Page 2 of 3
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Fri Aug 25, 2017 3:55 pm
by Lyberta
sysrqer wrote:Viruses may be one thing but a simple script running as your user could cause you a lot of harm (logging your keystrokes etc). I don't think it's healthy to be complacent risk, lack of known viruses does not mean less risk.
That's why I block *all* 3rd party content via uMatrix and always make sure that I login only on HTTPS sites.
khz wrote:Why must it a "root" script when he can get your ~/home folder and maybe, if interested, later more?
They won't get much since all my passwords are encrypted with KeePassX. But JavaScript getting to the filesystem would be a huge vulnerability that will most likely be fixed very fast.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 3:43 am
by tramp
Lyberta wrote:They won't get much since all my passwords are encrypted with KeePassX. But JavaScript getting to the filesystem would be a huge vulnerability that will most likely be fixed very fast.
I don't want to make you paranoid, but attackers usually ain't need your passwords to hack into your system, a little snippet like this will do the job (pseudo code):
Code: Select all
echo usr/bin/sudo my_script > /tmp/sudo
chmod +x /tmp/sudo
chmod +x my_script
export PATH=/tmp:$PATH
now he just needs to wait that you run sudo and voilà, my_script runs with root access.
On more point is that anyone know that hackers usually run linux systems, and, that is known by the governments as well.
In Germany the Law has recently changed, and allow now the police to install "Trojans" on any smartphone, computer or else-what-online-device. As most smartphones been Androids, linux isn't far away . .
However, to answer the entry question, No, I ain't use virus scanners on my system.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 5:23 am
by Lenny
Lyberta wrote:sysrqer wrote:
They won't get much since all my passwords are encrypted with KeePassX. But JavaScript getting to the filesystem would be a huge vulnerability that will most likely be fixed very fast.
Sure thing. Zero-day that really hits the masses of users would be major news. But sometimes these things come to surface.. I remember at least two zero days on Firefox (and tor bundle) reported anonymously by just being hit by it in tor. Exploiting browsers is getting harder every day, but it would be foolish to think we are safe just because we run Linux.
Maybe the biggest potential threat to Linux users is ghetto code that people just download and compile without thinking.
I run Firefox always in SELinux sandbox that maps temporary home directory. Only way to get to the real system is a system call exploitation, now THAT would be a MAJOR event.
But I'm not totally tinfoil, I still have my workstation online.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 7:58 am
by khz
@tramp np: Black Sabbath - Paranoid
Trust in ~/home
Lenny wrote:Maybe the biggest potential threat to Linux users is ghetto code that people just download and compile without thinking.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 9:12 am
by rghvdberg
Online tracking is a more serious threat to me.
Google some product. Browse different sites and prices shoot up.
Ok not use Google. I know.
And block cookies and stuff.
But I'm too lazy
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 9:24 am
by tramp
khz wrote:@tramp np: Black Sabbath - Paranoid
Trust in ~/home
Lenny wrote:Maybe the biggest potential threat to Linux users is ghetto code that people just download and compile without thinking.
I don't think that's a big issue, you could read the source, and therewith a attack will be fast fetched.
Mostly, you'll be in danger when open unknown E-Mail attachments.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 9:33 am
by khz
rm -r
http://www.google.com
example: USE="
https://startpage.com/ ::
https://metager.de"
Is that the developers know and is it possible to secure our ~/home folder?
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 12:25 pm
by rghvdberg
I don't know anyone (personally) who uses Linux on his desktop.
So I don't know anyone who is infected with a Linux virus of some sorts.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 12:30 pm
by khz
You are right 42low but few thoughts:
- Internet == war
- Computer == complex, own install programs, ... > dependencies && config's
- bugs
- browser (c/p code)/mail client/.. ahhhh
- ~(vst/audio_program)foobar == must_have
- your registered user's ~/home folder need no passwd && you download a lot stuff.
- 4 a user like me (.de DAU
https://en.wikipedia.org/wiki/Luser ) it is not always easy.
- ...
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 1:21 pm
by tramp
42low wrote:
tramp wrote:I don't want to make you paranoid, but attackers usually ain't need your passwords to hack into your system, a little snippet like this will do the job (pseudo code):
Code: Select all
echo usr/bin/sudo my_script > /tmp/sudo
chmod +x /tmp/sudo
chmod +x my_script
export PATH=/tmp:$PATH
Yeah right. And how does this pseudo code gets on my computer? Not. (or with your own help which would be stupid)
Better not get paranoid yourself too much.
tramp wrote:However, to answer the entry question, No, I ain't use virus scanners on my system.
Just open a mail attachment will bring you the code, not only bring it, but run it as well.
Known providers of such attacks been fake Facebook and Amazon mails with bills or formulas as attachment.
Do what ever you want, including the use of text snippets out of context, and repeated yourself with even bigger letters.
But to be honest, is it better to be aware of were the risks been to avoid them.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 1:30 pm
by khz
np: Simon & Garfunkel - Sound of cowboy
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 6:11 pm
by tramp
Just to give you a hint:
http://thehackernews.com/2017/08/facebo ... cking.html
42low wrote:But then, like a said already, you yourself let it in.
And the very same is true for any OS. So what do you spread here?
I said, the only protection is be aware of the risky tasks.
You said, there is no risk at all?
But, on the other hand you know what you've to avoid to minimalism the risk. Come on, give yourself a shot and tell us what you never do, because you would avoid the risk of been affected? Or, would you tell us here that you do what ever you want, regardless of the risk of been affected by malware, Trojans or Viruses? Come on, . . .
Me, never open a e-mail attachment from unknown sources, me, never copy and past sources from the web to my terminal, me, avoid wine and avoid binary's from unknown sources.
And, me ain't run a Virus scanner, just for the record, as you may start again I'm paranoid, I'm ain't, just, I'm careful.
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sat Aug 26, 2017 6:24 pm
by khz
@42low ack
@tramp careful
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sun Aug 27, 2017 1:39 am
by Lyberta
tramp wrote:I don't want to make you paranoid, but attackers usually ain't need your passwords to hack into your system, a little snippet like this will do the job (pseudo code):
Code: Select all
echo usr/bin/sudo my_script > /tmp/sudo
chmod +x /tmp/sudo
chmod +x my_script
export PATH=/tmp:$PATH
now he just needs to wait that you run sudo and voilà, my_script runs with root access.
Not for me since I don't use sudo.
@All, you may probably find my article useful:
https://lyberta.net/articles/social/anti_spying.html (privacy friendly version:
http://goom37v54jd7orob.onion/articles/ ... pying.html )
Re: virus/scanner4free_&_$/€-VST/APPS?
Posted: Sun Aug 27, 2017 4:37 am
by rghvdberg
That's a great article.
The setup Firefox thing is gold. Just the thing I need! (read back on how I'm too lazy)
Thanks you very much!