Questions about Defragging or Antivirus? Look here first!

[jeanpaulberes]

Dear Pjotr

I'm not spreading FUD, remind please the virus present in the Linux Mint Download file in Februari 2016 .. Rather quickly discovered BUT there was one !
Linux is an OS like many other OS'es and not completely invulnerable ... Hacking into the system is possible (and by the way that's also why a Hacking Linux OS, being KALI Linux is created.. under the name of Penetration or Vulnerability testing OS, BUT used by Anonymous and others )

A good check now and then is NEVER useless, neither for desktop users, neither for others. As long as people are using computers to surf also on the Net, risks exist !!!

Kind regards,
JP BERES

[Pjotr]

Dear Pjotr

I'm not spreading FUD, remind please the virus present in the Linux Mint Download file in Februari 2016 .. Rather quickly discovered BUT there was one !
Linux is an OS like many other OS'es and not completely invulnerable ... Hacking into the system is possible (and by the way that's also why a Hacking Linux OS, being KALI Linux is created.. under the name of Penetration or Vulnerability testing OS, BUT used by Anonymous and others )

A good check now and then is NEVER useless, neither for desktop users, neither for others. As long as people are using computers to surf also on the Net, risks exist !!!

Kind regards,
JP BERES

That's definitely not a good example. What you're referring to is the hack of the Linux Mint website, which caused it to point to a specially crafted iso with malware on some Bulgarian server, during one or two days. It's not, I repeat *not* an example of Linux Mint systems getting infected.

For desktop users of Linux Mint, installing antivirus (and consorts) is not only useless, but even makes their systems less secure.

I recommend to read this article, that I've written about security in Linux Mint:
https://sites.google.com/site/easylinux ... t/security

[jeanpaulberes]

Dear Pjotr,

First of all, thank you very much for the link to your article, super interesting !

But by the way, look what is written in your article :
"Don't install Wine or Mono in your Linux
5. The security overview above, applies to a "clean" Linux without Windows emulators like Wine, PlayOnLinux and CrossOver.
Those emulators are used to run Windows software in Linux. It's better not to install such Windows emulators, because they make your Linux partially vulnerable to Windows malware."

AND ... Mono is present by default in Linux Mint. In Ubuntu and Debian

Well, only referring to your article and you did accuse me for FUD ...

Kind regards,
JP BERES

[Pjotr]

Dear Pjotr,

First of all, thank you very much for the link to your article, super interesting !

But by the way, look what is written in your article :
"Don't install Wine or Mono in your Linux
5. The security overview above, applies to a "clean" Linux without Windows emulators like Wine, PlayOnLinux and CrossOver.
Those emulators are used to run Windows software in Linux. It's better not to install such Windows emulators, because they make your Linux partially vulnerable to Windows malware."

AND ... Mono is present by default in Linux Mint. In Ubuntu and Debian

Well, only referring to your article and you did accuse me for FUD ...

Kind regards,
JP BERES

So my advice is: don't install those Windows emulators (which aren't present by default), and remove Mono (which is, as far as I know, only present by default in Linux Mint and not in Ubuntu or Debian).

Then you don't need any AV, which would only make your system less secure.

[jeanpaulberes]

Indeed Pjotr, indeed you're right !!!
And if everybody would do that, indeed no problems and problems can and could be avoided !
Thanks,
Would be nice to let publish your article to the Linux Mint Site too !
Regards,
JP

[Cosmo.]

I'm not spreading FUD, remind please the virus present in the Linux Mint Download file in Februari 2016 .. Rather quickly discovered BUT there was one !

This is not - as Pjotr wrote - a bad example, this is simply wrong!

There was never a virus in any Mint download file from the official server. There was an attack, which redirected the download to another server. The changed iso image added a backdoor, what to my remembrance would not have found by any AV and especially not by any rootkit scanner (as this isn't one). Checking the shasum (what was not available at that time 1 year ago) reveals, if the download file is valid or not.

