• Dizzy Devil Ducky
    link
    fedilink
    English
    1112 days ago

    As someone who may obtain games and shows/movies through less than rights holder approved methods, ClamAV is a necessity.

    • @[email protected]
      cake
      link
      fedilink
      712 days ago

      Not just for the pirate though. If you share any files between nix and win OS’s. I wouldn’t want to share any computer std with those I care for, friend, family or business.

      There are also cool tools like chkrootkit and rkhunter that might come in handy.

  • @[email protected]
    link
    fedilink
    24
    edit-2
    12 days ago

    Everyone should think about threats to their data. Cloud backup and laptops better be encrypted, services with open ports be shielded. Linux viruses do exist, especially for android and routers. But also whatever system has an outdated dokuwiki open in the wild is a welcome addition to a botnet. The value of a botnet is in number of infected systems and you don’t need root access to mine monero or take part in a ddos on a machine. Linux security is sincerely undervalued. Selinux, the grsec kernel patches, chrootjail, tripwire… do exist, but are a hassle to setup and maintain. The new container options are nice (docker or flatpack) having your webbrowser contained is not a bad idea.

    Update your router, your desktop is spoiled for updates. I stop my 1 am ramblings here.

          • 乇ㄥ乇¢ㄒ尺ㄖ
            link
            fedilink
            112 days ago

            Probably because FileZilla requires special access to personal files and WD probably knows It’ll try to send them elsewhere

            The things that trigger antivirus software aren’t just hashes anymore, it’s the behavior of the software on your machine… That’s why I said it’s better now…

              • 乇ㄥ乇¢ㄒ尺ㄖ
                link
                fedilink
                012 days ago

                Oh, wait… I just remembered… users have reported that Filezilla does by itself install malware/bundleware, unless you’re very careful to untick some boxes during the installation… IT IS malicious that they install other stuff on your machine and it’s hard for you to find what exactly they installed…

                See the Negative reviews on Alternativeto

                • go $fsck yourself
                  link
                  fedilink
                  English
                  012 days ago

                  The detection happens with the update download, which does not have any bundled software. It also detects the installer that specifically does not have the option for installing bundled software.

        • knightly the Sneptaur
          link
          fedilink
          112 days ago

          I suppose if there was a wine config that had an appropriate dosdevice setup for the boot sector then it’d be able to write to it, but wine doesn’t need to boot so I don’t think that would do anything.

        • @[email protected]OP
          link
          fedilink
          English
          112 days ago

          They simply can’t because its designed to do that on windows not on Linux because they are different. Plus use ClamAV and you should be good. (I am not an expert in this)

      • @[email protected]
        link
        fedilink
        612 days ago

        Nope. With a stock wine prefix it can access anything you have the permission to access. Your FS root is mapped to the Z:\ drive by default.

  • @[email protected]
    link
    fedilink
    English
    2212 days ago

    An antivirus is mostly just a blacklist of known malware. Sometimes heuristics are used such as ‘this piece of software isn’t installed on many PCs, and it appears to be doing shady stuff like, monitoring keystrokes or listening to your microphone’. But unless your antivirus is actually sentient there’s no way for it to really distinguish between a chat application that listens to your microphone so you can talk to your friends / monitor your keystrokes to know when you’ve hit the push-to-talk key, and a piece of actual malware that intends to spy on you and blackmail you.

    What you have with a package manager is a whitelist of programs that have been selected by your distro maintainers. Is it completely impossible for someone to sneak malware into a distro’s repository? No, but its a lot easier to maintain a list of known good software than it is to maintain a list of known bad software. And in that situation your antivirus isn’t going to help you anyway, since the people maintaining its malware list aren’t going to magically know that something is malware before the distro maintainers do.

    So, generally, just using your package manager instead of running random shit you find online is going to be a lot better than any antivirus. With things like Wayland and Flatseal becoming more common we’re heading towards a situation where fine-grained per-package permissions will become the standard way distros do things, making antivirus even more unnecessary.

    We should have done that a long time ago, as the security model of ‘any program you run can do anything you can by default’, then blacklist the ones that inevitability abuse that privilege, is completely backwards.

      • @[email protected]
        link
        fedilink
        English
        1512 days ago

        In addition to what groet said, I’ll add that this is a little bit like asking “what’s the difference between a public library and Amazon?”.

        Yes, there are other public libraries you could go to if the one you subscribe to didn’t have something you wanted or ‘went bad’ somehow, but the most important difference is you don’t have an antagonistic relationship with your public library. Your public library doesn’t have a financial incentive to try to trap you or screw you over.

