If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.

Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.

  • citytree@lemmy.ml
    link
    fedilink
    arrow-up
    8
    arrow-down
    2
    ·
    edit-2
    1 year ago

    What’s to stop the installer on Linux from configuring the service such that the service always runs on boot? e.g. systemctl enable malware.service.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Linux doesn’t have “installers” as Linux uses package managers. The only way you can get malware is if you manually add a bad repo.

      So it doesn’t really matter in the long run

    • hottari@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      11
      ·
      edit-2
      1 year ago

      You still need to manually enable the service. The configuration of the service has zero effect on its activation or lifecycle.

      • calm.like.a.bomb@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        1 year ago

        Huh? Any script can create a service, enable it and then start it. What would make you think the brave package (or just the application itself) can’t do this?

        • hottari@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          9
          ·
          1 year ago

          Not possible to start or enable a created service without user intervention. You don’t know what you are talking about.

          • Ferk@kbin.social
            link
            fedilink
            arrow-up
            10
            arrow-down
            1
            ·
            1 year ago

            Systemd “enabled” services are literal symlinks… whenever a target runs, it tries to start also all the service files on its “wants” directory.

            You can literally enable any service for next boot by making a symlink in /etc/systemd/system/multi-user.target.wants/ (or whichever other target you want it to run on) as root (and installation scripts are run as root).

            ln -s /usr/lib/systemd/system/whatever.service  /etc/systemd/system/multi-user.target.wants/whatever.service
            
            
            • hottari@lemmy.ml
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              1 year ago

              This is actually very close (just tested and confirmed it). I somehow stand corrected about requiring manual enablement but this is just using the package manager to do the dirty work for you.

              However the program itself cannot write into those directories without root permissions. You still have to allow your package manager to do this with root permissions as mentioned.

          • calm.like.a.bomb@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            1 year ago

            OK… challenge accepted. Maybe you don’t know about systemd user services.

            Content of mytrojan.sh:

            #!/usr/bin/env bash
            
            echo "Writing the service unit file"
            
            cat > ~/.config/systemd/user/my_test_service.service << EOF
            [Unit]
            Description=Script Daemon For Test User Services
            
            [Service]
            Type=simple
            User=
            #Group=
            ExecStart=/home/user/bin/myscript.sh
            Restart=on-failure
            StandardOutput=file:%h/log_file
            
            [Install]
            WantedBy=default.target
            EOF
            
            echo "Reloading systemd for the user"
            systemctl --user daemon-reload || exit 1
            
            echo "Enabling and starting the service"
            systemctl --user enable --now my_test_service.service
            

            Content of myscript.sh:

            $ cat ~/bin/myscript.sh
            #!/usr/bin/env bash
            
            while true
            do
                now=$(date)
                me=$(whoami)
                echo "User $me at $now"
                sleep 10
            done
            

            Now run the script (mytrojan.sh) and check service status after that:

            $ ./mytrojan.sh
            Writing the service unit file
            Reloading systemd for the user
            Enabling and starting the service
            $ systemctl --user status my_test_service.service
            ● my_test_service.service - Script Daemon For Test User Services
                 Loaded: loaded (/home/user/.config/systemd/user/my_test_service.service; enabled; vendor preset: ena>
                 Active: active (running) since Thu 2023-10-19 12:15:21 EEST; 6s ago
               Main PID: 1666383 (myscript.sh)
                  Tasks: 2 (limit: 18757)
                 Memory: 556.0K
                    CPU: 4ms
                 CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/my_test_service.service
                         ├─1666383 /bin/bash /home/user/bin/myscript.sh
                         └─1666387 sleep 10
            
            Oct 19 12:15:21 tesla systemd[1866318]: Started Script Daemon For Test User Services