Significant rise in detected malware on Linux

Yes. That means it is running.

For most use cases, I prefer firewalld. However, if you are already running ufw and happy with it there probably isn’t any value in switching unless you just like learning new things.

I also use ufw in some places.

I believe:

yay -Syyu

Will do it as if just downloaded and installed the latest!
N.B. There is a problem with one of the servers so first do:

eos-rankmirrors

then

yay -Syyu

I hope this helps.

As far as I understand I have firewalld and it is running.
Any other security apps/settings/…? or this is enough?

You don’t need the two "y"s. That wastes mirror bandwidth.

Use yay -Syu or just yay.

That being said, updating won’t install firewalld if you didn’t have it already. You probably have it because your install is recent.

It is a hard question to answer. The concept of “enough” as it relates to security depends very much on your personal use cases, risk tolerance and other factors.

Having a firewall is a good start though. You still need to practice generally safe habits when using the internet.

I don’t personally run any kind of anti-malware although many people do. I behave pretty cautiously though. Anti-malware is a strangely controversial topic for Linux users.

1 Like

Okay we have identified the issue, what are the solutions?

I rather be solution-oriented than harping over the issue.

1 Like

Well, for me I am just a home user, browsing (normal websites non suspicious I believe), Libreoffice,… and such.
All my data are on the cloud (pCloud for a the bit private data, encrypted 7z for a few)

Same here.

So I do not really need anything else? No antivirus?

P.S. Just to share something, test your firewall and online security https://www.grc.com/x/ne.dll?bh0bkyd2

Update:
Text summary of my test, all ports are stealth


----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2022-07-30 at 13:13:48

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

and they mentioned that:

Your system has achieved a perfect “TruStealth” rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to “counter-probe the prober”, thus revealing themselves. But your system wisely remained silent in every way. Very nice.

I got it somewhere I can not remember.
I will take your recommendation to only run with one y, would “yay” only do the same and update/upgrade software and system?

I can’t answer that for you, it is a personal decision.

We started including it in the default install recently. Since your install is relatively new. It includes it.

The difference between yay -Syu and yay is 4 keystrokes. :grin:

They do the exact same thing.

I know how to update, I just mean that when I installed, that package wasn’t part of the system by default. :stuck_out_tongue:

Security in general is a strangely controversial topic for Linux users.

I use Linux because by default it’s more privacy friendly than Windows, but I don’t think it’s wise to ignore when security experts say that Linux has a lot of catch up on in its security model. I wish that Linux users were less defensive and focused on outright rejecting people who point out where it can improve.

1 Like

Ouch… that’s too much :rofl:

I think there is no real threats from viruses on Linux. It is not worth it to install an antivirus (given my usage as I mentioned above)

My bad! With all my due respect, I thought because it is a “rolling release” it would be enough to just

yay

Saved a lot of keystrokes :rofl:

So I have to follow up if there is something new in a new release and install the missing package(s)

Is there a command I can know which version is installed or which ISO? Something that repiles to me “you have Artemis”
OR better a command to upgrade the old to the current and install what is missing?

Would this (arch-upgrade) be the answer to my question?

There might be a log somewhere but most of the other strings get updated on existing installs.

Not exactly, eos-packagelist can show you the current packages being used but I don’t think it is wise to blindly install that list each time.

No

Thanks @dalto and @magtuired

I am still learning.
Just to not be hijacking this thread or being out of topic I created another thread if you don’t mind.

I counted 5 :stuck_out_tongue:

4 Likes

Isn’t the rise of Linux Malware tied to the WSL? So although it’s Linux Malware it’s still targeting mostly Windows machines?

How DARE you disrespect greatness of space?! :rofl:

2 Likes

Can you point to data that supports that conclusion?

1 Like

Not instantly, I would need to search also. But I’ve read/heard a lot of news about malware that targets WSL over the last year.

No, because you don’t have Artemis. You have EndeavourOS. “Artemis” is the name of the ISO image from which you installed, but once you update, your system is pretty much the same as my system after I updated, even though I installed EndeavourOS two years ago (we may have different packages installed, of course).

Once installed, EndeavourOS does not have a version.

1 Like

Personally I preferred the Apollo wallpaper anyway. Then again I’m a fan of the moon misssions.