Antivirus recomendations

danielfgom , 10 months ago

Yes, no antivirus. You don’t need it. There are no viruses. Plus, the way Linux is setup it’s not easy for a virus to do alot of damage.

CrypticCoffee , 10 months ago

And if you’re dual booting with Windows and shared data?

danielfgom , 10 months ago

Put the AV on Windows only. Linux cannot run any .exe files anyway so they are useless, unless you try run them under wine, but I wouldn’t recommend it.

Mandy , 10 months ago

Use common sense and dont install random shady shit from the internet.

Best antivrius in the world

ReakDuck , 10 months ago

After happily not following your advise my entire life on Arch Linux… I got this weird Virus on my PC while game developing. This virus made my entire PC glitch and my friend also wondered what the fuck is going on. Weird and creepy music started and sounded like its telling me I am dumb. After unplugging my entire PC from electricity, the music was still there… and I cried.

After waking up I asked myself how the fuck did I dream this and why this dream felt so real (like a lucid dream but I thought this is real life). I maybe dreamed this after having a discussion why I should get an IPhone. As a GrapheneOS user I explained myself, but restarted my thinking about Security. (But even without being a Security focused guy, an IPhone has not enough features like Sideloading Open Source apps)

Mandy , 10 months ago

what vim does to a motherfucker

bushvin , 10 months ago (edited 10 months ago)

I wouldn’t recommend using anti-virus software. It usually creates a lot more overhead, plus it usually mimics existing solutions already in linux. The only viruses I have ever caught using an anti-virus software on Linux are the test viruses to see if all is working fine.

Anyway, here’s my 20+ enterprise experience recommendations with Linux :

• enable secure boot: will disable launching non-signed kernel modules (prevent root kits)
• enable firewall: and only allow ports you really need.
• SELinux: it is getting better, and it will prevent processes to access resources out of their scope. It can be problematic if you don’t know it (and it is complex to understand). But if it doesn’t hinder you, don’t touch it. I do not know AppArmor, but it is supposed to be similar.
• disable root over ssh: or only allow ssh keys, or disable ssh altogether if you do not need it.
• avoid using root: make sure you have a personal account set up with sudo rights to root WITH password.
• only use trusted software: package managers like apt and rpm tend to have built in functionality to check the state and status of your installed software. Use trusted software repositories only. Often recommended by the distro maintainers. Stay away from use this script scripts unless you can read them and determine if they’re the real thing.

Adhering to these principles will get you a long way!

edit: added section about software sources courtesy of @dragnucs

01189998819991197253 , 10 months ago

And when in doubt, upload the file to virustotal.

pglpm , 10 months ago

Thank you for the advice!

Firewall on Linux is something I still don’t understand, and explanations found on Internet have always confused me. Do you happen to know some good tutorial to share? Or maybe one doesn’t need to do anything at all in distros like Ubuntu?

Regarding ssh: you only mean incoming ssh, right?

toikpi , 10 months ago

Firewall - While this tutorial is Ubuntu 16.04 it should work current versions of Ubuntu linuxbabe.com/…/getting-started-gufw-ubuntu-16-04It should work for other distributions once you change the package manager.

bushvin , 10 months ago

ebtables and iptables can be very complex. And I failed my 1st RHCE exam because of them. But once you learn, you will never unlearn, as they are quite beautifully crafted. You just need to get into the mindset of the people who wrote the tools…

Look into firewalldIt has a rather simplified cli interface: firewall-cmd

The manpages will tell you a lot.

firewall-cmd —add-service=sshWill open the ports for your ssh daemon until you reload your firewall or reboot your system firewall-cmd —permanent —add-service=sshWill open the ssh ports until you remove them

firewall-cmd —list-allWill show you the current firewall config

kool_newt , 10 months ago

Try nftables directly, it’s simple and straightforward, scripting syntax is easy.

c1177johuk , 10 months ago

Another simpler frontend for iptables I think is well suited for desktop environemnts is ufw. It does what it’s supposed to do and is extremely simple to use

bushvin , 10 months ago

I personally do not know ufw, but if it does what it must, then you’re solid.

