The Linux servers infected were all running php webapps. They are not normal desktops. The files targeted were .html, js, and php files.
Windows and Unix have completely different security models. Hence, the solutions to potential problems are also different. Trying to make Linux like Windows will only lead to frustration. They aren't the same OS and work very differently.
My 80 yr old mother never had any issues with malware or viruses on Linux. She was hit with both on Windows, before she realized that changing to Linux was necessary.
Do a little research, please.
If you want to prevent any malware/virus/whatever harming your Linux system coming in over a web browser, then use the normal tools which prevent that, like firejail or a Linux container. Linux containers have been around almost 15 yrs. Light sandboxes have been around almost a decade making use of Linux namespaces. These are used to limit access by processes not specifically allowed to certain kernel services and parts of the file system. Canonical snaps are mini-containers for programs.
I would never use google-chrome on any of my systems. Their goals and my goals in a browser do not align.
Nothing can protect every user from every possible threat. Not visiting untrustworthy websites is my primary way to avoid issues. To me, untrustworthy sites have more than 1 tracker included. I don't allow javascript on most websites. For email, only 7-bit ASCII is accepted.
Any AV/anti-malware is too late. Be proactive.
And nothing can replace having daily, automatic, versioned, backups. When you get hit with a problem, those backups will let you go back to before the attack happened and compare all the files, figure out what happened, before restoring. As long as the backup storage isn't connected to the system while the malware is active, recovery is possible. If it takes more than 45 minutes to restore a system to the way it was before the malware hit, then the backups aren't good enough.
+1000!Anyone running an Internet-facing server that still supports plain-text FTP is an idiot.
Stay patched. Have versioned backups. If you run internet services, be paranoid. Desktop users are not impacted."While it may not be currently clear how the B0r0nt0K ransomware was able to establish a foothold on the affected Linux servers in question, typically it comes back to server misconfigurations or from running out-of-date versions of software with known remote code execution vulnerabilities,"
Linux isn't Windows. Think differently.
Bookmarks