LibreOffice website security

Petre_Borocan · June 16, 2013, 6:55pm

Dear LibreOffice Team,

My antivirus program under Windows is blocking the access to your website because it is infected with a malware. I'm accessing your website using a linux operating system (debian based distro).
Is it possible for you to check if your website has been infected?
And thank you for the excellent office suite you have created.
Kind regards from Romania,
Petre Borocan

planas · June 16, 2013, 9:08pm

Petre

What antivirus are you using and does it report a specific virus?

Tom_Davies · June 17, 2013, 5:31am

Hi
It is unlikely the LibreOffice website is infected because it runs on unix-based platforms such as Gnu&Linux. I don't think any of the internet-facing servers run on Windows. Also i suspect that uploads get scanned and stuff on the servers gets scanned fairly regularly. However it might be wise if we let the websites team know there might be an issue.

On Debian you might be able to install an antivirus program such as Clamtk (the Gnome/Cinnamon/Mate/Xfce front-end to clamav) or BitDefender or something. Personally i tend to use specialist LiveCds such as
http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT____CPR_FOR_YOUR_COMPUTER&front_id=12&lang=en&locale=en
http://distrowatch.com/table.php?distribution=trinity
or one of the other System Rescue type distros listed at

http://distrowatch.com/
I quite like Trinity Rescue Kit because i have used it quite often but i haven't tried any of the others much. TRK can sort out quite a few Windows problems quite quickly or just do maintance. I would use it to safely declutter first but emptying the temp folders and caches before leaving it to do an over-night antivirus scan and i would get it to run just 1 of the av programs at a time rather than 1 after another, at least until i had some idea how long the scans took on your machine. They are a bit thorough! Even 1 could easily take all night.

Actually i would probably start by just installing clamtk inside Debian and scan from there. That way i could keep working while the scan was running. After that scan it might be easier to decide how to proceed. Obviously Debain wont be affected by the Windows viruses so you can carry on working on the documents that are on the Windows side of your machine. Just make sure you scan documents before sending them on to other Windows users.

Good luck! Thanks for letting us know!
Regards from

Tom

Petre_Borocan · June 17, 2013, 9:53am

Dears,

Please see attached the print screen that I got when trying to open
LibreOffice website.
Kind regards,
Petre

Tom_Davies · June 17, 2013, 11:02am

Hi
Thanks for the screen-shot. I have passed it on to the Website Mailing List to ask them what needs to be done.

Errr, from the screen-shot it looks as though your Windows side was not infected with anything. have you tried scanning with anti-virus from either the Debian or the WIndows side?
Many thanks and regards from
Tom

________________________________
From: Petre Matei Borocan <petre.borocan@gmail.com>
To: Tom Davies <tomdavies04@yahoo.co.uk>
Cc: "users@global.libreoffice.org" <users@global.libreoffice.org>
Sent: Monday, 17 June 2013, 10:53
Subject: Re: [libreoffice-users] LibreOffice website security

Dears,

Please see attached the print screen that I got when trying to open LibreOffice website.
Kind regards,
Petre

Hi

It is unlikely the LibreOffice website is infected because it runs on unix-based platforms such as Gnu&Linux. I don't think any of the internet-facing servers run on Windows. Also i suspect that uploads get scanned and stuff on the servers gets scanned fairly regularly. However it might be wise if we let the websites team know there might be an issue.

On Debian you might be able to install an antivirus program such as Clamtk (the Gnome/Cinnamon/Mate/Xfce front-end to clamav) or BitDefender or something. Personally i tend to use specialist LiveCds such as
http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT____CPR_FOR_YOUR_COMPUTER&front_id=12&lang=en&locale=en
http://distrowatch.com/table.php?distribution=trinity
or one of the other System Rescue type distros listed at

http://distrowatch.com/
I quite like Trinity Rescue Kit because i have used it quite often but i haven't tried any of the others much. TRK can sort out quite a few Windows problems quite quickly or just do maintance. I would use it to safely declutter first but emptying the temp folders and caches before leaving it to do an over-night antivirus scan and i would get it to run just 1 of the av programs at a time rather than 1 after another, at least until i had some idea how long the scans took on your machine. They are a bit thorough! Even 1 could easily take all night.

Actually i would probably start by just installing clamtk inside Debian and scan from there. That way i could keep working while the scan was running. After that scan it might be easier to decide how to proceed. Obviously Debain wont be affected by the Windows viruses so you can carry on working on the documents that are on the Windows side of your machine. Just make sure you scan documents before sending them on to other Windows users.

Good luck! Thanks for letting us know!
Regards from

Tom

________________________________
From: Jay Lozier <jslozier@gmail.com>
To: users@global.libreoffice.org
Sent: Sunday, 16 June 2013, 22:08
Subject: Re: [libreoffice-users] LibreOffice website security

Dear LibreOffice Team,

My antivirus program under Windows is blocking

the access to your

Urmas · June 18, 2013, 10:10am

"Tom Davies" :

It is unlikely the LibreOffice website is infected because it runs on unix-based platforms such as Gnu&Linux.

