Sometimes even official repo can be hacked, it just have to happen much less likely. Linux Mint had the experience that hacker successfully hacked a main server and serve malicious disk images, luckily moderator found out in 2 hours (IIRC) and put them down. Some of Git server were hacked, or owner had intentionally added malicious code to the repo.

@@nathanlamaire yes, Mint had the entire ISO hacked lol

@ you mean the website? that happen years ago? try to research dumb wincrap user

@@szymex8341 Oh yes I know but the problem only last for hours not even a day

having all files on home folder encrypted (as long as you have your backup) is better in comparing to unseen threat and malicious software running on background like what happend on windows. I'm not afraid of malicious program on linux.

Thats Fakhing true.

Just use temple OS for your server

Have you ever heard of Linode or KernelCare?

Everything gets infected at some point, but it's probably more rare than windows viruses

A lot of people presumably don't write viruses for Linux because there are a lot of people who don't use it, but yeah Linux computers and fileservers can get viruses

@@superslimanoniem4712 it's much more rare because a lot more people uses windows. Wait till linux gets super popular and easier to use, then you'll see more viruses

Which is why I stick to debian and use official websites when I have to add to the software store. The AUR, I'm sure is fine but when anyone can add packages in, seems like it would be easy for something to "slip through the cracks"

And those open source projects on Git are easily viewable, you can also view changes done.

@@IIGrayfoxII I'm not that technically gifted lol

It's wrong I think, look the archlinux with the AUR.

@Watcher oh ok, I didn't know. Like I said I've been on debian.

A person who never used Linux for a month talking about Linux users.

@@nerv4316 btw i use arch now, and i don't know what are you talking about, (if i did say something wrong ,feel free to say what wrong )

@@fatinebadr7244 I believe ```sudo rm /``` used to wipe the system.

@Polaris Lakewell d egenerate

You can do that to Windows as well. What are you on about

Or npm

True. However your should always check when updating/installing on a production environment. I dont recall the exact name or event, but some company that used npm got hacked because someone pushed a malicious package to the official repos that had an extremely similar name to another package.

@Dailox At the end of the day, linux is more "secure" because of the user behaviour tendencies instead of the actual system capability

They could still find a way in and run it by themselves.

@@daemonace5910 I mean if that were true then everyone would be using windows server instead ;)

+2

+3

Maybe because of the hardening comment...

@@kiiiburn yeah KZfaq is soft

I recently found a post on the void linux subreddit about PlagueOS which seems to be an ongoing project to make a hardened Linux distro. It might be interesting to check out

Because it's much safer to do that in windows?

@@daemonace5910 No, it's just that it is about as unsafe as doing it in Windows

Gets error about musl... I see this as an absolute win

Yeah, go through trusted repos if possible

@@markusTegelane yeah just don't use your computer, then you can't get infected...

maybe he runs a vm and does not set the time, so it looks like he is recording at 00:xx

@@rajat0610 doesn't happen normally

boring

Because no one gives a fuck.

Legend 🤣😅

Or you need to find a zero day.... In a code base which people from around the globe simultaneously missed....

It could be in an installation script of something else. A wget then chmod then run

@@raphaelcardoso7927 Anyways, you'll need to download stuff from outside source...

Yeah don't download software you don't know about and don't go to sketchy sites.

Good Opsec is the best line of defense.

Don't be fooled. Where is will there is a solution. Ransomware on Windows often deletes Shadow Copies.

@@ArthursHD BUT to be fair in Windows it needs Administrator Privileges in order to do so. So it's likely this'll be the case here as well.

@@regallomo you could do that but it would be cumbersome. I just keep a backup of my important files on an external drive. and yes you can set the file permissions to let you browse the files but not write to them.

Unless some virus can affect to root without password, everything can fix easily

Ransomware targets user data and user-data exists in non-root directory....

The command shown in this video was not executed as a superuser, and encrypted the entire home dir of the user.

Why would be harmful to run it with root when it encrypts YOUR files, if it destroyed OS files, reinstall and you're done

Even more important thing was he ran the program in a virtualized Ubuntu. Even with sudo, I suspect zero important files could be damaged.

And be careful with using a PPA. Try to do some research into who has written the PPA.

So the same in Windows then

AUR is not so good? Does that mean most Arch Linux users are fucked?

