Linux malware evades detection for upwards of 3 years, not sure how

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
Speed of patching only matters once vulnerabilities are noticed/public.

We are not talking about Intel.


tish.gif
 
Last edited:

travm

Gawd
Joined
Feb 26, 2016
Messages
960
The fact it's found shows that open source is working as intended. Unlike Windows which had a vulnerability for 12 years. How about Mac OSX's malware that went undetected for years? The only thing negative that can be said about Linux is that this malware was undetected for so many years because too many people believed it didn't need an antivirus. The opposite of what people think of Windows.
None of it is negative. Just that some people literally scream from the rooftops that linux is more secure "insert reason here". Its just not true.

The only reason it was found is because the university wrote a paper about it. Claiming it was because of some open source magic is patently false.
 

travm

Gawd
Joined
Feb 26, 2016
Messages
960
Yes, it's easy if you are sending patches from a respected (well no longer lulz) university email under the tutelage of a formerly respected professor(s).
Open source software is neither more nor less secure; however, when issues are found they can be tracked and fixed in the _open_, with full visibility by anyone.
I'm not going to research into this, at all, but that only works for the UoM example. Also we're talking about kernel level security issues, not some two bit malware code embedded or injected into an application.
 
Joined
Dec 7, 2010
Messages
901
I'm not going to research into this, at all, but that only works for the UoM example. Also we're talking about kernel level security issues, not some two bit malware code embedded or injected into an application.
You are side-stepping the fact that historically much of Linux/GNU/hacker-culture (hacker=programmers, not that modern shit) was based on trust and respect. These students/advisors knowingly submitted shit code using their trusted university email addresses (https://lore.kernel.org/linux-nfs/20210407001658.2208535-1-pakki001@umn.edu/ - coincidentally this patch was called out for being shit upon submission lol).

The volume of patches on LKML is insane and maintainers do what they can to review. Reality is that lots of small, bad code will get through. However, it's much easier to find such bad code than it is in a proprietary program. The volume of code is the same at any closed-source software company. The difference is you don't have a public mailinglist (and code repositories) where literally anybody from high school student to PhD candidate to CTO of whatever can inspect and participate in development.

Security is ultimately about trust and verifiability - I assert that both of those are only possible with open source software.
 

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
I'm not going to research into this.

I did a bit. The people in question had submitted patches and they were actually detected. There were previous patches from the university which were to do with ancillary machines that they used for their own research that pretty much only that university used. So those patches would of only really harmed the university. That said, previous patches were being looked into to see if they were legit. I believe all of them were. Maintainers have a hard job and can't catch everything.

Which is why i think submitting malicious code should be a treasonable act punishable by law.

None of it is negative. Just that some people literally scream from the rooftops that linux is more secure "insert reason here". Its just not true.

The issue here is that anyone from any country and any age demographic can claim anything, It's the internet. If you go into an echo chamber like on reddit your going to see lots of group think and very little deviation.
Linux is very secure by design imo, but this means very little when anyone can submit malicious code.. which is not strictly true because maintainers but there is a 'whack a mole' element involved with such a large project.

But to counter that, what even is security when you are running an operating system from a giant megacorp that probably has backdoor access from state agencies all around the world.
 

travm

Gawd
Joined
Feb 26, 2016
Messages
960
running an operating system from a giant megacorp that probably has backdoor access from state agencies all around the world.
I agree with everything you've said, except I'm skeptical on this. Why is megacorp more likely to install backdoor than say, any other person submitting code to the linux kernel, or the linux devs themselves? Honor?
 

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
I agree with everything you've said, except I'm skeptical on this. Why is megacorp more likely to install backdoor than say, any other person submitting code to the linux kernel, or the linux devs themselves? Honor?

Profit, from a corporations perspective. For Linux, the maintainers are hand picked and have decades of experience and come from a enthusiast background.
At the end of the day it's humans at the keyboard and there are shit heads everywhere as such there is no future guarantee, no software project is going to be perfect. But there is one defining difference here.. there is no honor in corporatism.

This is why i think the law should come down as hard as it can on bad faith actors who insert malicious code.

edit* Not just within the opensource world but also in the corporate world.
 
Last edited:
Joined
Dec 7, 2010
Messages
901
Profit, from a corporations perspective. For Linux, the maintainers are hand picked and have decades of experience and come from a enthusiast background.
At the end of the day it's humans at the keyboard and there are shit heads everywhere as such there is no future guarantee, no software project is going to be perfect. But there is one defining difference here.. there is no honor in corporatism.

