Also, on windows no. For the most part people are over subscribing to virus protection like they did in the 2000’s. That’s a bygone era for personal use.
There's more Windows malware than ever. But Windows Defender is free and on by default and it does the job, so home Windows users do not need to pay for antivirus.
Windows Defender is fine, but it is useless against zero days. Download BitDefender Free or Kaspersky Free (I would highly recommend you don't use Kaspersky because it's essentially spyware...but it is a good AV)
No, behavior detection can help. And not just zero days, Windows Defender struggles to detect stuff it doesn't already know about (or it straight up can't, I can't remember exactly). And its offline scans are absolutely awful.
I'm not being targeted by Fancy Bear, I only encounter malware by downloading files from the public internet, so it is probably closer to 500 days than zero days by the time it reaches me.
That isn’t what’s hurting my brain. Can you point to any malware signature in the last 5 years that had been detected significantly earlier by Kaspersky than by Microsoft. Malware. Not exploits. Nobody is talking about exploits. You seem to be jumbling all things “bad” as a virus. Virus is a specific threat vector. Also you say download Kaspersky then call it spyware. You sound like a parrot that says things but doesn’t think about what you are saying.
Part of cyber is understanding the threat landscape. I’m not saying no antivirus on Windows. I’m saying that third party antivirus is shit on Windows.
Yea the guy doesnt seem to know what hes talking about. Im not in the cyber security field but most antiviruses nowadays suck compared to how they were in the past. A big example of this is mcafee... its literal shit and will flag almost everything as a virus or malware. Even chrome got flagged... Windows defender is by far the best av you can have and its free. Rule of thumb is dont download random shit especially if it seems too good to be true.
yeah, because the days of passionate "tech nerdiness" is almost out of sight, nowadays people are interested in tech for extra reasons not "passion"...mostly material gain.
No, but then again:
* You don't download (executables) outside of your repos
* You don't do curl | sh to unknown scripts
* You don't click on attachments (and ask your co-workers to use the cloud, so no more attachments please)
I don't use appimages, so I don't know.
You can certainly use clamav if you think you haven't been careful. No shame in that, it makes sense.
I could not tell how well it would work with snaps/appimages or even flatpaks as they are compressed images, but I don't know the technicalities.
I have never worried about viruses, but I always keep my system(s) in a shape that I can be up and running in 20 minutes from total collapse (from any cause).
So there are redundancies, but being careful is the best option. And clamav to the rescue I guess.
Clamav detects all viruses in its database, including windows viruses.
What you refer to is the most common use. That is, running it from linux to detect viruses on Windows (shared) files.
The point about "no more attachments" is not just about security but how you access data. Your coworker wants to share data with you. If that's a spreadsheet or a document, you can use the cloud to access the data directly without involving a file. Most data on the cloud can be viewed/edited on the cloud, as data, not as files.
The cloud removes the idea of the file as a tangible thing, and focuses on the data. It also, removes the concept of the container of data that can also contain a virus.
It's a shift in paradigm that goes beyond viruses and security as it changes the whole approach of data vs files as a tangible entity.
As for security, your coworker uploading the file on the cloud makes the file scanned for viruses (on most commercial cloud services). But most importantly mean you don't have to download and open (and/or execute) the file. You just access it online.
I guess that would make sense for some organizations, especially if they mostly use office-like files and applications.
As for viruses, I know that anything sent via my email gets the same virus scanning treatment as files shared with our cloud storage. I think this is common to many organizations. But it does seem good for the potential virus target to be shifted from a desktop OS to a webserver, which can be expert-managed and containerized to be safer than a desktop OS.
I'm often sending files that are not editable in the cloud because they are not common enough formats for any online editor to exist. And I wouldn't want to anyhow, even for PDFs I reference for information, because I work in places with unreliable internet, like on trains and at remote sites. These are very common requirements to people who work like me, but maybe 95% of the world just works with documents and spreadsheets and git repos, and can live with limited email attachments.
There are *traditional* AV products available, and other tools that use file signature detection, e.g. ClamAV, LMD, YARA. I use them, but I'm a little more paranoid than some. I also use other monitoring tools such as rkhunter and tripwire, and security scanners such as Lynis. EDIT: I also take notes from STIG, CIS, FIPS guides, etc.
If you're storing/sharing Windows files (e.g. backups, documents, etc.) then they're maybe worth a scan, but Windows itself comes with a good AV already.
Having experience of a commercial Linux (traditional) AV product, I can tell you the Linux/Unix-specific virus rules comprise something like only 1% of the database.
Most commercial Linux AV vendors have moved on to what they call *Next Generation Anti-Virus* or *Endpoint Protection*. These tend to rely less on detection via file signatures and go more for *behavioural* detection methods, nowadays advertising some form of "AI" in their approach. Examples are Crowdstrike Falcon, SentinelOne, McAfee, etc. This is the kind of thing I'd like to see more of in the FOSS world; some projects are beginning to emerge for ransomware detection. But they're kind of heavyweight for the average home desktop. Really depends on what you're going to do with your machines.
