Language Selection

English French German Italian Portuguese Spanish

Annual Kaspersky Labs Fearmongering!

Merry Fearmongering!

Kaspersky Labs (maker of the infamous KAV for Windows), has started what I call their "annual fearmongering initiative".

It appears about this time of year, when they release their so-called "Look everyone! We found a proof of concept malware that does something nasty to *insert opensource solution name here*" press releases.

Obviously, this is designed to spread fear.
(If you know what you're doing in Linux, there's nothing to fear.)

Here's a friendly reminder...

This is from 2006.

The case of the non-viral virus
http://software.newsforge.com/article.pl?sid=06/04/10/2218210

Torvalds creates patch for cross-platform virus
http://software.newsforge.com/article.pl?sid=06/04/18/1941251

OpenOffice.org virus debunked by experts
http://software.newsforge.com/article.pl?sid=06/06/02/2136202

And for this year? (2007)

iPod virus scare stories are here
http://www.theinquirer.net/default.aspx?article=38767
(It involves Linux installed on iPod).

Notice how in BOTH cases:

(1) The malware in question are "proof of concept" ones!
Translation? They do NOTHING in real life! They don't spread by themselves. They do NOT do any widespread damage!

(2) They don't do anything until you run them with root privilages and the like. As in you intentionally or delibrately infect yourself! No one is THAT stupid!

(3) Kaspersky Labs were the only ones that happen to find this type of malware! It leads me to believe it is THEM who are delibrately writing this proof of concept nonsense to begin with!

(4) It involves opensource solutions.

While these tactics may work on the Windows crowd, don't expect the Linux crowd to fall for the same BS. Its not gonna work.

Let me end this post by suggesting you read this article.
(If you've read it before, I want you to remind yourself again this year.)

Can the malware industry be trusted?
http://software.newsforge.com/article.pl?sid=06/06/06/1832223

My response to Kaspersky...
Do you really think we're that stupid?

More in Tux Machines

Games: Ostriv, Back to Bed, EVERSPACE, Hiveswap: Act 1

Openwashing and Microsoft FUD

BlueBorne Vulnerability Is Patched in All Supported Ubuntu Releases, Update Now

Canonical released today new kernel updates for all of its supported Ubuntu Linux releases, patching recently discovered security vulnerabilities, including the infamous BlueBorne that exposes billions of Bluetooth devices. The BlueBorne vulnerability (CVE-2017-1000251) appears to affect all supported Ubuntu versions, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus) up to 16.04.3, Ubuntu 14.04 LTS (Trusty Tahr) up to 14.04.5, and Ubuntu 12.04 LTS (Precise Pangolin) up to 12.04.5. Read more

Security: Updates, 2017 Linux Security Summit, Software Updates for Embedded Linux and More

  • Security updates for Tuesday
  • The 2017 Linux Security Summit
    The past Thursday and Friday was the 2017 Linux Security Summit, and once again I think it was a great success. A round of thanks to James Morris for leading the effort, the program committee for selecting a solid set of talks (we saw a big increase in submissions this year), the presenters, the attendees, the Linux Foundation, and our sponsor - thank you all! Unfortunately we don't have recordings of the talks, but I've included my notes on each of the presentations below. I've also included links to the slides, but not all of the slides were available at the time of writing; check the LSS 2017 slide archive for updates.
  • Key Considerations for Software Updates for Embedded Linux and IoT
    The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers. Many of these embedded devices run a variant of embedded Linux; typically, the distribution size is around 16MB today. Unfortunately, the Linux kernel, although very widely used, is far from immune to critical security vulnerabilities as well. In fact, in a presentation at Linux Security Summit 2016, Kees Cook highlighted two examples of critical security vulnerabilities in the Linux kernel: one being present in kernel versions from 2.6.1 all the way to 3.15, the other from 3.4 to 3.14. He also showed that a myriad of high severity vulnerabilities are continuously being found and addressed—more than 30 in his data set.
  • APNIC-sponsored proposal could vastly improve DNS resilience against DDoS