Peppermint OS

General => GNU/Linux Discussion => Topic started by: perknh on January 07, 2015, 04:31:27 am

Title: Downloading Software Online In Linux (SOLVED)
Post by: perknh on January 07, 2015, 04:31:27 am
Quote
NO .. you NEVER download software online in Linux (that's a bad Windows habit you'll need to break).. it's all installed through your package managers from a central repository that's kept free of malicious code (and one of the reasons you'll not require anti-virus software in Linux) -- PCNetSpec from  Received netbook with Ppmt on !

I see a very emphatic No and NEVER in PCNetSpec's statement, and I confess I've broken these rules at times -- although I didn't realize the magnitude of the risks I've been taking.

I've downloaded Skype, Chrome, and Maxthon before from their official sites.  Now Maxthon offers an MD5 hash check in order to verify the download's integrity, but Skype and Chrome do not.  Still, I thought, since I was downloading Chrome from Google Chrome's secure site, I was safe.  I also thought that Microsoft would have too much to lose if Skype's download page were not secure.  Skype, after all, is a cash cow for Microsoft.

It sounds, however, after reading the statement above, that I've been playing a risky game. 

I believe I can add Skype with  sudo apt-get install Skype , although I'm not sure if I'd have to add i386 architecture for it too.

But what about Chrome and Maxthon?  And wouldn't any of us be safe downloading Maxthon from its download page if its MD5 checksum proves valid?

But, with Chrome, I'm at a loss.  Would I just have to play in the terminal until I hit upon the right command?  For an example, might the installation command be something like sudo apt-get install google-chrome-stable?  I have no idea if that would be a legitimate command for installing Google Chrome or not since I've never tried installing Chrome this way.

But what PCNetSpec is saying here does make a lot of sense to me though.

Thank you,

perknh

P.S.

Now I'm finding myself with a practical problem.  I've been doing my homework on password managers and I've discovered that in my particular situation, now owning a Chromebook, that the best password manager for me would be LastPass, which is from a propriety software company.  Yes, KeePass, an open source password manager, would generally be my first choice, but there are real issues concerning KeePass and Chromebooks so I've read time and time again.  Anyway, bottom line, I would like to download LastPass using the terminal.  Is there a trick here in doing so?  I've tried sudo apt-get install lastpass , but I get nothing.

And, again, thank you.


Title: Re: NO .. you NEVER download software online in Linux
Post by: PCNetSpec on January 07, 2015, 09:45:48 am
OK, what I meant was "NEVER download software online in Linux, unless there's absolutely no other option, and you're aware of the risks .. then only get it from a source you feel you can trust"

But I was speaking to a brand new user, and was trying to instill the idea of "ALWAYS from the repos, through your package manager FIRST" .. I figure if a user needs this pointing out, they're probably best sticking to the repos until they figure out how it all works.

It was as much a strong statement to steer a Windows user towards Linux "best practice"s .. it's hard enough to explain the repository system and package management to a Windows user without muddying the waters with "well sometimes you may need to download stuff, but be careful, and aware of what you're doing" .. that will likely lead to a ten paragraph explanation/conversation that's as likely to confuse as inform..

IMHO, when someone is Linux savvy enough to step outside the repos, they'll not need informing ;)

With new users I start from the position of .. if they need to ask, play it safe, they'll surely learn more or ask questions later.

After all telling someone to stick to the repos is not going to do them any harm is it .. whereas if I send them off downloading software from the web and it turns out to contain malicious code, or crashes their system, simply doesn't work, or breaks something else it doesn't reflect too well on me or Peppermint does it ?
Title: Re: Downloading Software Online In Linux
Post by: perknh on January 07, 2015, 09:55:08 am
Quote
...telling someone to stick to the repos is not going to do them any harm is it ;) --PCNetSpec

Absolutely not!  It's the safest thing going -- bar none!  ;)

With rare exception (the ones noted) do I ever step outside the repos, although it looks like I'm going to need to do so today.  :-[ 

I wish there were a way I could always download from either the repos or the terminal.  I always feel a little bit leery of going to outside sources for my downloads.

Thank you very much,

perknh

Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on January 07, 2015, 10:08:59 am
That would be your call ;)

I'm not going to tell you "it's OK", I cannot guarantee that .. you need to do a risk/reward analysis based on your own criteria, then accept the consequences good or bad base on YOUR decision.

Truth is, it's no more risky for Linux than downloading software from the web for Windows (and people do that all the time), in fact it's probably still FAR less risky .. but it's still riskier than the repos, so can only be YOUR decision.
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: perknh on February 20, 2015, 12:30:47 pm
I've never forgotten the thread that introduced AuroraMagic to Peppermint Forum.  The reason for this is that I read what PCNetSpec said on matters concerning security within Linux. I knew what he was saying to AuroraMagic was absolutely 100%, correct.  Stay within the package managers.  Period!

Well, now that Chromium is pretty much on par with Google stable -- with the exception of a little harmless pixelation every now and then; and now that I know that Skype can be gotten through our software manger, after enabling Canonical partners in our update manager, I have little absolute need to download anything from outside our repositories -- and I haven't.