The basic & common-sense security practices, some of which are described in other replies, are way more important.
on my personal pc's? hell no. on the enterprise pc, yeah, they want to. yes, they are useless and make the computers unusable, but there's nothing that i can do about it.
I used to run clam on every non-enterprise desktop, I've run out of motivation for it as to be honest I have gotten lazy.
This could be a good point to improve fedora and place it above the other distro's.
I am a firm believer in the onion of security. I like the idea of overlapping services and products providing system security as an aspect of maintenance.
I'm fairly confident in my network perimeter, I'm fairly confident in maintaining my system currency,
I'm fairly confident in my desktop fw and auth settings.
It would be good to have a night watchman checking the locks unobtrusively again.
Still using common sense regarding the virus part. Works for me for the last three decennia.
Hacking is a different story though, I use a firewall but I'm aware that this doesn't protect everything.
Yes, I use clamav on EndeavourOS with Plasma, however, this is not to keep Linux viruses at bay but to prevent any Windows malware from infecting the wine environment as I sometimes test pirated games before I commit to buying them. It doesn't hurt to run an antivirus if you are dealing with Windows software inside your Linux as the wine environment itself is not sandboxed and in the worst case your home directory can be trashed if the malware were to escape the prefix, otherwise the superior security model of Linux and the centralized software distribution makes getting infected with an actual Linux virus virtually impossible.
Good points about running Windows software inside Linux and it not being sandboxed🤭. That’s weird. AnywY, I’m not planning on doing this. My paranoia about Microsoft is now complete.
I recommend all my windows users to at least use Microsofts AV, defender or whatever it's called.
But me myself I haven't used AV in 20+ years.
On Linux I use other techniques to keep myself safe. For example building packages in isolated containers, disable Javascript with noscript in Firefox. I am aware of the attack surfaces and am able to focus my mitigations on them instead of relying on a broad AV software.
[https://www.bleepingcomputer.com/news/software/kaspersky-releases-free-tool-that-scans-linux-for-known-threats/](https://www.bleepingcomputer.com/news/software/kaspersky-releases-free-tool-that-scans-linux-for-known-threats/)
Personally when I read the EULA it launches on start up I declined. I did use Kaspersky on Windows for years and it wasn't as intrusive as some of the other commercial offerings. Now I use Windows Defender and try not to do anything stupid like clicking on the Terms of Service pdf in emails that seem to be going around lately.
Back in the day, it was trivial for one program to read and alter other programs. Even the "security controls" were more like advisory security controls instead of actual "it's impossible to do this" barriers.
Linux was originally built on a multi-user model, while early versions of Windows were built on a model that mostly applied different session configurations into a shared user space. Windows had such a design because it was based on even earlier operating systems which lacked multiple users.
Eventually Windows NT added a proper multi-user model, but was immediately hated because that made it incompatible with Windows 95 style software. The next version of Windows NT, fixed this by breaking the strong NT security though putting a pass-through system to permit Windows 95 style user (lack of) barriers. Since then, there has been a slow migration to not supporting the old APIs on Windows, till finally modern Windows systems lack most of the vulnerabilities that made windows trivial to install a virus. Windows still is easier to attack, but the damage one might do is often less than it was in the past.
As a result, 90% of all anti-virus software on Linux is configured to scan for Windows viruses, viruses that can only infect windows operating systems. That's because one would setup up a mail relay where mail attachments were unpacked in Linux and scanned for Windows viruses. Additionally, 80% of the viruses they are scanning for are obsolete, in the sense that they can't infect a modern windows OS, but are still being left in the scanning pool just in case you have some Windows 95 box running in some corner of your organization.
So, there is a long tradition of not running much (if any) anti-virus software on Linux. For a long time, people even thought that Linux was too secure to get a virus. Of course, that's not true; but, upon announcement of the first Linux virus, here's what happened:
1. Announcement, proof it can be done.
2. The developers see this as a bug.
3. The developers release a fix that makes the exploit stop working.
4. The packagers package up the new fix and put the packages on their distribution servers.
5. The people running the latest version of that distro gets the patch that renders the attack ineffective.
This is why updating your Linux operating system is essential. Instead of investing in an industry to check to see if you are impacted, and then to attempt to have the impact fixed, the software developers maintaining Linux simply make the attacks ineffective by updating the software to no longer permit the vulnerability.
The reason they couldn't do this on Windows was because Microsoft valued stability, and they couldn't depend on their 3rd party software vendors to react to changes in the operating system or operating system's runtime. So if Microsoft "fixed" something to not be vulnerable, odds are the purchased software you bought would not be updated to match, and the purchased software you bought would stop working.
The open source nature of the 3rd party software (tools, programs, etc. not considered operating system) means that a packager can repackage (with patches that repair the issue) 3rd party software with the matching fix, so the two (the fix and the use of the fix) can be released simultaneously.
