Ubuntu: Is making a clean install enough to remove potential malware?



Question:

Is formatting the disk and reinstalling the system from scratch (to Ubuntu) enough to remove any potential hidden software spyware, keyloggers etc.?

Or can something still persist installed in the bios or something like that? What to do then?

To be clear, not concerned about malware. The question is more specific about a machine to which people other than the user had physical access for many hours. So when the user returns cannot be sure nothing changed. So the user makes a fresh install after some weeks. Is that enough to "clean" it?


Solution:1

Malware cannot usually be installed in the BIOS (it is read only), and also Ubuntu is not very open to malware (it should be the least of your worries, to be honest, and that issue has been covered on this site before).

If you did get malware however, reinstalling (so long as the contents of the affected directory are not preserved) would work. However, you should not even have to go this far, as often times, simply deleting or replacing the affected files should fix it.

Someone having physical access gives them a lot of power over the system, but it highly unlikely for them to put anything in your BIOS, so just a reinstall of the OS should be enough.


Solution:2

It is very unlikely that you'll have malware installed in hardware. Actually, you can't do that at all in Linux, which is why we need to use DOS to flash BIOS. It may have been possible for someone to corrupt your BIOS by using MS-DOS or similar, but it isn't likely. If you're really paranoid about it, then you can re-flash your BIOS.

But it is very easy to corrupt an Ubuntu system if you have physical access to the computer, so a reinstall is quite reasonable if you are suspicious. That will remove at least all system-level malware. It is still possible to add a script to be run by a user in order to spy or similar, but that should be fairly easy to find.


Solution:3

Just a few more observations to take into account:

The would-be attacker could also get hold of your (email, banking etc) passwords (or other sensitive/personal data) if you stored them unencrypted on your disk.

It is possible and fairly easy to install and use a hardware keylogger or similar devices, for an example see http://www.keyghost.com/kgpro.htm

If you don't reinstall the Grub code in the first few sectors of the disk, malware could potentially survive there.


Solution:4

Although quite new, UEFI is quite insecure and an os in itself, therefore a rather new security threat. If someone would be able to temper with a server or laptop physically to upload a modified UEFI, you could reinstall the system all you want, without any positive effect.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »