3
I have some program that I want to run but I am not sure if it is going to do anything malicious. I have an old ubuntu pc which I am using to run it.
I know in Windows you have save a restore point where the registry and some other stuff (it's all mysterious to me) gets backed up and can be restored to later.
Is there a similar concept in Linux? Can I bring my filesystem to where it was before I ran this program?
alexloh
Posted 2010-09-20T07:38:46.203
Reputation: 131
6
Zoredache
Posted 2010-09-20T07:38:46.203
Reputation: 18 453
2+1 Unless it's an extremely malicious piece of software, the virtual environment will provide a reasonable level of security – danlefree – 2010-09-20T08:15:16.390
2
First: If you are unsure about this program, don't use it. It's that simple.
Then: The concept you are looking for is called a "backup". It's the same with Windows: Restore points are not designed to prevent malicious activity and it's normally not possible to recover from such an incident with a restore point.
(Edit: Yes, indeed, as Zoredache pointed out, an LVM install would work. Didn't thought about that).
If you would run the Ubuntu instance in a virtual machine, you could make snapshots of the system. These would indeed bring your system back to a known state.
Sven
Posted 2010-09-20T07:38:46.203
Reputation: 1 591
0
One thing that comes into my mind is dd - But make sure you understand the topic by reading about it, BEFORE you use it.
On the other hand it might be helpfull to install VirtualBox. You can create a Virtual Machine and run the unknown program there. It's unlikly, that a program is able to break out of the VM to do any harm to the host system. If you plan to do this, then make sure that you do not mount any folders of the host system inside the virtual machine!
Jan.
Posted 2010-09-20T07:38:46.203
Reputation: 431
0
Others have said it already, but I'll say it again: if you suspect a program is malware, taking a Windows restore point won't help much.
If you suspect the program may write to places where you don't want it to write, what you need to back up is the places where it may write. A restore point would only back up the system configuration, but the malware could hide things in other places. The bare minimum you need to do to protect against such malware is to run it as a different user that does not have the permission to write anywhere except to some scratch space.
If you suspect the program may read your private data, you need to run it in such a way that it won't be able to read your private data. A back up won't help. Again, running the program as its own user will provide a little protection.
But if you want reasonable protection, you need a lot more isolation that this. Run the program inside a virtual machine that doesn't have any network connection (and on which you aren't storing any data, obviously). You can take a snapshot of the VM before you run the program, so you can later restore that snapshot and use the VM for other purposes.
Gilles 'SO- stop being evil'
Posted 2010-09-20T07:38:46.203
Reputation: 58 319
1"system restores" or "snapshots" or whatever you want to call them are not going to ever be great protection against malware, unless you mean a full backup and restore process. These days, if the question is "I want to run something that may be malware" then my first answer is still "Don't" but my second answer would be "if you must, then run it in a virtual machine". – Rob Moir – 2010-09-20T08:33:38.117