Linux is also about choices: do stuff the way you choose to, and makes you comfortable.

bushvin , 10 months ago

Yes, usually you configure your endpoint firewall to block incoming traffic, while allowing all outgoing.

Unless you’re in a very secure zone, like DMZ’s.

HotBoxghost2743 , 10 months ago

What don’t you completely understand about Linux firewall? I don’t mind helping you learn

pglpm , 10 months ago

Thank you everyone, also @bushvin @toikpi.

For example, if I open my settings (I’m on Ubuntu+KDE) I don’t see any firewall settings to configure. So I expect this is automatically done by the OS, but maybe I’m wrong. A bit surprised that the system itself doesn’t recommend using a firewall, to be honest.

Many firewall tutorials start speaking about “your server”. Then I wonder: is this really for me? I don’t have a server. Or do I?

I now see that the tutorial from @toikpi gives a better explanation, cheers! So I see it’s good to have a firewall simply because one connects to public wifis from time to time.

I see that both UFW and firewalld are recommended… is it basically OK whichever I choose?

HotBoxghost2743 , 10 months ago

The main one everybody uses at least from my knowledge and from what I’ve used over the last 13 years is UFW. That is what you want to use.

A firewall is very important not just for being on public Wi-Fi connections. A firewall is your extra layer of protection

I don’t know what Distro you run. But it’s almost the same for each one

digitalocean.com/…/how-to-set-up-a-firewall-with-…

UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.

Using IPv6

sudo nano /etc/default/ufw

That command should come back with this

IPV6=yes

Save and close the file. Now, when UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules. However, before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Let’s start with setting the default policies.

Setting up default policies

sudo ufw default deny incoming sudo ufw default allow outgoing

These commands set the defaults to deny incoming and allow outgoing connections. These firewall defaults alone might suffice for a personal computer, but servers typically need to respond to incoming requests from outside users. We’ll look into that next.

To configure your server to allow incoming SSH connections, you can use this command:

<span style="color:#323232;">sudo ufw allow ssh
</span>

This will create firewall rules that will allow all connections on port 22, which is the port that the SSH daemon listens on by default. UFW knows what port allow ssh means because it’s listed as a service in the /etc/services file.

However, we can actually write the equivalent rule by specifying the port instead of the service name. For example, this command works the same as the one above:

<span style="color:#323232;">sudo ufw allow 22
</span>

If you configured your SSH daemon to use a different port, you will have to specify the appropriate port. For example, if your SSH server is listening on port 2222, you can use this command to allow connections on that port:

<span style="color:#323232;">sudo ufw allow 2222
</span>

To enable UFW, use this command:

<span style="color:#323232;">sudo ufw enable
</span>

bushvin , 10 months ago

The main one everybody uses at least from my knowledge and from what I’ve used over the last 13 years is UFW. That is what you want to use.

I could easily say that for firewalld… 😃

Ufw is typically available/pre-installed with Debian based systems (Debian, Ubuntu, zzz), while Firewalld is typically available on Red Hat Enterprise Linux and derivates (Fedora, CentOS, Rocky, …)

But it boils down to what you prefer, really.

HotBoxghost2743 , 10 months ago

I know all this already. But I also use arch and have been for the last 6+ years and I use ufw lol

bushvin , 10 months ago

I see that both UFW and firewalld are recommended… is it basically OK whichever I choose?

Yes. Whichever works for you should be fine. In the end you should be able to manage it

ChonkaLoo , 10 months ago

go with firewalld ufw floods dmesg with useless messages

hevov , 10 months ago

I don’t think you need to configure your firewall. Firewalls are usualy used to block incomming connectings. Usualy a Firewall that blocks all incomming connections is already active on your modem/router. Adding exception to the modem/router Firewall usualy happen through port forwords.

pglpm , 10 months ago

@bushvin @toikpi @hevov @ChonkaLoo @HotBoxghost2743 @c1177johuk (I’m surely forgetting someone, sorry)

Thank you ALL for the great advice and guides! I’m writing from behind a laptop firewall now, and don’t notice anything :) It was smoother than I expected. In the end I used UFW because it was already installed, but I’ll take a look at firewalld too in some days! I don’t have any incoming ssh connections (not a server), so I didn’t need to worry about that :)

Really great people here at Lemmy :)

HotBoxghost2743 , 10 months ago

You’re welcome friend!

cizra , 10 months ago

There’s plenty of good advice in other comments in this topic. Let me add mine too, something I haven’t seen in other comments: You need to figure out your threat model, and steer your course accordingly.