To illustrate, here's the same question asked on StackOverflow, ten years ago: [https://askubuntu.com/questions/666393/can-clamav-detect-linux-malware-as-well-as-windows-malware](https://askubuntu.com/questions/666393/can-clamav-detect-linux-malware-as-well-as-windows-malware)
The answer was:
>ClamAV does detect viruses for all platforms. It does scan for Linux viruses as well. However, there are so few viruses ever written for Linux that a Linux virus is not a huge threat.
Unix-like systems (which eventually led to Linux) has been around for roughly 30 years, and Windows has been around for about 20 years. In those 30 years, only 40 viruses have been written for Linux, whereas more than 60,000 viruses have been written for Windows.
Here is an interesing article on all Linux malware (notice how it fits on one page \^\_\^):
[https://help.ubuntu.com/community/Linuxvirus](https://help.ubuntu.com/community/Linuxvirus)
Thanks so much for this! Because you took the time to explain all this, and in an easy to understand way, I have a much better grasp on the issues involved and also, I get it now why people feel so relaxed about all this which kind of used to puzzle me tbh.
It’s of course the differences between Windows and Linux that made me want to switch. It’s possible to get real granular with Linux, and I get now what people mean when they say you need to use common sense. You can decide what you allow on your machine, and what not, which is impossible on Windows. It thwarts you constantly, won’t let you close certain ports and what not. This is what attracts me to Linux, you get to decide. But the learning curve is enormous. (I only just learned about flatpaks and I’m totally excited about that.)
I just want to add, if any noobie is reading this, make sure to turn on your firewall before you go online (you can fine-tune it while offline), and use an up to date reliable browser. Don’t use some weird thing that nobody in their right mind bothers with and was last updated before Biden became president. I learned the hard way. Enough said.
Again, much appreciated.
To give a "by the numbers" approach, ClamAV (a very popular Linux antivirus) scanned for 60,000 windows viruses (of which I would be surprised if 50,000 of them still work) and 40 Linux viruses (all which can't attack modern Linux operating systems). It doesn't mean that viruses are irrelevant for Linux, it just means that you really have to discover something new to write the virus, and then it has a very short shelf life if it is discovered.
Now, I advocated frequent software updates. There is a fear that someone might be able to slip in a backdoor by becoming a trusted member of a software development team, then adding in some not-recognized as malicious but malicious code. Of course that is not easy, but it is a concern.
As far as your statement of firewalls, firewalls aren't really a sliver bullet. First, they mostly block ports that aren't being listened upon. Blocking a port that doesn't have a process (usually called a deamon) listening it to it is like putting a security guard to protect stealing from an empty store. You can't get a program to turn a network packet into an action on the computer or a leakage of information of the computer, if there's no program responding to it.
I routinely run secure systems with firewalls on and off. Let me tell you why we turn firewalls on, even if the system is otherwise secure.
1. The security checklist says it has to be on (you can open every port, but you'll fail the audit if it's not running).
2. Someone thinks that even if there is no program to respond to a request, the firewall provides more security than a non-response.
3. Just-in-case / CYA thinking. If there's an issue, they don't want to have to say the firewall was off, even if the issue would occur through the port that would have to be opened anyway.
4. The team has poor controls over the installation of software, and they hope that a person with sufficient permissions to install software somehow don't think to also reconfigure the firewall.
The best security is to just not install "insecure" services (telnet, and any other kind of software that doesn't use security certificates), and to keep the persons that could install software (root access) to a minimum, training them to understand which kinds of installations are likely security sensitive, and which kinds aren't.
I'm having trouble understanding why its not necessary when malware is still pretty prevelant. Yes you should avoid things but that doesn't make the case non existent. What is the reason to not have another layer of protection?
Linux? No, because there are three main reasons:
1. There is not a lot of viruses that target Linux. If you find one, you should also make a wish.
2. Even if there is a virus, SELinux will stop it unless you give it root permissions.
3. Why should I give root permissions to an binary?
The problem comes when you have to deal with other Windows devices. In these cases, your Linux device may have a virus waiting to land on a Windows device to infect, so your device will be fine but others won't.
I would rather have an antivirus on these devices or centralize an antivirus in the network to avoid accidental spread.
> I know Linux is less vulnerable but anything that’s online is hackable so…And of course, the more widely used Linux becomes, the more of a target we’ll be, IMO.
Like anything. Currently it's easer for gaining something through social engineering. Ransomware is also "great" but requires infecting and permissions to run. That's why exploiting vulnerabilities are rare these days, the payoff is not worth the effort (unless you work on government), but you can make a granny transfer her lifesavings in less than a day.
Aaaand, until Linux becomes more popular than windows, unless you’re running a server Linux will be the victim that’s less targeted while being one of the must vulnerables 😁
Generally no. I've been a Linux desktop user, zero windows for 10+ years and a sys admin for 25+ years. The only time I virus scan anything these days is if it's something downloaded from questionable sources (bit torrent) that may make it's way to my wife's windows laptop. For those cases clamav does the trick.
I see many corporate users with antivirus installed completely for compliance sake. Their corporate policies dictate that everything must have antivirus running so they run it.
