How to check pc for spyware and can you say there is no spyware or is it probability

RavenofDespair@lemmy.ml · 12 hours ago

How to check pc for spyware and can you say there is no spyware or is it probability

brownmustardminion@lemmy.ml · 2 hours ago

Some of the other comments got me curious…

Is there a way to print the most recent accessed files (and time accessed and by which user) within a specific directory to terminal?

HiddenLayer555@lemmy.ml · edit-2 5 hours ago

Honestly if you’re at the point of suspecting that your Linux system is infected, just back everything up, wipe, and reinstall. Make sure to use a known good computer to make the install disk, and completely wipe the drive before install and not use existing partitions.

People have mentioned Wireshark which you can use to monitor for suspicious network activity, but IMO for most people this isn’t super helpful because it’s hard to tell what’s suspicious and what’s normal from Wireshark alone without quite a bit of networking/software knowledge. Maybe there’s more user friendly packet capture software though, something that can string the packets together into their respective connections and summarise key information like the protocol and domain involved.

QDirStat can visualize the contents of your drive as an interactive map. Might be helpful for finding files that aren’t supposed to be there.

ClamAV is an open source antivirus available for Linux but I don’t know how well it does at actually detecting Linux malware. Seems to be more for people running file/email servers to scan incoming file uploads.

doodoo_wizard@lemmy.ml · 11 hours ago

Slap the top of the pc and exclaim “no spyware in this thing”.

0t79JeIfK01RHyzo@lemmy.ml · edit-2 11 hours ago

You can

Watch network access - What is communicating to the outside? Why is it? What is it communicating? I like sniffnet
Watch CPU and GPU usage - What is using resources? Why is it? I like Mission Center and ps auxf in the terminal
What is using the disk? I like Filelight and Disk Usage Analyzer
Run AV software. I don’t have any recommendations.
And I guess sometimes you can also find it when benchmarking software because you want the absolute best performance.

You can also assume you are compromised and use a solution like a Faraday cage. If you’re trying to detect advanced spyware, it might be better to check network activity from outside the device like what network activity is the router managing for the computer.

bamboo@lemmy.blahaj.zone · 9 hours ago

FWIW, if you suspect your machine has been compromised, the binaries for common tools like ps and top shouldn’t be relied upon since those probably were tampered with to hide the malicious program from the output. At that point, you’d probably want to check each running process manually under /proc/.

eldavi@lemmy.ml · 11 hours ago

@RavenofDespair@lemmy.ml to add to this; you can use a firewall that’s aware of what your systems is trying to contact. pfsense does this in their premium products and i’ve heard ubiquiti starting doing this as well.