Who do you trust?

• No one? Don’t use a computer. Use an airgapped computer without any internet connection. Write your own OS (but be mindful of bootstrapping issues, you’ll also need to write your own compiler to protect against Thompson’s hack). It’s a hassle.
• Original authors of software? Compile and install all software from source. Consider using LFS. It’s a hassle.
• Maintainers of my operating system of choice? Only install packages from official package repositories (apt in Debian, pacman in Arch, you know the drill). Eschew any others, like PPA in Ubuntu, AUR in Arch. Though package maintainers don’t necessarily review any package updates, there’s a chance they just might. Though package maintainers are in the position to inject backdoors during packaging, this is somewhat unlikely as packaging scripts tend to be small and easy to review.

What risky activities are you doing?

• Running random crap software downloaded from the internet?
  • Run it in a virtual machine. It’s easy to install another Linux into a VM - you could try VirtualBox or qemu or libvirt or some other one.
  • Containerize it with Docker, or run it in Firejail or Bubblewrap
    • Don’t mount your home directory, or anything other important into the container. Instead, if you need to pass data, use a dedicated directory.
    • It’s easy to restrict internet access to a program, when running it in Docker or Bubblewrap.
• Running the same as root? I’m pretty sure a full virtual machine would be the only secure option to do that, and I’m 100% certain even that would be enough.
• Running large software that probably ought to be OK, but you never know for certain? This is what I normally do:
  • Use the Flatpak version, if available. Check its permissions (e.g. with Flatseal), you might be able to tighten the screws. For example, a browser (yes, Firefox, Thunderbird, Chromium are available as Flatpaks. Even Chrome is) is plenty large enough for any number of security bugs to hide in. Or a backdoor, which might be crafted to be indistinguishable from a honest bug.
  • If there’s no Flatpak version available, I Bubblewrap it.

I have a simple Bash script that restricts apps’ view of my filesystem, and cuts off as much stuff as possible, while retaining the app’s ability to run. Works with Wayland and console apps, optionally with Xorg apps if I set a flag. Network access requires its own flag.

I could share my Bubblewrapping script, if there’s interest.

vulnerability , 10 months ago

Wow really helpful

hevov , 10 months ago

Thanks for the helpful list. I had concerns in the past about flatpak, because as far as I know the dependencies are bundled into the flatpak and are not using the latest version of your distro. But that means that some flatpaks probably use outdated and unsecure dependencies.

Whats your opinion on that matter?

pastermil , 10 months ago

I found flatpak to in fact be ahead of distros’ packages. Granted, I use distros that are rather conservative on update (Debian, Gentoo, and Linux Mint). If you use something bleeding edge like Arch, things may be different, but shouldn’t be far off.

Either way, I find flatpak to be reliable.

cizra , 10 months ago

Indeed, Flatpak is its own repo. It might be more, or it might be less up to date than your favorite distro. Debian, for instance, was once notorious for packaging ancient versions (tho this has improved lately).

The saving grace of Flatpak is that it’s still better isolated.

If native Chrome decides to start emitting your crypto wallet’s privkeys as a part of its push for Better Customer Experience and More Precisely Targeted Ads, you won’t even know or notice it. This is technically very easy to do. It might make itself hard to dislodge by injecting itself into ~/.bashrc or the desktop environment’s startup system, or Systemd services.

If Flatpakked Chrome starts misbehaving, it might mine crypto on your CPU (wasting your electricity), or rent out all your disk space, or turn your PC into a node in a botnet, but it won’t have access to read or write anything other than your ~/Downloads. It’s also easy to uninstall, as it hasn’t had a chance to spread its seed.

