Re: [wlug] TRIMMING POSTS -- PLEASE ???!!!

7 Jun 2016


      (Michelle you sent this to me directly, but I believe you intended to send it 
to the whole mailing list, so I'll include that here. I've left the history 
included, in spite of Ian's entreaties otherwise, for the benefit of those 
who want to see what I'm replying to) 
Ah, I understand a bit better now. 
By and large, Linux is relatively untouched by garden variety malware. 
However, your browser (cross-platform, JavaScripty, etc) can still fall prey 
to security issues, which sounds the case here. I note you said you were 
running NoScript, so it comes as a surprise, but I suppose they're always 
thinking up new avenues.
That said, I don't think the Oprah thing is related to your missing files! I 
can't say what happened, but its vanishingly unlikely that a browser hijack 
could have deleted files on a LINUX system... On Windows, sure, but to 
perform that action on a Linux pc, the malware would need to be designed FOR 
Linux - and that's particularly unlikely. 
Okay so we've established that you want privacy, but overall you want a 
system where you can easily recover from corruption... Is that correct? 
I'm sticking with my recommendation for Debian - probably Linux Mint Debian 
Edition, because it's:- got a solid base (Debian) - got a wide user base 
(thus lots of testing) - got a lovely UI (Cinnamon) - specifically designed 
to be easy to use
On top of this, you can install Sophos Antivirus for Linux... It's free, and 
it has some of the highest detection rates in the industry (note, solving a 
problem that barely even exists in a Linux environment, but which you may 
have encountered nonetheless). 
Since your threat profile sounds like browser-based malware, it might be 
worth looking into specifically sandboxing your browser. I know Chrome 
already does sandboxing between tabs and threads, so that might already be in 
place, but it sounds plausible. 
Alternatively, putting your /home partition on a filesystem that supports 
snapshots might be a good idea... Maybe ZFS? That sounds like a good solution 
to me, but I'll have to defer to the wizards in the group. ☺
Good luck!Eric
--
Securely sent with Tutanota.  It's good, you should try it:  
https://tutanota.com

7. Jun 2016 20:08 by michelle400(a)orcon.net.nz:
...
Woops. Sorry. I used the wrong term, I used BUG when I should have used 
MALWARE. Biological viruses are bugs and so instead of the term malware, 
I've used bug for viruses, trojans etc.....So in other words I think I 
caught some malware on my Toshiba despite those safety measures. And I 
think the safest thing for a non computer expert like myself to do to keep 
it from happening again is to install the safest and secure distros that 
I've heard of. (I'm now not sure whether that person I mentioned was 
talking about bug(s) or malware).
William, thanks for looking out for me back there.
Eric, thank you for going out of your way to make me feel better. You're a 
clss act. I couldn't figure out why you were recommending a very stable 
distro, and then I got it - I used the wrong term. Thanks again for your 
input.
On 2016-06-07 16:25, Eric Light wrote:
...
Hi Michelle,
I'm sorry that you feel you've been maligned and attacked. We do try
hard to make this a safe forum for everyone. For what it's worth, most
of us here ARE a bit batty, each in our own way.
Security and safety, along with reliability and usability, are also
the reasons I use Linux. You're in good company there.
I feel that Whonix+Qubes is over-engineering. I haven't had any
responses to my email last night re TAILS+grsecurity (ALSO
over-engineering), but TAILS' lack of persistence makes it a drag for
day-to-day use; Whonix sacrifices some security for usability there.
What problem are you trying to solve? What is your threat profile that
you're trying to defend yourself against? If you're just trying to
avoid bugs in your distro, you could just go with Debian Stable, which
will give you a reliable, secure, and well-known system, with very few
"tricky bits".
E
--
Securely sent with Tutanota. It's good, you should try it:
https://tutanota.com>>  [1]
7. Jun 2016 15:43 by >> michelle400(a)orcon.net.nz>> :
...
Well when I looked at the mailing list page today I was totally
shocked to find I'd been maligned and attacked. I know that that
happens on other forums (yes I realize this is a mailing list) but I
didn't think it would happen here. I guess that I just got schooled.
Perhaps I should say a few things. The only reason for me choosing
Linux over windows is security and safety. It may be different for
computer experts, but that's it for me.
So anyway I have Mint on my Toshiba and some months back I clicked
to a page with info on Oprah Winfrey. The site then clicked on and
off and on and off etc. I closed the page and opened history. Here
the site was listed maybe 25 to 50 times. Then say that day or the
next, my most used folder disappeared from it's space. I found it in
the thrash. And that happened with maybe another couple of folders.
Someone said that Mint had had problems with a bug/bugs this
year/last year?
So anyway I presume that I caught a bug and that it's still there.
(Don't worry,the emails I send on this phone and not the Toshiba).
This happened inspite of the fact that I use Mozilla, adblock and
NoScript, although they may not have been up to date. Computer
experts, if their machine gets infected may be able to debug it and
be confident that it's clear, but I can't. I figure the best way to
protect myself from now on is to have the safest set up from the
start. And from a bit of research I did on the net it appears that
that maybe Whonix and Qubes.
On 2016-06-07 06:53, Paul Wilson wrote:I would be trending to a tent
inside a faraday cage, at least 50kms
from the nearest populated town. :p
Sent from my iPhone
On 6/06/2016, at 11:41 PM, Eric Light <>>> eric(a)ericlight.com>>> > wrote:
YES I FIND THIS MUCH LESS ANNOYING, THANKS WILLIAM ��
Battiness aside, I suspect the answer to Michelle's problem isn't
Whonix on Qubes on an old laptop. It sounds like excessive
engineering for no good reason. Did anyone else have similar
thoughts?
If I were going full-on paranoia mode, I'd be running TAILS,
probably with a grsecurity-patched kernel, and probably through an
offshore VPN. What do you guys think?
E
--
Securely sent with Tutanota. It's good, you should try it:
https://tutanota.com>>>  [1] [2]
6. Jun 2016 23:32 by >>> will(a)artcontrol.me>>> :
IS THIS BETTER?
_______________________________________________
wlug mailing list | >>> wlug(a)list.waikato.ac.nz
Unsubscribe: >>> https://list.waikato.ac.nz/mailman/listinfo/wlug>>>  [2]
[1]
_______________________________________________
wlug mailing list | >>> wlug(a)list.waikato.ac.nz
Unsubscribe: >>> https://list.waikato.ac.nz/mailman/listinfo/wlug>>>  [2]
[1]
Links:
------
[1] >> https://list.waikato.ac.nz/mailman/listinfo/wlug>>  [2]
[2] >> https://tutanota.com>>  [1]
_______________________________________________
wlug mailing list | >> wlug(a)list.waikato.ac.nz
Unsubscribe: >> https://list.waikato.ac.nz/mailman/listinfo/wlug>>  [2]
_______________________________________________
wlug mailing list | >> wlug(a)list.waikato.ac.nz
Unsubscribe: >> https://list.waikato.ac.nz/mailman/listinfo/wlug>>  [2]
Links:
------
[1] >> https://tutanota.com
[2] >> https://list.waikato.ac.nz/mailman/listinfo/wlug

Eric Light

tags

participants (1)