This is why i think the law should come down as hard as it can on bad faith actors who insert malicious code.
I think much of Linux kernel development is still in the hands of enthusiasts/people interested in technology for technology sake - and not just pursuit of a paycheck.
This is also true of those contributors employed by Intel, IBM, AMD, etc (I know, I work on kernel/firmware at one of those places). I am talking about "core" kernel work - not the wild west that is /drivers :D
 

cybereality

Supreme [H]ardness
Joined
Mar 22, 2008
Messages
7,024
I wonder if what those students did could be illegal on current laws. Like if the code got pushed, and someone else exploited the flaw, could they be held for damages (maybe in civil court)?

Is creating a backdoor itself a crime, or only if you exploit it? Either way, those kids probably not gonna have a good time finding a job with that on their record.
 

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
I think much of Linux kernel development is still in the hands of enthusiasts/people interested in technology for technology sake - and not just pursuit of a paycheck.
This is also true of those contributors employed by Intel, IBM, AMD, etc (I know, I work on kernel/firmware at one of those places). I am talking about "core" kernel work - not the wild west that is /drivers :D

Agree. And It's more than just that, the Linux kernal is now so central to global operations that if it fails it could cause catastrophe and it's only going to become more important as Microsoft moves their base and contributes to it. There is a reason beyond money or enthusiasm to keep it working and secure. It is essential for the upkeep of 97% of all the worlds servers, industrial machinery, medical devices, airspace, military & robotics equipment. Not to mention energy facilities including nuclear power.

I wonder if what those students did could be illegal on current laws. Like if the code got pushed, and someone else exploited the flaw, could they be held for damages (maybe in civil court)?
Is creating a backdoor itself a crime, or only if you exploit it? Either way, those kids probably not gonna have a good time finding a job with that on their record.

It depends on the scale of the effect. I mean, when a child's baby monitor stops working in hospital because of a kernal panic due to (provable) malicious code is that against the law ? When a centrifuge stops working ? When a robot on a production line swings out of control and kills someone ?

idk. seems like intentionally breaking software for malicious intent is borderline cyber terrorism.. But "iTs JuSt a PrAnK bRo"
 
Last edited:

idiomatic

Limp Gawd
Joined
Jan 12, 2018
Messages
231
If your threat model involves a nation state, you are fucked. They are in your system. Part of that is the NSA wants to be sure they can be in your system too.

If you aren't doing something that sensitive then yeah, you have a shot at security. But its going to be expensive and a pain in everyone's ass.

So don't be worth the hassle. Make the hassle slightly higher than whatever you are securing.

Incidentally this is why blockchains become geometrically more energy intensive with the market cap of the blockchain. They are secured by constant energy expenditure high enough to make it not worth the hassle of hijacking the blockchain.
 

ThreeDee

[H]F Junkie
Joined
Sep 5, 2001
Messages
11,171
This is their last refuge, before Microsoft moves almost entirely to a Linux based "operating system". Change is difficult. I imagine some are afraid that moves towards a more opensource friendly microsoft might affect their livelihoods.
I think that would be great if Microsoft did that .. BUTT! ... I don't care either way as long as the stuff I use works and I can play my games without too much fanfare
 

cybereality

Supreme [H]ardness
Joined
Mar 22, 2008
Messages
7,024
Well, Microsoft is not the same company it was 25 years ago. I think they might do right with Windux (or whatever MS flavored Linux distro inevitivably comes out).

The writing is on the wall. Visual Studio Code and Edge getting Linux releases (and Windows Defender too, lol). The Subsystem for Linux getting constant development. Their whole Azure cloud. They are deeply invested.

I think it might be a good thing if done right. They really don't seem to care much for Windows anymore, and they've reduced their headcount on those teams, it seems natural to just move to Linux.
 
Joined
Dec 7, 2010
Messages
901
Well, Microsoft is not the same company it was 25 years ago. I think they might do right with Windux (or whatever MS flavored Linux distro inevitivably comes out).

The writing is on the wall. Visual Studio Code and Edge getting Linux releases (and Windows Defender too, lol). The Subsystem for Linux getting constant development. Their whole Azure cloud. They are deeply invested.

I think it might be a good thing if done right. They really don't seem to care much for Windows anymore, and they've reduced their headcount on those teams, it seems natural to just move to Linux.
IMO they are even worse than 25 years ago. 25 years ago they called "open source" and (GNU)/Linux a cancer and avoided it at all cost.
Now they've basically become the cancer within (FL)OSS - distributing "open source" software such as vscode which always _happens_ to include proprietary binary blobs (ie. vscode's remote server).
The same is true of most of their kernel patches so far, they are merely APIs and such - once distros start using them and become dependent on running under WSL (wtf kind of braindead name is Windows Subsystem for Linux, if anything it's Linux Subsystem for Windows) it's game over.