@@jonissesmarchadesch7025 if windows package managers didn't suck,then yes

@@thefoolishgmodcube2644 it's quite common for experienced arch users to warn against blindly installing AUR packages. It's fucked if you aren't installing trusted packages

I tried this command recently... F U LOLZ

@@RinksRides Please don't force remove anything unless you know exactly what it is. The rm command is to be respected, always

@@ReloadedK i had to delete the xorg conf file with rm once because my DE won't boot with it. i read the guide on how to use it like a medieval monk copying the bible

@@RinksRides never run random commands in Linux, expecially if you run it like an administrator (with sudo or doas or e ven directly by the root account)

I have now twice typed "rm -rf /*", trying to type "rm -rf ./*"

It could be within a bundle of executable admins use to configure stuff on servers, they may just runn all the executables sequentially in a folder without cheking them first.

@@ArmiaKhairy yeah, but I could literally whip up a bash script in like 20 minutes that encrypts all your data with a random password and leaves a scary message in every folder. The fact that this can be done to a system is not news, especially most Linux systems come with nice default encryption packages. What would be interesting is to see what mechanism does it use to get into the system in the first place. whatever is shown in the video is not even remotely interesting.

@@ArmiaKhairy If that is the case, you have a way bigger problem than that ransomware script. Someone can freely add things to your server. Plus give it execute permissions?

This is a good question. I hope it gets answered.

theres many stupid peoples saying linux infected by virus, ransomware, in reality they bloody download the file and give root permission...and say linux are vulnerable...

Come to think of it i do not see he is entering password there, could it be he give access to root

leave it to arch users to downplay and pretend that linux is all immune magical system, this is why we have a bad adoption rate, because of people being disingenuous and lying about the realities of linux, it's a great OS, but stop pretending its fucking magic. just stop.

True! As it was stated in 6:15

... and get a lot of "fake" hackers get turned for the profit. Source - human history ;-)

Actually tar preserves permissions. If a user downloaded tar archive, file inside could be marked as execuable.

@@swh77 whoa! That I didn't know. Thanks for this! When I am thinking about that, it sounds more scary than it sounds.

Because: 1. most hacker have no reason to hack linux as the number of people using it compared to windows is very very small. Meaning, not worth their time. Even if want to hack a linux computer, it would be a server from a big corps. 2. Most linux distro has no av because it's going to use too much ram. Making it not much better, or maybe even worse than Windows. 3. Most linux distro has no av because they knows that most linux user will download and install from official repos anyway.

only thing windows auto executes is Disk/usb/drives and you can disable this in the security panel, to make it "Asks" what to do or just don't do anything automatically.

Windows doesn't auto execute anything. Please don't spread false information.

@@bobbuilder8855 Oh Windows does auto execute alright. It auto executes Windows Update every single damn time. It executes it as admin. As soon as you plug in any device, Windows Update auto executes some proprietary driver installer from your device's vendor. It downloads arbitrary code and auto executes it as administrator, no UAC prompt either. Definitely nothing unsafe there..

@@bobbuilder8855 *hasn't by default since winxp

@@bobbuilder8855 All you need to do is get your program or script into the Startup directory. The use of "%USERNAME%" for the user name will make this the current user logged on at the time, and it will execute the next time that user logs on. There is no permissions needed to put this into the said directory. I did this to a friend of mine, without having physical access to his computer, and he struggled with his screen upside down for an hour before he figured out how to fix it.

*exactly*

Snap is proprietary software and complete treachery to the open-source community. Use Flatpak instead

As puppy linux user i guess this wont work, we use sfs or pet

Or run in a chroot sandbox

@@vaisakhkm783 even better

thought the same xD

Well I've been using windows for 20 years now and I've never even been infected with ransomware. I'm pretty sure everyone else here never been infected by ransomware either. Does this mean Windows is unhackable and ransomware on windows does not exist?

Well, you need *common sense* in order to not get a virus no matter what OS you're using, that's flawed

you have to do some seriously stupid sh** to even get as far as the video-op lol

*Most of Linux users

linux users arent any smarter than win users

Yea

It still gets reviewed

you can't just push code into the kernel without it being reviewed first. not how it works at all.

this is a bogus argument, the reason there isn't much linux malware yet is because the desktop userbase is a small minority compared to windows, linux programs have the freedom and more to execute malware just as bad as windows, this is true for essentially all operating systems that allow execution of arbitrary non-approved code.

This comment did not age well. I remember a bad actor compromised Linux Mint Distro. A Hacker modified the ISO and so he could create a Bot-Net. That would be much harder to do with closed sources software without a decompiler.

