Language Selection

English French German Italian Portuguese Spanish

Annual Kaspersky Labs Fearmongering!

Merry Fearmongering!

Kaspersky Labs (maker of the infamous KAV for Windows), has started what I call their "annual fearmongering initiative".

It appears about this time of year, when they release their so-called "Look everyone! We found a proof of concept malware that does something nasty to *insert opensource solution name here*" press releases.

Obviously, this is designed to spread fear.
(If you know what you're doing in Linux, there's nothing to fear.)

Here's a friendly reminder...

This is from 2006.

The case of the non-viral virus
http://software.newsforge.com/article.pl?sid=06/04/10/2218210

Torvalds creates patch for cross-platform virus
http://software.newsforge.com/article.pl?sid=06/04/18/1941251

OpenOffice.org virus debunked by experts
http://software.newsforge.com/article.pl?sid=06/06/02/2136202

And for this year? (2007)

iPod virus scare stories are here
http://www.theinquirer.net/default.aspx?article=38767
(It involves Linux installed on iPod).

Notice how in BOTH cases:

(1) The malware in question are "proof of concept" ones!
Translation? They do NOTHING in real life! They don't spread by themselves. They do NOT do any widespread damage!

(2) They don't do anything until you run them with root privilages and the like. As in you intentionally or delibrately infect yourself! No one is THAT stupid!

(3) Kaspersky Labs were the only ones that happen to find this type of malware! It leads me to believe it is THEM who are delibrately writing this proof of concept nonsense to begin with!

(4) It involves opensource solutions.

While these tactics may work on the Windows crowd, don't expect the Linux crowd to fall for the same BS. Its not gonna work.

Let me end this post by suggesting you read this article.
(If you've read it before, I want you to remind yourself again this year.)

Can the malware industry be trusted?
http://software.newsforge.com/article.pl?sid=06/06/06/1832223

My response to Kaspersky...
Do you really think we're that stupid?

More in Tux Machines

Linux/FOSS Events

  • The Linux Foundation Announces Session Lineup for ApacheCon(TM) Europe
  • OpenShift Commons Gathering event preview
    We're just two months out from the OpenShift Commons Gathering coming up on November 7, 2016 in Seattle, Washington, co-located with KubeCon and CloudNativeCon. OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. And we're excited to say, the 1.3 GA release of OpenShift Origin, which includes Kubernetes 1.3, is out the door! Hear more about the release from Lead Architect for OpenShift Origin, Clayton Coleman.

Security News

  • Report: Linux security must be upgraded to protect future tech
    The summit was used to expose a number of flaws in Linux's design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it's also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
  • security things in Linux v4.6
    Hector Marco-Gisbert removed a long-standing limitation to mmap ASLR on 32-bit x86, where setting an unlimited stack (e.g. “ulimit -s unlimited“) would turn off mmap ASLR (which provided a way to bypass ASLR when executing setuid processes). Given that ASLR entropy can now be controlled directly (see the v4.5 post), and that the cases where this created an actual problem are very rare, means that if a system sees collisions between unlimited stack and mmap ASLR, they can just adjust the 32-bit ASLR entropy instead.

Raspberry Pi PIXEL and More Improvements

Trainline creates open source platform to help developers deploy apps and environments in AWS