No doubt about it - when the time is right and as many developers as possible are locked-in, Microsoft will come down hard with nickel-dimeing/"services"/licensing/etc. Guaranteed.
 

TeeJayHoward

Limpness Supreme
Joined
Feb 8, 2005
Messages
10,701
I used to love the *NIX mindset, but it's changed in recent years. Let's say you use bash as your shell, and a new version comes out. Included in the code is some sort of functionality that a college kid made for kicks - You can print to a printer instead of to a screen. Well now you need CUPS installed. And CUPS recently added a GUI functionality which nobody will ever use, but it's in the dependency list too, so now you need a window server like X11 or Wayland, but that requires a window manager, which for some reason requires a web browser, which requires... It just goes on and on until you've got a 10GB OS with a broad attack surface when all you wanted was a kernel and a shell.

I've got a challenge for you greybeards. Install Linux without Python. Yes, the programming language. No python dependencies, no libraries, nothing remotely related to python. Pretend that you hate that language or that it's secretly Russian malware. You basically can't use the system. EVERYTHING in Linux has python as a dependency. Heck, I think you even need it for the kernel these days.
 

Jagger100

Supreme [H]ardness
Joined
Oct 31, 2004
Messages
7,644
Linux' virus resistance was not having the default login be root. This hasn't been maintained.
In reality it is a culmination of many components.

https://www.fosslinux.com/42926/is-linux-an-operating-system-or-a-kernel.htm


also as with Linux things are complicated:

https://www.gnu.org/gnu/linux-and-gnu.en.html

its a long read but tl:dr. It has just been easier to say linux is and operating system, which it is 'a system of operation' yes.
And Windows is a exemplar of well planned coherent optimized minimalist code. :rolleyes:
 

Jagger100

Supreme [H]ardness
Joined
Oct 31, 2004
Messages
7,644
None of it is negative. Just that some people literally scream from the rooftops that linux is more secure "insert reason here". Its just not true.

The only reason it was found is because the university wrote a paper about it. Claiming it was because of some open source magic is patently false.
Used to be more secure as default log in did not have access to root power. Since it's becoming more and more windows like in default installation, security has gone down.
 
Joined
Dec 7, 2010
Messages
901
I used to love the *NIX mindset, but it's changed in recent years. Let's say you use bash as your shell, and a new version comes out. Included in the code is some sort of functionality that a college kid made for kicks - You can print to a printer instead of to a screen. Well now you need CUPS installed. And CUPS recently added a GUI functionality which nobody will ever use, but it's in the dependency list too, so now you need a window server like X11 or Wayland, but that requires a window manager, which for some reason requires a web browser, which requires... It just goes on and on until you've got a 10GB OS with a broad attack surface when all you wanted was a kernel and a shell.

I've got a challenge for you greybeards. Install Linux without Python. Yes, the programming language. No python dependencies, no libraries, nothing remotely related to python. Pretend that you hate that language or that it's secretly Russian malware. You basically can't use the system. EVERYTHING in Linux has python as a dependency. Heck, I think you even need it for the kernel these days.
Not going to disagree with you at all. It is really sad to see the bloating over the the last 15 or so years...
Some distros still try to remain "minimal" eg. Alpine and Void Linux - but they each have their own quirks.
 

Lakados

2[H]4U
Joined
Feb 3, 2014
Messages
3,868
So it looks like they have now identified 4 versions of this in the wild. All of them scan clean, so you physically have to go hunting for it.

It seems to have 12 main functions which are mostly aimed at stealing data, monitoring plugins and system status, and executing plugins as needed.

Still no updates on how it gets in or how it spreads.
 
Joined
Dec 7, 2010
Messages
901
So it looks like they have now identified 4 versions of this in the wild. All of them scan clean, so you physically have to go hunting for it.

It seems to have 12 main functions which are mostly aimed at stealing data, monitoring plugins and system status, and executing plugins as needed.

Still no updates on how it gets in or how it spreads.
It apparently likes to masquerade as `systemd-daemon` and other `systemd-*` things - so I suppose my runit based systems are safe.
If it's undetectable maybe just another one of Poettering's "features", he probably heard Windows has telemetry so figured systemd needs it too haha
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,271
Used to be more secure as default log in did not have access to root power. Since it's becoming more and more windows like in default installation, security has gone down.

