Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

[JoeFootball]

It seems that no one really KNOWS how it is with security
in Linux MINT for a desktop user.

I know that you don't like people trying to tell you what to do, so I'll just say what I do.

I keep my system updated regularly. I keep external backups and I verify them. I keep my router updated and properly configured. I run my browser in a sandbox.

[Hoser Rob]

.../ It seems that no one really KNOWS how it is with security
in Linux MINT for a desktop user.

Of COURSE they don't, security is a moving target, always. And nothing is going to ensure 100% security, ever.

[Schultz]

It seems that no one really KNOWS how it is with security
in Linux MINT for a desktop user.

A lot of people do know, and they have answered in both your threads. You seem to have as much consternation about this issue as a Windows user, and I find that sad (I don't mean this sarcastically).

[decrepit]

Yep, life is a calculated risk. There's no way you can guarantee security of any sort. Be as careful as you can and stop worrying.

[ThaCrip]

Don't worry too much as it's not like people are targeting you and since your running desktop Linux the risk is further lowered vs Windows. just be careful on what you do online and allow to run on your computer and chances are high you will have no problems as it's not like desktop Linux is a target of shady people in general since they tend to go after the low-hanging-fruit (i.e. Windows users) by default as a desktop Linux user is typically going to be more tech savvy vs the average Windows user.

if you want a little extra security... sandbox (Firejail) your browser.

[sanmig]

Yep, don’t worry, we’re all in the same boat:
https://therecord.media/windows-10-ios- ... g-contest/

[Vilsen]

I keep my system updated regularly.

So do I !

I keep external backups and I verify them.

So do I !

I keep my router updated and properly configured.

So do I !

I run my browser in a sandbox.

Well, Firejail & Firefox + Thunderbird: PROBLEMS: opening with wrong profile.


But WHAT ABOUT THE QUESTION:


HOW CAN I BE SURE THAT SOMETHING THAT has accidently
gotten in to my system does NOT migrate to my backup-disk ?

Even if I only connect the backup-disk physically when I do the backup and
then disconnect it ????

[JoeFootball]

HOW CAN I BE SURE THAT SOMETHING THAT has accidently
gotten in to my system does NOT migrate to my backup-disk ?

Even if I only connect the backup-disk physically when I do the backup and
then disconnect it ????

Linux Mint, along with any other OS, is not impervious to every scenario of maleficence that can be conjured. With that in mind, if all my firewall, sandbox, and update efforts were somehow compromised, and my system was infected with malware at the exact time that I had an external device connected, I do concede that the external device could be compromised as well.

[cliffcoggin]

But WHAT ABOUT THE QUESTION:
HOW CAN I BE SURE THAT SOMETHING THAT has accidently
gotten in to my system does NOT migrate to my backup-disk ?

To put it simply; you can not be sure. There is no guaranteed fool-proof way.

[RIH]

Firejail is fine - as long as you don't run

Code: Select all

sudo firecfg

in a terminal without understanding what it does & how to remove applications from sandboxing after doing that.

If you use a GUI like FireTools or deliberately start applications by running

Code: Select all

firejail Application

in a terminal then it works absolutely as it should...

[RIH]

Most computer programs should be treated with respect, especially any concerning security.
There are plenty of decent clear instructions out there on how to use Firejail correctly & safely.
Reading a manual is always a good idea, often ignored..

The fact that 3 people (in 4 years) claim that they managed to 'destroy' their system can only go to show exactly how cavalier their introduction of Firejail to their system must have been.
Using sudo firecfg it is completely possible to stop some Applications from working.
That can be annoying but is simple to then remove that Application from Firejails' control again.
I have absolutely no idea how one would go about 'destroying your system' with Firejail, infact I would think it was pretty near impossible.
To install Firejail, run sudo firecfg in a terminal & find that some Applications no longer work & then panic, yes, that is totally believable..

[RIH]

It is not an easy task to give a review on Software Manager - try it & you will see.

I imagine that you have to be pretty irate to take the time these days.

I am completely happy that Firejail does what I want it to do, but that is not enough for me to go through the process of saying so on Software Manager!!

[ThaCrip]

if you want a little extra security... sandbox (Firejail) your browser.

Here are the last 3 real-life reviews of Firejail in Mint's very own Software Manager:




I don't know if taking a swing at my box or laptop with a 20 pound sledgehammer will totally destroy them and every component within them, they may even still work after that, but why take a chance? That's some pretty heady language with terms like "destroyed" and "severely screwed up" and "totally killed" being used.

Is there another SUID program that can be used to sandbox Firejail with in order to safely try it out?

