My friend just told me about a new Linux backdoor malware called Fysbis and it can hack your system regardless even if your on a non-admin account. Read more about it here: http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/ This begs the question would a sandbox such as Firejail help prevent such an attack?
Fysbis is a backdoor (and a pretty crude one). Something else would be used to actually deliver it, probably an exploit kit; which might be contained by properly configured sandbox, barring kernel vulnerabilities etc. You know the drill. And re the "work smarter, not harder" bit from the article: how about "hell no." Overreliance on hacked-up signature based solutions is how Windows got where it is now. Microsoft is currently quite busy extricating itself from that trap. I'd prefer Linux didn't get stuck there in the first place.
First off this is not new malware, it appeared first in 2014 and as always is the case with Linux malwares/backdoors it targets servers and data centers which means the chances for the average joe/jane to "meet" this kind of security threats on his/her Computer are zero to none.
What about white listing? Well Nanobot people elsewhere are making sound like this backdoor Trojan is a possible threat to the average user because they could steal a lot of personal information from them, but on the other-hand Linux has a much smaller user base then Windows & Mac although Linux is growing in popularity thanks in part to Steam OS and Windows 10. So maybe there is a niche market for personal Linux users. Or maybe not I'm not an expert.
We've been over that here on Wilders at some length. It can help, but is not anywhere near a complete solution. At some point you'll want to "whitelist" what individual programs can do, too; which falls under sandboxing or mandatory access control. In any case, Linux is way ahead on that already. Check out AppArmor - you can do stuff like enforcing trusted path execution for a desktop session, or restricting programs to a profile based on a wildcard match vs. their name.
I've heard AppArmor conflicts with Nod32, I wouldn't mind trying to setup AA on my desktop and laptop but I'm afraid if set it up on my desktop which is running Nod32 it would conflict.
Hmm. If NOD32 has its own LSM, it might provide access control too, so you wouldn't need to mess around with AppArmor. (As for the merits of NOD32 on Linux, vs. AppArmor... yeah, I'm going to hold my tongue on that.)