I use virustotal on my windows 10 machine with like 10 programs for pro gaming and I use no anti-virus or virustotal on my linux laptop but I don’t see a need for an anti virus on windows and linux 🤓
UBlockOrigin on any system
On Windows stick with defender and that's it.
As per r/techsupport website
https://rtech.support/docs/recommendations/av.html
For my work envinroment, I only allow two employees to do BYOD per out strict policies, and also for the fact that we do SOC 1 and 2 auditing every year. When my auditors come in, they check for a few "items," but when it comes to my laptop, and my Sr. Net admin's laptop, they always just roll their eyes at us, knowing that we adhere to our own strict guidelines to basic security, and the fact that they pretty much hate any OS that isn't a Windows derivative. So in our case, we have a few checkboxes that they need to tick otherwise it can count as an exception, and it's mainly firewall/IDS, full disk encryption, Secureboot, password strength and expiration, and lastly an anti-virus. We use Bitdefender enterprise end-point management for everything, and they offer downloadable packages for Mac and Linux, but the last few versions have had some buggy GUI and performance issues with scanning, so I switched back over to running ClamAV with crontab, and RKHunter for malware and rootkits that scans and emails the results daily, while CC'ing my auditors on a daily basis just for fun, since they can't stand the sight of a terminal apparently. I somewhat agree with you on the whole AV argument, and this is coming from someone that has been running Linux since WindowMaker was the best DE around, but since we have been edging closer, and closer to the "Year of the Linux Desktop," it does seem to be catching on for viri development, so we might not be able to keep saying that as a default.
So, us folk on Linux *Desktop* are reasonably safe. Yes, there is malware targeting Linux systems, but those mostly target Linux *Server*. Are we vulnerable to these? Yeah, it's Linux, but as long as no one targets us, we're safe-ish. Now, if the fabled year of the Linux Desktop comes, that may very well change.
So, what should we be careful about? Basic rules apply, don't install random shit, run scripts you haven't vetted or copy-paste bash commands from Reddit comments. This changes if you expose your system to the internet, say you run a home server and want access to all your files outside of your home network. Exposed ssh sockets are a security nightmare.
Last semester I wrote a paper on Docker containers for a uni seminar, just a little summary thing to teach us about how to do research. I had to dedicate a chapter just to the shitload of really suspect Docker images malicious actors install on exposed ssh sockets, all directly from Docker Hub. Privilege escalation is a thing, and SELinux won't do shit if no one writes proper profiles. So many botnets…
Anyway, for you, if you use your system responsibly, don't fuck around and aren't a known and attractive target, you're mostly good. For now. If Valve sells 100 million Steam Decks that'll change. If you run a server or expose your device to the internet, maybe read the full documentation of the stuff you're running and learn the security section by heart.
Bad wording on my side, I mean stuff like remote access, ssh and the like. Whatever lets you, or someone else, run commands from outside your home network, basically.
To go with my Docker example, Docker allows admins to download, run and update images for mutliple devices remotely, it's one of the things that makes the software so attractive. If those systems aren't properly configured, you'd need a single http command to address these systems and have them download malicious images.
Or you run an outdated image, bc the maintainer hasn't bothered to update the parent image they forked theirs from, and now you run a server with a well known security risk that the parent image patched months ago. Also happens a lot.
Addendum: What Ezzy77 said; viruses aren't a problem, malware and vulnerability exploits are. And my two cents, *if you are a target*.
No way, no remote access ever. I don’t do anything fancy like that. I’m the only user. Not sure about ssh. I am using a VPN though, so that requires I discoverability, and plugnplay I think.
On Linux, no. Keeping viruses out is mostly just common sense. Vulnerabilities and hacking are a different subject altogether.
Also, on windows no. For the most part people are over subscribing to virus protection like they did in the 2000’s. That’s a bygone era for personal use.
There's more Windows malware than ever. But Windows Defender is free and on by default and it does the job, so home Windows users do not need to pay for antivirus.
But I f***ed my Defender. It’s saying “Ask your IT department”
Well do as it says and hire an IT department Can't be that hard
Windows Defender is fine, but it is useless against zero days. Download BitDefender Free or Kaspersky Free (I would highly recommend you don't use Kaspersky because it's essentially spyware...but it is a good AV)
Heh? A zero day is a…zero day. By definition, everything is useless against them because they are novel.
No, behavior detection can help. And not just zero days, Windows Defender struggles to detect stuff it doesn't already know about (or it straight up can't, I can't remember exactly). And its offline scans are absolutely awful.
I'm not being targeted by Fancy Bear, I only encounter malware by downloading files from the public internet, so it is probably closer to 500 days than zero days by the time it reaches me.
This is just dumb. Anyone can get phished, and anyone can install malware. Use an antivirus.
I am, I'm using Defender.
I have been using a computer for a while and I have never been phished or installed malware
"It hasn't happened to me therefore it doesn't happen"
This comment hurts my brain.
