Do you have any antivirus recomendations for Linux.
I don’t understand why we keep telling new users that it is useless to use an antivirus on Linux. For people with computer knowledge, sure. However more widespread Linux adoption will mean more casual users will start using it. Most of them don’t have the “common sense” that is often mentioned ; these users will eventually fall for scams that tell them to run programs attached in emails or random bash scripts from the internet. The possibility is small, but it’s not zero, so why not protect against it?
deleted by creator
Schrödinger’s Linux fanbase
Linux is so much better and easy to use for casual users. But in order to use it, you have to understand terminal, bash scripting, understand permissions, understand the difference between various flavors, etc
Because snake oil is not helping, or a working substitute.
Security is a process, not a solution.
You might be legitimately annoyed by the amount of free antivirus software on Windows that don’t offer good protection, on top of being filled with ads. But I don’t agree that scanning for malicious files and preventing dangerous commands (regardless of how good the implementation is) can be labelled as snake oil.
deleted by creator
As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.
People say this all the time and it’s never been true.
You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.
deleted by creator
Security is a process, not a solution.
Well put!
Processes alone don’t warn you when your browser gets exploited or when npm install/pip install/cargo install triggers a cryptolocker/credential stealer/cryptowallet stealer. And yes, you could containerise everything and separate everything in virtual machines and run QubesOS and whatever, but most people don’t do that because that’s a terrible pain in the ass.
Security is a process, and smart use of antivirus software is just one step of that process.
The problem with AV s/w in my experience, is that they do not work very well, and hinder the system’s functioning, because they provide duplicate behaviour of existing solutions and compete with them directly.
In one instance I discovered McAfee to disable write access to /etc/{passwd,shadow,group} effectively disabling a user to change their password. While SELinux will properly handle that by limiting processes, instead of creating a process that would make sure those files aren’t modified by anyone.
People need to understand Linux comes pre-equipped with all the necessary tools and bolts to protect their systems. They just don’t all live in the same GUI, because of the real complexity involved with malware…
In one instance I discovered McAfee to disable write access to /etc/{passwd,shadow,group} effectively disabling a user to change their password. While SELinux will properly handle that by limiting processes, instead of creating a process that would make sure those files aren’t modified by anyone.
That sounds like McAfee alright. Most antivirus software doesn’t do stupid shit like that, though. Linux has plenty of APIs and call filters to detect and prevent attacks on passwd. In its default configuration, ClamAV and various other antivirus tools don’t even do anything but update their definitions until you explicitly call them to scan a file.
People need to understand Linux comes pre-equipped with all the necessary tools and bolts to protect their systems. They just don’t all live in the same GUI, because of the real complexity involved with malware…
That’s the thing, every operating system has that. Microsoft has everything from signed drivers to exploit guard and even Microsoft Edge running entirely inside a virtual machine to combat any form of browser exploitation. Even everything from Microsoft’s EMET has been included in Windows. ACG/EAF/IAF/various ROP detection mechanisms/DEP/SEHOP/StackPivot/CIG/integrity validation, you can all enable it to prevent most exploitations in almost any program on Windows. Linux doesn’t come close!
I can count on one hand the amount of people who actually bothered to run
npm installin a container, let alone something more secure than that. I’ve never seen anyone validate the checksum of any downloaded executables or packages, let alone upload them to virustotal or any other virus scanner.The current security mindset of Linux users seems to be the same as that of macOS users ten years ago; “there are so few viruses for our platform that we don’t need to be careful”. Apple prevented that from becoming catastrophic by making macOS a Big Brother operating system where it’s practically impossible to install a driver, where every single executable is checked with Apple’s servers. Still, macOS malware is a real thing, and so is Linux malware.
With Steam Deck bringing Linux to the mainstream (as well as provide guaranteed access to a device with games and transferable collectables connected to a valid account) I expect Linux malware to start becoming more than developer/server oriented. Linux has some nice tricks (unlike Windows, it doesn’t set the execute bit and add an optional flag on new files by default) but it’s vulnerable to others. curl2bash is the norm for various professional programs. Discord tells you to open .deb files from their website, normalising the “persist this file on your system, trust me”. In fact, the standard EmuDeck installation method is “download this .desktop file to your desktop and double click it”, like you would with any Windows program.
I don’t run an antivirus program because I consider myself smart enough not to get infected (dangerous, I know). That doesn’t mean new users shouldn’t be running antivirus, though. Just because you don’t need antivirus, doesn’t mean that someone with no experience with SELinux, AppArmor, containerisation or execute bits shouldn’t. You just have to avoid the shittier companies (the free ones, the paranoid enterprise ones).
You should protect against it, but antiviruses are not the answer. It’s more efficient to prevent breaches by building good security into software by design (and keeping your system up to date) than to play an endless game of catch-up enumerating pieces of malware after they’re already circulating.