Um, what? When I login to my Ubuntu 20.04.2 installations, I have no access to root by default. I have to you sudo or an equivalent in order to be able to gain any sort of root access, such as when I am install with apt-get.
 

auntjemima

Supreme [H]ardness
Joined
Mar 1, 2014
Messages
7,684
So it looks like they have now identified 4 versions of this in the wild. All of them scan clean, so you physically have to go hunting for it.

It seems to have 12 main functions which are mostly aimed at stealing data, monitoring plugins and system status, and executing plugins as needed.

Still no updates on how it gets in or how it spreads.
So telemetry. But... Linux doesn't have that
 

Nobu

Supreme [H]ardness
Joined
Jun 7, 2007
Messages
5,829
It apparently likes to masquerade as `systemd-daemon` and other `systemd-*` things - so I suppose my runit based systems are safe.
If it's undetectable maybe just another one of Poettering's "features", he probably heard Windows has telemetry so figured systemd needs it too haha
Would not surprise me if it was actually a patched version of systemd supplied by MS. Would be funny, honestly.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,774
It doesn't help that most Windows software is distributed as EXE/installer blobs with no access to the source code - it's almost trivial to add malware/spyware, repackage, and redistribute them.
Checksums, building from source, trusted repositories etc are just not a thing that the average Windows user even understands.
I would argue that the majority of devices actually run GNU/Linux (including small IoT crap, servers, ATM software, all major cloud providers - even Azure!, etc).
1. If you get your software from a reputable site, you're unlikely to have that happen
2. If every windows user switched to Linux, they still wouldn't understand those things.

It's all about the numbers. Put hundreds of millions of users on *nix and the malware will be designed for *nix.
Let's not forget it's only been 25 years (give or take) since a Unix hack took down the backbone. How? Can't recall the exact attack but as I recall, it was an exploit that had been fixed, but nobody bothered to install the patch.
Not coincidentally, that's how most windows attacks happen too (which is why MSFT forces updates on 10 users, unless they're running enterprise or Pro (and they make changes in the settings).
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,774
This is their last refuge, before Microsoft moves almost entirely to a Linux based "operating system". Change is difficult. I imagine some are afraid that moves towards a more opensource friendly microsoft might affect their livelihoods.
You seem to be under the impression that windows users give AF about the kernel. We want a supported OS that works with our apps and has a good GUI. If MS actually went full *nix, it'd be the biggest *nix desktop build in the world and people would, by and large, stick with it.
Auntkojima says otherwise!
View attachment 352948
I'm sorry, last I checked, we were talking about desktop Operating Systems, not embedded systems and phones (though the latter definitely has malware, as a simple google search shows).
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,774
Also, people use the argument that Linux is not used so that is why there is no malware. That makes sense for certain kinds of attacks, sure. But Linux is far and wide the most popular for servers.

Those servers (running Linux) are the ones with the really juicy information: credit card numbers, email/mailing addresses, user databases, all sorts of financial and medical documents.

While there are Windows servers, sure, even Microsoft uses Linux in the cloud so that should say everything right there.
Big difference between attacking a typical windows box, which has software installed from disreputable sites, never mind opening attachments from addresses that are often obviously fake to most reading this post, never mind a network admin, and a Linux administrator, who likely tests every piece of software in a sandbox, and/or test server, before it goes to a production server.

Completely different use cases. It's the difference between robbing a bank with no guards and bank tellers that don't know they're being robbed until after the getaway car is 500 miles away (and they have no idea who the robbers were, much less what car they drove away in).

And TBH, it's worse than that, because most attacks on windows exploit vulnerabilities that were patched months earlier. About 10 years ago my last company got infected by some exploit that was running rampant thorugh windows. It had been patched at least 3-6 months earlier, but at that time they relied on end users to patch their machines and non technical end users (and in some cases highly technical end users) don't patch. I can't count the times I've visited a friend who's an engineer that works on particle accelerators and found his windows box hadn't been patched since the last time I used his computers (which in some cases was 6 months to a year).

That's the primary reason windows machines have problems.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,774
I think Windows going Linux would be the same as macOS being based on BSD. Only real nerds know the connection, for average Mac users they have no idea and no reason to care.
The only mac users that I knew that cared were programmers. They loved it, because it was a great machine for working on *nix software/connecting to the servers.
 

cybereality

Supreme [H]ardness
Joined
Mar 22, 2008
Messages
7,024
Well the other problem, is that most Windows users actively don't want security.

