from the will-it-detect-windows-installers? dept.
Arthur T Knackerbracket has found the following story:
Hey, Linux fans! Microsoft has got your back over fileless threats. Assuming you've bought into the whole Azure Security Center thing.
Hot on the heels of a similar release for Windows (if by "hot" you mean "nearly 18 months after") comes a preview aimed at detecting that breed of malware that inserts itself into memory before attempting to hide its tracks.
[...] Microsoft's detection feature scans the memory of all processes for the tell-tale footprint of a fileless toolkit, shrieking a warning in the Azure Security Center along with some details of the nasty. An admin can then decide what action to take (and what further investigation is needed).
The scan, according to the Windows giant, is not invasive and the "vast majority" take less than five seconds to run. More importantly for the those fearful of slurpage, memory analysis is performed on the host itself and the results only contain "security-relevant metadata and details of suspicious payloads".
(Score: 5, Funny) by ikanreed on Wednesday February 26 2020, @04:42PM (12 children)
That's a bit like saying the kids of anti-vaxxers have expertise in measles.
(Score: 2) by DannyB on Wednesday February 26 2020, @04:48PM (6 children)
I thought that it meant "Expertise in Windows". Where Windows and Malware are interchangeable and equivalent terms.
Don't get a PC that is infected with Windows.
Linux is a many splendored thing.
Linux is all you need.
Linux lifts us up where we belong.
The lower I set my standards the more accomplishments I have.
(Score: 5, Insightful) by Freeman on Wednesday February 26 2020, @04:51PM
Depends on what version of Linux you're using. So far, I'd say the anti-systemd OSes are doing pretty great. While the whole systemd thing seems to be dragging previously top distributions down.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 4, Insightful) by aristarchus on Wednesday February 26 2020, @07:19PM (1 child)
https://www.cybereason.com/blog/fileless-malware [cybereason.com]
*
So, let me get this strait, a Windows solution, for linux, to Windows turning against itself?
-
I think it behooves every linux admin to refuse to run any software that protects Windows from itself, or any virus or malware scanners for Microsoft virii or malwares, and to serve as much of these "nasties" as feasible, to help end Windows as soon as possible. From orbit. It's the only way to be sure.
(Score: 2) by ilsa on Wednesday February 26 2020, @10:12PM
While I don't disagree with your sentiment, I feel I should point out that the article is Windows-centric, which is why it is phrased as it is.
I don't see how fileless malware designed for Windows would work on linux well enough to propagate. But I don't have difficulty believing that there is linux equivalents to this class of malware, so I can see value in this kind of software.
(Score: 3, Funny) by Anonymous Coward on Wednesday February 26 2020, @09:18PM (2 children)
Tragic Joke:
"What's the difference between Microsoft and Malware?"
"You can't tell the difference either, eh?"
(Score: 0) by Anonymous Coward on Wednesday February 26 2020, @11:39PM (1 child)
One is butt-hurt that you pay for, the other one isn't!
(Score: 2) by Grishnakh on Thursday February 27 2020, @03:07AM
Well, most Windows-based malware these days seems to be "ransomware", where they lock up your files and get you to send them BTC to decrypt them.
So, more accurately, one is something you pay for up-front, the other is free at first, but charges you later.
(Score: 1, Funny) by Anonymous Coward on Wednesday February 26 2020, @06:09PM
"This is Linux calling, your computer have virus"
(Score: 2) by DeathMonkey on Wednesday February 26 2020, @06:23PM (1 child)
The ones that are still alive at least!
(Score: 2) by DannyB on Wednesday February 26 2020, @07:59PM
The remaining ones might automatically become eligible to vote in certain precincts.
The lower I set my standards the more accomplishments I have.
(Score: 2, Touché) by Anonymous Coward on Wednesday February 26 2020, @08:12PM
This is like inviting the Mob to audit your business accounts for 'security'...
(Score: -1, Troll) by Anonymous Coward on Wednesday February 26 2020, @10:06PM
stfu provaxxer shill.
(Score: 3, Touché) by Freeman on Wednesday February 26 2020, @04:49PM (3 children)
I just so happen to have this near acreage near Phoenix, AZ, I got it at a steal some years back, because it was swamp land. Now, with the growing suburbs of Phoenix, you can have it at bargain price!
'eh, I'm not terribly in favor of using Microsoft Security products for an OS that's not from Microsoft. Then again, maybe they know what they're talking about and are behind the whole systemd infection.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Funny) by DannyB on Wednesday February 26 2020, @04:59PM (1 child)
A great business model is to sell the cure for the problem you created. Exclude, or at least be a gatekeeper for competing anti-malware products.
Also, have you heard of: Microsoft Defender ATP for Linux? [microsoft.com]
I think their marketing should have named it: Microsoft Maginot Line Defender
The lower I set my standards the more accomplishments I have.
(Score: 4, Funny) by DannyB on Wednesday February 26 2020, @05:01PM
Poor form to reply to myself, but just gotta say . . .
I love how these two items go together so well:
Beginner-level experience in Linux and BASH scripting
Administrative privileges on the device (in case of manual deployment)
The lower I set my standards the more accomplishments I have.
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday February 26 2020, @05:30PM
You got land around the State Capitol???
This sig for rent.
(Score: 2) by Barenflimski on Wednesday February 26 2020, @05:26PM (3 children)
I like to keep my *nix and Windows separated and segregated. I do the same with my sheep when they are sick. Last thing I want are my *nix boxes becoming infected with Microsoft crap.
(Score: 2) by DannyB on Wednesday February 26 2020, @07:34PM (1 child)
I like to keep my sheep and systemd users segregated. Because: reasons.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Wednesday February 26 2020, @09:27PM
I find the coats to be of significantly different consistency and quality. And the systemd users keep screaming when I use the sheep shears on them. And the sheep get nervous when they see the systemd users eyeing them.
(Score: 3, Informative) by Grishnakh on Thursday February 27 2020, @03:10AM
You don't need to do that. If your sheep are sick, they aren't going to get your chickens sick, because pretty much no virus can cross species (genuses? families?) like that. It's the same with Windows and Linux; you don't have to worry about any Windows crap infecting Linux. (However, it is possible that Microsoft the company could engineer something specifically to target Linux... but you segregating Windows from it won't affect this.)
(Score: 1, Insightful) by Anonymous Coward on Wednesday February 26 2020, @05:31PM (1 child)
... now you can't run Linux anymore without buying the Microsoft Shiny ...
Right on cue.
(Score: 3, Insightful) by DannyB on Wednesday February 26 2020, @07:36PM
Every internet cloud has a systemd lining.
The lower I set my standards the more accomplishments I have.
(Score: 2) by stretch611 on Wednesday February 26 2020, @11:34PM
If my linux server had a virus...
I would expect the virus to use less resources than any bloated microsoft program.
I also would expect less information would be stolen by hackers than microsoft's "telemetry."
And to top it all off, I can get a virus for free.... not pay on ongoing license fee to microsoft.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by jmichaelhudsondotnet on Thursday February 27 2020, @12:52AM
Unit 8200 Offers New Malware Removal Tool for Linux!
Headline from the future: New Bug discovered in Linux was used since 2020
Does this mean there is an actual threat here, like you might get an attachment that could infect you even if no file is downloaded?
And without Azur-, Unit 8200, we have no defenses?
https://archive.is/7YNX0 [archive.is]