Linux is getting malware regularly mostly targeting Web-servers for serving other kinds of malware via IFRAMEs and similar methods.

Tom_Davies · June 18, 2013, 10:45am

Hi
Of course there are some types of attacks and things that all systems have trouble with. Somewhere i saw a report that Windows has around 800,000 known viruses and other malware compared to Gnu&Linux's 300. So, yes all systems have problems but it's several orders of magnitude less for unix-based systems.

Anyway, i forgot to keep this thread appraised of developments. I posted a query to the Websites Team and got this response

"

Petre_Borocan · July 12, 2013, 7:44am

Hi Tom,

Please see attached a new print screen when attempting (second time) to
download the Windows version of LibreOffice.
(I'm, already using it on Linux Mint).
The message clearly indicates the website has been infected with a malware.
Maybe (hopefully) Linux users are not affected but those on Windows
certainly are.
Kind regards,
Petre

Cley_Faye · July 12, 2013, 9:19am

The list won't let the attachment through.

What antivirus do you use ?

Tom_Davies · July 12, 2013, 11:07am

Hi
Sure, a Windows virus could theoretically sit on a Gnu&Linux platform just as it could sit on any other platform. The difference is that it can't knock-out the anti-malware defences of the Gnu&Linux system. Also it can't run or replicate itself or infect other files on the system. So at best all it can do is sit&hope. Even fairly rubbishy security with infrequent updates is likely to wipe it out faster than it can grow because it can't grow.

The link doesn't mention security but one of the fundamental and top priorities of Unix was to ensure that no single user could take down the whole system or affect any other user. Unix machines typically had hundreds of workers all logged in at the same time and often running processes that might take a long time to complete. Imagine if one user was running the equivalent of a defrag or disk check when another user just quickly rebooted the system. Too much potential to trash the system or lose data or hours worth of work. So, programs had to be able to run without elevating privileges and without affecting other users on the same system.

Windows aimed at tiny, cheap machines with just 1 user per machine. The aim was to get a personal computer into every home and onto every desk. if a single user took down their own system it only affected the 1 person. Since then they have bolted on a few thing on top of that, such as allowing multiple users (but not at the same time), network and internet access and some attempt at dealing with some security issues as an (optional) after-thought.

Wrt the thread, the reported issue did get forwarded to the websites team and they dealt with the situation really rather quickly. Thanks to the person reporting the issue the situation was resolved several hours faster than it might have been otherwise.
Regards from
Tom

Tom_Davies · July 12, 2013, 11:41am

Hi :)
Hmm, English language is sometimes inadequate and lacks things that other languages take for granted.

Which "you" do you mean? Me personally or the LibreOffice mailing lists? The lists are nothing to do with me and i'm not even a member of TDF. In fact they often threaten to remove me from the lists for one reason or other. I'm expecting another such threat about a couple of posts i made yday but just haven't got that far back in my emails yet.

The LibreOffice mailing lists just routinely strip ALL attachments
but that is less about security and more about avoiding forcing people
to download potentially hefty files that might be irrelevant to their
reasons for being on the lists. You can use Nabble or some other Cloud
storage system and then point to the file in your email
http://www.libreoffice.org/get-help/nabble-mailing-list-interface/
Nabble is probably the best when posting to this list as it makes it easy. I'm not sure what i would use away from the lists. Google-drive maybe? Ubuntu One? Dropbox? It really depends on what you are doing and all i do is office work and IT. I'm not an artist so DeviantArt or photo sharing sites wouldn't be relevant. I've seen people have problems with SkyDrive that left them completely unable to access their own data but that could easily have been user-error.

I personally rarely use any antivirus on unix-based platforms. I just make my system as secure as reasonably possible and then do occasional scans. Occasionally i realise i've been dumb about something and then try to tighten that up. Other times if i'm learning something new to me i might keep it simple to start with and then change all the passwords and stuff when i feel comfortable.

Mostly i just fully reinstall a new OS about every year or 2, although last time i did follow the normal upgrade process instead of doing a full install and was surprised how well it went. On my colleagues Windows systems i typically leave AVG or something and if the machine is up to it also run the MS Security Essentials. Sometimes i have to choose 1 or the other rather than having both :( Again, with them i boot into a LiveCd and do a proper full antivirus scan every couple of years. The first job of any decent malware should be to knock out any defences on the system it's on or even better is to find a way to neatly bypass them to avoid chance of detection. A LiveCd is difficult to write to so it's less likely to get compromised and so the scan is more likely to get a good result.

Regards form
Tom

Tom_Davies · July 12, 2013, 11:51am

Hi
Have you tried downloading the Windows one in Mint and then run a antivirus scan on it? maybe Clamav?

I'm sure i downloaded LO recently on an Xp and on a Win 7 macine with no problems but i might have another look later.

