Linux malware is on the rise. What should you do?

Topic

New Reply

LINUX By Sandra Henry-Stocker Threats to Linux systems used to be relatively mild because Windows was such a larger target, outnumbering Linux systems
[See the full post at: Linux malware is on the rise. What should you do?]

8 users thanked author for this post.

Tom-R, jburk07, Fred, klang, DrBonzo, OscarCP, lmacri, oldfry

Reply | Quote

Replies

Thank you for your article and list of security programmes as it is not easy for newbies to find this out. It has been said that to install a number of security programmes in Windows can lead to conflicts. Does this same warning apply to Linux in the same way ?

I am currently using Linux Mint LMDE beta which so far has behaved itself very well.

I look forward to your next bulletin.

Up the Strand.

Reply | Quote

Bleepingcomputer had this article last month in mid-Jan 2022 – “Linux malware sees 35% growth during 2021”
https://www.bleepingcomputer.com/news/security/linux-malware-sees-35-percent-growth-during-2021/

1 user thanked author for this post.

klang

Reply | Quote

It’s always nice to learn that Linux is growing its percentage of … Wait!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Cybertooth

Reply | Quote

Thanks Sandra!  Question:  how much security do you get behind a router’s NAT?  My (hazy) understanding is that the NAT only presents limited ports to the outside world.

Reply | Quote

Routers protect you from internet based attacks – the router will not accept connections originating from the internet.
Routers will not protect you from malicious software that you download and run, phishing attacks via email or bad web sites.

cheers, Paul

1 user thanked author for this post.

BATcher

Reply | Quote

My DSL modem/router has its own firewall, can I assume most routers today have them?

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

Reply | Quote

https://twitter.com/campuscodi/status/1500847226083549186  Speaking of which…..

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Per ArsTechnica, with more details:

https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

Ah, I see the usual FUD is rearing it’s ugly head again.

1. First sentence “Threats to Linux systems used to be relatively mild because Windows was such a larger target, outnumbering Linux systems by a huge percentage.”

Scary, right? Well, other than it’s wrong if you’re talking about servers, where Linux has dominated to the tune of 95% of the market for a very long time! It is true that Windows dominates the desktop, which is why you see all the Window zombie pc’s, and almost no linux ones. Servers are where the most profit is for malware, since a company puts it’s vitals on servers (company records, medical records, social security numbers, mail lists, etc.)

Remember bank robber Willie Sutton? When he was asked by a reporter as to why he robbed banks, his response was “because that‘s where the money is.”

2. Second sentence “Not any longer. Linux has become a much bigger target due to its increasingly significant role on Internet of Things (IoT) devices, virtual machines, containers, cloud services, and supercomputers.”

Again, almost all the things mentioned (other than IOT devices) with anything valuable are on servers. The percentage of Linux on servers hasn’t changed much. So the target is about the same…not the impression the statement gives you.

So what’s changed? With Internet of things (IOT), the problem is the companies that take Linux and modify it for their devices. They can do that for free, saving money…but most companies don’t allow for the IOT devices to update patches and fixes, something that’s vital since almost all of them are on the internet, and exposed.

That’s not a Linux issue, that’s a company decision issue. Also a consumer issue…after all, why do you need internet in your stove? Your washer? Your Freezer? All these devices, and many others, are vulnerable by design! Don’t expose yourself any more than you need to!

Servers are a different issue. The problem there is a lack of qualified Linux admins to maintain those servers. If you don’t know proper configuration and patching techniques and maintenance, then you’re going to have issues. Too many current “Linux Admins” are converted Windows Admins, who barely know how to use a command line.

Are there issues with Linux vulnerabilities? Sure, any OS will have those. And any competent administrator or user will do the basic stuff to protect themselves…get solid backups, firewalls, keep up to date on patching, have hard to break passwords,  lock down exposed ports, limit outside exposure via cd’s/usb disks, block bad web sites, educate users, etc.

It all comes down to the users, though. It won’t matter what your OS is (though I think Linux is a bit better, it’s not perfect). The malware guys and gals know exactly what to attack, and that’s the user, who is ALWAYS the easiest target. 

5 users thanked author for this post.

wavy, Charlie, Microfix, Alex5723, JohnW

Reply | Quote

? says:

thank you, Sandra. i enjoy your Linux articles. i was searching for more ways to monitor my traffic and came across an article of yours which gave some new ways to monitor the connections.

https://www.networkworld.com/article/3119775/troubleshooting-with-lsof.html

i really enjoy the “sudo lsof -i -sTCP:ESTABLISHED” among others. anyway, thanks and post more articles please…

Reply | Quote

Rereading this thread, I paid more attention to this Johnf’s comment ( #2430234 ) that includes this statement:

“Ah, I see the usual FUD is rearing it’s ugly head again.

1. First sentence “Threats to Linux systems used to be relatively mild because Windows was such a larger target, outnumbering Linux systems by a huge percentage.”

Scary, right? Well, other than it’s wrong if you’re talking about servers, where Linux has dominated to the tune of 95% of the market for a very long time! It is true that Windows dominates the desktop, which is why you see all the Window zombie pc’s, and almost no linux ones. Servers are where the most profit is for malware, since a company puts it’s vitals on servers (company records, medical records, social security numbers, mail lists, etc.)”

The point that I have emphasized in bold letters, is quite true and I am not going to discuss it, but it does raise, in my view, an interesting question:

Given that Linux is the prevalent OS in servers, and consequently a likely malware target in servers running it, would this not mean that many, or all of the same potentially exploitable vulnerabilities that the servers’ Linux OS might have are also present in the distros people install in, very specifically, their PCs if they are present in the same distros installed in servers?

Or are there “Linux distros for PCs” and others by the same name “for servers”?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Cybertooth

Reply | Quote

Linux is the same whether you use it as a server or not.
Windows strips out the server stuff to sell for PC use, Linux doesn’t because there is no commercial imperative (it’s free).

cheers, Paul

2 users thanked author for this post.

OscarCP, Cybertooth

Reply | Quote