How to protect and detect keylogger and/or password stealers?

[uncle mark]

There are no viruses / malware that affect Linux. The "studies" that you reference above were done in ideal laboratory conditions (for the researchers). If you were to read the "studies" in their entirety, nowhere would you find an explanation of how root access was obtained IE a complete explanation of the infection mechanism. Without root access, the payload can't be inserted into the kernel and these "studies" are revealed for what they are: the musings of some bored researchers or touts of the anti-virus vendors.

We have I believe three recent threads going that were started by new adopters coming over from Windows who are bound and determined to prove to us that yes, Linux is vulnerable and you could get pwned in the blink of an eye if you don't take preventive measures. They do not understand that the preventive measures are built in and any "vulnerability" requires proactive root user intervention that no software could prevent. It's the same with those who insist that the latest and greatest software versions must be used because of the "security" issues that have been identified and patched.

I can sympathize. I was once a Windows user who spent an inordinate amount of time and resources doing whatever was necessary to prevent a possible infection. I also made of lot of money fixing computers from those that didn't. Thankfully, I don't have to deal with any of that any more. I just get to use my computer and enjoy the peace of mind that Linux has given me.

[MXRobo]

Does running browsers in firejail offer much more security?
Any comments on Opensnitch?
Supposedly it's coming to Debian soon. Do you think MX will have it installed via default in the next release?
Devs or Psychics?

[Stuart_M]

Fear is a powerful way (weapon) to manipulate people, especially useful when money is involved. Show the evil lurking out there and this is what is needed to "be safe".

[MXRobo]

Fear is a powerful way (weapon) to manipulate people, especially useful when money is involved. Show the evil lurking out there and this is what is needed to "be safe".

Amen - -

[CharlesV]

So… I am sure some folks are gonna argue this, but the stand of “linux cannot get infected” is just flat wrong. And, imo, attempting to bring people into this mind set is wrong!

Yes, agreed that linux has built in safeguards to help against this. And I believe linux is stronger in many ways than most os’s, AND it is FAR less prone to attempts to be hacked and compromised.

However, if you have read ANY linux news the last year then you have witnessed at least three times where issues have hit linux machines. (Not theoretical, but actual attacks and compromises.)

Additionally, if linux were the ONLY thing running on the machine it would be much stronger – however, python is heavily used on most machines and python is being brutally attacked at the supply chain level. Complete libraries are being compromised and used to ‘hack’ machines.

AND, you have products such as google chrome which has various issues with allowing malware on board in it’s extensions.

I have spent almost 35 years doing programming and support, and since 1995 have done ONLY programming and support – it has been my sole work and I have brought hundreds of machines back from virused, compromised and malware laden slugs. (including ransomware and destructive viruses) Yes, 99.x% of them have been windows.

HOWEVER, I have worked on several linux servers and several linux desktops that have been compromised too. Not too many, probably less than 10 total, but two workstations that had no root privileges, and were heavily malware and compromised to the point of no longer running. One of these I built approx 6 years ago, and while I am not a linux whiz by any means, the machine was a known, good distro, was properly setup and only * I * had the root login info.

And I can also say I have recovered approx 20 or so MAC’s from being compromised. Many with HEAVILY infected Safari, but also chrome, and several were infected to a point of having to scrap and reload.

Can I say for sure that these machines “had a virus”? No. Can I say for sure something got in and compromised linux? No. However, all of these machines were heavily malware on board for certain, and all of these machines had “something happen” that caused them to not run!

“Fear” .. is warranted if you have been hacked or compromised – ever! And MANY people coming over from Windows have had issues with malware and other problems

If your running Windows on the internet or getting email, you had better be running a GOOD antivirus.

If your running linux, I think that it IS prudent to ask questions and either know or at least have an idea on what to keep an eye out for.