I am using Mint v20.2-Cinnamon and I just install Firejail from the proper deb file (from here... https://sourceforge.net/projects/fireja ... /firejail/ ; I am using "firejail_0.9.64.4_1_amd64.deb" ; that won't get automatically updated though as you have to manually keep it updated but this generally won't be a real problem since I can't imagine there is any security related flaws found all that often in regards to Firejail itself. so you can just manually check once in a while and update accordingly) and then manually adjust Firefox browser shortcut I made on the desktop to use Firejail (i.e. "firejail firefox %u" ) and I don't have any issues and have been using that for quite some time now. if I don't want to use Firejail I just load up the browser like usual since it does not modify any shortcuts this way. so basically if I load Firefox from the usual icon or start menu, it still loads Firefox normally WITHOUT Firejail. but if I load Firefox from the shortcut I made on my desktop, which I adjusted with that "firejail firefox %u", then it uses Firejail sandbox. you can tell if Firejail is currently running on any processes (like Firefox or Chrome etc) by issuing "firejail --list" from the terminal. if it does not show anything then it's not being used. but if your using Firejail, on Firefox for example, then you will see something like... "1111:user::firejail firefox".

I did manually tweak some configuration files so that the browser is a bit more locked down so it can only save files to usual folder it does by default (which I think is the 'Downloads' folder) and a custom folder I made on another hard drive (I got my main SSD boot drive along with three other hard drives connected but when Firejail is running, Firefox can only access the custom folder I allowed on one of my hard drives (and the usual 'Downloads' folder on the main boot drive as expected) as the other hard drives are not visible to Firefox when running Firejail. so with the way I currently have my Firejail configured, Firefox cannot access or even see my 4TB/5TB hard drives etc which it normally would have access to when running Firefox browser normally). then I further tweaked Firejail configuration so programs running through Firejail cannot access my password managers database file as while it does filter out some password managers by default, it does not filter the particular one I use (i.e. 'Password Safe' (in Software Manager you search for 'passwordsafe' (without the '), but I run the newest one from here... https://sourceforge.net/projects/passwo ... les/Linux/ )) so that the ".pwsafe" folder (which is where Password Safe stores it's main password database file and general data) is still accessible in the Home folder when Firefox is running in it's default state without Firejail. but when Firejail is running, after I applied some custom tweaks so it can no longer see that ".pwsafe" folder, it can no longer access that folder through the browser itself.

put "file:///" (without the ") into Firefox and press enter and you can see the folders it can access. doing that without Firejail on my system gives it more access to areas that it cannot see when Firejail is running.

so using Firejail like I am you should be pretty safe as it won't mess up your system. but as a precaution, it's always better to be safe than sorry, so make backups when doing anything potentially risky that your a bit unsure of as this way even if something gets out of whack you can easily revert those changes. I typically make a image of my hard drive with Clonezilla (basically I image my main SSD boot drive with Mint on it to a image file on another hard drive I have) before doing anything a bit more unknown because I know I can easily revert things back to EXACTLY the way they were when it was imaged since when you restore a Clonezilla image it restores things back to exactly how things were at the time you imaged it, so anything added or deleted since will be wiped and it will be returned to the exact state at the time you imaged it.

but in short... I install Firejail from that deb file I mentioned, then if you want to use Firejail with Firefox browser, you would then go to start menu and find the 'Firefox Web Browser' there, right click it, then select 'add to desktop'. then at this point you right click the Firefox browser icon on the desktop, select 'properties', then on the 'basic' tab you will see a bit below that where it says "Command:" you put "firejail firefox %u" (without the ") in there and then 'close' and then from now on when you want to use Firejail with Firefox browser you simply run it from that desktop icon and it will automatically use Firejail. but if you want to use Firefox normally, close out of the browser, then load up Firefox from the usual icon at bottom left area of the screen, or from the usual Mint menu.

but with all of that said... even using Firefox on Mint without Firejail is probably not going to be hacked anytime soon by just visiting a web page, especially if you keep it updated. so you don't have to use Firejail if you don't want to even though it does increase security a bit by using it. but... whether Firejail is worth your time to setup could be debatable given Linux is pretty secure right off the start. my guess is for most people it's not worth the effort, but I do it for good measure

[Moem]

Isn't your motto to pay attention?

No, it is not. And if you feel that I have missed the quintessence of the question in this case, it's certainly possible that you are right, because like everyone else, I do make mistakes. But all that energy and passion, which you are now spending on me, is better spent on helping Vilsen instead... by answering the question in a way that you feel is better and more helpful. It's a whole lot more constructive.

[SMG]

The correct answer was given to Vilsen by at least seven people in this thread, so it was easy for you to miss I suppose. And, I did answer the question that was asked by Vilsen and also wanted to ensure that he did not follow your advice. If poor advice is given, it is up to the board members to attempt to rectify the mistake before a user damages their setup.

Vilsen asked two different questions. If one reads the posts in this topic in the order they were posted, you will see the original question in the first post

Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

was changed to

But WHAT ABOUT THE QUESTION:

HOW CAN I BE SURE THAT SOMETHING THAT has accidently
gotten in to my system does NOT migrate to my backup-disk ?

