Interest: If ever there was reason to uninstall mono, this is it

[catweazel]

https://www.itwire.com/security/86727-a ... claim.html

The Mono framework, a free system that lets users run Windows applications on other operating systems, including macOS, is allowing malicious attackers to infect Apple systems with Windows malware.

Mono was developed by Miguel de Icaza, a co-founder of the GNOME desktop project, a DE that is used by Linux systems. De Icaza is now employed by Microsoft.

The security firm Kaspersky Lab pointed out that malicious attackers were collecting data about Apple systems and feeding it into adware using files with an .exe extension – files which normally run only on Windows.

[DAMIEN1307]

pjotr has for years now recommended to always uninstall mono/orca as one of the first things to do with a new install as it would be able to open your system up to windows malware baddies...this proves him right and one of the first things i ever learned about linux, as well as dont use wine, dont copy and paste unknown code from random websites, dont disable sudo password for "ease of use" etc., and be wary of PPAs not from a well known trusted source...DAMIEN

[kc1di]

+1

[rambo919]

And this is surprising? If you use windows software you are vulnerable to windows viruses.... just also install a proper AV ffs

[gm10]

It remains a terrible argument. With that reasoning you gotta uninstall Python, too (among many other things).

(just in case: don't do it, you'll break your system)

[catweazel]

pjotr has for years now recommended to always uninstall mono/orca as one of the first things to do with a new install as it would be able to open your system up to windows malware baddies...this proves him right

Orca has nothing to do with this, it's a screen reader. Pjotr's tip to remove it is to prevent unsuspecting persons from getting a shock when their machine talks at them. But, yes, he's quite right about the risk posed by mono. I wouldn't go so far as saying "proves him right", but the article certainly justifies Pjotr's extreme caution with mono.

[DAMIEN1307]

yeh, im aware that is orcas purpose, i just remember that the original code he used to use a few years back included orca as well as mono in the same line and i wasnt interested in orca anyways...and i would say, "extreme caution" is a fair term to use here as well when referring to mono usage...DAMIEN

[altair4]

From the article:

To add to the irony, this was done with pirated copies of the Little Snitch firewall and users who tried to avoid paying for a licence ended up with malware instead, researcher Leonid Grustniy said.

The "licence" in question costs $45 which would be the smallest expenditure a typical Mac user would ever make for his system.

[Moem]

Does Mono by itself run .exe files if there is no Wine installed?

[gm10]

Does Mono by itself run .exe files if there is no Wine installed?

Sure, assuming the .exe is compiled with Mono. Just like your system would run any other supported malicious code that you download and execute.

[catweazel]

Does Mono by itself run .exe files if there is no Wine installed?

The article isn't fully clear on the point, but yes, it could run without Wine, which is the purpose of having mono.

Code: Select all

mono moems_malware.exe

Or, as a shell script:

Code: Select all

#!/bin/sh
/usr/bin/mono /usr/lib/moems_malware/moems_malware.exe "$@"

That's all it would take.

[catweazel]

Does Mono by itself run .exe files if there is no Wine installed?

Sure, assuming the .exe is compiled with Mono. Just like your system would run any other supported malicious code that you download and execute.

I have to agree.

Edit: I avoided saying it so as not to complicate matters. I got the impression from the article that they confused the .exe extension with being a Windows only thing, but mono can build .exe files.

[Pjotr]

It remains a terrible argument. With that reasoning you gotta uninstall Python, too (among many other things).

(just in case: don't do it, you'll break your system)

I disagree that it's a terrible argument.... Removing Mono makes your system less vulnerable, at a very low price (the loss of a few applications that can usually easily be replaced by non-Mono alternatives).

I wouldn't of course advise to remove Python, because the price you pay would be far too high (namely a broken system).

Perfect computing security is unfortunately unattainable in this valley of tears we call earth. C'est la vie....
But we can achieve a remarkably high level of computing security, without sacrificing too much for it.

Complete security is a pipe dream. Risk management is horse sense. I love horse sense.

[catweazel]

It remains a terrible argument. With that reasoning you gotta uninstall Python, too (among many other things).

