With the recent windows 10 EoL news, I was able to move my dad over to Linux mint. But he does a lot of finance stuff. Long ago, Linux had a belief that desktop Linux are not the primary target for crackers but I don’t believe that true anymore since it’s getting significantly popular lately like Europe government migration over to Linux and Libreoffice.
My question would be , given my dad is just as careful on Linux as he has been on windows, would it be fine to do finance like banking and trading (not the fastest kind )?
If not, what would be your distro of choice for that? Even browsers (I installed Firefox and Edge from Microsoft website deb file)
This is dangerously false.
edit: I’m sorry to see I have disturbed a few people here, downvoting the truth without a comment. Explains a lot of contemporary politics, I think.
I guess the problem is not “the truth” but a claim without sources combined with a short communication style for a really complex matter.
Even the link you posted just reporte of one malware instead of the current state or perception of the problem. Like a general threat assessment instead of one incident.
Can I get some list or a reference to educate myself? As far as I know it still holds true. There’s rootkits, a lot of old stuff and exploits of webservers or embedded devices, supply chain attacks towards developers and the one day the Mint ISO file got compromised. But I’m completely unaware of desktop computer malware with high risk or actually spreading?! And the list on Wikipedia seems to confirm what i said…
Okay, let’s assume for fun that there’s highly developed Linux malware that exclusively infects servers and leaves desktops alone. What exactly is a server? Is it a server as soon as a web server service is running? A DNS service? An SMTP service? Some of these are also included with Linux desktops.
But that’s not the point. There’s no specific “Linux server malware”. There’s Linux malware. It targets the Linux kernel (current data point), not any web stuff.
For example it’s something that has an Apache webserver installed and that Apache is accessible from outside… So the Apache exploit can do something. Do you have both conditions met on your laptop/desktop computer? I’m pretty sure that won’t be the case, and that’s the difference here. And yes, that’s specific.
Let me repeat my last paragraph, as you seem to have stopped reading after the first question mark:
You’re wrong. How would an Apache exploit “hack” your Steam or online banking app? That’s just not possible.
How would something that exploits the default password on a router infect my machine with a different password?
Malware uses specific attack vectors and specific vulnerabilities.
The “specific vulnerabilities” are usually in the Linux kernel, quite present on every single Linux system. Please follow the link I posted above. This is not about Apache or any other arbitrary user-facing software.
Thanks for the link. But that’s not a vulnerability or malware. It’s academic research how to hide malicious syscalls. But it can’t infect anyone’s computer. And there isn’t any vulnerability to let it in.
The RingReaper malware is literally a malware, using known vulnerabilities in the Linux kernel…?!
This is dangerously unspecific.
https://linuxsecurity.com/features/ringreaper-linux-malware
Thank you!
I add this overview article https://www.geeksforgeeks.org/ethical-hacking/what-is-linux-malware/
I don’t think OP’s dad will host a misconfigured cloud service on their computer or set an insecure password, enable ssh and then also open a port in the router. Most attacks on that list are specific to how internet servers are set up. And well, insecure old embedded devices. And we in fact have those systems targeted regularly. My servers gets bombarded with malicious traffic trying to get in.
Yes. That is part of the insight. But the auto upgrade is a good practice for Desktop PCs, too. And the article shows, that there are vectors and counter measures. Root kits are known for ages.
Sure. We get security vulnerabilities in Chrome and Firefox all the time. Sometimes the libraries handling images are vulnerable and that’s a big issue. And zero-days are a small fraction of actual attacks, most likely you’re getting hacked because of old, vulnerable software. So updates are the first priority. And backups is something people also frequently forget to set up.
Good point. To get back to the original question, I wouldn’t change the distro unless they are known to be slow with security updates. Anything debian and ubuntu based should work just fine.
Regarding your edit:
Having read through the comment chains here, your source is a relatively new malware called RingReaper.
This article from cybersecurity news seemed nice and they linked to the actual PICUS security report which first identified the malware, I think.
I’m not sure whether this malware is actually used to infect Linux desktops or if it’s mostly used for infecting servers, or whether it is used at all. I agree that people shouldn’t let their guard down with malware on Linux. Anti-malware programs on Linux are a good idea and it seems there are already projects tracking and combating malware on Linux. I do agree that Linux malware is not unheard of.
Nonetheless you seem to over exaggerate a bit. There is malware attacking servers running Linux but I doubt that many of those would work on desktop Linux. Furthermore, desktop share of Linux is still low, so there won’t be a big incentive for malicious actors to target Linux desktops specifically. The comments you posted here seem more like paranoia to me and do not seem useful, and your single example of a Linux kernel virus seems more like a derailment of the conversation. With that I can understand the downvotes. Don’t take it too harsh either, no need for your witty comment:
lol
Linux kernel malware works just well on desktop Linux kernels, and that’s the majority of Linux malware.
Honestly, when it comes to computer security, “paranoia” is a harsh word for being aware of possible risks. (It’s been 12 years “since Snowden”, and people have already forgot, it seems.) Even Windows desktops are not under constant attack, but still there are reasons to maybe take security measurements on them before you can call them “secure”. And that applies just as well to Linux.