Could someone forwards the problem to the websites mailing list to see if something new has cropped up?
Regards from
Tom

Tom_Davies · July 12, 2013, 12:04pm

Hi
Ok, i got the attachment off-list and he error is being thrown up by an Antivirus i haven't used before but is a fairly big name. It could be a false positive but it's better to let the websites team know about it even if it is. They might be able to contact Avira and let them know of the problem, if it is a false positive. If it's a real problem then they are the ones that could fix it fastest. So, a win-win.
Regards from
Tom

________________________________
From: Tom Davies <tomdavies04@yahoo.co.uk>
To: Petre Matei Borocan <petre.borocan@gmail.com>
Cc: "users@global.libreoffice.org" <users@global.libreoffice.org>
Sent: Friday, 12 July 2013, 12:51
Subject: Re: [libreoffice-users] LibreOffice website security

Hi
Have you tried downloading the Windows one in Mint and then run a antivirus scan on it? maybe Clamav?

I'm sure i downloaded LO recently on an Xp and on a Win 7 macine with no problems but i might have another look later.

Could someone forwards the problem to the websites mailing list to see if something new has cropped up?
Regards from
Tom

________________________________
From: Petre Matei Borocan <petre.borocan@gmail.com>
To: Tom Davies <tomdavies04@yahoo.co.uk>
Cc: "users@global.libreoffice.org" <users@global.libreoffice.org>
Sent: Friday, 12 July 2013, 8:44
Subject: Re: [libreoffice-users] LibreOffice website security

Hi Tom,

Please see attached a new print screen when attempting (second time) to
download the Windows version of LibreOffice.
(I'm, already using it on Linux Mint).
The message clearly indicates the website has been infected with a malware.
Maybe (hopefully) Linux users are not affected but those on Windows
certainly are.
Kind regards,
Petre

Dears,

Please see attached the print screen that I got when trying to open
LibreOffice website.
Kind regards,
Petre

Hi
It is unlikely the LibreOffice website is infected because it runs on
unix-based platforms such as Gnu&Linux. I don't think any of the
internet-facing servers run on Windows. Also i suspect that uploads get
scanned and stuff on the servers gets scanned fairly regularly. However it
might be wise if we let the websites team know there might be an issue.

On

Debian you might be able to install an antivirus program such as

Clamtk (the Gnome/Cinnamon/Mate/Xfce front-end to clamav) or BitDefender or
something. Personally i tend to use specialist LiveCds such as

http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT____CPR_FOR_YOUR_COMPUTER&front_id=12&lang=en&locale=en
http://distrowatch.com/table.php?distribution=trinity
or one of the other System Rescue type distros listed at
http://distrowatch.com/
I quite like Trinity Rescue Kit because i have used it quite often but i
haven't

tried any of the others much. TRK can sort out quite a few Windows

problems quite quickly or just do maintance. I would use it to safely
declutter first but emptying the temp folders and caches before leaving it
to do an over-night antivirus scan and i would get it to run just 1 of the
av programs at a time rather than 1 after another, at least until i had
some idea how long the scans took on your machine. They are a bit
thorough! Even 1 could easily take all night.

Actually i would probably start by just installing clamtk inside Debian
and scan from there. That way i could keep working while the scan was
running. After that scan it might be easier to decide how to proceed.
Obviously Debain wont be affected by the Windows viruses so you can carry
on working on the documents

that are on the Windows side of your machine.

Luuk · July 13, 2013, 9:13am

it should be:
virus

thanks,

Paul16 · July 13, 2013, 12:17pm

Well, to be technical, it should be "viruses" in English, although
"virii" or "viri" is (or used to be) common in computer and early
internet circles. "Virae", "virusen", "viru... viri... vi... nasty
things" and other forms are used, either in jest or self-recognition
of one's lack of complete linguistic knowledge. While the word has no
plural in Classical Latin, Neo-Latin defines "vira", "viris" and
"virorum". It can also be regarded as having no plural, although that
doesn't seem to be common in English. Programmers are, however, known
to have a somewhat humorous take on English, so sticking to "viruses"
is probably a little boring...

http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us

http://www.ofb.net/~jlm/virus.html

Paul

Felmon_Davis · July 13, 2013, 4:54pm

Well, to be technical, it should be "viruses" in English, although
"virii" or "viri" is (or used to be) common in computer and early
internet circles. "Virae", "virusen", "viru... viri... vi... nasty
things" and other forms are used, either in jest or self-recognition
of one's lack of complete linguistic knowledge. While the word has no
plural in Classical Latin, Neo-Latin defines "vira", "viris" and
"virorum".

'vira' and 'viris' are just forms of 'virus' the way "he", "his" and "him" are forms of masculine singular pronoun.

of course one doesn't find 'vira' in actual Latin texts but one doesn't find the plural of 'slime' in actual English texts either.

computer people misunderstand how Latin works so some know the plural for many words ending in '-us' is '-i' or '-ii' so they assume this is true of 'virus' -- though they don't think the plural of 'status' is 'stati'!

but I agree 100% - in _standard_ English the plural is 'viruses' (there is no 'virusses' or 'virae') but now in computer circles it can be 'virii' or whatever they want.

It can also be regarded as having no plural, although that
doesn't seem to be common in English. Programmers are, however, known
to have a somewhat humorous take on English, so sticking to "viruses"
is probably a little boring...

yep. sounds 'different' and edgy.

F.