|
Have you ever found malicious software on your linux system?
We always here that there are no viruses for linux systems. But the question frequently arises...does linux need anti-virus? I just installed ClamAV and am now running it on my system. In the meantime I thought I'd ask, have any of you ever found a virus or other malicious software on their linux system? Has anyone ever done an actual study on viral activity on linux systems?
|
a few years ago I was in support of three sets of systems: local servers and workstations and all network infrastructure, ASP/Cloud database and web servers and all network, and client site database and web servers (and consulting on the networking).
#1 was in that last group. The local admin had a problem remembering his passwords, so he changed them to ones he could remember: and that exploded on him. Someone dictionary sprang the web server, slid in a malware package, and went to town (about 2AM local time). By 2:28 there were a dozen viruses, two rootkits, a zombie reflector (perhaps more), and a network scanner that was looking for other nodes to corrupt. Possibly more, some of those hide themselves and corrupt or replace kernel modules to make the related engines invisible to the users and standard tools. He got to work at 9 and called in a panic by 10. I was on a plane the next day. (I generally did remote support, but this was freaky touchy. They has HIPAA data and IP information on all employees of a major shipper: think the level of FedEx or UPS, and no one was taking chances!) None of his network was compromised other than the server itself, because nothing had been able to reach through the network security I had set up to touch the data server or internal machines. There was no way to recover the web server, I had to scrub it and do it over from scratch, He got a bonus upgrade out of it, but he paid airfare, hotel, and $350/hour for my time so I threw in all the goodies I could: including a lecture on security. credit to the man, his backups were current and well documented. It saved him. #2 was in the first group. Someone with some clout had decided that all the developers needed mounts to the development database machine using SAMBA. Workstations were Windows, because MS office. (Yeah, not my call.) One of them got hit with an encryption virus that encrypted all of the text files on his workstation, they over the SAMBA link started in on the database server files. That guy saw the first symptom and pulled the network jumper and isolated his PC before even calling me over! (Listen, some users have BRAINS! That saved me a TON of work! I am not a dumb guy, but I worked with some GENIUSES, and I thank my luck there every day!) His PC was a dead loss, had to simply rebuild him. The server was less of a problem because that malware was Windows specific and could not run on the Linux servers. I had to find and restore form backup the corrupted files and we were golden by start of business the next day. (Because MY backups were in order and well documented! See the theme here?) You should note, those encryption kinds of malware are now floating around the internet for EVERY major operating system and still evolving! Lessons: #1 if it matters, back it up. Then back it up again a different way. Use generational backups in rotation, and keep several in case the last three all contain a virus or other malware! If it does NOT matter, record what you need and use detection, and be prepared to reload your machine from clean install if/when you get hit. If you run no detection, you might never KNOW when you got hit, be somebody out there is reading your every keystroke! #2 Have a plan, document well, and use reasonable protection for the value and sensitivity of your data. Then relax and enjoy life. Panic comes when you have not taken action and are surprised. If you are prepared, there is some cussing but no panic. Panic bad, planning good. Do not ignore the risk, but also do not obsess: life is short enough with that. #3 There are multiple kinds of malware, and some support other kinds (if one gets in, it can download and start others so you get lots of kinds of corruption at the same time. Case #1 above came in via the web (Apache or Tomcat most likely) rather than any Linux vulnerability. Case #2 above came in, we think, attached to an Outlook email. There is malware that can some on via your browser if you just ROLL OVER the wrong link, without even a click! So There are parasites that can kill you in three weeks flat, and that show no symptoms for the first week, and medical science can not help you. If you live where those are, you wear shoes. You are smart, and have the weight of technology behind you. If you get hit in the computer by malware, you can deal with that. Have install media, take such backups as will save what you cannot rebuild, avoid panic: those are your "shoes" to deal with the parasites on the internet. No panic. |
Simple answer = no!
But, I'm careful about where I visit online.... |
No I haven't since I started using Linux for work/home. Knock on wood.
I don't have any 'anti-virus' software installed either. Just firewall'ed. Only open to certain ports. Use Pi-Hole as well as ad blockers which 'may' help. And fairly strong passwords in use too. Also a little different than most setups, I have two networks: Home network and the Internet Network. Two NICs in each PC if have to have access to both networks. The home data server, printers, and automation devices, for example are 'only' on the home network. I plug in the home server once in awhile to get software updates, and then unplug cable from that NIC when done. Also as above, data is backed up up locally and a few off-site backups for the 'real bad' scenarios which you hope never happen but are prepared for. |
Yep, its called Intel AMT aka Intel Active Management Technology
AMD even have their own version. Note, that is different from a server with OOB for example the Dell iDRAC, HP iLO, etc which are very helpful. Intel AMT (and the AMD version) is basically a backdoor into your desktop. Ive used it in the past to monitor a 'troublemaker' in a High School on request and the student didn't have a clue towards the monitoring session. Personally I consider it as malware but other people's opinion may differ. https://medium.com/geekculture/your-...d-626169b0ddcf |
Nope.
|
Quote:
I have been running Lint Mint since 2010'ish and I have never used, nor ever considered, using anti-virus software on my Linux laptop. I have NEVER had a virus-related issue; but I also don't throw "caution" to the wind, either. Be smart about rhe websites you frequent. My $ 02. :) |
Of course, if you never CHECK for a virus you could be infected with a dozen and you will never ever know!
|
Quote:
|
Quote:
Quote:
|
I have never found anything odd that I had not bungled myself.
That said.., all discussion of anti-this and anti-that, intrusions, root-kits and the like, makes me more and more nervous. Like: I should know something, but don't. For the time, the uneasiness will just be one of the inconvenient non-progresses, caused by technology, as good as all the others that I try to keep out of my life. No. |
Surprisingly, no. I'm all-Puppy, annnnd.....she runs-as-root. All the time!
(*shock, horror*) :D BAD Puppy! I don't think anyone in our community has ever had any malware-related issues (except for the paranoid, who are convinced they contract every new strain of malware the instant it appears. But these guys are endemic to the tech community as a whole...) (*shrug*) I only run a firewall. And I don't take a whole lot of care over what sites I visit, either. Careless, huh? So how do I keep so clean? The OS loads into RAM from read-only files.....often in ISO9660 format, which is read-only by design, and can't be modified on-the-fly. I choose whether or not to 'load' personal config, settings, customizations, etc. At the end of the session, I get to choose whether or not to save it.....and if I think there might be any "nasties" a-lurking, down the plug-hole of cyber-existentialism it goes. (*Avast, me hearties! Davy Jones, here we come... Arrr!!*) Backups - a simple copy/paste job (yep, REALLY!), get performed once a week, regular as clockwork. Most apps run as 'portables', from a USB stick, which gets removed at session's end, too. It's not "foolproof" - very little in life rarely IS - but it works. And has done for the last 10 years... Mike. :hattip: |
Quote:
|
Quote:
It's fun getting old... NOT! :confused: |
| All times are GMT -5. The time now is 04:12 AM. |