shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
Let's say I am browsing the web with my laptop running a linux desktop distro, on a public network. For instance, I am in a hotel.
AFAIK the main risk with public networks is malware getting onto your system from the network, and then intercepting your login credentials inside your browser, before it is encrypted and broadcast to the network. Because once it is encrypted, it is relatively secure.
Accordingly, there should be significantly less risk on a linux desktop, because typical malware targets typical operating systems.
What are your thoughts?
 
Last edited:
  • Like
Reactions: Nevi and venustus

SumTingWong

Level 26
Verified
Top poster
Apr 2, 2018
1,572
AFAIK the main risk with public networks is malware getting onto your system from the network, and then intercepting your login credentials inside your browser, before it is encrypted and broadcast to the network. Because once it is encrypted, it is relatively secure.
Another way is fake or rogue network using the same name and and possible same login information as the real one. They don't need to drop malware onto your computer to steal your login credentials from your browser. The fake or rogue network will record and capture what site you go, what you do on that site, your login information, and how long you stay there. This is the easy way to avoid antivirus and firewall detection. The fake network will behave normal as the real network except the fake network record and capture your browser activity while the real one doesn't.

Linux has less risk getting malware than Windows but that doesn't mean it is completely safe. If a hacker can develop malicious tools for Windows then they can do it for Linux too.
 
  • Like
Reactions: Nevi and venustus

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
Another way is fake or rogue network using the same name and and possible same login information as the real one. They don't need to drop malware onto your computer to steal your login credentials from your browser. The fake or rogue network will record and capture what site you go, what you do on that site, your login information, and how long you stay there. This is the easy way to avoid antivirus and firewall detection. The fake network will behave normal as the real network except the fake network record and capture your browser activity while the real one doesn't.

Linux has less risk getting malware than Windows but that doesn't mean it is completely safe. If a hacker can develop malicious tools for Windows then they can do it for Linux too.
How does the fake network catch your logins? AFAIK when you log on to Gmail or financial sites, the data leaves the browser in encrypted form.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 85179

How does the fake network catch your logins? AFAIK when you log on to Gmail or financial sites, the data leaves the browser in encrypted form.
Such attack can easily prevented with using own DNS provider- preferred encrypted. And of course using only encrypted sites (HTTPS)
Your browser will warn you also because of DNSSEC, certificate pinning.

but I don’t think an Hotel will use such malicious stuff.
 
  • Like
Reactions: Nevi and venustus

Minimalist

Level 7
Verified
Well-known
Oct 2, 2020
312
I would definitely use VPN for all my browsing activity on unknown network. It will encrypt all your network data and should prevent MITM attacks.
If you're worried about malware make sure to update your system and software to latest version before connecting.
 

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
Such attack can easily prevented with using own DNS provider- preferred encrypted. And of course using only encrypted sites (HTTPS)
Your browser will warn you also because of DNSSEC, certificate pinning.

but I don’t think an Hotel will use such malicious stuff.
So let's assume (hope?) I am smart enough not to fall for the phishing attack that the fake network serves me. Therefore, I am logging onto the real Gmail site or banking site. It uses HTTPS. So the data travels in encrypted form. In such a case, the attacker needs to get into my browser if he wants to catch my login credentials. That means he is loading malware on my system. If I am on linux, then he needs linux-capable malware. Correct?
 
  • Like
Reactions: Nevi and venustus

Minimalist

Level 7
Verified
Well-known
Oct 2, 2020
312
Attacker could also load "malware" in your browser (extension...). This would work for any OS and Linux probably wouldn't be safer than Windows. Of course they would somehow have to install it (similar as installing malware system wide).
 
  • Like
Reactions: Nevi and venustus

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
Attacker could also load "malware" in your browser (extension...). This would work for any OS and Linux probably wouldn't be safer than Windows. Of course they would somehow have to install it (similar as installing malware system wide).
Yes, browser extensions are going to be a weak point on any OS. But AFAIK the leading browsers won't allow extensions to be loaded without express permission from the user.
 
