Replies

And by default, Linux is not run as Root (Admin.).

And yes, use trustworthy software for Linux. There’s software in the Mint and Synaptic repos for almost any purpose. The main reason I ever go outside the repos is to find needed dependencies.

-- rc primak

1 user thanked author for this post.

JohnW

Linux does have firewalls, but they are a real pain to configure, especially when software needs exceptions to your rules.

-- rc primak

ClamAV does not act like Malwarebytes. It is entirely passive, and throws up a LOT of false-positives. But it can alert you to changes in your Linux system which you did not initiate, so you can look online or in multi-engine databases (like the one for ClamTK) to see if the suspicious items are truly threatening.  Similar caveats apply to the rootkit scanners for Linux. They are NOT the full-fledged antimalware suites found for Windows or MacOS.  By default, they do not quarantine or remove anything.

-- rc primak

1 user thanked author for this post.

wdburt1

It has been said that rootkits are the most serious threat to Linux, though this may have changed over the years.

Why? Because you don’t run programs in Linux as Root. And YOU don’t run Linux as Root User. Thus, the first thing malware would have to do to infect your Linux OS is to gain Root privileges, which is not easy in Linux without actually sitting at your keyboard or other input device.

That said, there is no specifically Linux antivirus, except for rootkit scanners and ClamAV, all of which scan after the fact. Prevention is not the job of antimalware apps in Linux. It’s the job of ALL software. That’s why there are nearly daily security patches for most distros.

You can harden the OS and the web browsers in Mint, but it isn’t easy, and I won’t attempt to outline how to do this. Sandboxing or virtualizing is also possible in Linux, but for most home users it just is not worth the effort. Linux can also be run from stand-alone USB environments without endangering the host OS (much).

By far the majority of successful Linux attacks have happened on servers, mostly in large company or organization settings.

This is not to say individuals can’t get infected in Linux.  But if you don’t sideload from PPAs, stick with curated repos (both of which are encouraged in Mint) and use Flatpaks or Snaps from the main repos for those packaging formats, you should be safer without antivirus in Linux than you would be with antivirus in Windows.

-- rc primak

2 users thanked author for this post.

JohnW, wdburt1

That would still be recorded as WAN activity. Even if the whole idea were feasible, which it is not.

-- rc primak

So no, Temp_Cleaner GUI does NOT damage Windows Update in any possible way.

I think your post demonstrated that the red flags were correct. MS Updates was damaged. It simply managed to recover without resorting to formal system troubleshooting tools.

-- rc primak

I recently updated my Intel display graphics driver and the Intel ARC driver in a 12th-gen Intel tower PC. Microsoft Update kept trying to install two Intel graphics drivers which were at least one version out of date for that PC. The only difference in names was that the up to date graphics driver is WHQL, while the MS Update versions are bare-bones graphics drivers. In the end, I had to use the wushowhide troubleshooter to hide the MS Updates versions of the graphics driver.

So sometimes, even with Windows 11 Pro 22H2, you do need to use the old wushowhide tool if there’s a persistent incorrect driver replacement from Microsoft. I am amazed that this troubleshooter still works after surviving so many Windows version upgrades over the years. In some situations, it’s still a good tool to use.

I generally can get the correct driver updates through MS Update, so it’s not worth my trouble to change the settings to block all driver updates through MS update.

-- rc primak

Of that entire list, I am only aware of Bleachbit having withstood the test of time. It has an excellent reputation among both Windows and Linux users, and is trusted not to overclean. It also is free of self-serving spyware, pushware (pushing a paid product with nag screens) and adware. I don’t know whether the others have been so widely accepted as safe and effective cleaners.

BTW, a technician friend of mine tested Temp_Cleaner GUI. Its installer and its uninstaller raised red flags with Malwarebytes. And when running, the program raised red flags about possibly damaging Windows Update, which would require repairs to be made to the Windows system.

Make of these reports what you will.

-- rc primak

2 users thanked author for this post.

Alex5723, IBM1130

Please note that “Effective Altruism” is highly controversial:

https://www.effectivealtruism.org/

https://80000hours.org/2020/08/misconceptions-effective-altruism/

In the wake of the FTX Exchange collapse, Effective Altruism has gotten a bad reputation:

Effective Altruist Leaders Were Repeatedly Warned About Sam Bankman-Fried Years Before FTX Collapsed

https://time.com/6262810/sam-bankman-fried-effective-altruism-alameda-ftx/

So it makes sense to do our own research and find out for ourselves what Effective Altruism is and what it is not.

-- rc primak

2 users thanked author for this post.

Steve S., Sueska

Exactly my point. Could you test Mint sometime for telemetry? Some here claim it doesn’t do telemetry; I am skeptical of that claim.

-- rc primak

10.x.x.x IP addresses are used by Comcast for their modems and equipment. Comcast also assigns this range of IP addresses to everything on the user’s home network, unless you manually reset things.

-- rc primak

1 user thanked author for this post.

DLivesInTexas

What is incomprehensible about only seeing three types of pings? None of which is suspect.

Are you saying a ping to a known Microsoft server could be Chinese spying?

Or that the iRobot or HP pings are phoning home to China?

-- rc primak

RE. Chinese spyware controversy in laptops by Lenovo and Apple:
Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way
UPDATED FRI, OCT 5 2018
CNBC
https://www.cnbc.com/2018/10/04/chinese-spy-chips-are-said-to-be-found-in-hardware-used-by-apple-amazon-apple-denies-the-bloomberg-businessweek-report.html

Will Wireshark pick this up? While this was never definitively proven, the US government sent back a lot of orders. That was allegedly going on at the Foxconn plant in China.

IoT devices are notoriously insecure, so they actually pose a far greater threat than fully-functional computers or phones. IoT needs its own sub-net, if not a separate network of its own. Moving the Roomba to the sub-net is prudent. I do suspect that there is something residual creating the traffic with the HP identifiers.

-- rc primak

3 users thanked author for this post.

wavy, Fred, Cybertooth

Did you choose Ubuntu? Then you still need to check for telemetry. Same with RedHat and Fedora. I haven’t taken an interest in Mint in this regard, so I won’t post about that distro. My point is, Linux by itself is no guarantee against spying.

-- rc primak

You may get a “firmware update” from the manufacturer if you look at their site. Wait about a month before checking.

-- rc primak