Our CIO on Ransomware Cyber Outbreak

...

Linux and macOS are not vulnerable to the current ransomware attack, because that attack only targets Windows and uses Windows-exclusive vulnerabilities.
Linux and macOS don't have a general immunity against ransomware. Ransomware exists for them, and is a real danger. But they're not affected by this particular instance.
Definitely keep them up to date. Anti-virus may or may not be a good idea too, I've heard a lot of conflicting information. I don't use it on my own Linux systems.

I kind of agree with his point of view if a rich company uses linux on all their computers, a hack could cost millions.

But for personal computers? No.
Also, linux is literally immune to windows viruses. Somebody would have to design a linux-only virus and then design a way to get it into the actual computer (in a way that infects all the other ones as well), which is harder than on windows (I presume).

Not only that, he got infected by a malicious flash application as root. He was really asking for it.

Your pakage manager is good anti-virus. To delete systemd!

...

What about Wine? What about portable software written in Java or C#?

Do you even know how wine works?

I only use it occasionally. Can you enlighten me?

AFAIK it just provides .DLL files and an DirectX->OpenGL translation layer

He is right, but at the same time that's a completely useless answer because you should be doing those things anyway. That's like when the doctor tells you to not drink or smoke, eat healthy and exercise. Well, no shit doc, I didn't need you to figure that out. It's just a template advice they give out when they don't have any actual advice to give.

Its goal is to run unmodified Windows binaries with a minimum of fuss and integration problems. How does that not make virus.exe dangerous?

Wine doesn't emulates windows application, it acts as a wrapper api that translate running program into something that can be understand by gnu/linux. It also doesn't need to be run as root.

ClamAV doesn't search for GNU malware because there is basically no database for it. The primary purpose of ClamAV is to search for Windows malware.

It's very useful, for instance, for a mail server so you can check if there is malware in a mail before sending it or in an FTP server or something.

There really is no way of checking for malware in GNU distributions right now. That's why software repositories such as AUR and PPA should not be trusted, and code should be checked before executing it.

It becomes really scary once you notice X11 is such a piece of shit that literally any program running, with or without root, can grab your mouse/keyboard input.

To summarize, security in GNU comes mostly from obscurity, good design choices and trustworthy maintainers. There's really no way to tell if a package is malicious or not right now.

Actual CIO don't really know a lot of things I have only meat one or two that weren't hipster fear mongering faggot and that were truly competent and passionate about what they where doing.

It's a compatibility layer to run Windows programs as native GNU/Mac OS programs. It can be infected by malware, though I find it unlikely since they usually really on other packages/processes or vulnerabilities not programmed into Wine.

Not to mention, the file system works differently and modifying the Wine registry shouldn't have any impact to your operating system (it could still, technically, delete or modify files in your /home/ folder since Wine symlinks some folders like My Images and My Documents to ~/Images/ and ~/Documents/, respectively.)

I remember reading a thread in Wine forums a while back of some guy complaining that his mounted Windows partition got infected through Wine, so it's possible.

Wine exposes / as Z:\. Programs can access all files they have permission for.

Really? I thought Z:\ was the ~/.wine folder and that it only symlinked the generic /home/ directories.

I guess now I know why Wine warns against running it as root.

From the Wine FAQ:

wiki.winehq.org/FAQ#Is_Wine_malware-compatible.3F

HAHAHAHAHAHAHA! HOLY FUCK!

What if you sandbox your operating system inside a virtual machine running on a system that only allows network traffic for the virtual machine, and have a backup of the virtual machine in case the virtual machine becomes compromised?

You can delete Z:\. You'll only be able to execute wankblows programs from .wine, but they shouldn't have access to your root filesystem if you delete Z:\.

That's correct.
Do you even CVEs?
security.gentoo.org/

Only if the purpose or one the purposes of the machine is to check stuff that is going to be opened in windows machines, like email attachments and stuff.

I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.

What would you be doing with wine in the first place?
Other than video games, I can't imagine it being used at all. I mean, if you work in an office, you probably only use libre office (calc, writer, impress meaning excel, word, power point) and the internet browser (firefox, chrome, whatever).