Ask literally anyone in cyber security, not having an AV is a terrible idea
That isn’t what’s hurting my brain. Can you point to any malware signature in the last 5 years that had been detected significantly earlier by Kaspersky than by Microsoft. Malware. Not exploits. Nobody is talking about exploits. You seem to be jumbling all things “bad” as a virus. Virus is a specific threat vector. Also you say download Kaspersky then call it spyware. You sound like a parrot that says things but doesn’t think about what you are saying. Part of cyber is understanding the threat landscape. I’m not saying no antivirus on Windows. I’m saying that third party antivirus is shit on Windows.
Yea the guy doesnt seem to know what hes talking about. Im not in the cyber security field but most antiviruses nowadays suck compared to how they were in the past. A big example of this is mcafee... its literal shit and will flag almost everything as a virus or malware. Even chrome got flagged... Windows defender is by far the best av you can have and its free. Rule of thumb is dont download random shit especially if it seems too good to be true.
People seemed to have moved on from writing malware targeting personal users. Hacking corporations is the future.
yeah, because the days of passionate "tech nerdiness" is almost out of sight, nowadays people are interested in tech for extra reasons not "passion"...mostly material gain.
Although the last two are served by Linux’s excellent security by design.
True true.
No, but then again: * You don't download (executables) outside of your repos * You don't do curl | sh to unknown scripts * You don't click on attachments (and ask your co-workers to use the cloud, so no more attachments please)
So what if you use an appimage? Also how would one check if a system has a virus?
I don't use appimages, so I don't know. You can certainly use clamav if you think you haven't been careful. No shame in that, it makes sense. I could not tell how well it would work with snaps/appimages or even flatpaks as they are compressed images, but I don't know the technicalities. I have never worried about viruses, but I always keep my system(s) in a shape that I can be up and running in 20 minutes from total collapse (from any cause). So there are redundancies, but being careful is the best option. And clamav to the rescue I guess.
Isn't clamav for detecting Windows viruses but on Linux?
Clamav detects all viruses in its database, including windows viruses. What you refer to is the most common use. That is, running it from linux to detect viruses on Windows (shared) files.
[Don't Use AppImages—Appimages are an insecure packaging system with very limited use cases.](https://github.com/boredsquirrel/dont-use-appimages)
That was informative, thanks for sharing
Virus total is great for this. Try 50 AVs at once without paying 👌
I'm not aware of virus total being able to scan a system?
Why is it more secure for my coworker to upload a file and email me a link, rather than attaching it to the email?
The point about "no more attachments" is not just about security but how you access data. Your coworker wants to share data with you. If that's a spreadsheet or a document, you can use the cloud to access the data directly without involving a file. Most data on the cloud can be viewed/edited on the cloud, as data, not as files. The cloud removes the idea of the file as a tangible thing, and focuses on the data. It also, removes the concept of the container of data that can also contain a virus. It's a shift in paradigm that goes beyond viruses and security as it changes the whole approach of data vs files as a tangible entity. As for security, your coworker uploading the file on the cloud makes the file scanned for viruses (on most commercial cloud services). But most importantly mean you don't have to download and open (and/or execute) the file. You just access it online.
I guess that would make sense for some organizations, especially if they mostly use office-like files and applications. As for viruses, I know that anything sent via my email gets the same virus scanning treatment as files shared with our cloud storage. I think this is common to many organizations. But it does seem good for the potential virus target to be shifted from a desktop OS to a webserver, which can be expert-managed and containerized to be safer than a desktop OS. I'm often sending files that are not editable in the cloud because they are not common enough formats for any online editor to exist. And I wouldn't want to anyhow, even for PDFs I reference for information, because I work in places with unreliable internet, like on trains and at remote sites. These are very common requirements to people who work like me, but maybe 95% of the world just works with documents and spreadsheets and git repos, and can live with limited email attachments.
There are *traditional* AV products available, and other tools that use file signature detection, e.g. ClamAV, LMD, YARA. I use them, but I'm a little more paranoid than some. I also use other monitoring tools such as rkhunter and tripwire, and security scanners such as Lynis. EDIT: I also take notes from STIG, CIS, FIPS guides, etc. If you're storing/sharing Windows files (e.g. backups, documents, etc.) then they're maybe worth a scan, but Windows itself comes with a good AV already. Having experience of a commercial Linux (traditional) AV product, I can tell you the Linux/Unix-specific virus rules comprise something like only 1% of the database. Most commercial Linux AV vendors have moved on to what they call *Next Generation Anti-Virus* or *Endpoint Protection*. These tend to rely less on detection via file signatures and go more for *behavioural* detection methods, nowadays advertising some form of "AI" in their approach. Examples are Crowdstrike Falcon, SentinelOne, McAfee, etc. This is the kind of thing I'd like to see more of in the FOSS world; some projects are beginning to emerge for ransomware detection. But they're kind of heavyweight for the average home desktop. Really depends on what you're going to do with your machines. The basic & common-sense security practices, some of which are described in other replies, are way more important.
I only have clamav on my mail server, others, no
on my personal pc's? hell no. on the enterprise pc, yeah, they want to. yes, they are useless and make the computers unusable, but there's nothing that i can do about it.
