However this article got me asking the question above. If my browser becomes infected with a virus, can this do harm to the OS and any other software? Is my data safe? If it can, what do I need to check on to make sure I am safe?
hmm, your concern is valid. While modern browsers sandbox extensions to limit their reach and isolate them from the underlying OS; an infected extension can still access sensitive browser data like cookies, history, and saved passwords. So there’s a slim chance it could even be a doorway for more malware.
Even though Linux isn’t as prone to traditional viruses, the risk of data theft or additional malware remains. Al bit it very unlikely. A balanced approach is to regularly review your extensions—removing those you don’t use or that request too many permissions—and keeping your browser updated.
Frequently updates at last critical OS security fixes
Stay away from hamefoul websites
Be carefoul with installed extensions (for exaple I knew a person who was using an extension for syncing all it’s password on web browser. I don’t thik this is a good practice)
That’s one good thing about my browsing setup so far. No extensions. My main browser right now is Firefox and I use two accounts to share passwords and sites between computers. I use Chrome to access Google Workspace and Microsoft Edge for Office 365.
So I am supposing my lack of extension use would increase my security.
I had an extension ‘Nimble Capture’ which was the best tool I found to print a web-page to a PDF file, but a couple of months ago Chromium labelled it with ‘This extension contains malware.’ and wouldn’t let me use it any more.
Does this mean that threats that arise are being controlled, or could it be that another extension might be doing this detection, I wonder.
@AnthonyRKing Wow. Glad it was tagged. That warning likely came directly from Chromium’s own threat detection system.
They’ve been stepping up efforts to flag malicious or compromised extensions in the Chrome Web Store.
It’s a good sign that the ecosystem is being monitored, but it’s also a reminder that even “trusted” tools can turn rogue if the developer sells the extension or gets compromised.
Best to always check recent reviews, dev website, and update dates before trusting extensions.
@hydn I know there has been news about GitHub projects being hijacked. Are some of these plugins on GitHub, and could it be possible some get hijacked and thus become dangerous?
Not true. I must defend FOSS here. The Gartner Magic Quadrant favors vendors with marketing budgets. FOSS projects like Lynis dont play on that field.
So being absent from that report tells you about Lynis’s go-to-market, not its technical quality. Using Gartner as the yardstick for “reputability” stacks the deck against open source by default.
It just means it’s not playing in that enterprise vendor ecosystem. Lynis is pretty well known in Linux/sysadmin circles. It’s been around forever and does what it’s supposed to do.
I’m sorry, I do not attack FOSS at all. Obiously, I could not properly tell what I intended to say.
That is it. And that is the problem. Namely, Linux admin at an enterprise most probably is not allowed to use lynis or lynis reports are not trusted by IS/management who prefer commercial software. I have seen that myself. And that is what I called to be a drawback. Honestly, that is not a drawback of lynis as such but drawback of lynis at enterprise combo.
I just installed lynis myself. Excellent recommendation. Easy to install on Fedora, only thing it complains it is six months old. Should be fixed when 44 comes out.
I also thought Linux was relatively safe from viruses. Felt the majority of users were running Windows and that’s where the hackers would be focused. Watching the following gave me pause and has me far more concerned about securing my environment. Actually replaced my router with a current one and revisited all my firmware and software patch status not too long after watching this. Brave new world out there and we all have to make sure we’re paying attention. Kind of a long video but it’s worth watching. It is interesting to note how embedded Linux has become in the corporate world.
Has anyone been able to identify a good User Guide which explains the intent and scope of each of the lynis-controlling parameters for which default values are found in
/etc/lynis/default.prf
and make recommendations regarding those most-appropriately modified for the Desktop context, for which those customizations should be stored in
The supply chain attacks continue to be on the increase. And where as it’s hard to mistakenly install an application that is virus loaded, it’s very easy to update a software from a trusted source and become a victim, even on Linux.
It’s a note to myself, that updates and security patches are becoming even more critical on Linux servers, which I tend to install and forget once the services are running. I definitely need to visit them and run the security updates and patches.
The Gartner Magic Quadrant favors vendors with marketing budgets. FOSS projects like Lynis dont play on that field.
