I also always wanted to give that feedback but was never sure where to do so. Now that I do know, here it is. And hopefully it’s in the right place in this forum
Installing Ubuntu MATE 16.04 (and 16.10 for that matter) and then installing tiger on a vanilla install, then running it, will report back the system as being compromised.
Here’s the real joke: I was running 16.04 for a while then decided to get my hands going with tiger, who reported a security violation. Thinking I had really been hacked, I reinstalled using 16.10, reinstalled tiger, reran it and… same problem. This time around however I didn’t felt like reinstalling because, well, I hadn’t done anything with this system.
Is that normal? Should Ubuntu MATE users simply NOT be using tiger because of the false positive that it can bring?
From my point of view, (and I’m not a guru) those kind of beautiful tools are not design for non servers machines and their objective is more to help an administrator find possible breaks pointing suspecting or unattended things rather than telling them “Here lies an owned machine”.
Thus, it helps by providing information for the skilful eyes of the network administrator that knows what he does and how to act. False positives are always there but you have been warned by the software and you should check it out.
As an example, I was given a warning infection of Windigo on one of my machines by antirootkits but the manual checks did demonstrate they were wrong.
I haven’t used Tiger but I used lynis, I think if you use that tool you would get what I try to mean.
I use Lynis, designed for (including) non-technical home users.
Lynis can let you know you have a problem, even Rootkit Malware! Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cybercriminals the ability to remotely control your computer. ... You can even accidentally download a rootkit through an infected mobile app.)
I just switch to Mate, I'm comfortable/familiar with Ubuntu and love Mate so far.
NOW MY ISSUE/QUESTION:
Lynis is my tool of choice. I note the Synaptic Package Manager does NOT keep an up-to-date version of Lynis; when you install Lynis and run it you see 'update available' in the output.
My question: Does updating Lynis (unlike antivirus programs, you update the whole thing, not just 'signatures') cause any issues in Mate. I'm guessing "no" as it is only validating, checking signatures, and comparing (aps/files/programs/docs/etc.) for changes since the last time it was run.
Does anyone KNOW the answer? I want to be sure before updating.
Is anyone out there using Lynis?
Thank you.
BTW, is anyone out there using other CyberSecurity Programs?
I use ClamAV/ClamTK, Firetools/Firejail, GUFW/UFW, and Lynis. They don't take a lot of effort or knowledge to run and GREATLY improved Linux Security.