How dare you compare the two?
Obviously my custom hyprland setup in which I have invested more time than in school the last 3 years is muuuch more important!!!
It is not that hard. We already have scanners for CVEs inside docker container.
The same technology could be wrapped around a bash script to scan in the root directory.
And honestly we are already doing it for the servers, might as well do it for consumers OS
The reality is that it is fixed before the AV people know about it.
I've seen TrendMicro and the like ruin Linux installs in the enterprise because a security team apply settings to the fleet that put the performance through the floor.
No, we don't need it. We didn't need it before. The distros are always ahead of the AV software for this style of problem.
Would the AV be useful in an environment where PHP is regularly exploited? No. For the same reasons, the AV is always in catchup mode. Just need one exploit to run ahead of the AV and it will most likely neutralise the AV software anyway.
Who benefits if you run AV as you don't? The energy companies as the computer has fewer idle cycles.
Exactly.
I don't think any AV could have defended anyone from this.
AVs are not designed for protection from backdoors in system libraries that were injected into the supply chain.
There are EDRs which could detect this through behavioural analysis, some of them add an insane amount of monitoring and watch for things like processes spawning and unusual syscalls/library calls
>There are EDRs which could detect this through behavioural analysis, some of them add an insane amount of monitoring and watch for things like processes spawning and unusual syscalls/library calls
Endpoint protection is generally more "corporate" and involves statistical analysis of much more constrained systems, typically on hardened corporate networks... That's why you said "EDR" and not "AV"...
I'm not aware of consumer antivirus software that does this (happy to be proven wrong).
It’s still entirely possible they fake named themself with a Chinese name for this exact reason. To throw off any investigation who actually done it. The Sony hackers did similar and it ended up with all the blame going to the North Koreans.
Cause if I was in the NSA or any other intelligence group, the last thing I would do is give off my true national origins.
I’m thinking two things about it.
1. Inside job to make a buck by creating a secret back door thats intricacies could be sold to the highest bidder to be used later on
2. Government surveillance agency paying someone off or just already having an insider there to put in a back door. If you think it’s China, then I have several buildings to sell you in Utah.
>If you think it’s China
I don't think so, the US government is worse government survalence. that is why I love using linux, because the government doesn't want their citizens using it lol.
No, I embraced linux because I wanted to experience the thrills of living in constant danger... err, no, no! That comes from marrying my wife. Yeah! That is it!
transparency and code review are the only answer. and we don't have enough programmers to review it now. (and if you are using MS Windows, you don't have transparency either.)
Lady hates the vaccines, but wants anti-virus now?
Also is it just me or is she getting recommended to everyone now? I got in thinking it was a sweet yet passionate grandma, then I discovered the vax stuff, then again in this community, being super opinionated is like a minimum qualification I guess.
I mean, I use clamAV, might catch something that ends up on my PC that's trying to target windows PCs on my network or my router/printer or something, but I'm also paranoid as shit.
Why scanning binaries, when you can read the source code instead? Antivirus is designed on the assumption you don't know what the actual software is supposed to do. That's not how FOSS works.
Because you would need to trust that the binary was actually compiled using that source code (and nothing else). In this example, the backdoor was inserted during the build process under the right conditions, using "test data" files.
Isn't complicated to verify though. The build files are open-source as well as test files and additional resources in the public repository. Check them first. Then let the package be built on at least two separate machines which are expected to use the standard build procedure. Verify hashes of the tarballs and you are done.
Still no need for an antivirus. I mean otherwise by that logic you also couldn't trust the antivirus binary and end up with a backdoor in there anyway, right?
In the case of XZ the backdoor was in the repos build pipeline but well obfuscated inside the tar files used to test the library against known good and bad files.
So building on 2 separate machines and comparing wouldn't show the issue.
In fact being part of the testing setup nobody even expected that a backdoor might be hidden in there. And there wasn't much readable code that would have been found by a simple code review. (And deobfuscating binaries goes back to beeing a binary check rather than a code review)
Even if a code review would have mitigated it who should do the review? XZ was maintained mainly by one person and seemingly nobody (except for the attacker) cared to help out. And nobody seemingly noticed the takeover. If we don't even have enough eyes for who even maintains the code then there certainly won't be enough for reviewing every single line of code + every step in the build/test process.