A rootkit hunter does also have nothing to do with wine, mono, skype etc. As long as you do not run the programs as root, no rootkit can get installed (assumed, that the downloaded files are clean). That is a question of the mechanism of Linux.

Every system is in principle vulnerable. This includes AVs itself, they can add new vulnerabilities into the system. The more smart those programs try to be, the more they integrate into the system, the higher is the risk.

The best security tool available has a name, it is called common sense. Taken from a guest commentary in an av-test.org article:

In general, everyone should understand that, after all, antivirus products form only the second line of defense in combating malware: The most important is resting on the shoulders of the user. Anyone who stays abreast of malware, regularly keeps their system up to date, does not open up any non-essential ports, only installs software from reliable sources, prohibits the Web browser from automatically executing active content and does not click on everything that has not disappeared on a count of three out of the mail client or from the desktop, actually has nothing to worry about in terms of malware under Linux.

People, who find false positive warnings and corrupted systems (the last case here I do remember was 2 weeks back) funny and entertaining should indeed install those types of programs. My claims for entertainment are different.

[killer de bug]

AND ... Mono is present by default in Linux Mint. In Ubuntu and Debian

I have already addressed this in a different topic. Mono doesn't make your system vulnerable. This is FUD.
And spreading FUD is not welcome on this forum.

[jeanpaulberes]

@killer de bug ...

Well, this FUD I did copy it from the article of PJOTR .. it was not my saying ...
There is somewhere within the Thread of these discussions a link to that article !!!

Now the only thing I wanted to mention is that, please stay all down to earth, nothing (AND this is no FUD) is 100% ... Not Unix, not BSD, Not Linux, Not MAC-Os, not Windows ... Whatever ... I'm a Master in Computer Science, with more then 28 years of experience, started on Mainframes with Punch Cards, Midframes (IBM S/36, S/38, AS/400), I've seen growing the PC's from the 1st Personal Computer until where we are know .. AND even knowing that there are within IT very skillful people, NOTHING but then Nothing is and will be completely 100% safe...

So please, it's nice to adhere so well to this wonderful OS Linux Mint is, but don't spread fairy tails too ... thanks !

[Pjotr]

I have already addressed this in a different topic. Mono doesn't make your system vulnerable. This is FUD.
And spreading FUD is not welcome on this forum.

In that other topic (if we refer to the same one), I've discussed this with you. And we still disagree, which is no problem to me: I think it's fine when somebody publicly has other opinions than I. But apparently it is a problem to you?

For other people who read this, this is the gist of my opinion about Mono: it's cross-platform between Linux and Windows, which in itself makes it more likely and profitable as a target for malware. Just like Java. This is not FUD, this is a fact. You may not like that fact, but a fact it is.

Furthermore, in almost all cases Linux users don't need Mono, because there usually are good indigenous Linux alternatives for Mono based applications. I think it's a pity that Mono is present by default in Linux Mint, just because of one unimportant notes app (Tomboy), for which we have some fine non-Mono alternatives.

So I advise to remove Mono from Linux Mint. It's something which (at least theoretically) increases security risks, without having a real benefit (at least for the vast majority of the Mint users).

[Cosmo.]

I'm a Master in Computer Science, with more then 28 years of experience

In this case you are supposed to know, how those AV-companies often work. Latest example: Symantec, who repeatedly issue illegit HTTPS certificates. Recommending AVs means to trust them. I don't see, how this trust can get justified.

In case of further replies: With your experience you are also supposed to know, that writing in capital letters (especially a complete post) is meant to scream and is unpolite. Please stop that.

[killer de bug]

For other people who read this, this is the gist of my opinion about Mono: it's cross-platform between Linux and Windows, which in itself makes it more likely and profitable as a target for malware. Just like Java. This is not FUD, this is a fact. You may not like that fact, but a fact it is.

Or like Python/Perl right?