The third-party and anti malware products are subsidiaries of the virus propagators. You pay them ransom to infect other computers. No pay, they go away ...... Reformat your infected items and get on with your life. If you lost data, that's your fault for not backing it up.

You don't value your time my friend. You can't just reformat your problems away...

Yep. I know the 3-2-1 rule: 3 backups, two of them in the normal building but different servers and one anywhere else, at least in a different region at best in another country. And the rule: "No backup no tears for you"

nope. it's still double click on linux too lol

Java programs are OS and hardware architecture agnostic, so any malware made in Java will affect your Minecraft installation wherever you are.

Do you still have the logs

@@oqocraft2661 unfortunately no, the logs were deleted and ofc backup logs don't contain the relevant information.

Well... You could still be infected my mailware and ransomware. Not targeted for you - just a random one.

I do acknowledge that there can be vulnerabilities that go undiscovered for years. The creator of this video makes it sound like what he does in the video is something that linux users do all the time. Although it may be moot point, I'd also like to note that I've seen many articles talking about these vulnerabilities, I don't remember, any of them saying that they had been exploited in the wild.

Well, this video was not an example of remote code execution. And no, it does not happen "all the time" in Linux. Don't mix up the discovery of a code vulnerability that could *potentially* be used for RCE and the creation of an actual exploit.

@Idk Gaming thats epic

Good luck reading every *.ELF file ;-) That wasn't a BASH script in the video.

not practical since that will take a LOT of storage and most distros only backup / without backing up the home folder

@@szymex8341 yea I know, for system files it's alright, but for /home it takes way too much space.

@@kquote03 Takes 8gb on my setup...

@@djdeetsdroppingthosefunkyb1236 Things like "for how long your setup is running for" and "how many snapshots" obviously affect.

@Watcher I'll be honest. I agree. I guess my comment about it taking way too much space was just an isolated issue as I do work with many heavy files.

Everything, you got the source code for the kernel. But you need to understand how things works, and thats a huge problem :D

Route everything through Tor

Look at the code first.

@@jasoncravens1124 The code to what? The kernel or all the GNU stuff I use on top of the kernel? Um, no

@@joejavacavalier2001 No, not everything, some bullshit suspect file. Like a .elf file that you have acquired "somewhere" and have intentionally marked executable (which he did , and didn't show you) and then manually run from a terminal. You may want to take a look at that first. Point is, you are on it. Because that is what you can do. This would never happen, not ever. What is this, your first day on a linux box? And I don't think it would happen then, either. This is very misleading.

i don't think it can the same is true for windows if you can't access it the virus can't unless they get root & even so if SELinux is installed it adds security giving a process specific files/ports it can access/execute so even with root it can't do everything or at least that's how i understand things

@@genericgamer1319 Yeah that's what I though and why I call bullshit. If I'm not wrong, windows can silently get permission to execute software with "administrator" privileges and also most of the files doesn't need that anyway so they are less secure. So this guy tells use that a malware (which is really a regular program) can infect linux. No shit Sherlock!!!

@@godnyx117 You're right. Windows runs in user space, as opposed to Linux, and that's why, when user privileges escalate, programs can compromise the whole system, and not just user's environment.

That doesn't work on Ubuntu. :)

dont run crap you dont trust

AppArmor, Seccomps, Good DAC (Dicresionary Access Control) rules, SELinux, Capabilities...

@@refusist Which is basically kinda easy to do with package managers. Most of these attacks are targeted at organizations anyway, not at desktop users. That said, backups are always important.

@@tablettablete186 I would also add Firejail and, technically speaking, if you would run ransomware file in the --private mode you would probably not be encrypted as it creates the temporary directories just for the run file, although I'm not cofident enough to try it by myself :P

@@refusist Same for windows

i dont know why linux users are trying to pretend like its any harder to run malware on linux, it's not, stop trying to be disingenuous for sake of argument, linux has the ability to run code as dangerous and more than windows.

And 21.10 is releasing in a little under 2 weeks

Common sense

Just so you know, anti-malware software for linux typically only scans for windows malware.

@@rexempire3365 Thank you for the reply 😊👍. I'm just genuinely curious if anyone is using anything( other than clamscan antivirus ) to deal with malware on *nix pc's.

Do you think you could know 100% about any virus? ;-) It's somewhere from the DarkWeb most likely.

@@igorthelight Do you even understand how new files on linux work.