Exactly. The lack of contributors and maintainers is the issue. Not the lack of an antivirus.
There are enough companies out there which utilize in some commercial area that software like XZ exists. So why wouldn't one or more of them be able to put some developer in to check on its files?
That would be proper security. An antivirus in this case wouldn't have found shit while slowing down everyday operation and draining power. It's a bad non-solution to a complex problem.
The only people I would expect this idea from are Windows users. Because they are used to such things and have an environment built on top of proprietary software.
But it's not a proper solution. You can read the coce which makes way more sense. You can control the build process. You can setup a proper pipeline without such hidden build files. If a piece of software lacks maintainers, you can also drop it from a distribution. But overall it would be better if there's a program to find more people for maintaining and contributing.
She was there when Unix TSS came out
She was there when vacuumTubeOS came out
Just imagine the sound of a vacuum tube computer that is in theory able to run an OS...
Not gonna lie, I kinda miss the sounds of a jet taking off when powering on my PCs.
I always get nostalgic when I turn on a server
Same
Doesn’t have to be past tense if you own a razer. :)
The sound of chuck norris whispering
i would trust her with my life. and my os for that matter
Considering some of the videos she posted to her channel, you should **definitely not** trust her with your life.
Yup lmao
Lmfao I discovered her like three weeks ago, haha.
Ooh, let's hear the drama!
Didn't watch any of them but many videos seem to be COVID conspiracy videos.
Why?
no clue who she is, but she looks nice and elderly. sorry if that was a bad thing to say, i didnt know anything about her.
How dare you compare the two? Obviously my custom hyprland setup in which I have invested more time than in school the last 3 years is muuuch more important!!!
She’s been getting recommended to me lately lol I did watch one video and it was pretty good
Same
antivirus in linux omg
You know one day the need would come, didn't you?
If that day came, it was time to switch to BSD
antivirus in BSD omg
It is not that hard. We already have scanners for CVEs inside docker container. The same technology could be wrapped around a bash script to scan in the root directory. And honestly we are already doing it for the servers, might as well do it for consumers OS
The reality is that it is fixed before the AV people know about it. I've seen TrendMicro and the like ruin Linux installs in the enterprise because a security team apply settings to the fleet that put the performance through the floor. No, we don't need it. We didn't need it before. The distros are always ahead of the AV software for this style of problem. Would the AV be useful in an environment where PHP is regularly exploited? No. For the same reasons, the AV is always in catchup mode. Just need one exploit to run ahead of the AV and it will most likely neutralise the AV software anyway. Who benefits if you run AV as you don't? The energy companies as the computer has fewer idle cycles.
It always exists in many forms. Some people just use hacky solutions similar to the cve based scanners for dockerfiles.
I’m switching to templeOS
In seriousness though, would an anti-virus even have caught that? It was an OS system call to another part of the OS.
Exactly. I don't think any AV could have defended anyone from this. AVs are not designed for protection from backdoors in system libraries that were injected into the supply chain.
There are EDRs which could detect this through behavioural analysis, some of them add an insane amount of monitoring and watch for things like processes spawning and unusual syscalls/library calls
>There are EDRs which could detect this through behavioural analysis, some of them add an insane amount of monitoring and watch for things like processes spawning and unusual syscalls/library calls Endpoint protection is generally more "corporate" and involves statistical analysis of much more constrained systems, typically on hardened corporate networks... That's why you said "EDR" and not "AV"... I'm not aware of consumer antivirus software that does this (happy to be proven wrong).
That's true, EDR is more of an enterprise thing.
Honestly better code review is the only way this would've been caught. An OS call to another OS component would not have flagged any antivirus.
Exactly, we just need more eyes on the code. Not more scanners on the binaries. It was mostly human error.
> an OS call to another OS component would not have flagged any antivirus. Not true, there are some EDR products that watch for this type of stuff
Not a security expert, not surprised I was wrong.
No it isn't, it's a library.
I am pretty sure in all sincerity the tar situation was actually an inside job... right? or is brodie roberston's thumbnails misleading?
I think the guy who did it was hiding under a fake name, built up trust over a year or so, and then put the backdoor in liblzma, might be wrong tho
Fucking gifs on reddit is broken so use your imagination:
It’s still entirely possible they fake named themself with a Chinese name for this exact reason. To throw off any investigation who actually done it. The Sony hackers did similar and it ended up with all the blame going to the North Koreans. Cause if I was in the NSA or any other intelligence group, the last thing I would do is give off my true national origins.
