I just read this item from my Code Project newsletter for today, 06/04/2024. I’m not sure about how much I trust Kaspersky, because of where it resides, so I decided to ask my fellow FOSSser what all of you think about getting this tool, and using it.
Thank you for your reply. Your thoughts are pretty much how I feel about it. I simply hope that others may have more information about Kaspersky than I have.
Just my 2 cents here (probably my biased political-not-correct opinion)
The security firm notes that despite the common misconception that Linux systems are intrinsically secure from threats, there has been a constant supply of “in the wild” examples that prove otherwise, most recently, the XZ Utils backdoor.
The better security of a Linux system stands on 2 legs:
1: users of a Linux system are (at least usually) more concious, don’t run blindly anything from unknown source. Additionally these users have an idea how to set up their systems.
2: Linux systems are there in a less number, I mean 5 billion people run Windows on their computer, while myabe only couple millions run a Linux… So targeting Linux with a malware is way much less worthwile, because the attack surface is much less (except servers of course, but those are maintained and supervised by professionals).
===========
The XZ utils backdoor was catched before it reached real systems, so that incident is indeed a pain in the @ss, but as it was catched, in my reading it prooves the opposite: yes, Linux is more secure in general.
So thanks, I don’t want Kaspersky on any of my Linux powered boxes.
(I would not want McAfee either if there was an option for that…)
I saw that too. It’s most likely the author’s way of telling readers that he won’t take responsibility if you choose to use the app. I usually only use software offered on my distribution’s repositories. When I find something I want to use/try, I ask the devs to check it out, and perhaps add it. Failing that, I look for an app-image or flatpak (both of which are easily removed if needed), but I try to keep those two options to a minimum.
I know. That’s why I do that. I have used flatpaks and AppImages, but only if I want to try out an app before asking that it be included in the distribution’s repositories. When/if the app’s added, I remove the flatpak/appimage, and download/install the version from the repo.
If you have a DNS server in your home network, which can log queries, opens the possibility to have a look at what sites your test machine tries to look up.
Good way catching suspicious activity.
I was kind of surprised looking at how my Philips smart TV does phone-home
I still have zero idea how my TP-Link cameras can be viewed from the mobile app, when I’m several km away from my home WiFi… I haven’t subscribed to their “cloud” bullshit - which sounds like a scam - if not a scam - then at least a trap to grab you by the curlies (like how I paid $2.50 p/m to Google for a couple years rather than do housekeeping on my inbox or g drive - I’ve since fixed that and cancelled my google pay for it service).
I don’t have such a camera, but if I had some, and was curious how it does this, I’d look at what sites they (try to) connect to.
I bet, your cameras connect to a server somewhere, where you have an account, which accaount was created from within that mobile app.
Is there a way to determine whether your cameras have a direct connection to the Internet/have put themselves into the DMZ on your local network? If they do anything like that, I’d suggest moving them to a guest connection (isolating them from your other devices)/changing their configuration so they can’t do that/replace them with more security conscious devices.
That’s impossible. DMZ means port frowarding all incoming connections to one (and only 1) specific IP in the LAN. @daniel.m.tripp has more cameras.
DMZ is configurable in the router via router admin access, so if one camera could do it, it has to know the credentials (hopefully not admin/admin ), plus it has to know in what men setting is this function placed - this is different on all brands.
O.K. I’m no networking expert. I was only including all the ways a device may be able to be connected directly to the Internet. The one possibility I didn’t consider was that the cameras may be connecting directly to their vendor’s server without ever touching the LAN. I don’t know how to check for that possibility because then the cameras would have their own IP address, wouldn’t they?
The camera “phones home” (usually a server on AWS, according to wireshark here) if allowed. There is a setting (in the camera, usually under network settings) to enable/disable that. Many default on. On most cameras that I have seen it is Network > Bonjour. If it is enabled, you will see a UUID kind of identifier. That is how their server knows it belongs to your app. I turn it off on all cameras and NVR’s.