On 04/10/2018 12:18 PM, home user via users wrote: > Good afternoon, > > background: > In the past few months, I've seen a few articles on the internet about coin mining, also called cryptojacking. Seems that in a variety of ways, software can be loaded onto remote computers and then run to mine crypto-currency, often without the user knowing it. This is done to make money, sometimes for good purposes, but sometimes for malicious people or organizations. The running of most such scripts is barely noticeable (deliberately!), but some can take up so much cpu and/or gpu so as to fry the processors (by overheating them). > > question: > I realize there's no perfect protection. But based on the knowledge and experience of the members of this list, which of the coin-mining blockers available for Firefox is best (most effective)? I've never understood the underlying concept of bitcoin/xmr/whatever mining. Currency (money) is usually tied, ultimately, to some physical thing. This just seems nebulous. Are they using our systems to come up with better cryptography? I just don't get it. Anyway, my top 7: 1. Never let Firefox (or Chrome or any web browser) install software on your machine without your explicit approval. Never ever! Bad dog! 2. If you download something and want to install it but aren't 100% sure about, deploy it into a scratch directory and run it in a sandbox first: https://fedoraproject.org/wiki/Sandboxing or run it in a VM. Make sure the sandboxed program doesn't do anything nefarious before you install it normally. 3. Keep your system up to date ("dnf --refresh upgrade" often). 4. Use a highly restrictive firewall. Mine's set up so that NOTHING unsolicited gets in except ssh from specific IPs and DNS responses. 5. Don't disable SELinux. This may be a pain, but it can catch some nasty stuff. 6. Track what processes your machine is running most of the time and look for ones that seem suspicious (running "ps aux" as root can be your friend). 7. I have a Raspberry Pi that I use to run nmap against my machines to see if they have open ports I'm not expecting. This also helps protect against trojans. Your mileage may vary and others here on the list will certainly chime in. Always keep in mind the old adage: "Just because I'm paranoid doesn't mean they AIN'T out to get me!" Good luck! ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Duct Tape + Magic Marker = Label Maker! - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
