How to protect and detect keylogger and/or password stealers?

[IAMNewbie]

Hi!

I'm new to Linux in general. I'm coming from Windows after using it for almost 12 years or so. Every try to use Linux failed with some broken system because I didn't know how to use it.
For a few months I use MX Linux KDE only. I like it because you can customize it in the way you want and when found a good configuration you can rebuild your own custom version which is amazing.

But, since I switched to MX Linux KDE there is one single problem that got me focused:

In Windows there are keyloggers, password stealers and also screenshot takers that could be spying on your PC.
They can run hidden or not (but in this case you can see it i the process explorer).
1. They can have the same name as the running services, e.g. svchost.exe or any other system process and you don't know about it.
2.They can write the malicious spying code right inside the system executable so you will never find it as a standalone executable and most of the time you don't even know about it or inject it into the browser and run when it is running.
3. They can be hidden by Task Manager or Process Explorer or Process Monitor so when you run these tools you will not see them.
4. They can run only once (e.g. when you start your system or your browser) so you will not find them running.
5. If they run only once they can take screenshots e.g. while logging in into your bank account or steal your passwords and send this data to the malicious server and that's it. Job is done!

1. What if there is a script that steals your passwords and/or keylogging you and/or take screenshots while you logging into you bank accounts or doing something really important in Linux too?
2. What if they are running hidden by htop or any other task monitors?
3. What if it is injected (in fact, in Linux most of the scripts are plain text so it would be much more easier to write the malicious code just by appending it to the end of the file) in the system executables like avahi, dbus or any others?
4. What if it is not injected by it has administrator privileges given by you when you installed some programs like e.g. your browser or something similar?
5. How to know that there is no script or executable taking screenshots and/or keylogging you just when you do something important and not all the time so you will never see it if you are checking for connections or any active sessions or something like that and how to protect you and your system in any of these possible scenarios?

Thank you in advance!

[j2mcgreg]

The malware plague that affects the Microsoft platforms is a problem of their own creation. It does not affect MX or Linux in general. But, you still can get compromised if you obtain software from dodgy sources. Only install packages from our repositories, don't divulge your user or root passwords to anybody and you'll be safe.

[h3kt0r]

Why would companies that develop anti-virus software give up such a considerable share of their revenue, i.e. systems that run on Linux? Maybe viruses are only part of the Windows ecosystem? Maybe viruses are part of the business plan? Maybe viruses (and their "cure", anti-viruses) generate so much money that they have become a driving force of the "windows" ecosystem. Maybe even engineers are paid to develop new viruses for the "anti-virus" companies.
"hey, buddy! The company has spotted you. Write a nice little virus and they'll sign you a contract. As soon as you graduate..."
Maybe even the military and intelligence agencies have took interest in such nasty little pieces of code. You know, "cyberwar".

"Fear and ignorance. Ignorance and fear. These are the two nipples of power."

On a side note, you can run "ClamAV" on Linux.

[IAMNewbie]

The malware plague that affects the Microsoft platforms is a problem of their own creation. It does not affect MX or Linux in general. But, you still can get compromised if you obtain software from dodgy sources. Only install packages from our repositories, don't divulge your user or root passwords to anybody and you'll be safe.

I know that viruses from Windows can not affect Linux which is a different OS but in Linux world there are a lot of very good programmers too (most of them) why wouldn't be possible for some of them to create malware programs or scripts that run as described above in Linux too?

Why would companies that develop anti-virus software give up such a considerable share of their revenue, i.e. systems that run on Linux? Maybe viruses are only part of the Windows ecosystem? Maybe viruses are part of the business plan? Maybe viruses (and their "cure", anti-viruses) generate so much money that they have become a driving force of the "windows" ecosystem. Maybe even engineers are paid to develop new viruses for the "anti-virus" companies.
"hey, buddy! The company has spotted you. Write a nice little virus and they'll sign you a contract. As soon as you graduate..."
Maybe even the military and intelligence agencies have took interest in such nasty little pieces of code. You know, "cyberwar".

"Fear and ignorance. Ignorance and fear. These are the two nipples of power."

On a side note, you can run "ClamAV" on Linux.

ClamAV is a free tool. Nobody is paying them to put their 100% effort into that tool to detect any possible of new virus since this implies a lot of money.

