Page 1 of 1

How can I detect malicious packages/software?

Posted: Tue May 21, 2019 9:00 pm
by trope
I assumed that packages installed from the terminal come from a repository that is examined for malicious software, but found out that this is not the case. I have not really checked that anything I have installed is safe, which would also include commands I ran in the terminal based on websites to troubleshoot problems. Is there any way to check if I have any malicious software or if I have run any untoward code?

My current laptop is about 6 months old and I do not recall running much code compared to previous linux laptops that I have had for years, nor do I suspect anything in particular. If I ran code from a website, it definitely would not have looked too shady because I would have noticed it, but surely some con jobs are very slick. Possibly I could have run code from commenters to an article if code in the article did not work.

Same question for Python packages. The only list I could find of malicious software was https://www.zdnet.com/article/twelve-ma ... from-pypi/, and I manually checked with what I have installed with "pip3 list", with no matches.

I did just turn on the linux mint firewall, which is not turned on by default when I installed 19 Tara.

Re: How can I detect malicious packages/software?

Posted: Thu May 23, 2019 3:02 am
by jimallyn
My current "daily driver" is Mint 19.1, and I am not using any antivirus on it. I did try some antivirus programs on my old Mint 17.3 install:

Comodo
f-prot
Kaspersky
maldet
Sophos

I may not have actually installed and ran all of them, that's just the ones I still have the install files for on the hard drive. I know I tried Sophos, and I'm pretty sure Comodo and Kaspersky. It sticks in my mind that Sophos was the one I found easiest to install and use. They did find some viruses, all of which were Windows viruses attached to emails that had been deleted to the trash but not yet fully deleted.

You might try running any software you download through virustotal.com. That will scan them with about 60 different virus scanners.

Viruses on Linux are quite rare, and most Linux users don't bother with antivirus (except on servers).

Re: How can I detect malicious packages/software?

Posted: Fri May 24, 2019 1:36 am
by smurphos
trope wrote:
Tue May 21, 2019 9:00 pm
I assumed that packages installed from the terminal come from a repository that is examined for malicious software, but found out that this is not the case. I have not really checked that anything I have installed is safe, which would also include commands I ran in the terminal based on websites to troubleshoot problems. Is there any way to check if I have any malicious software or if I have run any untoward code?

My current laptop is about 6 months old and I do not recall running much code compared to previous linux laptops that I have had for years, nor do I suspect anything in particular. If I ran code from a website, it definitely would not have looked too shady because I would have noticed it, but surely some con jobs are very slick. Possibly I could have run code from commenters to an article if code in the article did not work.

Same question for Python packages. The only list I could find of malicious software was https://www.zdnet.com/article/twelve-ma ... from-pypi/, and I manually checked with what I have installed with "pip3 list", with no matches.

I did just turn on the linux mint firewall, which is not turned on by default when I installed 19 Tara.
Your post raises some interesting points.

You can be pretty sure that packages installed via the terminal from the default software sources included in Mint are safe. Those repos are maintained by the Mint team, Ubuntu team, or if you make use of the flatpak integration in software manager the Flathub maintainers, all of whom exercise some oversight over what is available from those sources. Nothing is ever 100% sure though

However as soon as you make any modification to those software sources (adding PPA's, adding additional third party-repos, using pip/pip3 to update python modules, downloading appimages, building apps directly from source, installing binaries from the web) etc etc you are effectively on your own and need to make a judgement as to the likely risk of any action and whether you are willing to accept that risk.

That judgement may be informed by the source of the instructions and how trustworthy you deem that source, how trustworthy you deem the source of the software being installed, verification that other users (ideally using the same distro) have not run into issues following the instructions or installing the software, examination of the source code of the whatever it is you are adding, your experience to date and your personal level of risk-adversity