How to protect and detect keylogger and/or password stealers?

[Outlander]

You can open up 'htop' by searching for "process viewer" in the start menu I believe. This will show you absolutely everything that's running and what permissions it has. If you're familiar with all the components of your system it's fairly easy to spot if something strange is running (ie a script you didn't run).

[j2mcgreg]

@IAMNewbie wrote:

But there is User Account Control in Windows too which gives you privileges or not, the same in Linux, you can use the root account any time you want. So what would be the difference?

The difference was that Microsoft had an all or nothing approach to user management where the ordinary users were so locked down that they couldn't even change their wallpaper or add a printer. In order to be productive they had to be administrators.

In Linux, Unix, and IOS regular users are given enough access to be productive without them being able to alter the underlying system.
Yes, you can run as root if you so choose, but it's hammered into you from day one that to do so is stupidity itself!

The real problem for Microsoft's platforms is that corporate users are also home users. They take documents home to work on them on their own machines and if their home machines, where they have full administrator privileges, are compromised with malware that malware will be transferred back to their office the next day along with the documents.

Tell me, please, for each one of the situations below:
1. What if there is a script that steals your passwords and/or keylogging you and/or take screenshots while you logging into you bank accounts or doing something really important in Linux too?
2. What if they are running hidden by htop or any other task monitors?
3. What if it is injected (in fact, in Linux most of the scripts are plain text so it would be much more easier to write the malicious code just by appending it to the end of the file) in the system executables like avahi, dbus or any others?
4. What if it is not injected by it has administrator privileges given by you when you installed some programs like e.g. your browser or something similar?
5. How to know that there is no script or executable taking screenshots and/or keylogging you just when you do something important and not all the time so you will never see it if you are checking for connections or any active sessions or something like that and how to protect you and your system in any of these possible scenarios?

Why any of these are not possible since a keylogger can write any script kiddie?

Because all of these scenarios require root access. They are fairly common in the Windows because on some level every user is an administrator either at work, or at home or both and because of the way their office suite and other software was constructed, there are pathways into the kernel space that can be exploited by miscreants.
In Linux, Unix, and IOS, there are no vectors into the kernel without explicitly provided root access.

For people like yourself who are novices at Linux, your biggest hurdle will be unlearning the Microsoft Gospel.

[uncle mark]

For people like yourself who are novices at Linux, your biggest hurdle will be unlearning the Microsoft Gospel.

Bingo. Windows teaches its users to be afraid of their computers (or to be foolish with them).

None of Newbie's concerns apply to desktop Linux in the real world.

I spent a number of years doing computer service and repairs. 90% of my work was disinfecting virus laden Windows systems, many of them multiple times for the same users. For those who had continuing problems and when it was appropriate, I moved them to desktop Linux. Not a single one ever had any issues of that sort ever again.

[MXRobo]

More interesting info re. the King of the Antitrust lawsuits – and he's still pushing with things like this:
https://forum.mxlinux.org/viewtopic.php ... 80#p707180
maybe secure-boot and likely more, I don't know because I don't follow Bill Shouldbe-Behind Gates Bars' O.S. or B.S.

I only used Windows at work, and I mostly used non Windows' programs and I skipped Gate's criminal OS and bought my first laptop with Ubuntu on it several years ago, I created a username and never used it, within about 5 months it reached EOL, I had to install a new linux OS on it. I'm glad that I did it that way.

[IAMNewbie]

Here you go :
Keyloggers : https://duckduckgo.com/?q=linux+keylogger&t=brave&ia=images
Malware : https://duckduckgo.com/?q=linux+malware&t=brave&ia=web
Viriii : https://duckduckgo.com/?q=linux+viruses&t=brave&ia=web

Let's start by this comprehensive introduction here.

Real-life examples of Linux viruses
While Linux systems are generally considered to be more secure than other operating systems, they are not immune to viruses. There have been several real-life examples of Linux viruses that have been discovered and neutralized over the years. One example is Linux.Wifatch, a worm that spreads through vulnerable Linux-based Internet of Things (IoT) devices. This virus infects devices, such as routers and smart home devices, and then uses them to spread to other devices on the same network. Linux.Wifatch was notable for its use of encryption to hide its code and for its ability to update itself in order to avoid detection.

Another example is Linux.Encoder.1, a ransomware strain that infects Linux systems. This virus encrypts the victim’s files and demands a ransom payment in exchange for the decryption key. Linux.Encoder.1 was notable for its ability to infect servers, which are often critical to the operation of businesses and organizations. While these examples show that Linux systems can get infected by viruses, it is important to note that the number of viruses specifically targeting Linux systems is still relatively low compared to other operating systems, such as Windows. In conclusion, while Linux systems are less susceptible to viruses compared to other operating systems, it is still important to be aware of the potential risks and to take steps to keep your system secure, such as keeping your system up-to-date, following safe computing practices, and only installing software from trusted sources.

https://linuxconfig.org/can-linux-get-v ... ux-systems

So, there are Linux viruses too. And Linux can be infected as well Windows does.
So, how to protect against? But how to really know if there is a spyware on your PC or not?

