Can malware be placed permanently on my OS with clean install & no browser open?

debian/buster

BACKGROUND: Someone has been hacking through my OS in the past and permanently putting malware on it. But I always have the browser open.


If I have a network connection to the internet, on a brand new clean, installed OS, and I have a terminal open whereby I am doing upgrades, updates & installs --- can someone place malware on my OS even though I do not have a browser open at any time while connected to the internet while doing what I just stated?

Doing the installs, etc, I have the live terminal open for longer than it takes them to hack my OS when I have a browser open.


But I was told that malware can't get onto my computer without a browser open.

So, is it safe (when using a fresh install) to have a network connection with a terminal open, running all day long, but no browser open at any time?

Thanks.

As long as a connection can be made to your computer from outside, malware can, in principle, be placed on your computer by exploiting a weakness in the software that listens for connection requests. This is why firewalls exist: Their purpose is to limit the type of connections that can be made.

Another way of getting into your computer is via email messages. Again, no browser required.

The installation medium might already be infected, also the software packages that are downloaded from the internet as part of the installation.

I am sure there are other, less obvious methods of breaking in.

Are all these methods likely? I would not dare making a judgment. But I have a hard time seeing a terminal window as the point of entry.

1 members found this post helpful.

What makes you believe this?

3 members found this post helpful.

Simply, opening new tabs, closing my tabs, when I am writing something, deleting it on my before I can send it; obvious things I've seen many times, really.

Aside from suggestion above, could it be that the malware is on the Installer itself? I mean the source is already compromised.

netstat -tulpn any IP Address that might be suspicious if ever.

Or thumbdrive, firewall ports that are left open as others suggested.


Public IP is fixed? or it changes from time to time from the ISP?


If it is fixed, then the actor already has a backdoor to your network.

Please check your router make sure the gateway or router password is not admin/admin or other password that is quite easy.

2 members found this post helpful.

Where did you get the installation .iso? If you got it from the distro repositories, especially Debian, and checked the checksums, there should be no malware. If you got it from someplace else, anything is possible. At least one distro has had its repositories hacked, and malware put into some packages, but Debian's security has so far prevented that. It's also possible to get malware by installing packages from shady sources. Without knowing exactly where your iso came from, and what packages you installed afterwards, it's not possible to say whether you have any malware. Run a scanner like clamav, and one of the rootkit hunters.

1 members found this post helpful.

Thanks.

All of those are possibilities. But here is the "evidence" that it is the OS being hacked...

I had a custom-built debian based OS built for me and these ppl could not get through it. However, I deleted some hidden files and ruined it and couldn't get the person to make me another one. So, I had to start using the basic debian buster download. And they started getting on my computer within 24-48 hours.

If I had to bet - I would bet on the OS being hacked rather easily.


THE ONLY WAY THEY SEEM TO GET ON MY COMPUTER NOW IS IF I LEAVE THE DESKTOP RUNNING FOR TOO LONG. I RESTART MY DESKTOP ABOUT EVERY 10 MINUTES, BUT IF I SHOULD FORGET IT ON FOR 15-20 MINUTES, THEY ARE ON.


Does anyone have anything to add about having a network connection open with a terminal open and no browser open? I know what was said already about this and it made good sense. Thx.

Granting what you have said, someone seems determined to attack you specifically. Consider who or why that may be.

In the meantime, I would suggest that you close all incoming ports in your router and in your iptables firewall. If you need a relatively simple front end for iptables, take a look at ufw or its GUI version, gufw.

Also, install fail2ban to your system.

Don't use your network to download the OS installer.

If you are in a contract with your ISP terminate it, and get another one.

And check your Public IP whether it is part of a network commonly used by bad actors.

1 members found this post helpful.

...and....
This all sounds VERY familiar:
https://www.linuxquestions.org/quest...er-4175677268/

Same things in play: extraordinarily skilled hackers somehow repeatedly 'hack' a person within MINUTES each and every time. Not even a read-only OS on a DVD can stop them...yet these hackers blatantly close tabs while people are watching? Delete text while there are witnesses?? Doesn't make logical sense.

duupunisher2x, you claim to have evidence: can you provide it, or any proof of your assertions at all?? You claim to have had a 'custom-built Debian based OS' built for you...that you (of course) deleted files from. And the person who provided you with this impregnable OS refuses to build you another one for some reason...even though they'd just have to copy some files. Surprising you can't offer to pay that person to recreate what they already have, or to burn you another DVD.

3 members found this post helpful.

First, malware cannot be "permanently" placed on a system, unless it is in the firmware of some component. Secondly, hackers normally could care less about individuals, unless they are someone important, with $. No self respecting virus author is going to write malware that opens and closes tabs and deletes random text, that's just crazy. Most malware steals information in the background without you ever knowing.

Hackers target corporations and governments because they have either $ or information. Individuals have neither on the level most criminal hackers care about.

If you are guessing that I wrote the above post, no I did not.



Thanks for everyone's input.

Odd that you address that link, but don't answer any of the questions that were also in that post:

• You claim to have evidence: can you provide it, or any proof of your assertions at all?
• The person who provided you with your impregnable OS refuses to build you another one for what reason?

Again, where is your PROOF of these 'hackers'. Again, as with the other post (and a line of others going back two years now), your claims are following this EXACT PATTERN:

• A few posts where standard questions are asked.
• Vague 'security concerns' are raised ("Can you get malware on a DVD?")
• The "I'm being hacked!" threads come up
• The hackers are always INCREDIBLY skilled; you get hacked within MINUTES, no matter the OS, browser, application, etc.
• These hackers somehow are also such idiots that they *MAKE SURE* you see them deleting text, etc.
• Never a reason given for WHY you're being hacked
• Proof never seems to materialize.

You claim you were 'told that malware can't get onto my computer without a browser open'...told by whom? Why don't you ask that person for advice, and use them as a resource to help against these 'hackers'???

Sorry, you are still not making logical sense. Again, this is fitting the pattern of many other posters over the past two years to a tee. Always recent LQ members too. And a new one pops up shortly after the previous one leaves.

If you can post actual proof of any of assertions I'll be more than happy to do everything I can to help you. If you post video of these 'hackers' deleting things, be sure you include your hands in the video frame, along with the keyboard/mouse so we can see it being done remotely. Since it occurs every time you leave your computer on and they haven't hacked your phone, a video should be easy to get. Any log files should also be included, since they could show evidence of network activity.

1 members found this post helpful.

Is this a laptop with a touchpad? Are you one that can’t wear a watch? Either way If, touchpad settings could be the issue.

I thought the same thing, but given the fact that the OP had a 'custom built Debian OS' that did not exhibit that behavior would lead me to say it's not that.

But the OP deleted some 'hidden files', and the person who built this 100% secure/unhackable Debian spin won't build another.