Sorry for the long rant… What was the original question again? Outdated dependencies? Not an expert, but I hear the whole reason AppImage, Snap, FlatPak, Yarn locks and Go language was invented was to make it easier to have outdated dependencies. You never know what’s available in $Distribution, you depend on goodwill of maintainers of $Distribution to package your app and all deps. In AUR you can find older versions of Lua libs (lua51-filesystem) which someone had to add to make Mudlet run - Mudlet didn’t see fit to upgrade to the latest Lua.

While it is indeed somewhat true that a library (that many apps depend on) can be patched to fix a security issue, and apps won’t need to be rebuilt, it only works if the lib was a sufficiently recent version. And if the distro maintainer is more diligent than the Flatpak maintainer. Otherwise, the authors of said lib are going to ask you to upgrade to a supported version where that bug has already been fixed, defenestrating the whole argument-in-favor. This completely breaks down in NixOS, too, where your package would get rebuilt from source as inputs changed.

zwekihoyy , 10 months ago

do not use browsers from flatpak. browsers have their own built in sandbox that is crippled or sometimes fully disabled in order to make flatpaks sandboxing work, which are often less restrictive than the browser’s.

flatpak is better than nothing for the average user but most packages completely ignore the sandboxing it is supposed to use and require manual changes on flatseal.

cizra , 10 months ago

Interesting, could you please elaborate?

1. What exactly is this “built in sandbox”, and what does it protect against? How does it compare with Flatpak disallowing access to filesystem?
2. Could we get a source for the claim of sandbox being crippled? Or more details? Documentation? Build scripts?

I had a look at flatpaks I have installed:

• Firefox (org.mozilla.firefox): no access to ~
• Thunderbird (org.mozilla.Thunderbird): no access to ~
• Element (im.riot.Riot): no access to ~
• Beyond All Reason (info.beyondallreason.bar) - no access to ~
• Steam (com.valvesoftware.Steam) - no access to ~, and (best of all) Steam runs a ton of untrusted code in games, which will inherit this restriction.
• Wolfenstein: Blade of Agony (com.realm667.Wolfenstein_Blade_of_Agony) - no access to ~
• Chromium (com.github.Eloston.UngoogledChromium): allows access to ~ by default. It’s one click to disable, or I could shop around for another one, like org.chromium.Chromium.
• OpenTTD (org.openttd.OpenTTD) - allows access to ~

Thus, yeah, some apps neglect to restrrict ~, thankfully it’s easy to fix. It’s not a disadvantage, though, it’s a lack of advantage.

AFlyingCar , 10 months ago

I would actually like to see your Bubblewrap script if you wouldn’t mind sharing. I’ve been thinking about trying to learn how to use it for a while now, but I’ve kept putting it off since getting Xorg programs to work with it seemed difficult/confusing to me.

cizra , 10 months ago

Here it comes: paste.ee/p/voTFI

Note that I’m no Bash expert, and you’ll undoubtedly find ways to improve or fix it. Usage:

• Run stuff in a sandbox isolate bash - and then verify your access to filesystem is restricted
• Enable Xorg for apps that need it X=1 isolate mindustry
  • Wayland, which naturally isolates apps from each other, is enabled by default.
• Enable network for apps that need it: NET=1 isolate curl https://ip6.me/api/
• Enter the sandbox to mess around with it manually: NAME=mindustry isolate bash
  • Note that it doesn’t catch Ctrl-C. Ctrl-C kills the isolated Bash.
• Populate data (installers and whatnot): NAME=mygame isolate ls; cp installer.sh ~/.local/share/bubblewrap/mygame/; NAME=mygame isolate bash

18107 , 10 months ago

Avast! runs on Linux.

Personally I prefer to just avoid clicking on dodgy links. In the last 5 years I haven’t found any viruses. YMMV

szczuroarturo OP , 10 months ago

Yeach that was my personal preference but the profliferation of streaming services each with their own exclusive shows made me sail the black seas once again, so i was wondering if there is something to scan downloaded files. If its even possible in the first place to get a virus on Linux that way.

