I did just turn on the linux mint firewall, which is not turned on by default when I installed 19 Tara.

User avatar
jimallyn
Level 18
Level 18
Posts: 8952
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: How can I detect malicious packages/software?

Post by jimallyn » Thu May 23, 2019 3:02 am

My current "daily driver" is Mint 19.1, and I am not using any antivirus on it. I did try some antivirus programs on my old Mint 17.3 install:

Comodo
f-prot
Kaspersky
maldet
Sophos

I may not have actually installed and ran all of them, that's just the ones I still have the install files for on the hard drive. I know I tried Sophos, and I'm pretty sure Comodo and Kaspersky. It sticks in my mind that Sophos was the one I found easiest to install and use. They did find some viruses, all of which were Windows viruses attached to emails that had been deleted to the trash but not yet fully deleted.

You might try running any software you download through virustotal.com. That will scan them with about 60 different virus scanners.

Viruses on Linux are quite rare, and most Linux users don't bother with antivirus (except on servers).
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
smurphos
Level 13
Level 13
Posts: 4792
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: How can I detect malicious packages/software?

Post by smurphos » Fri May 24, 2019 1:36 am

trope wrote:
Tue May 21, 2019 9:00 pm
I assumed that packages installed from the terminal come from a repository that is examined for malicious software, but found out that this is not the case. I have not really checked that anything I have installed is safe, which would also include commands I ran in the terminal based on websites to troubleshoot problems. Is there any way to check if I have any malicious software or if I have run any untoward code?

My current laptop is about 6 months old and I do not recall running much code compared to previous linux laptops that I have had for years, nor do I suspect anything in particular. If I ran code from a website, it definitely would not have looked too shady because I would have noticed it, but surely some con jobs are very slick. Possibly I could have run code from commenters to an article if code in the article did not work.

Same question for Python packages. The only list I could find of malicious software was https://www.zdnet.com/article/twelve-ma ... from-pypi/, and I manually checked with what I have installed with "pip3 list", with no matches.

I did just turn on the linux mint firewall, which is not turned on by default when I installed 19 Tara.
Your post raises some interesting points.

You can be pretty sure that packages installed via the terminal from the default software sources included in Mint are safe. Those repos are maintained by the Mint team, Ubuntu team, or if you make use of the flatpak integration in software manager the Flathub maintainers, all of whom exercise some oversight over what is available from those sources. Nothing is ever 100% sure though

However as soon as you make any modification to those software sources (adding PPA's, adding additional third party-repos, using pip/pip3 to update python modules, downloading appimages, building apps directly from source, installing binaries from the web) etc etc you are effectively on your own and need to make a judgement as to the likely risk of any action and whether you are willing to accept that risk.

That judgement may be informed by the source of the instructions and how trustworthy you deem that source, how trustworthy you deem the source of the software being installed, verification that other users (ideally using the same distro) have not run into issues following the instructions or installing the software, examination of the source code of the whatever it is you are adding, your experience to date and your personal level of risk-adversity
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.

Post Reply

Return to “Newbie Questions”