Linux ransomware/malware

Discussion in 'all things UNIX' started by SuperSapien, Aug 11, 2016.

  1. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    I remember reading a thread on this site about someone getting browser ransomware infection on there Linux system. And it got me thinking what are the odds of getting an actual system ransomware/malware infection for the average PC user using Linux? You know the type of person who surfs the web without much caution going to fishy websites like free adult sites for example.
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Odds are probably pretty slim, and Slim is leaving town. Linux desktop usage is only a little over 2% of market share, so it benefits from so called "herd immunity", making it highly unlikely the typical user will suffer an infection of any kind. It's more likely the applications running on Linux would be targeted. Good example is the OP of the thread you're referring to reset Chrome to eliminate the ransomeware.
     
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,982
    Location:
    Brasil
    In addition to little usage, Linux has a few advantages, e.g. better filesystem permissions. There was a cross-platform Firefox vulnerability last year that allowed an attacker to grab any file he/she wanted, but on Linux those files can't be uploaded even if the user deliberately try to (/etc/passwd and /etc/shadow). However, files could still be uploaded from the user's /home folder, something which is easily prevented by simply running Firefox in Firejail because it prevents access to many folders and only allow access to .mozilla and ~/Downloads.

    And in order for a ransomware to be installed and do damage system-wide, it needs Admin rights. So I think we're pretty much not gonna see any of that in the near and foreseable future.
     
  4. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Especially if there using a non-admin account with Firejail and App Armor even if it was Linux Mint they'd probably have better chance of winning the lottery than getting a system infection.:)
     
  5. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    837
    Location:
    Québec, Canada
    Avoiding fishy websites is the first line of protection though. (and not only with Linux)
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,173
    "I remember reading a thread on this site about someone getting browser ransomware infection on there Linux system. And it got me thinking what are the odds of getting an actual system ransomware/malware infection for the average PC user using Linux? You know the type of person who surfs the web without much caution going to fishy websites like free adult sites for example."

    that's correct it was my sisters kubuntu install. it was a fake ransomware alert that locked up the browser,
    happened twice. now as for fishy sites , that's a no, she was on Facebook both times. she only uses Facebook and email. the solution I have just done, is to install
    a different browser. Vivaldi 1.3 for Linux, and now we will see how that goes. from what I see so far it is very fast.
    and so in this case it was the browser FF that was the elproblemo. not knowing what to do she called me. she is not even able to close the browser but was smart enough not to click on anything else or pay the ransom. she has been seeing a lot about ransomware on the news which helps. so no it was not infecting the system just the browser in this case.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Chrome running on Linux is probably a better solution, since it harnesses the Linux sandbox, especially seccomp-bpf which helps protect the kernel from malicious code.

    source

    Just my suggestion, but your sister would no doubt benefit from a basic ad/script blocking extension such as uBlockO, using enhanced Easy mode set to block only iframe tags. Chrome browser augmented with this extension setup running on Linux will provide a formidable browser security setup, with very minimal browser page breakage.
     
  8. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    Installing Adblock Plus and Bit Defender Traffic Light will go a long way towards ensuring safe browsing on the Internet.

    Though its highly unlikely your Linux will be taken down by malware. The other thing to do is set up your firewall once you've installed Linux.

    You don't need AV and your online experience should be incident-free.
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,173
    "Chrome running on Linux is probably a better solution, since it harnesses the Linux sandbox, especially seccomp-bpf which helps protect the kernel from malicious code.

    source

    Just my suggestion, but your sister would no doubt benefit from a basic ad/script blocking extension such as uBlockO, using enhanced Easy mode set to block only iframe tags. Chrome browser augmented with this extension setup running on Linux will provide a formidable browser security setup, with very minimal browser page breakage."

    I could not find the 32 bit version for chrome.
    I had put an ad blocker on for FF the other day. now she is just using the new browser.

    "The other thing to do is set up your firewall once you've installed Linux."

    not sure as of yet how to do that with kubuntu.
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    That's right, but 32 bit Chromium is available for Ubuntu-based distros. You should be able to install it either from the Software Center or from the Terminal by typing:

    Code:
    sudo apt-get install chromium-browser
     
  11. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,173
    wat0114

    thanks, my sister now has three browser to use but I told her to use chromium. one thing I noticed is everything opens slowly lately on her machine. seems to have started after the fake ransomeware hit her FF. shouldn't take 20 seconds to open a browser I would not think.
     
  12. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    You can install Google Chrome for Linux on their site.

    Just remember, Google Stable repo is added to your distro to keep it up to date.
     
  13. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    I use Firefox with Firejail to surf the web. boredog you should also have your sister install Firejail: firejail chromium-browser to sandbox the Chromium browser. I already use Noscript and Request Policy wat0114 and I probably would have my brother use those two add-ons as well. I find FoxWebSecurity to be very effective NormanF at blocking malicious and adult sites.
     
  14. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,982
    Location:
    Brasil
    I recommend him reading on Firejail's thread here, because some people reported problems regarding this operation. For what I can remember, the user needs to disable a few features so that both sandboxes don't conflict with each other.
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    From my experience "firejail chromium-browser" works fine without having to disable anything. The firejail "--seccomp" switch, however, doesn't work with Chrome-based browsers, I guess because seccomp-bpf is already used in the Linux sandbox. Also, I feel firejail is more of a "luxury" security enhancement, rather than a "must have" enhancement for Chrome-based browsers on Linux since the Linux sandboxing is already very strong. Imo, my post #7 suggestion harnessing the uBlockO extension setup will in itself provide excellent protection for general purpose browsing under Linux.
     
  16. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Indeed chrome on linux is a very robust solution providing the linux kernel is patched of course.
     
Loading...