Nia , 10 months ago (edited 10 months ago)

deleted_by_author

szczuroarturo OP , 10 months ago

Yeach i ultimately instaled calmav/clamtk and it did not found anything on my already downloaded files so thats good(alghtough the from end is a bit laggy). Alghtough im a bit suprised about Linux community hostility to anitviruses. As far as i am concerned doing sketchy stuff on pc is a fairly regular occurence, especialy if you are a power user(And most Linux users are in this category) , so added protection wont harm anyone especialy since Linux as far as i know dosent have the equivalent of Microsoft Defender by deafult . Obviusly likelyhood of someone even making a virus for Linux is low but it is there

yourdogsnipples , 10 months ago

No judgement on what you’re doing online. In your case, don’t download untrusted files, stream where you can. For all users, whether on the black seas or not, you should as a matter of habit use uBlock Origin in your browser, turn on the filterlists for security, ads, annoyances in particular.

scytale , 10 months ago

I think if you added this context to your post, you’d get less hostile answers from people saying you don’t need one. You have a legit reason for using an AV. While the risk of malicious stuff downloaded from the high seas affecting you is lower, it’s still good to conduct due diligence that they don’t sit on your machine and spread anywhere else. As others mentioned, clamav is a good option.

jsveiga , 10 months ago

And don’t use root for anything that doesn’t need root.

ChonkaLoo , 10 months ago

yeah I always try without sudo and do “sudo !!” if it needs it.

shirro , 10 months ago (edited 10 months ago)

The typical consumer Windows antivirus was designed to solve a different set of problems in a different environment and analysing files for signatures and behaviors against known threats was very valuable when so many people were running executables from unsafe sources intentionally or not. Even on Windows an antivirus has never been the best way to secure a machine. It was always the lowest common denominator solution that you put on everyone’s machine because it was better than nothing.

Linux has been well served for a long time by the division or privileges between root and users and signed trusted distro sources. The linux desktop is trending towards containerized flatpak applications running in seperate namespaces with additonal protection via seccomp. Try and understand the protections Linux provides and how to best take advantage of them first and only reach for an antivirus if you still think it is needed.

gammarays , 10 months ago

I don’t understand why we keep telling new users that it is useless to use an antivirus on Linux. For people with computer knowledge, sure. However more widespread Linux adoption will mean more casual users will start using it. Most of them don’t have the “common sense” that is often mentioned ; these users will eventually fall for scams that tell them to run programs attached in emails or random bash scripts from the internet. The possibility is small, but it’s not zero, so why not protect against it?

FoxBJK , 10 months ago

Same thing happened on macOS. We used to say it’s immune because everything was written only for Windows. That stopped being true a long time ago and the majority of web servers have been running Linux for a decade. Doesn’t seem so crazy to me that someone would want to regularly scan their Linux boxes for bad code.

XTL , 10 months ago

Because snake oil is not helping, or a working substitute.

Security is a process, not a solution.

gammarays , 10 months ago

You might be legitimately annoyed by the amount of free antivirus software on Windows that don’t offer good protection, on top of being filled with ads. But I don’t agree that scanning for malicious files and preventing dangerous commands (regardless of how good the implementation is) can be labelled as snake oil.

CaptainAniki , 10 months ago

deleted_by_author

sugar_in_your_tea , 10 months ago

As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.

CaptainAniki , 10 months ago

deleted_by_author

sugar_in_your_tea , 10 months ago

You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.

CaptainAniki , 10 months ago

deleted_by_author

sugar_in_your_tea , 10 months ago

Take your pick.

CaptainAniki , 10 months ago

deleted_by_author

sugar_in_your_tea , 10 months ago

Here’s one example of a privilege escalation

…berkeley.edu/…/macos-ipados-and-ios-local-privil…

And here’s a little more detail about it, complete with links:

offsec.com/…/macos-preferences-priv-escalation/

This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).

every single one requires the user to install something

Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.

Also XCSSET Updated used a zero day in Safari.

These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.

Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we’ll see more effort in packaging them together.