In Linux world there are a lot of very good programmers too (most of them) why wouldn't be possible for some of them to create malware programs or scripts that run as described above in Linux too?

What any of these 5 situations described above would not be possible in Linux since there are a lot of programmers that can do it too?

[h3kt0r]

Very good programmers just love Linux. Why would one compromise someone or something he loves ?

[j2mcgreg]

@IAMNewbie

In order to make Windows as user friendly as possible, Microsoft chose to take some actions that the other OSes eschewed:

-- they made their office suite a sub-module of the kernel so that its various parts could interoperate seamlessly
-- they chose to put the kernel and the user's home directory on the same partition: C:/
-- they chose to give every home computer owner administrative privileges
-- they imposed no restrictions on password length, type, composition or in the early days even its existence
-- they strongly encouraged home users to use Microsoft Mail and Internet Explorer

So all a hacker had to do was to disguise an email attachment to appear to a firewall (if it existed) as though it was an integral Windows component IE a Word document, an Excel spreadsheet, an Internet Explorer extension etc. Once past the firewall, the payload would be executed because the user was bound to have administrative privileges.

In Linux, Unix, and Apple's IOS, the kernel is isolated on its own partition (root) and nothing can be written / no changes can be made to the kernel without the user expressly providing access: the root password. The privileges granted to the regular Linux user can not be co-opted by a hacker / virus creator to implant his / her payload in the kernel.

It's that simple. Microsoft realized that "user friendliness" would make its operating system and its office suite more sellable and in doing so made its products vulnerable to outside attacks.

edited to remove a orphan word

[MXRobo]

@j2mcgreg Factually interesting.

[IAMNewbie]

Very good programmers just love Linux. Why would one compromise someone or something he loves ?

Because I suppose they love money too and since this Linux work is free then they need some money. Right?

[IAMNewbie]

@IAMNewbie

In order to make Windows as user friendly as possible, Microsoft chose to take some actions that the other OSes eschewed:

-- they made their office suite a sub-module of the kernel so that its various parts could interoperate seamlessly
-- they chose to put the kernel and the user's home directory on the same partition: C:/
-- they chose to give every home computer owner administrative privileges
-- they imposed no restrictions on password length, type, composition or in the early days even its existence
-- they strongly encouraged home users to use Microsoft Mail and Internet Explorer

So all a hacker had to do was to disguise an email attachment to appear to a firewall (if it existed) as though it was an integral Windows component IE a Word document, an Excel spreadsheet, an Internet Explorer extension etc. Once past the firewall, the payload would be executed because the user was bound to have administrative privileges.

In Linux, Unix, and Apple's IOS, the kernel is isolated on its own partition (root) and nothing can be written / no changes can be made to the kernel without the user expressly providing access: the root password. The privileges granted to the regular Linux user can not be co-opted by a hacker / virus creator to implant his / her payload in the kernel.

It's that simple. Microsoft realized that "user friendliness" would make its operating system and its office suite more sellable and in doing so made its products vulnerable to outside attacks.

edited to remove a orphan word

Didn't know that. Interesting.
But there is User Account Control in Windows too which gives you privileges or not, the same in Linux, you can use the root account any time you want. So what would be the difference?

Tell me, please, for each one of the situations below:
1. What if there is a script that steals your passwords and/or keylogging you and/or take screenshots while you logging into you bank accounts or doing something really important in Linux too?
2. What if they are running hidden by htop or any other task monitors?
3. What if it is injected (in fact, in Linux most of the scripts are plain text so it would be much more easier to write the malicious code just by appending it to the end of the file) in the system executables like avahi, dbus or any others?
4. What if it is not injected by it has administrator privileges given by you when you installed some programs like e.g. your browser or something similar?
5. How to know that there is no script or executable taking screenshots and/or keylogging you just when you do something important and not all the time so you will never see it if you are checking for connections or any active sessions or something like that and how to protect you and your system in any of these possible scenarios?

Why any of these are not possible since a keylogger can write any script kiddie?

Thank you in advance!

[h3kt0r]

Here you go :
Keyloggers : https://duckduckgo.com/?q=linux+keylogger&t=brave&ia=images
Malware : https://duckduckgo.com/?q=linux+malware&t=brave&ia=web
Viriii : https://duckduckgo.com/?q=linux+viruses&t=brave&ia=web

Let's start by this comprehensive introduction here.