Windows tried this approach and it turned into a mess, antivirus companies turned into villains themselves and it still didn’t fix the underlying problems. Eventually they came around to actually fixing security problems, and keeping Windows up to date, and offering a curated source of apps and so on.
You can still use scanning on Linux, but apply it efficiently on entry points, like attachments in your email client or your Downloads dir. Don’t run a scanner all the time on all your processes and files, that’s a gross waste of resources.
It also makes no sense for a properly secured modern system. Take for example Android, where a userspace antivirus can’t work because userspace processes are isolated from each other, and a system level antivirus cannot be trusted because it needs to download signatures externally and can (and probably will) be a breach of privacy.
I basically agree with all the points you are making. Only scan downloads, email attachments and whatnot. Don’t try to play cat and mouse with sophisticated malware because that’s a waste of resources. I don’t think software like this exists?
Perhaps SELinux on desktop is the way to go as other posts are suggesting, although I heard that it has some usability problems and can break some programs.
I’ve been running Linux for 20 years. Not once have I been in a situation that required an antivirus. The one time I’ve had a security breach it was not a virus but user error that left a door open. And even then, it was just ransomware, not a virus.
ClamAV works and even has live scan these days, with a performance impact similar to that on Windows and MacOS. It’s not as advanced as many Windows antivirus programs, but it does the job.
There are also enterprise antivirus products, but I don’t think they’ll work well on Linux. I would avoid free, proprietary antivirus products (like Avast) like the plague because all of them have had some kind of data collection/data selling controversy or have one coming up for sure.
I used to consider ESET to be quite good, but they dropped their Linux product it seems.
If you want to scan suspicious files, try virustotal.com. That’ll run the file through a wide range of antivirus products, including products you wouldn’t normally have access to as a consumer.
I have clamav installed, can I disable livescan? I use it mainly for data I will transfer to windows computers to make sure it’s safe
If you use a ClamAV GUI, you’ll probably have a toggle for this.
If you use the command line version, you can find the documentation for on-access scanning here. Basically: open
/etc/clamav/clamav.conf, setScanOnAccessandOnAccessPreventiontoyesand make sureOnAccessExcludeUnameis set toclamdor whatever clam system user your system uses.
ClamAV is really only used to check for cross virus contamination. It’s a tool that checks for windows malware inside of Linux.
Linux doesn’t need any malware software. The way Linux runs and works is already way more secure in itself, almost everything you’ll ever download is pre compiled intro software repositories that are checked constantly.
The only way you’ll catch a virus on Linux is being dumb and clicking ads or downloading something from untrusted sources like websites that could be fake but look real.
I’m using since corporate Eset on Linux. When did they drop support?
They dropped Linux support for their home offering in 2022. Corporate probably still works (or you would’ve received an email about it) but they’re not exactly targeting individual consumers with their corporate suite.
ESET Endpont Antivirus for Linux
I haven’t used on-access scanning for years but I remember Dazuko was used by multiple AV devs to provide it.
deleted by creator
Virustotal is great to scan anything you download that does not contain sensitive information, and ClamAV + TK will work locally to scan anything that contains sensitive information (e.g. documents sent by others) or things too big for Virustotal.
Like others are saying, there’s less of a need for antivirus on Linux since there’s less easy entry points (e.g package manager over downloading an installer) and less (but far from 0) malware made for Linux. But we all probably download app images or get documents related to job searches at some point and I personally prefer to scan almost file that I get from a remote computer.
Dr Web for linux. Run it once a week.
Currently I don’t like any of the common AV solutions, ClamAV is the best we have and has great signature based antivirus, with many excellent third party virus signatures (I even use it on windows). however ClamAV has no heuristic based capabilities which means it’s lacking quite a bit in that regard.
I really wish we had a decent hurestics based AV solution oriented to consumers but afaik none really exist that are any good.
deleted by creator
Wow really helpful
do not use browsers from flatpak. browsers have their own built in sandbox that is crippled or sometimes fully disabled in order to make flatpaks sandboxing work, which are often less restrictive than the browser’s.
flatpak is better than nothing for the average user but most packages completely ignore the sandboxing it is supposed to use and require manual changes on flatseal.
deleted by creator
Thanks for the helpful list. I had concerns in the past about flatpak, because as far as I know the dependencies are bundled into the flatpak and are not using the latest version of your distro. But that means that some flatpaks probably use outdated and unsecure dependencies.
Whats your opinion on that matter?
I found flatpak to in fact be ahead of distros’ packages. Granted, I use distros that are rather conservative on update (Debian, Gentoo, and Linux Mint). If you use something bleeding edge like Arch, things may be different, but shouldn’t be far off.