@@finoderi You mean - who gave it +x permission? :-)

Someone who has to use proprietary software. There are a number of proprietary installers that I have used that are installed exclusively this way, almost always with mandatory root permissions as well.

Only if you're falling for scams and shady pages downloads, it's not like you would get any virus if you use your PC with common sense The example of the program from the video uses basic file system functions in order to fuck everything, it's not exploiting or anything, just a program that decided to use normal functions

@@gonzalolog 👌👍

That opinion is outdated by about 10 years. You're going to need to walk that statement back quite a bit. Your first statement about "literally have to download ransomware yourself" applies to both operating systems. The vast majority of ransomware events I've cleaned up have occurred because of someone opening an attachment in an email. They didn't literally download the malware themselves, they simply clicked on a file that was spear-phished to them. Furthermore, there is also zero-click threat vectors. These use exploits and require no interaction from the end user and this does happen to both. For example: I have seen an organization get ransomware on all their Windows servers and computers. They then attempted to use their back up and disaster recovery server (BDR) that was running a Linux distro, only to find that the threat actors had compromised this system via exploits as they were on the network. The minute the org attempted to access the backups, they literally watched all of them get deleted. We have to set up a dirty network and a clean network when we recover now for this reason. We NEVER access backups without setting up a clean network with computers that have hard drives that are brand new or reformatted. The dirty network is where we disconnect from the WAN and start disinfecting via swapping clean drives. It takes a lot longer to recover now for this reason because these RaaS organizations are as well funded and talented as APTs from governments. Thinking you're save because Linux on an infected LAN is what a pseudo techie hobbyist says. My advice is you don't bring this up in a job interview if you ever get into cybersecurity. There's also a reason we have to VLAN linux based IoT devices now, because these devices have crummy stripped down versions of linux with terrible security. These devices get hacked A LOT. After a threat actor gains a foothold, they then pivot from the linux based IoT devices laterally to Windows devices. Seriously, don't underestimate the abilities of these ransomware gangs, they will clean your precious linux's clock if they get onto your network. They target small businesses frequently because they are easy money. Most of us in 2022 consider Windows to be the more secure of the two because it has been exposed to so many threats for so long. We have tools now like Zero Trust Frameworks, application ringencing, next gen endpoint agents, larger security patching teams. Centrally managed and highly developed tools are not a thing yet for Linux (unless you work for a huge firm with tons of cash to buy enterprise grade tools). Easily accessible security tools are still in their infancy for Linux and it's way behind. I always laugh at these Mac (yes I know it's Unix) guys who say Macs can't get viruses, when I literally just had a notice from our SOC a few weeks ago that one of our Macs has malware on it. Great, I have an eye twitch now.

@@281cu6 Your statement has weight; however, never has my Being ever had its hard drive completely unusable by any Linux distro(s). However, in Windows, that problem has always almost occurred. By my own experience between the two, Linux has provided my system with a way better protection then Windows.

@@SabiazothPsyche With the advent of OS agnostic ransomware and the fact that it just requires a mouse click to deploy makes it an equal risk for end users on both OS's to be socially engineered, which is the vast majority of hacks. Windows with a proper GPOs, next gen AV, SIEM, MTR with a SOC, application whitelisting and ringfencing (even root or system access can't defeat [actually had to turn that off to allow a pentest to proceed]), makes it nearly impervious. Linux on the other hand doesn't have many of technologies mature enough and would then need enterprise dedicated network appliances off of he workstation to accomplish some of it. The minute REvil has a foothold in your LAN, you're done. Linux has privilege escalation and arbitrary code execution vulnerabilties coming up with high CVSS scores constantly these days, just like Windows. I am literally typing this out on my laptop running Mint. I am NOT a fan of Windows, but I had to set aside my bias and recognize times have changed.

Same for smart Windows users ;-)

True ;-)

Just format your drive and install the system. If you don't know how - ask someone who knows ;-)

@@igorthelight hmm that was a problem 2 months ago and I already used diskpart to clean my drives multiple times now I'm running win 11 no issues

Same difference. Unix. With *nix (linux/unix) it's mostly the same as far as running software. Same terminal and everything.

@@jasoncravens1124 Mac is closer to FreeBSD if I'm not mistaken. Almost the same thing. Not exactly but close.

Wow

@@sugar.066 it is not a bug, it is feature (c). Default policy to kill any users process that writes more than two files will be enough. Kill any user process that makes more than one child process. Kill a process if it have more than two processes in its family chain. Do not allow mass operations. It is so simple.