Still, being a sucker for a pretty face, or, in this case, a nice looking wallpaper; I was wondering if using web inspector, from Comodo, along with Norton Safe Web, would be a good way to protect a Linux user from a malicious software download.

I have a friend, a smart software engineer, who uses Solaris -- a BSD distribution -- and he definitely lives by staying within the BSD universe.  He lives by the textbook rule of staying within Solaris' repository, and his system is a solid as a rock.

The best comparison between BSD and Linux I've heard is this:  Linux can be looked at as an alpha BSD.  We're a little edgier here.  We have more distributions, and we have one man behind, and producing, our kernel.  If figure BSD is slightly more secure than Linux usually, but if we update regularly within Linux, and avoid downloads, we're essentially as safe as anyone using PC-BSD.  To me, the two OSes are essentially the same.  BSD is a Unix derivative, while Linux is a Minix derivative, which itself is a Unix derivative. (Unix has a kid named BSD.  Unix has another kid named Minix.  Now Minux has a kid named Linux. Wouldn't this make Linux BSD's nephew -- carrying some to the genes (code) of Unix?)

But, since I need my Skype, and I love our Linux distributions, am I playing it pretty safe if I use Comodo's web inspector and Norton Safe Web before I download a wallpaper online?

https://app.webinspector.com/public/reports/30099873 (https://app.webinspector.com/public/reports/30099873)

http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwallpaperswide.com%2F (http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwallpaperswide.com%2F)


Wallpaperswide.com sure looks clean to me.  Does anyone else here use these tools for downloads? 

PCNetSpec gave me a wake up call, that's for sure.  I have changed my behavior to a great extent after thinking about what he said.  And, as I said, I have a friend who lives by these rules, and he never gets in any mischief at all.  I've looked a Solaris, and some BSDs, but I can't seem to make that leap.  And I don't know if it's really necessary to do so anyway.

Thank you,

perknh


Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on February 20, 2015, 01:11:51 pm
I'd expect online virus scanners to be looking for windows viruses, not Linux ones.

Image files such as png/jpg/bmp/etc. cannot contain viruses .. only executables (and in windows some macros that may get executed by say Microsoft Office).
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: VinDSL on February 21, 2015, 12:17:50 pm
I run a Linux virus scanner from time-to-time, mostly when sending files to winders users (that I care about).   :D

Been using 'avast! for Linux' since 2012, actually.  Works great!

You can download it here:  http://linux.softpedia.com/get/Security/avast-Linux-Home-Edition-43586.shtml

I just upgraded it in Ubu 15.04, to make sure things haven't changed.  No probs experienced.

You might need to request a key, too.  This machine already has one installed.

I don't remember ever using !avast in Peppermint.  One thing to watch out for is your 'kernel.shmmax' setting. 

Not sure what it is in P5, and I'm too lazy to drag out my road warrior and check.

In the past, Ubu and Ubu distros have always set 'kernel.shmmax' way too low. 

In my experience, avast! needs at least 'kernel.shmmax = 128000000' to run correctly.

You can check this in CLI by running:

Code: [Select]
sudo sysctl -a | grep shm
Looks like Canonical finally got wise to this.  Here's the output in Ubu 15.04:

Code: [Select]
vindsl@Zuul:~$ sudo sysctl -a | grep shm
kernel.shm_next_id = -1
kernel.shm_rmid_forced = 0
kernel.shmall = 4278190079
kernel.shmmax = 4278190079
kernel.shmmni = 4096
vm.hugetlb_shm_group = 0
vindsl@Zuul:~$

Not sure what it is in P5.  To up the 'kernel.shmmax' setting to a more reasonable amount, in the past, I've done this:

.
That'll get !avast up n' running.

Don't mean to confuse anyone, but that's how I scan Linux files for viruses...   8)
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on February 21, 2015, 12:23:33 pm
Unless you're protecting Windows users (as VinDSL mentions he is), I really can't see the point.

Can't hurt, but I'm not going to run software that'll eat syste resources when it's absolutely not necessary .. let Windows protect its own castle .. but that's just me ;)
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: VinDSL on February 21, 2015, 12:27:17 pm
!avast doesn't run in the background, like on winders machines - no need to, as you say.   ;)

You just run it when needed, to scan for viruses, then close it down - same as you would do with a browser or mail client.

They say a screenie is worth 1000 words, right?

I just ran !avast against my download directory (and this is a low-resource machine):

(http://vindsl.com/images/vindsl-desktop-21-feb-2105-1.png)
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on February 21, 2015, 12:34:00 pm
OK, you're a special use case (regular dealings with the feds, etc. and don't want to pass on a file that may contain a Windows virus) .. but most users do not require AV in Linux.

And to check the "odd" file that you may want to scan for Windows viruses before passing to a friend, I'd use virustotal who scan it with 57 different AV scanners at the same time (including avast):
http://virustotal.com
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: VinDSL on February 21, 2015, 12:46:20 pm
OK, you're a special use case (regular dealings with the feds, etc. and don't want to pass on a file that may contain a Windows virus) .. but most users do not require AV in Linux.