Those are not the same question. Therefore, it is possible the "answer to the question" could be different depending upon when one posted in the thread.

For example, you posted

You have not been given good advice, Vilsen. If you backup up an infected or otherwise compromised system, your backup is also going to be screwed.

more than a week after that advice had already been given

Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Short, thick, fast and pragmatic.
If the object to be copied is infected, the copy of the infected object is an infected copy.
Don't complicate it!

So please let's keep the discussion on the topic. Discussion of how others are or are not paying attention does not help advance the discussion.

[Jsch38]

I use timeshift and backup to an external usb.
For my use i backup on a monthly basis.
I use Google calendar to remind me to do a backup.

[Schultz]

People telling him that if your system is nothing but a huge mess of every known virus, spyware, etc... and that a backup made of that system will somehow be magically void of what is actually on his computer is not good advice and that needs to be pointed out for the sake of people who don't understand.

I haven't read one reply that said that. Maybe I don't know how to read? On the contrary, back on page 1:

MikeNovember wrote:
The backup will reflect the state of your disk. If your computer is infected, your backup will be...
viewtopic.php?p=2083048#p2083048

With this said, I think this thread needs to be locked as well. Nothing more can be added to it, except continuing arguments and misunderstandings.

[Schultz]

I think it's obvious that Moem's answer is coming from the perspective of a computer getting infected after a backup has been made (and with the backup medium being not connect to the computer when the infection has taken place). The original question wasn't very clear on the scenario intended.

[karlchen]

Hello, Vilsen. Hello, folks.

Let me try to help keep this thread on topic by quoting the relevant questions and answers once again.
I know that SMG had done so before, but it seems a bit as not everybody cared to pay attention.

1. Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

   Unambiguous answer to this question:

   The backup will reflect the state of your disk. If your computer is infected, your backup will be...

   Consequence, you can only prevent a backup from being infected by malware, in case the system, where you take the backup, has not been infected at this point in time.
   -
2. In order to prevent it from being infected later on and in order to prevent it from being encrypted later on by malware:

   Again, external backups mitigate this risk. i.e., not connected to the system which has been theoretically infected.

   The backup medium must not be connected to your system all the time, but only while you are making a backup.
   -
3. Let me add another important point, which, as far as I could find out when reading all the posts, no-one has mentioned very clearly:
   You must not depend on one single backup. You should have 2 or 3 generations of backups. Preferrably on separate external media.
   One reason for having more than 1 single backup is:
   If your backup medium goes bad (no device lives forever), then you ar without any backup.
   Another reason is precisely the case, which you Vilsen are afraid of: malware manages to invade your backup.
   Does not matter how likely or unlikely it is to happen. In case it happens, then your only backup would be unusable.
   This is why you need 2 or 3 separate generations of backups on separate media.
   -
4. This should also answer your next question Vilsen.

   How can I be sure that the backup does not get encrypted WHEN I attach it ?

   If you attach a backup device to an infected system, then your next backup may easily be infected as well. Or in case of ransomware, your backup may easily be encrpted as well.
   Have more than 1 single backup. See above.
   -
5. One more time:

   But WHAT ABOUT THE QUESTION:
   HOW CAN I BE SURE THAT SOMETHING THAT has accidently gotten in to my system does NOT migrate to my backup-disk ?

   To put it simply; you can not be sure. There is no guaranteed fool-proof way.

   Again: have more than 1 backup on more than 1 medium. Do no connect all of them to your system at the same time.
   -
6. The final question is a bit off-topic with repsect to making backups and keeping them safe.

   .../ It seems that no one really KNOWS how it is with security in Linux MINT for a desktop user.

   Of COURSE they don't, security is a moving target, always. And nothing is going to ensure 100% security, ever.

Actually, the initial questions had been correctly answered very early in this thread.
The rest of the thread space and time was used by some folks in order to digress from the pretty clearly defined thread topic into various unproductive directions.

Regards,
Karl

[sanmig]

In this context (Vilsen’s fear) I’m not really happy by simply repeating the common mantra to backup (regularly, often, externally, 2 to 3 generations, diverse media, whatever)
and all will be good.
The main reason is the term “backup” isn’t precise enough for a simple solution / scheme / ritual / good habit,
and simply taking “backups” may not prevent from disaster.

In his first post here:

Is the truth that Linux MINT is defenseless against an attack from a modern
carpented ransomware / cryptolocker prg and that
the BACKUP you take with you becomes equally infected and destroyed
which means that all talk about how important it is to take BACKUP becomes
completely uninteresting.

So Vilsen “questated” some unpleasant truth and an incorrect conclusion.
To correct that I guess we should focus on what to do after taking a “backup” (yes, at first it would take us back to clarify what we think is a backup).