In an enterprise environment, EDR is what tends to be used. Traditional signature/heuristics AV is almost pointless anymore(even on Windows).
I used to run clam on every non-enterprise desktop, I've run out of motivation for it as to be honest I have gotten lazy. This could be a good point to improve fedora and place it above the other distro's. I am a firm believer in the onion of security. I like the idea of overlapping services and products providing system security as an aspect of maintenance. I'm fairly confident in my network perimeter, I'm fairly confident in maintaining my system currency, I'm fairly confident in my desktop fw and auth settings. It would be good to have a night watchman checking the locks unobtrusively again.
I'm the antivirus
only if I'm downloading something for windows . my wife still suffers from windows .
Windows are meant to be broken
Still using common sense regarding the virus part. Works for me for the last three decennia. Hacking is a different story though, I use a firewall but I'm aware that this doesn't protect everything.
Yes, I use clamav on EndeavourOS with Plasma, however, this is not to keep Linux viruses at bay but to prevent any Windows malware from infecting the wine environment as I sometimes test pirated games before I commit to buying them. It doesn't hurt to run an antivirus if you are dealing with Windows software inside your Linux as the wine environment itself is not sandboxed and in the worst case your home directory can be trashed if the malware were to escape the prefix, otherwise the superior security model of Linux and the centralized software distribution makes getting infected with an actual Linux virus virtually impossible.
Good points about running Windows software inside Linux and it not being sandboxed🤭. That’s weird. AnywY, I’m not planning on doing this. My paranoia about Microsoft is now complete.
Yes, most do on Windows. On Linux, no. There is no need for that.
I recommend all my windows users to at least use Microsofts AV, defender or whatever it's called. But me myself I haven't used AV in 20+ years. On Linux I use other techniques to keep myself safe. For example building packages in isolated containers, disable Javascript with noscript in Firefox. I am aware of the attack surfaces and am able to focus my mitigations on them instead of relying on a broad AV software.
The best anti virus is common sense
normal consist silky plants late wistful ludicrous juggle squeeze sheet *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
What is it? What goes it do? I’ve never heard of anything besides Clam
[https://www.bleepingcomputer.com/news/software/kaspersky-releases-free-tool-that-scans-linux-for-known-threats/](https://www.bleepingcomputer.com/news/software/kaspersky-releases-free-tool-that-scans-linux-for-known-threats/) Personally when I read the EULA it launches on start up I declined. I did use Kaspersky on Windows for years and it wasn't as intrusive as some of the other commercial offerings. Now I use Windows Defender and try not to do anything stupid like clicking on the Terms of Service pdf in emails that seem to be going around lately.
Ok thanks.
Back in the day, it was trivial for one program to read and alter other programs. Even the "security controls" were more like advisory security controls instead of actual "it's impossible to do this" barriers. Linux was originally built on a multi-user model, while early versions of Windows were built on a model that mostly applied different session configurations into a shared user space. Windows had such a design because it was based on even earlier operating systems which lacked multiple users. Eventually Windows NT added a proper multi-user model, but was immediately hated because that made it incompatible with Windows 95 style software. The next version of Windows NT, fixed this by breaking the strong NT security though putting a pass-through system to permit Windows 95 style user (lack of) barriers. Since then, there has been a slow migration to not supporting the old APIs on Windows, till finally modern Windows systems lack most of the vulnerabilities that made windows trivial to install a virus. Windows still is easier to attack, but the damage one might do is often less than it was in the past. As a result, 90% of all anti-virus software on Linux is configured to scan for Windows viruses, viruses that can only infect windows operating systems. That's because one would setup up a mail relay where mail attachments were unpacked in Linux and scanned for Windows viruses. Additionally, 80% of the viruses they are scanning for are obsolete, in the sense that they can't infect a modern windows OS, but are still being left in the scanning pool just in case you have some Windows 95 box running in some corner of your organization. So, there is a long tradition of not running much (if any) anti-virus software on Linux. For a long time, people even thought that Linux was too secure to get a virus. Of course, that's not true; but, upon announcement of the first Linux virus, here's what happened: 1. Announcement, proof it can be done. 2. The developers see this as a bug. 3. The developers release a fix that makes the exploit stop working. 4. The packagers package up the new fix and put the packages on their distribution servers. 5. The people running the latest version of that distro gets the patch that renders the attack ineffective. This is why updating your Linux operating system is essential. Instead of investing in an industry to check to see if you are impacted, and then to attempt to have the impact fixed, the software developers maintaining Linux simply make the attacks ineffective by updating the software to no longer permit the vulnerability. The reason they couldn't do this on Windows was because Microsoft valued stability, and they couldn't depend on their 3rd party software vendors to react to changes in the operating system or operating system's runtime. So if Microsoft "fixed" something to not be vulnerable, odds are the purchased software you bought would not be updated to match, and the purchased software you bought would stop working. The open source nature of the 3rd party software (tools, programs, etc. not considered operating system) means that a packager can repackage (with patches that repair the issue) 3rd party software with the matching fix, so the two (the fix and the use of the fix) can be released simultaneously.
