Seriously - they did label that thing "Colossus"?
https://en.wikipedia.org/wiki/Colossus:_The_Forbin_Project
130 publicly visible posts • joined 23 Feb 2020
Ransomware to 90% is not enabled by security holes in the sense of programming errors. Ransomware is enabled by design faults deep in M$' thinking. Most of ransomware comes with SPAM an the user has to contribute:
Open the SPAM (ok, take that for granted);
open the attachment (that's already questionable);
allow macros! (¹);
give the admin's password! (²)
(¹) How on earth can it be that a document (text, spreadsheet, presentation) sent by mail can contain macros so powerful that they can damage the OS severely? How on earth can it be that macros in an email attachment can be enabled at all?
(²) Following best practice, no user should™ have administrative rights, neither by knowing an admin's password nor by by normal working with administrative rights. But the latter happens way too often. Why? Because M$' products are "more comfy" with administrative rights - a design fault. Anyone remember Windows XP? That was effectively unusable with restricted user rights. The situation has since improved a little bit, but not enough by far.
I for one use LMDE since version 2. LMDE 4 was quite good, LMDE 5 really grown-up. Looking forward to LMDE 6!
Will it offer an in-place upgrade such as Mint does?
Only thing I dislike is Cinnamon. I prefer Mate since the beginning, which I just installed additionally. So I use Mate plus Cairo-Dock.
The ones I am talking about would never ever do a search (of course not goggle) and manipulate the system on their own.
After I have installed the system, it just runs. And runs and runs and runs.
Only when an upgrade is necessary (not earlier than four years) I enter the scene.
While in the meantime the process of upgrading is automated and works so seamless that any reasonably intelligent person can do that.
"... typical Linuxes are tools for nerdy hacker types"? I for one strongly disagree.
I have used many flavours of Linux since the mid-90s. For many years now Mint and LMDE are my number one (and debian as host for VirtualBox).
End users get Mint from me. And guess what? Even the most non-nerdy ones are happy with it. Mint is end user friendly to such an extent that it can beat Windows.
My stance is: Anyone who can read and write can use Linux.
It may perhaps be true that Russia's trolls in the antisocial networks and the news didn't achieve too much - I for one still doubt that. But looking at the candid propaganda totally misses the point.
Anyone remember Cambridge Analytica / SCL / Emerdata? Run by a Russian named Aleksandr Kogan? He used data "stolen"¹ from F.c.book as basis for targeted advertising in antisocial networks. That discouraged suspect Democrats from voting. And the like. That was the real meddling.
¹) That is Zockerbergs narration. Still I believe that he encashed on that "stolen" data.
*IF* the malware is aboard it can do this and that - fine.
Big question is: *HOW* does it get there? What is the attack vector?
If it is installed deliberately I wouldn't call it malware. And the installation does need the /root/ pw, always.
To me this thing sounds more like "Give me all you money or I shoot myself!"
"This is why users should never install apps from outside of the Google Play Store." -- Plain nonsense. As others have pointed out already, the official PlayStore is full of malicious apps. Those are found on a nearly regular basis. Some may indeed have evaded Googles "checks", some others ...?
I for one use iodé instead of Android which doesn't have Google Play installed. I fetch what I need from f-droid or directly from the - trustworthy - manufacturer (e.g. AVM, Threema, Wire). I feel perfectly safe.
Apps (only non-paid) from the PlayStore, if really needed and not available otherwise, I get with the help of the FOSS Aurora app.
To update your knowledge an opinion, I suggest you have a look at Denmark and Estonia.
In both countries public authorities rely on FOSS.
Here in Germany we had a lot of ransomware incidents hampering universities, cities, courts, revenue authorities, and the like.
Such incidents are unknown in the two FOSS countries!
Assuming that people are similar all over Europe, the only interpretation remains the intrinsic security of FOSS.
A vast amount of "bad actions by employees" would be totally innocuous if the IT wouldn't rely on M$ monoculture.
"Yes, people are the problem"? No, they needn't be.
Try the usual [email brings infection (malware or data stealer)] stunt in a FOSS environment.