Further more it says:

Keep your system up-to-date: Regularly updating your system with the latest security patches is one of the most important things you can do to keep your system secure. Linux systems often provide automatic updates, which make it easy to stay up-to-date.
Use a firewall: A firewall can be used to block incoming and outgoing network traffic based on pre-defined rules. This helps to prevent malware from spreading to or from your system.
Avoid running as the root user: By default, Linux systems run with limited user permissions, which makes it more difficult for malware to execute and spread. When possible, avoid running as the root user, which has full administrative privileges, and instead use a standard user account.
Only install software from trusted sources: Linux systems use a package management system to distribute and install software. This system is carefully monitored and curated to ensure that the software is reliable and free of malware. Always install software from trusted sources, such as the official package repositories for your distribution, and avoid downloading and installing software from untrusted sources.
Consider using anti-virus software: While Linux systems are less susceptible to viruses compared to other operating systems, it is still a good idea to consider using anti-virus software to help protect your system. Some popular anti-virus programs for Linux systems include ClamAV and Sophos Antivirus for Linux.

1) "Keep your system up-to-date" ---> this doesn't mean anything. Windows receive updates too and it still can be infected. So, what's the diference?

2) "Use a firewall" ---> There is a firewall running all the time on Windows and also you can install 3rd party firewall too and still can be infected and there are also virsues that can bypass these firewall. So, again, what's the diference?

Because all of these scenarios require root access. They are fairly common in the Windows because on some level every user is an administrator either at work, or at home or both and because of the way their office suite and other software was constructed, there are pathways into the kernel space that can be exploited by miscreants.
In Linux, Unix, and IOS, there are no vectors into the kernel without explicitly provided root access.

3) "Avoid running as the root user" Ok. But you often need to do something that requires root privileges as well. How do you know if there is a trusted program or script or a virus that asks you for that or an infected trusted program or script that do the same and you don't even know? Second, I have seen a video tutorial on youtube about a pentester software called Meterpreter that can create Linux viruses that can bypass root too. So? How to be safe? How to know that the program or script that is asking you for root privileges is safe to run or it is a virus or infected with a spyware or it is a ransomware (which is even more harder to detect, being a simple encryption program) ? How to know if the program or script that is asking you for root access is a safe program but on the other hand it is calling after that the virus to do its job instead?

4) "Only install software from trusted sources" ---> A few years ago a torrent software company recognized that it injected malware (cripto mining) code in its torrent software. Also, I have seen a video about a spyware music player on Linux that had some "extra features" too. So, this means more safety but it is not guaranted to do so.

5) "Consider using anti-virus software" ---> Oh, come one, most people are using antiviruses all the time in Windows and tehy still get infected because there are a lot undetected viruses which are created every day. Antiviruses companies invest milions or maybe hundreds of milions of dollars into their antiviruses in order to detect more and more viruses day by day and you want to think that a FREE and open source antivirus can be as good as the ones that spend hundreds of milions of dolars on this?

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.[1][2]

https://en.wikipedia.org/wiki/Linux_malware

You can open up 'htop' by searching for "process viewer" in the start menu I believe. This will show you absolutely everything that's running and what permissions it has. If you're familiar with all the components of your system it's fairly easy to spot if something strange is running (ie a script you didn't run).

There are, like I said above in the first post, viruses that can be invisible (hidden) to task manager in Windows and also to Process Explorer and Process Monitor too. Why they wouldn't reach the same performance to be hidden in Linux too?

[j2mcgreg]

@IAMNewbie wrote:

So, there are Linux viruses too. And Linux can be infected as well Windows does.
So, how to protect against? But how to really know if there is a spyware on your PC or not?

There are no viruses / malware that affect Linux. The "studies" that you reference above were done in ideal laboratory conditions (for the researchers). If you were to read the "studies" in their entirety, nowhere would you find an explanation of how root access was obtained IE a complete explanation of the infection mechanism. Without root access, the payload can't be inserted into the kernel and these "studies" are revealed for what they are: the musings of some bored researchers or touts of the anti-virus vendors.

[h3kt0r]

@IAMNewbie wrote:

So, how to protect against? But how to really know if there is a spyware on your PC or not?

The same way I'm careful about the food I eat. I don't just swallow any dirt that will make me sick.
The analogy with computers is clear: don't download anything from dubious sources, don't install
software from strange sites, don't pick up that USB stick lying around on the parking lot floor, etc...
In fact, to a large extent, YOU ARE the anti-virus !

@j2mcgreg wrote:

There are no viruses / malware that affect Linux.

Well, take a look at that for example : link removed
Of course, it is not a virus as such, nevertheless, it must sting a bit...


Moderator Hat On
I removed your link because it's not within the purview of this forum to publish hacking instructions.
j2mcgreg
Global Moderator

[Eadwine Rose]

Indeed.. what h3kt0r says.

What I know is that usually when people get a virus on their system, the cause is a PEBCAK thing.

(Problem Exists Between Chair And Keyboard)

[CharlesV]

@IAMNewbie

A few things I see here ..
First - Eadwine Rose and h3kt0r are spot on about where you go and what you do.

Second - Most people on windows use THE WRONG antivirus, and NOTHING will stop everything!

Third - yes, lock your computers down doing some simple steps can help A LOT. Lock them, no root unless truly needed. Do NOT load apps from any source but MX repos,

Fourth - If you WANT segmentation of 'the internet', then USE a VM as your ONLY mail / web browsing entity!!

And lastly, If you really want to KNOW if something is on your computer, get a GOOD firewall / router and then track your logs! SEE what is going OUT of your computers and you will learn more about what is ON them.

[CharlesV]

and you can also use something like Tripwire to monitor your computers. There is an open source version and it is used by many people to watch over terminals and other PCI required computers.
https://www.tripwire.com/products
https://github.com/Tripwire/tripwire-open-source

and possibly OSSEC too - looking at this now ...
https://forum.mxlinux.org/viewtopic.php?p=714953
https://www.ossec.net/