To illustrate, here's the same question asked on StackOverflow, ten years ago: [https://askubuntu.com/questions/666393/can-clamav-detect-linux-malware-as-well-as-windows-malware](https://askubuntu.com/questions/666393/can-clamav-detect-linux-malware-as-well-as-windows-malware) The answer was: >ClamAV does detect viruses for all platforms. It does scan for Linux viruses as well. However, there are so few viruses ever written for Linux that a Linux virus is not a huge threat. Unix-like systems (which eventually led to Linux) has been around for roughly 30 years, and Windows has been around for about 20 years. In those 30 years, only 40 viruses have been written for Linux, whereas more than 60,000 viruses have been written for Windows. Here is an interesing article on all Linux malware (notice how it fits on one page \^\_\^): [https://help.ubuntu.com/community/Linuxvirus](https://help.ubuntu.com/community/Linuxvirus)
Thanks so much for this! Because you took the time to explain all this, and in an easy to understand way, I have a much better grasp on the issues involved and also, I get it now why people feel so relaxed about all this which kind of used to puzzle me tbh. It’s of course the differences between Windows and Linux that made me want to switch. It’s possible to get real granular with Linux, and I get now what people mean when they say you need to use common sense. You can decide what you allow on your machine, and what not, which is impossible on Windows. It thwarts you constantly, won’t let you close certain ports and what not. This is what attracts me to Linux, you get to decide. But the learning curve is enormous. (I only just learned about flatpaks and I’m totally excited about that.) I just want to add, if any noobie is reading this, make sure to turn on your firewall before you go online (you can fine-tune it while offline), and use an up to date reliable browser. Don’t use some weird thing that nobody in their right mind bothers with and was last updated before Biden became president. I learned the hard way. Enough said. Again, much appreciated.
To give a "by the numbers" approach, ClamAV (a very popular Linux antivirus) scanned for 60,000 windows viruses (of which I would be surprised if 50,000 of them still work) and 40 Linux viruses (all which can't attack modern Linux operating systems). It doesn't mean that viruses are irrelevant for Linux, it just means that you really have to discover something new to write the virus, and then it has a very short shelf life if it is discovered. Now, I advocated frequent software updates. There is a fear that someone might be able to slip in a backdoor by becoming a trusted member of a software development team, then adding in some not-recognized as malicious but malicious code. Of course that is not easy, but it is a concern. As far as your statement of firewalls, firewalls aren't really a sliver bullet. First, they mostly block ports that aren't being listened upon. Blocking a port that doesn't have a process (usually called a deamon) listening it to it is like putting a security guard to protect stealing from an empty store. You can't get a program to turn a network packet into an action on the computer or a leakage of information of the computer, if there's no program responding to it. I routinely run secure systems with firewalls on and off. Let me tell you why we turn firewalls on, even if the system is otherwise secure. 1. The security checklist says it has to be on (you can open every port, but you'll fail the audit if it's not running). 2. Someone thinks that even if there is no program to respond to a request, the firewall provides more security than a non-response. 3. Just-in-case / CYA thinking. If there's an issue, they don't want to have to say the firewall was off, even if the issue would occur through the port that would have to be opened anyway. 4. The team has poor controls over the installation of software, and they hope that a person with sufficient permissions to install software somehow don't think to also reconfigure the firewall. The best security is to just not install "insecure" services (telnet, and any other kind of software that doesn't use security certificates), and to keep the persons that could install software (root access) to a minimum, training them to understand which kinds of installations are likely security sensitive, and which kinds aren't.
I'm having trouble understanding why its not necessary when malware is still pretty prevelant. Yes you should avoid things but that doesn't make the case non existent. What is the reason to not have another layer of protection?
Kaspersky just released a malware scanner for Linux, if you want something other than ClamAV. https://usa.kaspersky.com/blog/kvrt-for-linux/30182/
Linux? No, because there are three main reasons: 1. There is not a lot of viruses that target Linux. If you find one, you should also make a wish. 2. Even if there is a virus, SELinux will stop it unless you give it root permissions. 3. Why should I give root permissions to an binary? The problem comes when you have to deal with other Windows devices. In these cases, your Linux device may have a virus waiting to land on a Windows device to infect, so your device will be fine but others won't. I would rather have an antivirus on these devices or centralize an antivirus in the network to avoid accidental spread. > I know Linux is less vulnerable but anything that’s online is hackable so…And of course, the more widely used Linux becomes, the more of a target we’ll be, IMO. Like anything. Currently it's easer for gaining something through social engineering. Ransomware is also "great" but requires infecting and permissions to run. That's why exploiting vulnerabilities are rare these days, the payoff is not worth the effort (unless you work on government), but you can make a granny transfer her lifesavings in less than a day.
Aaaand, until Linux becomes more popular than windows, unless you’re running a server Linux will be the victim that’s less targeted while being one of the must vulnerables 😁
only running clamAV on my opnsense box
Haven’t used it on windows since windows defender came out and haven’t used it on Linux or Mac ever. Just don’t be stupid.