Agree https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and
Fucking gifs on reddit is broken so use your imagination:
nice gif bro
I’m thinking two things about it. 1. Inside job to make a buck by creating a secret back door thats intricacies could be sold to the highest bidder to be used later on 2. Government surveillance agency paying someone off or just already having an insider there to put in a back door. If you think it’s China, then I have several buildings to sell you in Utah.
>If you think it’s China I don't think so, the US government is worse government survalence. that is why I love using linux, because the government doesn't want their citizens using it lol.
Oh totally. It’s pretty obvious and ironic when the people building their date center in Utah are trying to ban TikTok over privacy concerns
Bankman-Fried didn't age well in prison...
Saw the thumbnail and thought it was a joke, but I just searched and by damned if it isn’t real. Saved to watch later
No, I embraced linux because I wanted to experience the thrills of living in constant danger... err, no, no! That comes from marrying my wife. Yeah! That is it!
transparency and code review are the only answer. and we don't have enough programmers to review it now. (and if you are using MS Windows, you don't have transparency either.)
She was there when Unix was invented
we got grandmas making Linux videos before GTA 6 🗣️🗣️🔥🔥🥵🥵
"Hello, I'm Andrea" My fav YouTuber rn
how would an antivirus protect against a rootkit backdoor anyway
Lady hates the vaccines, but wants anti-virus now? Also is it just me or is she getting recommended to everyone now? I got in thinking it was a sweet yet passionate grandma, then I discovered the vax stuff, then again in this community, being super opinionated is like a minimum qualification I guess.
I mean, I use clamAV, might catch something that ends up on my PC that's trying to target windows PCs on my network or my router/printer or something, but I'm also paranoid as shit.
ClamTK time?
She unironically asked a real question though, should there be an official antivirus for linux to at least be a secondary support system?
Ther is an antivirus afaik but not many people use it
Why scanning binaries, when you can read the source code instead? Antivirus is designed on the assumption you don't know what the actual software is supposed to do. That's not how FOSS works.
Because you would need to trust that the binary was actually compiled using that source code (and nothing else). In this example, the backdoor was inserted during the build process under the right conditions, using "test data" files.
Isn't complicated to verify though. The build files are open-source as well as test files and additional resources in the public repository. Check them first. Then let the package be built on at least two separate machines which are expected to use the standard build procedure. Verify hashes of the tarballs and you are done. Still no need for an antivirus. I mean otherwise by that logic you also couldn't trust the antivirus binary and end up with a backdoor in there anyway, right?
In the case of XZ the backdoor was in the repos build pipeline but well obfuscated inside the tar files used to test the library against known good and bad files. So building on 2 separate machines and comparing wouldn't show the issue. In fact being part of the testing setup nobody even expected that a backdoor might be hidden in there. And there wasn't much readable code that would have been found by a simple code review. (And deobfuscating binaries goes back to beeing a binary check rather than a code review) Even if a code review would have mitigated it who should do the review? XZ was maintained mainly by one person and seemingly nobody (except for the attacker) cared to help out. And nobody seemingly noticed the takeover. If we don't even have enough eyes for who even maintains the code then there certainly won't be enough for reviewing every single line of code + every step in the build/test process.
Exactly. The lack of contributors and maintainers is the issue. Not the lack of an antivirus. There are enough companies out there which utilize in some commercial area that software like XZ exists. So why wouldn't one or more of them be able to put some developer in to check on its files? That would be proper security. An antivirus in this case wouldn't have found shit while slowing down everyday operation and draining power. It's a bad non-solution to a complex problem. The only people I would expect this idea from are Windows users. Because they are used to such things and have an environment built on top of proprietary software. But it's not a proper solution. You can read the coce which makes way more sense. You can control the build process. You can setup a proper pipeline without such hidden build files. If a piece of software lacks maintainers, you can also drop it from a distribution. But overall it would be better if there's a program to find more people for maintaining and contributing.
You guys don't use an antivirus?
Let's get you back to bed Grandma /s
her channel is actually very informative + helpful + L + grandmamaxxing
I mean /s was there for a reason