Either way, I find flatpak to be reliable.
deleted by creator
I would actually like to see your Bubblewrap script if you wouldn’t mind sharing. I’ve been thinking about trying to learn how to use it for a while now, but I’ve kept putting it off since getting Xorg programs to work with it seemed difficult/confusing to me.
deleted by creator
Most is malware these days. Checkout Safing Portmaster and config blocking various outbound connections and pick a good DNS filter like AdGuard. Then if you get malware it won’t be able to connect to CnC server.
Do you have any antivirus recomendations for Linux.
Install all applications from your package manager.
Don’t run things as root.
Don’t visit sketchy websites.
Run an ad-blocker that isn’t owned by an advertising company.
Can you get a virus just for visiting a sketchy website?
Also, some programs aren’t available via my package manager (I use Fedora) so I have to add 3rd party repos. Is there a general security guide for linux?
Thank you!
There have been cases of malware exploiting scripts and even images being displayed, whether directly hosted on the site or via compromised ads.
Nowadays it is almost impossible to get a virus just from visiting websites. As for security recommendations I would recommend never running applications as roo that 100% don’t need it, as for 3rd party repos I would always be a by mindful of the apps but generally there isn’t too much of a risk, of getting a virus.
Can you get a virus just for visiting a sketchy website?
Not with an uptodate browser. But there was malware in adverts on normal webpages. Even CIA recommends an adblocker.
Meanwhile at Google…
Highly unlikely. A site could try to exploit unpatched security holes in your browser, but if your browser is up to date, this is unlikely to succeed. Modern browsers are very complex and large so they have lots of weaknesses, but they also get fixed quickly, a lot of eyes are on their code and they utilize sandboxing techniques as well to isolate things from your system.
Still, it’s a good idea to harden your browser further yourself, or run it in an additional sandbox.Check Flatpaks as well.
Unless you are in a cooperate environment or very careless with the stuff you download and commands you run you shouldn’t need one!
This is true, but the same could be said for Windows. Novices and beginners can probably do with a ClamAV install.
I generally agree but the comparison can’t be made that directly in my opinion because the small userbase of desktop Linux alone helps a lot there and the addition of repositories and Flathub do so too!
True, but commercial Linux viruses exist. Plenty of IT professionals have invested their fuck-you-money into crypto so there’s a market for desktop Linux viruses out there these days.
Flatpak helps a lot, but it’s got its own troubles and escapes if you want to actually use programs. The secure configuration locks file access to a few specific directories so loads of Flatpak applications will ask for much broader access so you can still edit pictures that are stored on other drives or outside the default Pictures folder.
There are way more viruses written for windows than there is for Linux
-
Linux users find viruses and they report them and then everyone works on a fix for it and it gets patched as soon as possible. This is why open sourced code is good.
-
Windows takes forever to fix or patch viruses most of the time they probably dont even care.
Everything virus related or even bug related gets patched almost immediately under Linux
Also… Everything you install on Linux is pre compiled and ore configured inside a package manager and these packages get checked constantly for bugs and viruses. Theres almost no need to install anything on Linux from websites that could be compromised
Out of the 13 years I have been using Linux I haven’t Once caught a virus but I also study malware and write malware so I also understand it more on a deep level.
But honestly it’s very hard to catch a virus on Linux
-
At first: In most cases you don’t need and don’t want one.
I wanted to get one as I have several old (over two decades and more) Windows game CDs that I’ve bought long before switching to Linux. Back in the days it was actually a thing that sometimes malware slipped into professionally pressed CDs (especially on discs that came with PC game magazines or cheap game collection boxes).
For this case (Windows software check before attempting to run with wine) I can recommend ClamAV. It is open source and available on probably every distribution. But there is no need to attempt having it running all the time. I just run scans from the terminal whenever needed.
The typical consumer Windows antivirus was designed to solve a different set of problems in a different environment and analysing files for signatures and behaviors against known threats was very valuable when so many people were running executables from unsafe sources intentionally or not. Even on Windows an antivirus has never been the best way to secure a machine. It was always the lowest common denominator solution that you put on everyone’s machine because it was better than nothing.
Linux has been well served for a long time by the division or privileges between root and users and signed trusted distro sources. The linux desktop is trending towards containerized flatpak applications running in seperate namespaces with additonal protection via seccomp. Try and understand the protections Linux provides and how to best take advantage of them first and only reach for an antivirus if you still think it is needed.
I think clamav is a good antivirus
There are anti viruses that run on GNU/Linux like ClamAv and kaspersky but they actually do not target the machine they run on or at least they are not so useful. Their intention is to stop the spread of malware.
In general, you just need to install softwaref uaong the package manager from trusted sources that are usually the defaults of your distribution and not input your password when you are not expecting it.
When copying commands to the terminal, most terminals will warn you if you are copying a command that requires root privileges.
That said for the operating system, apply it to the browser as well by being eclectic on what extensions you install and voila. 99.99% guaranteed malware free.
A very good point I forgot! Only use trusted software repositories!
Most antivirus software are just root level tools to harvest your data, that pretend to help