[moderator on]I have removed the all caps post which was out of topic.[moderator off]

[Pjotr]

For other people who read this, this is the gist of my opinion about Mono: it's cross-platform between Linux and Windows, which in itself makes it more likely and profitable as a target for malware. Just like Java. This is not FUD, this is a fact. You may not like that fact, but a fact it is.

Or like Python/Perl right?

You shouldn't leave out the second part of my argument: namely, that Mono can easily be missed in Linux Mint (at least by the vast majority of Linux Mint users). That second fact, combined with its undeniable risk, makes me advise people to remove Mono.

[killer de bug]

Saying that it increases the target area is true. As it is for every other piece of code: Firefox, Thunderbird... I have no problem with saying/admitting this.
But stating that Mono is insecure abruptly is not true. It's not more insecure than Python, Perl, Firefox...

As for the fact that it could be removed, well, until recently it was used by Banshee, the music player. And there it comes to personal tastes and colors. And this discussion doesn't interest me.

[Cosmo.]

In addition to my Symantec example:

I just came across another Symantec security issue: All "security" products of them are affected by a vulnerability of the Norton Download Manager, which allows attackers to load a malicious library.

I already wrote above, that such type of programs can open security holes, which are without those programs not there at all. This is a very current (but not the first and surely not the last) proof for this.

In short: Who relies on such software or on the recommendations for such software is lost!

[Pjotr]

Saying that it increases the target area is true. As it is for every other piece of code: Firefox, Thunderbird... I have no problem with saying/admitting this.
But stating that Mono is insecure abruptly is not true. It's not more insecure than Python, Perl, Firefox...

I did not say it's insecure. Of course it isn't. I said that it poses a higher risk because it's a cross-platform infrastructure for software that runs both in Windows and in Linux (by means of Mono).

Comparing apples and oranges doesn't help the discussion. If you wish to compare Mono at all, you should compare it with Java. At least that comparison makes some sense.

[powerhouse]

I've followed this discussion about pro and cons of "security" software, mono, etc. I agree that all the security barriers such as firewalls, etc. are a second line defense after the number one defense: the part that sits between the shoulders on your neck.

The more software and applications, the bigger the threat that attackers find a security hole. As a rule I get rid of software I once installed, but eventually don't use. Unfortunately I do use a number of mono-based applications, at least one of them being critical (KeePass2). Which means I have to live with mono (unless someone can suggest a multi-platform password manager that does without mono).

Activate the firewall - it's there and built-in into every Linux distribution.

For desktop users there is absolutely no need for root kit hunters, anti-virus software, or (god forbid) defragging software. A root kit hunter only makes sense for servers that are directly exposed to the web, whereas anti-virus software should only be used on mail servers or file servers that serve Microsoft Windows users. A home user should not bother with setting up a mail server.

[Pjotr]

Unfortunately I do use a number of mono-based applications, at least one of them being critical (KeePass2). Which means I have to live with mono (unless someone can suggest a multi-platform password manager that does without mono).

You might try KeePassX:

Code: Select all

sudo apt-get install keepassx

More information:
http://superuser.com/questions/878902/w ... d-keepassx

[powerhouse]

Unfortunately I do use a number of mono-based applications, at least one of them being critical (KeePass2). Which means I have to live with mono (unless someone can suggest a multi-platform password manager that does without mono).

You might try KeePassX:

Code: Select all

sudo apt-get install keepassx

More information:
http://superuser.com/questions/878902/w ... d-keepassx

Thanks! Right after posting I searched and found keepassx. I'm testing it right now (installed it alongside KeePass2) on Linux Mint and installed KeePassDroid on my Android devices. I can see some shortcomings in KeePassX, but need more time to evaluate. Thanks!

By the way, your "10 things to do after..." are excellent!

[piso mojado]

I just installed Clamtk. Thanks for the advice!

[karlchen]

I just installed Clamtk.

Hm, please, see my reply in your thread "Routine maintenance on Linux - without the terminal?".