Linux Backdoor Attack-Do We Need To Start Using Antivirus Software Now?

Hi Andrea, this was sort of the modern version of "insider thread" bad-actors. In this case an Anti-Virus would be less appropriate, since the source of the issue is actually a human-person given access to things they should not, they will always be able to tailor something to defeat the user in the end. All said and done, this was sort of novel kind of attack done through CI/CD pipelines, and the individual (or possible team of State-sponsored APT threat actors) spent years getting this access. This whole debacle exposes a real problem in that there are almost definitely other (successful) backdoors, and going forward we are going to see more and more.

mega-nerd

I'd like to get more Linux news from you. I hope I can be as well informed and still just as nerdy about Linux when I get older. Thank you for what you do. You are appreciated.

AdamOutler

Thanks for recommending two of my videos. I appreciate it.

linuxmench

This was a case of someone taking over a project from a very burnt out developer by gradually gaining trust. And since 2021, they played a long game of gradually adding the backdoor step by step.

They added the final step recently and got caught almost immediately.

It also alerted the entire Linux community to this new type of attack. We now know that binary blobs even in test-files (which aren't shipped to end users) can still infect a project, if the groundwork has been done such as in this case.

Now think about this: How many backdoors are there in Windows and closed source software? Far more. That is why they force you to update Windows every day.

As a Linux user, this has just made us stronger. This is a new type of attack and now we know what to look for.

Having the source code be open is exactly how we find these things.

Thank you for your videos Andrea. You are awesome. ❤

MyAmazingUsername

Nice to hear your opinion about that backdoor thing that is going on

Heitorr

In security but also for anything important in our world. Always be aware and attentive in distinguishing what you know from what you think or what you believe. This is a hard but necessary mental discipline.

bubullenoiraude

Thanks for your videos Ms. Borman! I've been a Linux lurker for a while now but am looking forward to jumping in, soon.This XZ thing has been pretty crazy.

Lazdinger

Great video. Kind of crazy the level of sofistication in that XZ case. I never use clamav before, but i will start using it. I see only benefits

danielponte

I'm using Linux Mint 21.2 Cinnamon here, with the firewall enabled. I have not had any virus problems in Mint so far, and I am quite confident that there are no problems. There are very few, if any, viruses for Linux flying around on the Internet. So don't panic people.

frankywatte

These videos are very useful, thank you for taking the time to make them.

jfluffydog

I would literally trust anything you say Andrea, great video :)

brysont.phagura

I love how the algorithm has uncovered this niche channel in the linux community it's great

haybail

Terry A. Davis predicted it 10 years ago, people simply ignored him, anyway... thanks for the uprgade, andrea ! Ps: This "breaking news" video style fit so well in the channel, hope you keep taking more contents like this. The community would enjoy very much.

kelverton.cost

It's important to note that clamav(or clamtk in this case) doesn't provide any real time protection, so it won't be able to actively prevent a malware infection from your PC. While you can schedule scans, this is more to prevent more damage after the fact and to alert you that something bad has happened. The stock clamav signatures from Cisco are also pretty bad, so I'd install something like Fangfrisch so it can actually have a decent detection rate. Linux absolutely does need an antivirus, and not for the reasons most people would think. There's no such thing as perfect security, it's impossible to design a perfectly secure system and so we have tools like Antiviruses as a safety net and to buy developers time to develop a proper fix (I am not saying that antiviruses solve all of your security woes). Sadly I don't think Desktop Linux has many good options as it doesn't get a lot of effort from the Linux community, most of it goes to the server market and the rest are just hobbyists or those that are passionate about Linux.

On your point of firewalls, if your using your computer at home then not having one is a big deal. Your router will have an firewall that will block inbound malicious connections from the internet, but it won't help you if a computer in your home network is infected with malware and tries to attack your computer. Personally, I'd still have one just in case.

jacksoncremean

Thanks to the backdoor being discovered before it hit critical mass, there needs to be a redundant process to prevent such drawn out plots from going unnoticed.

phonewithoutquestion

The fact that this was caught so early in the testing branches truly speaks to the security of Linux. A bug like this could’ve easily gone unnoticed in a product like Windows for years, and we’ve seen that happen before a few times where an old bug compromises many current windows machines. So I generally trust the OS developers to keep Linux secure.
Also, I have such a hard time trusting anti-virus software especially with that recent Avast lawsuit where they got exposed for selling the data of their users.

MerkieAE

I just want to say thank-you!

I respect your dedication to the Linux ecosystem. We need more open minded individuals like you, who break the mold, and show that with determination Linux can be an amazing platform for everyone if we all work together.

Honestly you've inspired me to work harder at learning more technical stuff again. I can kinda be a bit of a slacker, so thank-you for making me aware of that even if you didn't do so directly.

ProtoPropski

LTS versions of XZ utils that were affected was 5.6.0 which are on current rolling release distros, the LTS releases doesn't have this cause it uses the version 5.4.3 something like that. The next LTS systems will have XZ will be patched and the backdoor corrected already.

DavidCoutinhoCG

Very interesting subject. At times I am tented to install an AV in my POP OS, but I am still not sure if needed. Based on your explanation, I probably will not as I am using the computer at home all the time. Also, if it is not comming preinstalled, probably they still cnsider it unnecesary. Thank you!

raulrrojas

The vulnerability in the continuous integration pipeline that allowed this exploit to propagate could easily render antivirus ineffective.

JoshLathamTutorials