On Wed, Jul 21, 2021 at 10:51:40AM -0400, Celejar wrote: > On Wed, 21 Jul 2021 11:16:46 +0300 > Reco <recovery...@enotuniq.net> wrote: > > > Hi. > > > > On Tue, Jul 20, 2021 at 11:32:26AM -0400, Celejar wrote: > > > On Thu, 15 Jul 2021 09:46:59 +0300 > > > Reco <recovery...@enotuniq.net> wrote: > > > > > > ... > > > > > > > You cannot catch a ransomware cryptolocker using Linux on a desktop, > > > > > > Of course you can, although it's certainly much less likely than when > > > using Windows. > > > > > > > it's definitely Windows-only kind of software. In fact, any FOSS OS has > > > > this advantage, unless you're using Wine (software). > > > > > > It's definitely not Windows-only, although it is (at this point) still > > > mostly Windows: > > > > I'm not arguing with that, but links you're providing fail to illustrate > > your point. > > > > > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/ > > > > Requires Java to be installed. A rare case on a Linux *desktop*. > > Rare? I don't have statistics, but on one of my Linux desktops, I do > some development work for Android, using IntelliJ IDEA / Android Studio, > which depend on at least some Java components.
Numbers show that I was incorrect. Let's call it "unlikely" instead of "rare". Let the popcon graphs speak for themselves: https://qa.debian.org/popcon.php?package=firefox-esr vs https://qa.debian.org/popcon.php?package=openjdk-11 I agree with you that one should uninstall Java unless it's needed. After all, they at Oracle always find something to fix in Java security every three months, and this goes on for last ten years. > I don't know if I have > enough Java installed to be susceptible to the malware in question ;) Famous Java's slogan "you write it once and run it everywhere" is an exaggeration, to put it lightly. Chances are, you don't have that exact minor update of Oracle JRE that this malware actually needs. > Fair enough - but I see no reason why in principle desktop Linux will > remain immune from ransomware. It won't by itself, of course. One sure way to beat ransomware is to take immutable backups (i.e. unmodifiable by host during and after the backup is taken), and as recent history shows us - ransomware victims apparently do not use this approach. Another sure way is to forbid running executables downloaded from random Internet sites, but no thanks to appimage, flatpak, snap, and Go Linux desktop goes straight into Windows desktop direction. And again, as recent history shows us - ransomware victims apparently do not use this approach too. Currently a Linux desktop is better in this regard, but I agree that it may not remain the same. > Even if Linux word processors are safer than their Windows counterparts, Last time I ran Libreoffice I had that distinct feeling I'm running a Java program. You know - long startup, eating memory like no tomorrow, trying to write useless junk at least to four different places at my filesystems, and eating the unhealthy amounts of CPU time in the process. I know that Libreoffice is written in C++, but the code quality of it is definitely left to be desired. At least then the thing crashes (it did, several times) it produces a standard core dump, not some unreadable stack trace and a heapdump. In retrospect, maybe feeding Libreoffice Draw that 800-pages PDF was not the best of ideas, but no free software tool comes close to the capabilities of Libreoffice in editing PDFs, and I really needed that PDF to be modified (mass-replacing embedded fonts, to be specific). On the other hand, Windows counterparts are typical enterprisey software written by generations of overseas workers with the code quality (or rather the lack of) that's expected from enterprisey software. My opinion on this - both are bad. Lireoffice is better being free software, of course, but that does not make it secure by definition. > browsers are just full of vulnerabilities, True. Every version of Chromium and Firefox fixes at least one. Most of said vulnerabilities do cannot be used to get Remote Code Execution (RCE) though. Which leaves us with "random download" scenario, which I've discussed above. > so why couldn't ransomware get in that way? It could. In a lack of a proper execution environment (be it JRE, flatpak, snap or whatever) - what should it do next? Wait for a user to execute it? Reco