(just in case: don't do it, you'll break your system)

I disagree that it's a terrible argument...

I agree with you. Removing mono reduces the potential attack surface area.

[gm10]

Removing mono reduces the potential attack surface area.

Naturally, but it's marginal. Even if there was a lot of malware compiled with mono, which I strongly doubt, the real problem is the user executing the malware in the first place. Whether you run a malicious mono application or even just a malicious shell script really makes no difference at that point, you're compromised either way. Furthermore, I have no doubt that users would confirm to install mono when the malware asks them to do it, anyway.

[catweazel]

Removing mono reduces the potential attack surface area.

Naturally, but it's marginal. Even if there was a lot of malware compiled with mono, which I strongly doubt, the real problem is the user executing the malware in the first place. Whether you run a malicious mono application or even just a malicious shell script really makes no difference at that point, you're compromised either way. Furthermore, I have no doubt that users would confirm to install mono when the malware asks them to do it, anyway.

You are, of course, quite right but those of us not silly enough to do such things ought to ring the warning bells for those who would listen. What gets me about malware discussions in relation to linux is that too many people who ought to know better claim there is little to no chance of linux malware to the point of it having immunity, yet there is a plethora of linux malware out there. Desktop users have been fortunate only in that linux servers are the main target, targeted for OpenSSH exploits, and android devices, targeted for kernel exploits. Linux malware is big business because the cloud is big business, and nearly all of it runs on linux.

[gm10]

What gets me about malware discussions in relation to linux is that too many people who ought to know better claim there is little to no chance of linux malware to the point of it having immunity, yet there is a plethora of linux malware out there. Desktop users have been fortunate only in that linux servers are the main target, targeted for OpenSSH exploits, and android devices, targeted for kernel exploits. Linux malware is big business because the cloud is big business, and nearly all of it runs on linux.

I'm completely with you there. Linux has more mitigating factors than Windows as far as malware distribution goes but structurally I've always argued that desktop Linux is even less secure than desktop Windows. To claim "Linux is safe" is reckless and ultimately doing a great disservice to Linux.

[Pjotr]

Removing mono reduces the potential attack surface area.

Naturally, but it's marginal. Even if there was a lot of malware compiled with mono, which I strongly doubt, the real problem is the user executing the malware in the first place. Whether you run a malicious mono application or even just a malicious shell script really makes no difference at that point, you're compromised either way.

Yes, but the point of removing Mono is, that its malware risk is potentially bigger than usual. Because it allows for cross-platform malware from the heavily infected Windows ecosystem.

Furthermore, I have no doubt that users would confirm to install mono when the malware asks them to do it, anyway.

Some would, some wouldn't.

As the saying goes: familiarity breeds contempt. We're very familiar with Linux, so we're also aware of its security deficiencies. That might lead to over-relativism, which in its turn might lead us to undervalue the fact that Linux is in fact very secure by comparison.

And I don't mean theoretical comparison, but practical comparison. Real life. Both feet firmly planted in the mud.

[Portreve]

Hey Pjotr:

Yes, but the point of removing Mono is, that its malware risk is potentially bigger than usual. Because it allows for cross-platform malware from the heavily infected Windows ecosystem.

So, some thoughts and general feedback...

Your set of how-to pages are fantastic. Ever since I bought first (and still current) SSD, your page on doing LM SSD optimization is my Bible. I can't begin to thank you enough. However, it is as I have said only since I bought an SSD that I was even aware of it.

I think a discussion may well be had — and probably should be — about how many people bother to do any of this, and therefore how many of those who do know about your pages. I imagine you have data on usage, of course, but that's not really the point I'm trying to make.

Likewise, and mind you I'm a technology enthusiast since the 1980s, even I have never looked on your pages for anything to do with Mono. In my own case, I don't make any kind of use of it, so this discussion is the first I've heard about the situation.

There needs to be a better way of going about all of this. Your pages should have, I think, visibility here on LMF.

[michael louwe]

Interest: If ever there was reason to uninstall mono, this is it.

Shouldn't mono be removed by the Linux kernel, Gnome and/or distro developers since it is a big security risk.?