CaptainAniki , 10 months ago

deleted_by_author

sugar_in_your_tea , 10 months ago

Sure, anti-virus won’t prevent the zero day from being exploited, but it can prevent any malware packaged with it from executing/causing damage. The same goes for other strategies, like sandboxing, access control, etc, the more layers you have, the less likely an attack is to be successful.

On the other side, the less valuable your platform is to exploit, the less attention it’ll have from malware authors. Most malware is looking to make a quick buck, and getting grandma to call a fake support line to fix a manufactured problem is the lion’s share of malware. Some attempt to create a botnet (i.e. worms and Trojans), and others try to steal banking and other credentials (so cookie scraping, no need for privilege escalation, just code execution).

I’m just pointing out that zero days and privilege escalation has existed to show that macOS isn’t immune. I’m sure there are plenty more, they just probably aren’t used as much because the potential benefit isn’t large enough yet. Why risk revealing your zero day when the profit potential is low? Sometimes it’s more valuable to wait and sell to a more sophisticated attacker who will go after higher value targets like sitting politicians than to sell it on the open market to a scammer who goes after grandma.

The same goes for Linux. Zero day privilege escalation attacks certainly exist, if you follow the CVEs, you can see some of them getting discovered before they’re explored. As the market expands, we’ll see more exploits actually being used, which means there are probably even more that potential attackers are sitting on.

skullgiver , 10 months ago (edited 7 months ago)

deleted_by_author

bushvin , 10 months ago

The problem with AV s/w in my experience, is that they do not work very well, and hinder the system’s functioning, because they provide duplicate behaviour of existing solutions and compete with them directly.

In one instance I discovered McAfee to disable write access to /etc/{passwd,shadow,group} effectively disabling a user to change their password. While SELinux will properly handle that by limiting processes, instead of creating a process that would make sure those files aren’t modified by anyone.

People need to understand Linux comes pre-equipped with all the necessary tools and bolts to protect their systems. They just don’t all live in the same GUI, because of the real complexity involved with malware…

bushvin , 10 months ago

Security is a process, not a solution.

Well put!

lemmyvore , 10 months ago

You should protect against it, but antiviruses are not the answer. It’s more efficient to prevent breaches by building good security into software by design (and keeping your system up to date) than to play an endless game of catch-up enumerating pieces of malware after they’re already circulating.

Windows tried this approach and it turned into a mess, antivirus companies turned into villains themselves and it still didn’t fix the underlying problems. Eventually they came around to actually fixing security problems, and keeping Windows up to date, and offering a curated source of apps and so on.

You can still use scanning on Linux, but apply it efficiently on entry points, like attachments in your email client or your Downloads dir. Don’t run a scanner all the time on all your processes and files, that’s a gross waste of resources.

It also makes no sense for a properly secured modern system. Take for example Android, where a userspace antivirus can’t work because userspace processes are isolated from each other, and a system level antivirus cannot be trusted because it needs to download signatures externally and can (and probably will) be a breach of privacy.

gammarays , 10 months ago

I basically agree with all the points you are making. Only scan downloads, email attachments and whatnot. Don’t try to play cat and mouse with sophisticated malware because that’s a waste of resources. I don’t think software like this exists?

Perhaps SELinux on desktop is the way to go as other posts are suggesting, although I heard that it has some usability problems and can break some programs.

Potatos_are_not_friends , 10 months ago

Schrödinger’s Linux fanbase

Linux is so much better and easy to use for casual users. But in order to use it, you have to understand terminal, bash scripting, understand permissions, understand the difference between various flavors, etc

RoboRay , 10 months ago

Do you have any antivirus recomendations for Linux.

Install all applications from your package manager.

Don't run things as root.

Don't visit sketchy websites.

Run an ad-blocker that isn't owned by an advertising company.

necrxfagivs , 10 months ago

Can you get a virus just for visiting a sketchy website?

Also, some programs aren’t available via my package manager (I use Fedora) so I have to add 3rd party repos. Is there a general security guide for linux?