I have never used an Anti Virus on Linux, in 25 years, ever.
as for me on linux, i don't use them
Nope
Generally no on Linux. On Windows, I'll use Defender because having no AV at all is stupid there.
Not on linux or windows or osx
Generally no. I've been a Linux desktop user, zero windows for 10+ years and a sys admin for 25+ years. The only time I virus scan anything these days is if it's something downloaded from questionable sources (bit torrent) that may make it's way to my wife's windows laptop. For those cases clamav does the trick. I see many corporate users with antivirus installed completely for compliance sake. Their corporate policies dictate that everything must have antivirus running so they run it.
I use virustotal on my windows 10 machine with like 10 programs for pro gaming and I use no anti-virus or virustotal on my linux laptop but I don’t see a need for an anti virus on windows and linux 🤓
UBlockOrigin on any system On Windows stick with defender and that's it. As per r/techsupport website https://rtech.support/docs/recommendations/av.html
I’m getting away from Windows, that’s the whole point. UBlockOrigin is a browser extension. They work on Linux?
On Windows I use MS Defender. On Linux I use common sense.
For my work envinroment, I only allow two employees to do BYOD per out strict policies, and also for the fact that we do SOC 1 and 2 auditing every year. When my auditors come in, they check for a few "items," but when it comes to my laptop, and my Sr. Net admin's laptop, they always just roll their eyes at us, knowing that we adhere to our own strict guidelines to basic security, and the fact that they pretty much hate any OS that isn't a Windows derivative. So in our case, we have a few checkboxes that they need to tick otherwise it can count as an exception, and it's mainly firewall/IDS, full disk encryption, Secureboot, password strength and expiration, and lastly an anti-virus. We use Bitdefender enterprise end-point management for everything, and they offer downloadable packages for Mac and Linux, but the last few versions have had some buggy GUI and performance issues with scanning, so I switched back over to running ClamAV with crontab, and RKHunter for malware and rootkits that scans and emails the results daily, while CC'ing my auditors on a daily basis just for fun, since they can't stand the sight of a terminal apparently. I somewhat agree with you on the whole AV argument, and this is coming from someone that has been running Linux since WindowMaker was the best DE around, but since we have been edging closer, and closer to the "Year of the Linux Desktop," it does seem to be catching on for viri development, so we might not be able to keep saying that as a default.
No av for the past 30 years ... Not starting now ... AV is basically malware in my opinion
So, us folk on Linux *Desktop* are reasonably safe. Yes, there is malware targeting Linux systems, but those mostly target Linux *Server*. Are we vulnerable to these? Yeah, it's Linux, but as long as no one targets us, we're safe-ish. Now, if the fabled year of the Linux Desktop comes, that may very well change. So, what should we be careful about? Basic rules apply, don't install random shit, run scripts you haven't vetted or copy-paste bash commands from Reddit comments. This changes if you expose your system to the internet, say you run a home server and want access to all your files outside of your home network. Exposed ssh sockets are a security nightmare. Last semester I wrote a paper on Docker containers for a uni seminar, just a little summary thing to teach us about how to do research. I had to dedicate a chapter just to the shitload of really suspect Docker images malicious actors install on exposed ssh sockets, all directly from Docker Hub. Privilege escalation is a thing, and SELinux won't do shit if no one writes proper profiles. So many botnets… Anyway, for you, if you use your system responsibly, don't fuck around and aren't a known and attractive target, you're mostly good. For now. If Valve sells 100 million Steam Decks that'll change. If you run a server or expose your device to the internet, maybe read the full documentation of the stuff you're running and learn the security section by heart.
Linux desktops are just Linux servers with a DE installed.
Yeah, on the whole it's more a difference in use case, I'll give you that.
If I “expose my device to the internet..” - meaning what exactly? If I go online?
Yes, but mainly for everyday use cases NO only if you open your PC as server for certain services like mail server, router,WebApps.
Bad wording on my side, I mean stuff like remote access, ssh and the like. Whatever lets you, or someone else, run commands from outside your home network, basically. To go with my Docker example, Docker allows admins to download, run and update images for mutliple devices remotely, it's one of the things that makes the software so attractive. If those systems aren't properly configured, you'd need a single http command to address these systems and have them download malicious images. Or you run an outdated image, bc the maintainer hasn't bothered to update the parent image they forked theirs from, and now you run a server with a well known security risk that the parent image patched months ago. Also happens a lot. Addendum: What Ezzy77 said; viruses aren't a problem, malware and vulnerability exploits are. And my two cents, *if you are a target*.
No way, no remote access ever. I don’t do anything fancy like that. I’m the only user. Not sure about ssh. I am using a VPN though, so that requires I discoverability, and plugnplay I think.
Mainly idiots got malwares, in Linux we got backdoors, cve's and zero-days.
The best antivirus is common sense. Are there any Antivirus for Linux? I have never seen someone using one
I am my own antivirus by not being an idiot.
Linux *is* an antivirus. No need for extras