The Heart of Linux
The emails started coming in slowly at first. Friends and colleagues were telling me that my Gmail address was pushing out spam.
My first inclination was to push those emails aside as a temporary albeit bothersome incident. Something similar had happened a few years earlier, but subsided quickly with no real or evident damage. I guessed that some bot did a drive by and picked up my email contacts and started pumping out spam and other messages.
But this incident wasn’t to be pushed aside. The emails started coming in faster and faster, until I acknowledged that I had a real problem. Security hasn’t been and isn’t my strong suit. My passwords are almost an afterthought. After all, I am running Linux. What could go wrong?
This can go wrong.
How it came to be, I don’t know. Someone had somehow gained full access to my fixedbylinux email account. Once I realized that this was indeed a serious problem, I immediately changed my Gmail passwords and kicked every Gmail add-on extension to the curb. I talked with my friends on Google+ in a conversation that was as enlightening as it was entertaining. The crux was clear. Maybe Linux is superior to other operating systems as far as viruses and malware are concerned, but if your browser is not properly up to date and patched, you share the malware playground with all the Windows users.
Luckily, the people in my G+ circles are some of the smartest, well-educated and helpful people I know. You cannot put a price on the kind of assistance they offered.
I am still trying to figure out the events that led to this intrusion. I’ve read almost everything there is to read on Google’s Gmail pages, without finding much. Google seems adamant about not giving-out one-on-one help, but maybe I just didn’t look long enough. On my own, I’ve evoked two step verification on my main email addresses, so that’s settled. But still…I’d like to figure out when and how this breach took place. What magic sequence of events happened to allow this?
Did I mention I’m a security idiot? Yeah…I thought I did.
It feels strange to again delve into antivirus and malware protection. I’ve been a smug, self-assured dummy when it comes to online threats and Linux in general. And while what happened can’t really be blamed on Linux per se, it happened in a Linux neighborhood, so I am going to arm myself against any and all malware comers
Although I’m not above paying for good software, trying to discern what software is good and which is shiny junk can be a daunting challenge, especially in the Linuxsphere. In the tests I’ve studied over the past four days, ClamAV seems to be an online favorite, but they lack the one thing I am going to need on our Reglue kid’s computers: a friendly, useful graphical interface. I’m not going to tell an 11-year-old to drop to the command line to do anything, even if they do need to learn that the blinking prompt can make magic things happen. In time, I will teach them, but for now…. ClamAV failed the initial tests.
I was initially happy with what ESET NOD32 had to offer. It does have an extremely attractive front end, but that’s where it stops. After installation, ESET ran its tests and upon finishing, it reported that it had detected one threat or virus. Okay, where is it? I spent 30 minutes digging around in the guts of ESET and on its forums, trying to find anything on this at all. Seems I am not alone in this quest. After I discovered the number of people who had this same problem, which was not being addressed, I used the removal tool and told it goodbye. It also fully screwed-up the refresh mode on Mint’s software update tool while it was installed. Once removed, updating was fixed as well.
Today I am going to look through your responses and ideas on the matter, because after all, most of you have forgotten more about Linux and security than I will ever know. So yeah, I do value what you have to say; I always have. The two-step verification is kind of a pain in the ass, given how often I am in and out of my email, on at least three devices a day, but I suppose that’s the world we live in now. The best we can do is stay one step ahead of the bad guys.
One step, at the least.
We’re currently in the midst of our 2016 Indiegogo fundraising drive. Your support is crucial. Won’t you please visit our fundraising page and make a contribution to support FOSS Force?