Would it be so difficult to place somewhere in an "Operating System" tagged posting which operating system was affected? Slashdot folks really might have more than one OS in their areas and it would be nice to know which is at risk right at the top.
If malware does attack your linux computer, rest assured that only all of your personal content in your home directory will be wiped. The actual OS and software that you can download and install again for free is protected.
Actually Linux is more vulnerable than Windows to this kind of attack because most Linux systems do not implement any kind of secure boot procedure.
These rootkits work by replacing some parts of the OS that are loaded very early in the boot process, things like core SATA drivers needed to read in the rest of the OS or parts of the kernel. That makes them very hard to detect and remove, because any software running on the OS that tries to read those files can be supplied with a clean copy by the rootkit. Even the kernel can't easily figure out if the SATA driver or the filesystem handler is really giving it the true data or a fake copy.
Windows mitigates this by implementing Secure Boot. This is something that is part of the UEFI spec and which Linux users got upset about when it looks like some devices might not let you load your own keys. Modern Windows systems supplied by PC/laptop manufacturers have a Microsoft key in the UEFI that is used to verify the OS boot files have not been altered by a rootkit before loading them. Microsoft requires OEMs to implement it for Windows 10.
Other Windows installs, particularly older ones people do themselves, might not have Secure Boot enabled and so are vulnerable to this kind of attack. Linux systems very very rarely use Secure Boot so are almost always vulnerable to.
In both cases (Linux and Windows) some kind of root exploit is needed to alter those files in the first place. The difference is that a Windows system with Secure Boot can detect it and recover those files from a hopefully clean backup copy that normally no level of privilege allows to be corrupted. On Linux you would have to somehow notice yourself what has happened and fix it manually with a boot disk.
In both cases (Linux and Windows) some kind of root exploit is needed to alter those files in the first place. The difference is...
..that while a Windows user is willing to run that root exploit, a typical Linux user is far too lazy to remount/boot as rw and then sudo apt-get install malware. Most Linux users are so lazy they never bother to try out any malware at all, going for decades at a time, never having the tenacity or curiosity to try out "what's it like to have a computer that runs software intend
These rootkits work by replacing some parts of the OS that are loaded very early in the boot process, things like core SATA drivers needed to read in the rest of the OS or parts of the kernel. That makes them very hard to detect and remove, because any software running on the OS that tries to read those files can be supplied with a clean copy by the rootkit. Even the kernel can't easily figure out if the SATA driver or the filesystem handler is really giving it the true data or a fake copy.
And isn't that the point of Linux? You don't touch the OS at all from Linux's user stand point. If you install any program, it should come from a (trusted) repository, not simply download from a site. When install, you will need to enter root password if the installation requires changes in critical system. If you are a user, you shouldn't be able to do that but rather install under your own privilege; thus, no OS. If you are the admin, then you deserve it because you should know better to be an admin. That
Often statistics are used as a drunken man uses lampposts -- for support
rather than illumination.
Microsoft Windows only (Score:5, Insightful)
Re: (Score:5, Informative)
If you don't see an operating system listed, you can rest assured that it's windows.
Re: (Score:0)
Yeah or maybe just read the article.
Meanwhile, Linux users rest easy assuming no harm can penetrate Fortress Europe.
Re: Microsoft Windows only (Score:2, Insightful)
If malware does attack your linux computer, rest assured that only all of your personal content in your home directory will be wiped. The actual OS and software that you can download and install again for free is protected.
Re: Microsoft Windows only (Score:3, Insightful)
Actually Linux is more vulnerable than Windows to this kind of attack because most Linux systems do not implement any kind of secure boot procedure.
These rootkits work by replacing some parts of the OS that are loaded very early in the boot process, things like core SATA drivers needed to read in the rest of the OS or parts of the kernel. That makes them very hard to detect and remove, because any software running on the OS that tries to read those files can be supplied with a clean copy by the rootkit. Even the kernel can't easily figure out if the SATA driver or the filesystem handler is really giving it the true data or a fake copy.
Windows mitigates this by implementing Secure Boot. This is something that is part of the UEFI spec and which Linux users got upset about when it looks like some devices might not let you load your own keys. Modern Windows systems supplied by PC/laptop manufacturers have a Microsoft key in the UEFI that is used to verify the OS boot files have not been altered by a rootkit before loading them. Microsoft requires OEMs to implement it for Windows 10.
Other Windows installs, particularly older ones people do themselves, might not have Secure Boot enabled and so are vulnerable to this kind of attack. Linux systems very very rarely use Secure Boot so are almost always vulnerable to.
In both cases (Linux and Windows) some kind of root exploit is needed to alter those files in the first place. The difference is that a Windows system with Secure Boot can detect it and recover those files from a hopefully clean backup copy that normally no level of privilege allows to be corrupted. On Linux you would have to somehow notice yourself what has happened and fix it manually with a boot disk.
The difference between Linux-vs-Win boot malware (Score:1)
..that while a Windows user is willing to run that root exploit, a typical Linux user is far too lazy to remount /boot as rw and then sudo apt-get install malware. Most Linux users are so lazy they never bother to try out any malware at all, going for decades at a time, never having the tenacity or curiosity to try out "what's it like to have a computer that runs software intend
Re: (Score:1)
These rootkits work by replacing some parts of the OS that are loaded very early in the boot process, things like core SATA drivers needed to read in the rest of the OS or parts of the kernel. That makes them very hard to detect and remove, because any software running on the OS that tries to read those files can be supplied with a clean copy by the rootkit. Even the kernel can't easily figure out if the SATA driver or the filesystem handler is really giving it the true data or a fake copy.
And isn't that the point of Linux? You don't touch the OS at all from Linux's user stand point. If you install any program, it should come from a (trusted) repository, not simply download from a site. When install, you will need to enter root password if the installation requires changes in critical system. If you are a user, you shouldn't be able to do that but rather install under your own privilege; thus, no OS. If you are the admin, then you deserve it because you should know better to be an admin. That