Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Linux malware protection (Wolfsbane, Firewood)?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
carcajou
Apprentice
Apprentice


Joined: 10 Jun 2008
Posts: 249
PostPosted: Sat Feb 08, 2025 12:40 pm    Post subject: Linux malware protection (Wolfsbane, Firewood)? Reply with quote
Hello all.

This is more a general question because I ran into following article:

https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/

It seems that Linux is becoming (or it already became) a more appealing target to the nice guys that author this kind of software. My question is - how to protect from this? What are some good preventive measures? Of course, besides being sane. Primary I'm interested in desktop systems, but I guess many things are common for server systems as well.

Thank you.
Back to top
View user's profile Send private message
BurningMemory
n00b
n00b


Joined: 17 Jan 2023
Posts: 56
PostPosted: Sat Feb 08, 2025 1:35 pm    Post subject: Reply with quote
Hello there! There is two ways to go. What you want to do is avoid
unknown websites, downloading and running unknown software (by unknown people
as well), and just being careful on the internet. Also, make sure you enable a firewall
on your machine. Besides that follow the most important advice - update your system
if it goes on the internet.

If you really want to be paranoid about it, then use virtual machines or even operating
systems like Qubes. Speaking of virtualization, Gentoo supports KVM and XEN both of
which are great. Also, avoid installing too much software that you don't actually
need per say. That is besides technical stuff.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3499
PostPosted: Sat Feb 08, 2025 2:21 pm    Post subject: Reply with quote
Quote:
My question is - how to protect from this?

With segregation and separation. For starters, Linux has multiuser capabilities we hardly even use. Default umask is too lax, there is no need to allow all users (daemons) into each others $HOME for example.
Running the less trusted programs from a guest account (which can't access your $HOME and daemons' data, if you set their permissions right) is a good start... But I'm leaning more and more towards CubeOS approach, since bridging isolated boxes in a sensible manner seems much easier to get right than separating a single space into multiple independent pockets.

I doubt the claims that XEN is as small an easy to audit as Cubes website says; You can't have XEN without Dom0, so we totally should consider whatever is running there to be a part of the hypervisor.
Still, I do think it is a good direction. It's just not "clearly better than KVM, which requires full Linux kernel"
I'm not a fan of antivirus software. Identifying threats is difficult and takes time, and while it can stop damage from spreading to other users, it can't unleak data which has already been leaked (Because you do have backups, right? Riiight?)
_________________
Make Computing Fun Again
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54845
Location: 56N 3W
PostPosted: Sat Feb 08, 2025 2:33 pm    Post subject: Reply with quote
carcajou,

There are no technical solutions to social problems. That takes practice ... if in doubt, don't.
Technical approaches are only aimed at damage limitation, not prevention.

A paranoid firewall can help
DROP everything inbound that you are not expecting
REJECT everything outbound except that which you explicit permit. Reject, not drop because you want the logs.

This helps stop the bad guys phoning home and blocks lots of outgoing traffic you didn't know you had.

Security is like the layers of an onion. Identify your threats and deploy the defensive measures to meet those threads.
Do not plan/expect to be 100% successful, the idea is to make an attacker move on to an easier target.

There is also a trade off with usability.
e.g. Unplugging the network cable helps security but it reduces usability to the point of making a desktop system difficult to use.
Turning off javascript may be a price you are prepared to pay
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy