[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MDs & Dentists

On Wed, Jul 21, 2021 at 10:51:40AM -0400, Celejar wrote:
> On Wed, 21 Jul 2021 11:16:46 +0300
> Reco <recoverym4n@enotuniq.net> wrote:
> 
> > 	Hi.
> > 
> > On Tue, Jul 20, 2021 at 11:32:26AM -0400, Celejar wrote:
> > > On Thu, 15 Jul 2021 09:46:59 +0300
> > > Reco <recoverym4n@enotuniq.net> wrote:
> > > 
> > > ...
> > > 
> > > > You cannot catch a ransomware cryptolocker using Linux on a desktop,
> > > 
> > > Of course you can, although it's certainly much less likely than when
> > > using Windows.
> > > 
> > > > it's definitely Windows-only kind of software. In fact, any FOSS OS has
> > > > this advantage, unless you're using Wine (software).
> > > 
> > > It's definitely not Windows-only, although it is (at this point) still
> > > mostly Windows:
> > 
> > I'm not arguing with that, but links you're providing fail to illustrate
> > your point.
> > 
> > > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
> > 
> > Requires Java to be installed. A rare case on a Linux *desktop*.
> 
> Rare? I don't have statistics, but on one of my Linux desktops, I do
> some development work for Android, using IntelliJ IDEA / Android Studio,
> which depend on at least some Java components.

Numbers show that I was incorrect. Let's call it "unlikely" instead of
"rare". Let the popcon graphs speak for themselves:

https://qa.debian.org/popcon.php?package=firefox-esr
vs
https://qa.debian.org/popcon.php?package=openjdk-11


I agree with you that one should uninstall Java unless it's needed.
After all, they at Oracle always find something to fix in Java security
every three months, and this goes on for last ten years.

> I don't know if I have
> enough Java installed to be susceptible to the malware in question ;)

Famous Java's slogan "you write it once and run it everywhere" is an
exaggeration, to put it lightly. Chances are, you don't have that exact
minor update of Oracle JRE that this malware actually needs.


> Fair enough - but I see no reason why in principle desktop Linux will
> remain immune from ransomware.

It won't by itself, of course. One sure way to beat ransomware is to
take immutable backups (i.e. unmodifiable by host during and after the
backup is taken), and as recent history shows us - ransomware victims
apparently do not use this approach.

Another sure way is to forbid running executables downloaded from random
Internet sites, but no thanks to appimage, flatpak, snap, and Go Linux
desktop goes straight into Windows desktop direction.
And again, as recent history shows us - ransomware victims apparently do
not use this approach too.


Currently a Linux desktop is better in this regard, but I agree that it
may not remain the same.


> Even if Linux word processors are safer than their Windows counterparts,

Last time I ran Libreoffice I had that distinct feeling I'm running a
Java program. You know - long startup, eating memory like no tomorrow,
trying to write useless junk at least to four different places at my
filesystems, and eating the unhealthy amounts of CPU time in the
process.

I know that Libreoffice is written in C++, but the code quality of it is
definitely left to be desired. At least then the thing crashes (it did,
several times) it produces a standard core dump, not some unreadable
stack trace and a heapdump.

In retrospect, maybe feeding Libreoffice Draw that 800-pages PDF was not
the best of ideas, but no free software tool comes close to the
capabilities of Libreoffice in editing PDFs, and I really needed that
PDF to be modified (mass-replacing embedded fonts, to be specific).


On the other hand, Windows counterparts are typical enterprisey software
written by generations of overseas workers with the code quality (or
rather the lack of) that's expected from enterprisey software.

My opinion on this - both are bad. Lireoffice is better being free
software, of course, but that does not make it secure by definition.


> browsers are just full of vulnerabilities,

True. Every version of Chromium and Firefox fixes at least one.
Most of said vulnerabilities do cannot be used to get Remote Code
Execution (RCE) though. Which leaves us with "random download" scenario,
which I've discussed above.

> so why couldn't ransomware get in that way?

It could. In a lack of a proper execution environment (be it JRE,
flatpak, snap or whatever) - what should it do next? Wait for a user to
execute it?

Reco
Reply to: