It has been a very tumultuous two weeks for the cyber-security community since the WannaCry attack plagued users across the globe. Its clever use of a Windows loophole is unparalleled in its exhibition of how vulnerable consumers have been.
Even though some news outlets were reporting it as the work of North Korea’s leader Kim Jong-Un, there hasn’t been a shred of evidence to support this claim. In fact, since its debut to the general public, and much longer to the intelligence community, we aren’t closer to determining the malicious software’s origins, trajectory or capacity for disasterous attacks.
Consumers seem to be oblivious to the dangers posed by this threat simply existing unchecked. Some might claim that enclosed operating systems are immune to any form of risk. Let’s explore that folly.
Why Should You Care?
It isn’t a secret that most Linux users live under a cloud of blissful (read foolish) naiveté that we are somewhat impervious to attacks of this nature. While an attack on a Linux system is... frightening, nothing is impossible.
Should we consider the possibility that you are one of the many who has made the switch to Ubuntu yet couldn’t resist the nostalgic appeal of Windows emulators (WINE), even then, several things would have to go very wrong for your system to be rendered vulnerable. Most of them deliberate.
Let’s revisit the WINE scenario. If upon its intallation you opted to grant the application acces to your home directory by allowing it to run through root permissions; you are vulnerable to attack. This involves using:
before you type
in your terminal.
Even if that’s all you did, the worst that could happen is WannaCry somehow gaining access to your home folder.
Worst That Could Happen?
As stated above, you’d have to install and run WINE as root and open WannaCry deliberately to risk any kind of infection. However if you resisted the urge to install WINE altogether, your risk of infection is drastically reduced, for now atleast. Linux applications are built such that if they run on the intended platform, the enclosed system’s built in contranints render you impervious to any attack by malicious software. It is therefore inherently more difficult for an application to bypass these restrictions on its usage, than other operating systems (read Windows) without a practical and premeditated attempt to infect yourself with WannaCry.
Linux users have grown accustomed to being asked to enter their passwords for anything from updating an application to installing a new one altogether. This prompt will appear if a Linux application attempts actions exclusive to ‘root privileges’.
The problem is exacerbated if you grant just any software these coveted root privileges. Infact, you’re better off not complacently entering your password in your terminal, ever. Check thoroughly what action prompted it- some are dubiosuly suspicious..
If we can allow ourselves to think of our operating systems as a tool, a chainsaw if you like, with which you can do a lot of meaningful work. Should you abuse this chainsaw, you’re going to get badly injured.
Don’t grant folders or applications restrictive permissions.
Don’t run applications as root for no particular purpose of function.
Be wary of shortcuts that meant to make most tasks ‘simple’ and ‘convenient’
Linux is wonderful insofar as protecting a user from the dangers posed by ransomware, but I beseech you to always practise vigilence; it seems to be our only reliable weapon in the fight against the spread of this virus.
Should you have any tips on how we could overcome the spread of this virus to Linux by protecting ourselves, please share them in the comments section provided below!