"let the barbarians in through the gate"
The name of the founder of Microsoft was "Gates", not "gate", wasn't it?
107 publicly visible posts • joined 23 Feb 2020
Ransomware to 90% is not enabled by security holes in the sense of programming errors. Ransomware is enabled by design faults deep in M$' thinking. Most of ransomware comes with SPAM an the user has to contribute:
Open the SPAM (ok, take that for granted);
open the attachment (that's already questionable);
allow macros! (¹);
give the admin's password! (²)
(¹) How on earth can it be that a document (text, spreadsheet, presentation) sent by mail can contain macros so powerful that they can damage the OS severely? How on earth can it be that macros in an email attachment can be enabled at all?
(²) Following best practice, no user should™ have administrative rights, neither by knowing an admin's password nor by by normal working with administrative rights. But the latter happens way too often. Why? Because M$' products are "more comfy" with administrative rights - a design fault. Anyone remember Windows XP? That was effectively unusable with restricted user rights. The situation has since improved a little bit, but not enough by far.
I for one use LMDE since version 2. LMDE 4 was quite good, LMDE 5 really grown-up. Looking forward to LMDE 6!
Will it offer an in-place upgrade such as Mint does?
Only thing I dislike is Cinnamon. I prefer Mate since the beginning, which I just installed additionally. So I use Mate plus Cairo-Dock.
The ones I am talking about would never ever do a search (of course not goggle) and manipulate the system on their own.
After I have installed the system, it just runs. And runs and runs and runs.
Only when an upgrade is necessary (not earlier than four years) I enter the scene.
While in the meantime the process of upgrading is automated and works so seamless that any reasonably intelligent person can do that.
"... typical Linuxes are tools for nerdy hacker types"? I for one strongly disagree.
I have used many flavours of Linux since the mid-90s. For many years now Mint and LMDE are my number one (and debian as host for VirtualBox).
End users get Mint from me. And guess what? Even the most non-nerdy ones are happy with it. Mint is end user friendly to such an extent that it can beat Windows.
My stance is: Anyone who can read and write can use Linux.
It may perhaps be true that Russia's trolls in the antisocial networks and the news didn't achieve too much - I for one still doubt that. But looking at the candid propaganda totally misses the point.
Anyone remember Cambridge Analytica / SCL / Emerdata? Run by a Russian named Aleksandr Kogan? He used data "stolen"¹ from F.c.book as basis for targeted advertising in antisocial networks. That discouraged suspect Democrats from voting. And the like. That was the real meddling.
¹) That is Zockerbergs narration. Still I believe that he encashed on that "stolen" data.
*IF* the malware is aboard it can do this and that - fine.
Big question is: *HOW* does it get there? What is the attack vector?
If it is installed deliberately I wouldn't call it malware. And the installation does need the /root/ pw, always.
To me this thing sounds more like "Give me all you money or I shoot myself!"
"This is why users should never install apps from outside of the Google Play Store." -- Plain nonsense. As others have pointed out already, the official PlayStore is full of malicious apps. Those are found on a nearly regular basis. Some may indeed have evaded Googles "checks", some others ...?
I for one use iodé instead of Android which doesn't have Google Play installed. I fetch what I need from f-droid or directly from the - trustworthy - manufacturer (e.g. AVM, Threema, Wire). I feel perfectly safe.
Apps (only non-paid) from the PlayStore, if really needed and not available otherwise, I get with the help of the FOSS Aurora app.
To update your knowledge an opinion, I suggest you have a look at Denmark and Estonia.
In both countries public authorities rely on FOSS.
Here in Germany we had a lot of ransomware incidents hampering universities, cities, courts, revenue authorities, and the like.
Such incidents are unknown in the two FOSS countries!
Assuming that people are similar all over Europe, the only interpretation remains the intrinsic security of FOSS.
A vast amount of "bad actions by employees" would be totally innocuous if the IT wouldn't rely on M$ monoculture.
"Yes, people are the problem"? No, they needn't be.
Try the usual [email brings infection (malware or data stealer)] stunt in a FOSS environment.
I wrote 'well administered' by purpose. It means:
1. The user doesn't know the root pw, so social engineering can do little harm.
2. Misconfiguration: Admin fault, not Linux fault.
My question is unanswered still: In common ransomware attacks M$ Windows and M$ Office play key roles. What would be a comparable attack vector against LINUX (not against admin faults)?
Well, I know how ransomware enters Windows systems.
What would be the attack vector for Linux?
I for one can't see anything comparable.
Don't come with "If the malware is in the system it can do this and that".
I want to know HOW the malware should be able to enter a well administered Linux System.
The victim has to install it manually and give the root password? :-(
"We are working in a M$ monoculture; we neglected our preventive IT scurity; a staffer opened a SPAM AND opened the attachment AND allowed macros."
Instead of the common "attack" by SPAM it may have been an attack against the known weaknesses of the M$ Exchange Server, automated as well.
"I have family all over the world that I want to easily keep in touch with"
Well, there are other, and most of all CLEAN, ways to accomplish that!
Signal, Threema, Wire, even Telegram is better than F.c.book, Insta or WA. And there are federated networks such as Jabber/XMPP or Element/Matrix.
No need to use F.c.book.
Lexmark: Last time i got my hands dirty by having to deal with the SW-crap they produce, it behaved like the computer had become member of a so-called church which to leave is near to impossible. Try and deinstall a Lexmark printer! The whole Windows printing system is an unrecoverable mess. Lucky the man who has an image of the clean and functioning state.
HP: Had the same issue with a HP MFP many years ago. The scanner part was defective. Repair economically not worthwhile. The printer part in solidarity refused to work, same as Canon :-(
"Google know more about you and your life than you will ever remember" - WRONG
The chocolate factory has nothing to gain here. The majority of the spying services, including doubleclick, is blocked in my PI-hole. I don't accept any cookies from spies. With various add-ons I fight browser fingerprinting and other means of tracking. About me Google may know a little bit, but that is about 2% of the knowledge about average John Doe.
"vote with your feet and opt out": Yes, that is exactly what I do and what I recommend. Replace Android by a clean custom-ROM.
"Alterntives ... are they good enough": The answer is, YES. For me and a lot of other people. Well, true, you need to invest a small portion of brain 1.0
"Governments": If you are target person of the state spies you can't escape them anyway. But you need not feed the Utah data centre of the NSA. It is ok to make their lives a little bit harder. ;-)
The researchers used LOS *with* additional OpenGApps in the "nano" variant.
Alas they were ill-informed.
1. You can have LOS utterly clean without any Google crap.
2. If you need GSF (Google Services Framework) because you want to use apps that require it, you can install the "pico" variant of OpenGApps or install MicroG, which both contain the essential GSF. The "pico" variant is only half of the size of the "nano" variant. Imagine what makes up for the difference ...
3. You can have LOS with MicroG integrated as "LineageOS for MicroG" https://lineage.microg.org/ or as "System /e/" as in the paper.
4. Even more privacy protection is available as "iodé". That is LOS, MicroG and additional amelioration of privacy protection. Only drawback is that it is available currently only for a restricted set of devices. https://iode.tech/en/iodeos-installation/
I for one use it on my Sony Xperia XA2, perfectly satisfied. It even has a built-in Ad- and Tracking-Blocker. I have 99,9% of the functions I want available AND perfect privacy protection.