I know that Linux is more secure than Windows and normally doesn’t need an antivirus, but know myself I’m gonna end up downloading something at some point from somewhere on the internet, and it would be good to be prepared. So, which antivirus would you recommend for Linux (Mint specifically) just to double up on security?

  • golden_zealot@lemmy.mlEnglish
    1·
    14 hours ago

    There are viruses that are time-bombs. They specifically don’t do really do anything until some criteria is met in the future, such as the current date being beyond a specific date, at which point they proc. They do this in order to make sure they are in your backups when you restore them so that they immediately run when recovery is completed and the system is booted.

    • utopiah@lemmy.ml
      2·
      42 minutes ago

      That doesn’t make much sense to me, one backup data, not executables or system. Even if they were to be saved in the backup then they wouldn’t get executed back.

      Anyway, that’s still conceptually interesting but it’s so very niche I’d be curious to hear where it’s being used, any reference to read on where those exist in the wild?

      • golden_zealot@lemmy.mlEnglish
        1·
        16 minutes ago

        They usually embed themselves in within the system files and have some scheduled job that basically checks for the criteria - if you are only backing up and restoring user data then it’s a non-issue, but if you do a full recovery including the system files/the system scheduler etc, then it can happen, and it is often necessary to backup executable and system files for production environments (true, not so much for individual users and their systems).

        When I was working in an IT shop, one of our clients was ransomwared with this method. The saving grace for us in that instance is that our backups were going to a product that allowed you to easily break open and dissect the compressed backups pre-recovery, so we were able to determine where the malicious files were and kill them before pushing the backups. Of course we only noticed that it was in the backups after we had tried to push the backups once already, so it was quite the timely process - I think I worked for something like 18 hours that day.

        You can read about such malware if you search for “timebomb malware” or “malware does not execute until date” etc.

        The attack is not super common anymore, but still happens.

        For example, here is an article discussing time bomb methods on linkedin.

        https://www.linkedin.com/pulse/time-bombs-malware-delayed-execution-any-run

        Another on the knowbe4 blog:

        https://blog.knowbe4.com/ransomware-can-destroy-backups-in-four-ways