Agreed!   ;)
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: perknh on February 22, 2015, 10:43:02 am
OK, you're a special use case (regular dealings with the feds, etc. and don't want to pass on a file that may contain a Windows virus) .. but most users do not require AV in Linux.

Agreed!   ;)

Hello VinDSL and PCNetSpec,

This is good to know.  I certainly don't miss having an antivirus program. 

When I receive email that looks like it's been around the block a few times, I sometimes wonder I should resend the email to others.  Lots of people I know still use Windows.  :-\

Thank you,

perknh
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on February 22, 2015, 10:58:03 am
Whether you want to look after your Windows using friends, or whether you think that tthey should look after themselves is up to you.

Personally I never pass on emails with executable attachments unless I added the attachment and know it to be safe .. but I don't see it as my job to look after Windows users PC's, if they're dumb enough to be opening emails and running attached executables nothing I do (or don't do) is going to protect them for long ;)

I opperate from the position that you're responsible for your own security/protection .. if I accidentally pass on a file with a Windows virus:-
a) it will be unintentional .. AFAIK this has never happened, but I'd be stupid to think it never will .. **** happens right ?
and
b) if they become infected buy it, it's still their own fault .. they should not  be assuming files sent by (or appearing to be sent by) ANYONE are safe.
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: 10i on February 22, 2015, 11:10:50 am
This past week I found a mac user who installed Mackeeper or Macguardian or something like that and now his web browser keeps opening popups and playing audio adverts.

Shows you how installing software from an unsafe source can compromise an otherwise safe system.

Only you can infect your PC with a virus.
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on February 22, 2015, 11:13:44 am
Only you can infect your PC with a virus.

Well said :)

[EDIT]

Or maybe "only you can stop it from becoming infected" would be more accurate.
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: VinDSL on February 22, 2015, 12:01:23 pm
A little OT, but I just posted this on LinkedIn -- thought you might find it interesting/informative...  :D

Lawyer who clicked on attachment loses $289K in hacker scam (http://www.abajournal.com/news/article/lawyer_who_clicked_on_attachment_loses_nearly_289k_in_hacker_scam)
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on February 22, 2015, 12:27:25 pm
and this guy's a lawyer .. no wonder he doesn't want to be named  ::)

If there's anyone that should know there are criminals out there......
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: perknh on February 22, 2015, 01:05:15 pm
Image files such as png/jpg/bmp/etc. cannot contain viruses .. only executables (and in windows some macros that may get executed by say Microsoft Office).

This information surprised me.  I thought downloading any file from an outside source was risky business.  But, I've noticed the Peppermint and Ubuntu always warm me about some files -- say when I download Google Chrome, or Maxthon, from Google's or Maxthon's web sites.  With these files I get a message that says something like, "Only install this file if you trust the origin."  And, I do NOT get that message when I download a wallpaper from wallpaperswide.com.  So, I believe, Linux is trying to protect me -- protect me from myself, as 10i has said!  ;)

But what 10i has reported leads me to another question:  If Mac OS and Linux have common Unix roots, and if Mac computers today are encountering more and more malware, does this mean that malware designed for Apple computers might cause damage to computers running Linux as well?  I would think it might. 

And now, one final question in reference to VinDSL's recent post on LInkedIn:

What do you have when you have a dozen lawyers up to their necks in cement?

Answer:
Spoiler (click here to view / hide)
[close]

Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: VinDSL on February 22, 2015, 01:46:50 pm
And now, one final question in reference to VinDSL's recent post on LInkedIn...

OMG!  You don't know the half of it  ;D

I deal with attorneys all the time.  PCNetSpec can vouch for this... he can see the addys when I'm posting from court buildings.

I can't really talk about it, other than to say, it's an 'Alice in Wonderland' experience.  LeL
Title: Re: Downloading Software Online In Linux (SOLVED)
Post by: PCNetSpec on February 22, 2015, 02:31:04 pm
Quote
If Mac OS and Linux have common Unix roots, and if Mac computers today are encountering more and more malware, does this mean that malware designed for Apple computers might cause damage to computers running Linux as well?

The answer to that is a resounding YES and NO :)

Some of the underlying code might be executable on both OS's, but the attack vector would most often need to be different, and the interplay between the malware and OS subsystems may need to vary.

OS X malware is likely to come attached to OS X software as a dmg installer .. dmg's won't run on Linux

Sure it *would* be possible to craft some code that would run on both OS's .. the problem would lie in getting it onto a Linux PC in the first place. The installer would need to be a binary executable downloaded say from the web that would need to be manually flagged as executable (or unpacked from an archive) then run by the user, this is NOT a common method for software installation in Linux, and one that is frowned upon (hence this topic).

OS X is pretty much as secure as Linux except fopr one MAJOR flaw .. in OS X you still download software from all over the internet.
In Linux you generally get it from a secure central repository .. and everyone gets it from the same place, so on the off chance any malicious code ever makes it into the repos, it's quickly spotted and dealt with in one place once and for good