Thank you!

c1177johuk , 10 months ago

Nowadays it is almost impossible to get a virus just from visiting websites. As for security recommendations I would recommend never running applications as roo that 100% don’t need it, as for 3rd party repos I would always be a by mindful of the apps but generally there isn’t too much of a risk, of getting a virus.

kyub , 10 months ago

Highly unlikely. A site could try to exploit unpatched security holes in your browser, but if your browser is up to date, this is unlikely to succeed. Modern browsers are very complex and large so they have lots of weaknesses, but they also get fixed quickly, a lot of eyes are on their code and they utilize sandboxing techniques as well to isolate things from your system.
Still, it's a good idea to harden your browser further yourself, or run it in an additional sandbox.

Check Flatpaks as well.

MonkderZweite , 10 months ago

Can you get a virus just for visiting a sketchy website?

Not with an uptodate browser. But there was malware in adverts on normal webpages. Even CIA recommends an adblocker.

cyborganism , 10 months ago

Meanwhile at Google…

RoboRay , 10 months ago

There have been cases of malware exploiting scripts and even images being displayed, whether directly hosted on the site or via compromised ads.

skullgiver , 10 months ago (edited 7 months ago)

deleted_by_author

pmtriste , 10 months ago

I’m using since corporate Eset on Linux. When did they drop support?

HotBoxghost2743 , 10 months ago

ClamAV is really only used to check for cross virus contamination. It’s a tool that checks for windows malware inside of Linux.

Linux doesn’t need any malware software. The way Linux runs and works is already way more secure in itself, almost everything you’ll ever download is pre compiled intro software repositories that are checked constantly.

The only way you’ll catch a virus on Linux is being dumb and clicking ads or downloading something from untrusted sources like websites that could be fake but look real.

molcap , 10 months ago

I have clamav installed, can I disable livescan? I use it mainly for data I will transfer to windows computers to make sure it’s safe

jhansonxi , 10 months ago (edited 10 months ago)

ESET Endpont Antivirus for Linux

I haven’t used on-access scanning for years but I remember Dazuko was used by multiple AV devs to provide it.

sounddrill , 10 months ago

ClamAV goated

vulpo , 10 months ago

I think clamav is a good antivirus

virtualbriefcase , 10 months ago

Virustotal is great to scan anything you download that does not contain sensitive information, and ClamAV + TK will work locally to scan anything that contains sensitive information (e.g. documents sent by others) or things too big for Virustotal.

Like others are saying, there’s less of a need for antivirus on Linux since there’s less easy entry points (e.g package manager over downloading an installer) and less (but far from 0) malware made for Linux. But we all probably download app images or get documents related to job searches at some point and I personally prefer to scan almost file that I get from a remote computer.

Gamey , 10 months ago

Unless you are in a cooperate environment or very careless with the stuff you download and commands you run you shouldn’t need one!

skullgiver , 10 months ago (edited 7 months ago)

deleted_by_author

Gamey , 10 months ago

I generally agree but the comparison can’t be made that directly in my opinion because the small userbase of desktop Linux alone helps a lot there and the addition of repositories and Flathub do so too!

HotBoxghost2743 , 10 months ago

There are way more viruses written for windows than there is for Linux

1. Linux users find viruses and they report them and then everyone works on a fix for it and it gets patched as soon as possible. This is why open sourced code is good.
2. Windows takes forever to fix or patch viruses most of the time they probably dont even care.

Everything virus related or even bug related gets patched almost immediately under Linux

Also… Everything you install on Linux is pre compiled and ore configured inside a package manager and these packages get checked constantly for bugs and viruses. Theres almost no need to install anything on Linux from websites that could be compromised

Out of the 13 years I have been using Linux I haven’t Once caught a virus but I also study malware and write malware so I also understand it more on a deep level.

But honestly it’s very hard to catch a virus on Linux

ashtefere , 10 months ago

Most antivirus software are just root level tools to harvest your data, that pretend to help

Cannizzaro , 10 months ago

You don’t need one if you know what you are doing but there’s ClamAV

GlowHuddy , 10 months ago

Yeah, I think most of the times, if you don’t run very sensitive enterprise grade machine there isn’t much point to it.

Maybe run it once in a while if you really want to.

Potatos_are_not_friends , 10 months ago

Trusting end-users to know what they’re doing… Impossible mission