They complained when Windows Vista added privilege escalations confirmations. They don't like auto-updates and use all sorts of hacks to disable the updates.

Don't want to give up like 5% CPU perf so they disable Spectre patches, etc. Not to mention downloading software from the high seas with all the extra free "gifts" that come with it.

If anything, Windows itself is not that insecure. The problem is the users.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,774
Well the other problem, is that most Windows users actively don't want security.
They complained when Windows Vista added privilege escalations confirmations. They don't like auto-updates and use all sorts of hacks to disable the updates.
Don't want to give up like 5% CPU perf so they disable Spectre patches, etc. Not to mention downloading software from the high seas with all the extra free "gifts" that come with it.
If anything, Windows itself is not that insecure. The problem is the users.
I'm not convinced that the average users cares about auto patching, but I will say that virtually all of the complaints about 10 can be fixed in settings (e.g. advertising) and it always baffles me how all of these expert [H] users don't know how to google the fix on that (not that the ads were particularly intrusive.

That said, Vista's UAC was a lot more intrusive than 10. OTOH, there are times with 10, where the UAC prompt is in the background and, as a result, I don't realize the app isn't installing until sometime later.
My mom's machine is largely wide open. She use to be a power user, but these days she's not as up on things as she use to be. OTOH, my dad's not even on an admin account. He has to type a password to install software. It's not perfect, but it's mostly eliminated all the unintentional software installs he use to make.
 
Joined
Dec 7, 2010
Messages
901
I'm not convinced that the average users cares about auto patching, but I will say that virtually all of the complaints about 10 can be fixed in settings (e.g. advertising) and it always baffles me how all of these expert [H] users don't know how to google the fix on that (not that the ads were particularly intrusive.
Nonsense, Microsoft routinely re-enables/resets settings during auto-updates so it's a matter of fighting my own damn OS that I purchased.
That is absolutely unacceptable unless you simply do not care - which is your right of course.
Expert *anything* do not want advertisements running in their OS period. The same is true of Ubuntu and their bullshit btw.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,774
Nonsense, Microsoft routinely re-enables/resets settings during auto-updates so it's a matter of fighting my own damn OS that I purchased.
That is absolutely unacceptable unless you simply do not care - which is your right of course.
Expert *anything* do not want advertisements running in their OS period. The same is true of Ubuntu and their bullshit btw.
Then you're doing it wrong. I haven't seen an advertisement in at least 4 or 5 years. My settings haven't changed in roughly the same amount of time.
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,271
The cool thing is, Linux is objectively more secure on a local level and most definitely more private, as well. That is the primary reason I now use it as my daily driver on all 3 of my computers, exclusively and only uses Windows 10 to game now.
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,271
Well the other problem, is that most Windows users actively don't want security.

They complained when Windows Vista added privilege escalations confirmations. They don't like auto-updates and use all sorts of hacks to disable the updates.

Don't want to give up like 5% CPU perf so they disable Spectre patches, etc. Not to mention downloading software from the high seas with all the extra free "gifts" that come with it.

If anything, Windows itself is not that insecure. The problem is the users.

You sound like the CareyHolzman guy on youtube that claims all Windows problems are because of the users. However, we objectively now that Windows itself is a problem all unto its own, without any user information. I do not hate Windows, nor do I hate any OS but, objective privacy and security is what matter, basically, facts over feelings.
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,271
Nonsense, Microsoft routinely re-enables/resets settings during auto-updates so it's a matter of fighting my own damn OS that I purchased.
That is absolutely unacceptable unless you simply do not care - which is your right of course.
Expert *anything* do not want advertisements running in their OS period. The same is true of Ubuntu and their bullshit btw.

There is no BS in Ubuntu so please do not push garbage where none exists.
 

cybereality

Supreme [H]ardness
Joined
Mar 22, 2008
Messages
7,024
You sound like the CareyHolzman guy on youtube that claims all Windows problems are because of the users. However, we objectively now that Windows itself is a problem all unto its own, without any user information. I do not hate Windows, nor do I hate any OS but, objective privacy and security is what matter, basically, facts over feelings.
I guess the point is that Windows users favor convenience over security, while Linux users are probably more tech-savvy and/or more security and privacy focused.

Windows 10 has a lot of issues, but it's actually quite secure compared to older versions. If you keep it updated, and don't do anything stupid, it's pretty safe. But, yeah, obviously Linux is better in this regard for many reasons (talking about security, privacy is a whole other can of worms).
 
Top