Sure, you might need it for some other windows apps, but then those applications were probably tested prior to installation and usage.

There's apparently also this

but as I said above, linux is literally immune to windows viruses. If you don't have wine or you do then your linux is 100% safe.
Sure, you might infect other windows computers if you transfer infected files to them, but that doesn't affect *you* in the slightest.

Just removing Z: would probably stop some attacks, but it doesn't make you 100% safe. Parts of your filesystem are still exposed in other places, and there are plenty of other tricks to break out. Wine is not a sandbox, and sandboxing is not even a goal. It's still very dangerous.

so gentoo or arch, got it

yup i'm seeding mcaffee-antivuris-2014.exe.torrent

There is. It's called rkhunter. chkrootkit also works, but isn't as good as rkhunter.

Also, you can run X11 without root with systemd, but that doesn't solve the universal capture problem. That's a problem solved by Wayland, though. Anyway, you should be fine if you fine tune the permissions in your /home. Set your /bin to read only and change the owner to root, and do the same with bash configuration files and other init scripts (it's not like you are going to change them often). If you use a sandbox on top of that for vulnerable o suspicious programs like browsers, IM and other chat programs, proprietary shit or programs from untrusted sources, you should be fine except for very targeted state-tier attacks*.

* That is, until you find an exploit capable of breaking the sandbox through X.org, which is all too likely

Not really. Debian maintainers backport all security patches.

This bullshit should be filtered. Fucking hell, spam/flood does not contribute anything.

...

no we need bleeding edge updates

...

They also complain about false positives 99% of the time, and only give ammuniation to the retarded schizo grsec ricer types who run them without a clue and then spam every communication channel with demands for support.

Why would anyone even target linux users for ransom? Everyone knows linux users are generally poorfags.

MacOS on the other hand. It's userbase is full of gullible hipsters and apple users by definition don't have any problem wasting lots and lots of money. They're the perfect target.

I think you meant GNU/Linux.

I'd just like to interject for a moment. What you're referring to as GNU/Linux, should be written as Linux/GNU, or as I've recently taken to calling it, Linux plus GNU. There is no doubt that the kernel is leading and that GNU bit is just a bunch of shit that comes next.

Well if they updated their Windows computers there wouldn't have been a problem either. The whole point in updating your system is to stop known exploits from being used against your systems. When you don't patch a known RCE vector for 2 months, you get exploited.
The whole point in antivirus is to clean up after a known malware attack using an unpatched exploit vector. It could block ransomware, but for that to happen, the ransomware has to be first used against some other system and caught and analyzed and made into a signature, and then your antivirus definitions have to be updated after that.

Running firefox as root doesn't present any security risk to a desktop user. Firefox normally runs as your user which means all of ~ (you know, the stuff you actually care about) would be accessible to firefox. Where do you niggers come from? There's always some idiot like you in this thread.

Maybe no one wants to update their Windows computers with all the telemetry botnet. Updates are supposed to fix things and add functionality, not break them and add malware.
Most cautious people run firefox as another user.

*paranoid

this is a bad thing now?

That's obviously correct. I like firejail. The only folders fireshit can access in my /home are: Downloads, .mozilla, .cache/mozilla and very few folders in .config.

If it comes from Microsoft, it is not malware by definition. If you believe Windows is malware, then you're a moron for running any form of proprietary software.

sudosatirical.com/articles/richard-stallman-interjects-local-mans-funeral/

Jaysus mate. You don't ACTUALLY believe that this place is capable of having a serious discussion?

GNU/Linux actually has anti-virus programs? Like what?

ClamAV

...

How to WHITELIST apps in Windows?
For Pro+ editions open gpedit.msc > Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies
Define your whitelist. Congratulation, you have just defended yourself against every malware which doesn't exploit the Windows kernel. Wasn't so hard, was it?

For Home users, 'Parental Control isn't that bad either.

Not really.
Learning how to use loonix requires autism, dedication and free time. Things that poorfags generally lack.

Dr Pavel, I'm CIO