Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > aus.computers > #71409 > unrolled thread

For those who believe Linux malwareproof

Started byKeithr0 <nothing.to.see@here.com.au>
First post2024-10-07 20:19 +1000
Last post2024-10-11 08:11 +1000
Articles 8 — 6 participants

Back to article view | Back to aus.computers


Contents

  For those who believe Linux malwareproof Keithr0 <nothing.to.see@here.com.au> - 2024-10-07 20:19 +1000
    Re: For those who believe Linux malwareproof not@telling.you.invalid (Computer Nerd Kev) - 2024-10-08 07:59 +1000
      Re: For those who believe Linux malwareproof Mighty Mouse <"squeak!"@thecheesefactory.com> - 2024-10-08 10:05 +1100
        Re: For those who believe Linux malwareproof Computer Nerd Kev <not@telling.you.invalid> - 2024-10-08 11:25 +1000
          Re: For those who believe Linux malwareproof Mighty Mouse <"squeak!"@thecheesefactory.com> - 2024-10-10 12:04 +1100
            Re: For those who believe Linux malwareproof Petzl <petzlx@gmail.com> - 2024-10-10 20:07 +1100
            Re: For those who believe Linux malwareproof "Gary R. Schmidt" <grschmidt@acm.org> - 2024-10-10 23:12 +1100
            Re: For those who believe Linux malwareproof not@telling.you.invalid (Computer Nerd Kev) - 2024-10-11 08:11 +1000

#71409 — For those who believe Linux malwareproof

FromKeithr0 <nothing.to.see@here.com.au>
Date2024-10-07 20:19 +1000
SubjectFor those who believe Linux malwareproof
Message-ID<lmhqu7F66naU1@mid.individual.net>
https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

[toc] | [next] | [standalone]


#71410

Fromnot@telling.you.invalid (Computer Nerd Kev)
Date2024-10-08 07:59 +1000
Message-ID<670459a7@news.ausics.net>
In reply to#71409
Keithr0 <nothing.to.see@here.com.au> wrote:
> https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

There seems to be confusion about which vulnerability allowed the
malware to gain root access. That article says it was in "GPAC",
but other pages say it was a more likely "PwnKit" vulnerability
in Polkit.

CVE-2021-4043 in GPAC is described as just allowing DoS attacks:
https://www.scyscan.com/cve-2021-4043/

CVE-2021-4034 in Polkit allows root access:
https://www.helpnetsecurity.com/2022/01/26/cve-2021-4034/

In some ways the recent XZ backdoor was worse since it affected
all Linux Systemd-based systems with SSH log-in. Much wider scope
than just servers running Apache RocketMQ, but it was detected
much sooner too.

-- 
__          __
#_ < |\| |< _#

[toc] | [prev] | [next] | [standalone]


#71411

FromMighty Mouse <"squeak!"@thecheesefactory.com>
Date2024-10-08 10:05 +1100
Message-ID<lmj7ppFcv2jU1@mid.individual.net>
In reply to#71410
Computer Nerd Kev wrote:
> Keithr0 <nothing.to.see@here.com.au> wrote:
>> https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/
> There seems to be confusion about which vulnerability allowed the
> malware to gain root access. That article says it was in "GPAC",
> but other pages say it was a more likely "PwnKit" vulnerability
> in Polkit.
>
> CVE-2021-4043 in GPAC is described as just allowing DoS attacks:
> https://www.scyscan.com/cve-2021-4043/
>
> CVE-2021-4034 in Polkit allows root access:
> https://www.helpnetsecurity.com/2022/01/26/cve-2021-4034/
>
> In some ways the recent XZ backdoor was worse since it affected
> all Linux Systemd-based systems with SSH log-in. Much wider scope
> than just servers running Apache RocketMQ, but it was detected
> much sooner too.
>

if we have to start worrying about viruses with Linux, we might as well 
just stick with Windoze

-- 
Have a nice day!..
stay sane, be happy, and enjoy living.

[toc] | [prev] | [next] | [standalone]


#71412

FromComputer Nerd Kev <not@telling.you.invalid>
Date2024-10-08 11:25 +1000
Message-ID<67048a00@news.ausics.net>
In reply to#71411
Mighty Mouse <"squeak!"@thecheesefactory.com> wrote:
> if we have to start worrying about viruses with Linux, we might as well 
> just stick with Windoze

Increased security isn't the primary design goal of Linux, though
it's often not as bad at it as Windows. OpenBSD is an OS with a
particulary security-focused design:
https://en.wikipedia.org/wiki/OpenBSD_security_features

But anyway these Linux viruses are mainly targeted at servers, so
they often don't apply to laptops/desktops that aren't running
server software that's accessible from the internet. Of course
that's probably just because most Linux systems _are_ servers,
personal users are a minority, and attackers looking the hack
individuals PCs are therefore better off targeting Windows.

-- 
__          __
#_ < |\| |< _#

[toc] | [prev] | [next] | [standalone]


#71415

FromMighty Mouse <"squeak!"@thecheesefactory.com>
Date2024-10-10 12:04 +1100
Message-ID<lmonhkF7titU1@mid.individual.net>
In reply to#71412
Computer Nerd Kev wrote:
> Mighty Mouse <"squeak!"@thecheesefactory.com> wrote:
>> if we have to start worrying about viruses with Linux, we might as well
>> just stick with Windoze
> Increased security isn't the primary design goal of Linux, though
> it's often not as bad at it as Windows. OpenBSD is an OS with a
> particulary security-focused design:
> https://en.wikipedia.org/wiki/OpenBSD_security_features

but what software is available for it? that would be the main issue to 
consider

>
> But anyway these Linux viruses are mainly targeted at servers, so
> they often don't apply to laptops/desktops that aren't running
> server software that's accessible from the internet. Of course
> that's probably just because most Linux systems _are_ servers,
> personal users are a minority, and attackers looking the hack
> individuals PCs are therefore better off targeting Windows.
>

that's some consolation at least. is there any AV for linux?

-- 
Have a nice day!..
stay sane, be happy, and enjoy living.

[toc] | [prev] | [next] | [standalone]


#71416

FromPetzl <petzlx@gmail.com>
Date2024-10-10 20:07 +1100
Message-ID<c56fgjlbrg0jq38ptgdielmr33laon8tar@4ax.com>
In reply to#71415
On Thu, 10 Oct 2024 12:04:50 +1100, Mighty Mouse
<"squeak!"@thecheesefactory.com> wrote:

>Computer Nerd Kev wrote:
>> Mighty Mouse <"squeak!"@thecheesefactory.com> wrote:
>>> if we have to start worrying about viruses with Linux, we might as well
>>> just stick with Windoze
>> Increased security isn't the primary design goal of Linux, though
>> it's often not as bad at it as Windows. OpenBSD is an OS with a
>> particulary security-focused design:
>> https://en.wikipedia.org/wiki/OpenBSD_security_features
>
>but what software is available for it? that would be the main issue to 
>consider
>
>> But anyway these Linux viruses are mainly targeted at servers, so
>> they often don't apply to laptops/desktops that aren't running
>> server software that's accessible from the internet. Of course
>> that's probably just because most Linux systems _are_ servers,
>> personal users are a minority, and attackers looking the hack
>> individuals PCs are therefore better off targeting Windows.
>
>that's some consolation at least. is there any AV for linux?

<https://www.eset.com/us/home/antivirus-linux/?srsltid=AfmBOorN6EGFkmXFr3aWt-CUNcZI0VGsdulYzUoXoY-Zu3jB8hMjtjtA>
      https://t.ly/sv0_j  

<https://support.kaspersky.com/KES4Linux/12.0.0/en-US/245017.htm>
   https://t.ly/j4qLn

[toc] | [prev] | [next] | [standalone]


#71417

From"Gary R. Schmidt" <grschmidt@acm.org>
Date2024-10-10 23:12 +1100
Message-ID<eusktk-n9p.ln1@paranoia.mcleod-schmidt.id.au>
In reply to#71415
On 10/10/2024 12:04, Mighty Mouse wrote:
> Computer Nerd Kev wrote:
>> Mighty Mouse <"squeak!"@thecheesefactory.com> wrote:
>>> if we have to start worrying about viruses with Linux, we might as well
>>> just stick with Windoze
>> Increased security isn't the primary design goal of Linux, though
>> it's often not as bad at it as Windows. OpenBSD is an OS with a
>> particulary security-focused design:
>> https://en.wikipedia.org/wiki/OpenBSD_security_features
> 
> but what software is available for it? that would be the main issue to 
> consider
> 
>>
>> But anyway these Linux viruses are mainly targeted at servers, so
>> they often don't apply to laptops/desktops that aren't running
>> server software that's accessible from the internet. Of course
>> that's probably just because most Linux systems _are_ servers,
>> personal users are a minority, and attackers looking the hack
>> individuals PCs are therefore better off targeting Windows.
>>
> 
> that's some consolation at least. is there any AV for linux?
> 
Yes, clamav.

	Cheers,
		Gary	B-)

[toc] | [prev] | [next] | [standalone]


#71418

Fromnot@telling.you.invalid (Computer Nerd Kev)
Date2024-10-11 08:11 +1000
Message-ID<6708511f@news.ausics.net>
In reply to#71415
Mighty Mouse <"squeak!"@thecheesefactory.com> wrote:
> Computer Nerd Kev wrote:
>> Mighty Mouse <"squeak!"@thecheesefactory.com> wrote:
>>> if we have to start worrying about viruses with Linux, we might as well
>>> just stick with Windoze
>> Increased security isn't the primary design goal of Linux, though
>> it's often not as bad at it as Windows. OpenBSD is an OS with a
>> particulary security-focused design:
>> https://en.wikipedia.org/wiki/OpenBSD_security_features
> 
> but what software is available for it? that would be the main issue to 
> consider

"10578 packages" apparantly:
http://ports.su/

This is a more up to date website, but it doesn't show a total
number:
https://www.ports.to/

A majority of applications that run on Linux can be packaged for
OpenBSD (though more people seem to make packages for the less
security-focused FreeBSD). I haven't used it myself so I'm not sure
how the available programs compare to major Linux distros. Drivers
are another, possibly more troublesome, issue to consider.

Also, programs don't all fully utilise the security features that
make the OS more secure. Their advice is to research the secuity of
each program you install, to see if it supports special features
like pledge.

>> But anyway these Linux viruses are mainly targeted at servers, so
>> they often don't apply to laptops/desktops that aren't running
>> server software that's accessible from the internet. Of course
>> that's probably just because most Linux systems _are_ servers,
>> personal users are a minority, and attackers looking the hack
>> individuals PCs are therefore better off targeting Windows.
>>
> 
> that's some consolation at least. is there any AV for linux?

Yes. Crowdstrike even has one and it took down Linux systems a
while before the same thing happened to Windows.

-- 
__          __
#_ < |\| |< _#

[toc] | [prev] | [standalone]


Back to top | Article view | aus.computers


csiph-web