F

ForgottenSeer 85179

So let's assume (hope?) I am smart enough not to fall for the phishing attack that the fake network serves me. Therefore, I am logging onto the real Gmail site or banking site. It uses HTTPS. So the data travels in encrypted form. In such a case, the attacker needs to get into my browser if he wants to catch my login credentials.
Phishing only works if you enter your credentials on a site which looks like the original.
If you use bookmarks, that will never happen.

That means he is loading malware on my system. If I am on linux, then he needs linux-capable malware. Correct?
Correct but remember Linux get more and more attacked, so only "because it's Linux" doesn't protect you. In fact, Linux is...well another topic.

Yes, browser extensions are going to be a weak point on any OS. But AFAIK the leading browsers won't allow extensions to be loaded without express permission from the user.
You grant extensions all the permissions they want at installation. Mostly that's access to all sites you open.
Anyway, a local attacker wouldn't use such an attack
 
  • Like
Reactions: Nevi and venustus

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
Phishing only works if you enter your credentials on a site which looks like the original.
If you use bookmarks, that will never happen.


Correct but remember Linux get more and more attacked, so only "because it's Linux" doesn't protect you. In fact, Linux is...well another topic.


You grant extensions all the permissions they want at installation. Mostly that's access to all sites you open.
Anyway, a local attacker wouldn't use such an attack
Good. So a linux desktop on a public network is vulnerable primarily to a local attacker with linux-capable malware, which is possible.

I do almost all my computer use on a trusted home network, but I am planning a trip in the fall. So if I want to play it safe, I should use VPN when on the road. What's a good VPN choice for short-term use?
 
F

ForgottenSeer 85179

Good. So a linux desktop on a public network is vulnerable primarily to a local attacker with linux-capable malware, which is possible.

I do almost all my computer use on a trusted home network, but I am planning a trip in the fall. So if I want to play it safe, I should use VPN when on the road. What's a good VPN choice for short-term use?
Just keep your system up2date, secure configured and use encrypted DNS like NextDNS or Quad9.
Also, if shopping or banking is needed, use bookmarks and don't ignore any HTTPS error.

You can use a VPN, but i only recommend using own one which connect to your own router. Anyway, it will slow down everything and isn't needed at all. A VPN doesn't protect you against any security problems in local network.

If possible, avoid desktop at all and only use up2date mobile phone like iPhone or Pixel with GrapheneOS. Tablets like iPad are of course good too.
Another recommended device is Chromebook.
But again, if possible.
 

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
Just keep your system up2date, secure configured and use encrypted DNS like NextDNS or Quad9.
Also, if shopping or banking is needed, use bookmarks and don't ignore any HTTPS error.

You can use a VPN, but i only recommend using own one which connect to your own router. Anyway, it will slow down everything and isn't needed at all. A VPN doesn't protect you against any security problems in local network.

If possible, avoid desktop at all and only use up2date mobile phone like iPhone or Pixel with GrapheneOS. Tablets like iPad are of course good too.
Another recommended device is Chromebook.
But again, if possible.
Thanks. I will check out the encrypted DNS. Banking on updated mobile is a good idea, and I was thinking of that. But I don't think I will be able to avoid using Gmail on desktop.
 
F

ForgottenSeer 85179

Thanks. I will check out the encrypted DNS. Banking on updated mobile is a good idea, and I was thinking of that. But I don't think I will be able to avoid using Gmail on desktop.
You can use Gmail on mobile too. Should even work in browser.
 
  • Like
Reactions: Nevi

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
avoiding linux is obvious as it has inherently weaker security than windows and poorer code quality to begin with
If your OS is Windows, you have good security solutions to fight malware. But you are the prime target.
If you have desktop linux, you are not the prime target, but you don't have much protection if attacked.
 
  • Like
Reactions: Nevi

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,121
Suggest not trying to engage in security through obscurity. Linux malware is becoming ever more prevalent by the week.
Not to belabor the point, but if you read the security news very carefully, I think you will see that in almost every case, it is linux servers that are targeted. That's why I emphasized in my OP that I am asking about desktop linux.
 
  • Like
Reactions: Nevi
Top