      • @[email protected]
        link
        fedilink
        312 days ago

        You can install packages from other places and create your own (and then install them). The distro maintainers have one (or multiple) list of “approved” software but you can add as many lists as you want to your package manager. Often software developers will have their own package list that contains only their own software and if you install it you have to add that list to your package managers trusted software locations. In that sense it isn’t really better than going to the developers website and downloading an installer on windows but it is quite rare you have to do that

      • @[email protected]
        link
        fedilink
        112 days ago

        I’m not super familiar with Apple as I am with Android so take what I talk about iOS with a grain of salt, and Macos with a shovel of salt.

        Android permission model is a bag of different layers, and some specific permissions have shifted to more strict layers over the years. For example, in the beginning all apps had a private space that other normal apps could never get into, and public space that everyone would be able to read and write provided they made such “request” at download time. For some time after that I think they moved it to next level, so you " requested" that both at download time AND with a pop up to the user. Currently you have to do all that AND not be a normal app and fill some forms and Google has to agree with you.

        Camera, microphone and GPS has been for a long time in the middle tier of requesting at download time and with pop up, for both Android and iOS. But I think not on Mac os, and certainly not on Linux, with the exception of browsers, that have their own security models rolled up on top of whatever their os imposes, since they execute code from total strangers every time you open a page for the first time.

        Some permissions like send and receive Internet data are still in the lightest tier, only asked at download time, for both Android and iOS.

        I recently wanted to put my Linux obsidian without Internet access, and had to learn how to do that with a script that calls bwrap that in its turn calls obsidian. I wasn’t comfortable otherwise, because I wanted the freedom to run as many community plugins as I wanted, and this is strangers javascript code running in my machine, and I didn’t want it accessing random folders and uploading things.

        If I ran vscode I’d do the same, since I’m not familiar with the vetting process for its plugins. Same for gimp, but I never needed plugins in it.

  • @[email protected]
    link
    fedilink
    512 days ago

    I just switched to linux and totally forgot about this. Do I really not need one? 99% of what I do is steam gaming anyway so I’m not too worried, worst case I just format and reinstall, but still…

    • @[email protected]
      link
      fedilink
      English
      1112 days ago

      Most malware is not Linux compatible. However the stuff that is will fuck you over very hard. Get clamav set a cron

    • @[email protected]
      link
      fedilink
      712 days ago

      ‘The best anti-virus is common sense [current year]’ - was a meme more than decade ago and is still true. Linux is not safer than any other OS.

      The reason why people think otherwise is because statistically, when bad actors release malware it’s made for the OS with the largest market share. Which for computers, is still Windows by a landslide.

      • @[email protected]
        link
        fedilink
        English
        4
        edit-2
        12 days ago

        Linux is not safer than any other OS.

        Apache web servers were, are, and will continue to be common thanks to their cheapness and ease of configuration. And malware (particularly and most recently coinminers) have been a plague on Apache for at least the last few years.

        “Nobody’s come after my bespoke Linux kernel” is just preaching security-through-obscurity. Which - hey - if you’re running a Mint box to host videos on Jellyfin, sure. The absolute worst case scenario is being forced to re-download 1000 hours of tv/movies/music you forgot you even had. But if you’re doing any kind of business application or - god forbid - enterprise level application development, you might as well post a “Kick Me” sign on your admin’s back as tell your team that Linux is virus-proof.

        • @[email protected]
          link
          fedilink
          English
          211 days ago

          If you are a Halo fan or have ever played Halo reach. The only thing I can imagine is the slip space rupture detected scene except for every time instead of slip space. It’s Yara heuristic detected. https://youtu.be/Q_4i-yOUmXY

  • @[email protected]
    link
    fedilink
    English
    3212 days ago

    A few years ago I found a text (probably as image) where somebody ‘tried’ to run a virus on linux. It went something like this:

    Wanted to install a virus on Ubuntu, but it was only available as an aur package. Tried converting. Didn’t work … Tried make virus, but didn’t work. Upgraded cmake, tried again, but some libraries were missing.

    Tried installing libraries, but they were very outdated and I couldn’t find proper versions.

    Checked the source to see what the libs were doing and replaced them.

    and so on.

    Does someone know what I’m talking about and possibly has the source?

  • 🦄🦄🦄
    link
    fedilink
    112 days ago

    I was just wondering, would immutable distros be even less affected than Unix systems in general?

      • 🦄🦄🦄
        link
        fedilink
        012 days ago

        Can you elaborate? Wouldn’t malware need to install something which would not happen on an immutable?

        • @[email protected]
          link
          fedilink
          312 days ago

          Immutable distros can usually be set to mutable with the correct privileged command.

          It’s essentially security by obscurity. But I disagree with “no benefit”. An infection miss through dumb luck is still a miss, after all.

        • Possibly linux
          link
          fedilink
          English
          111 days ago

          If malware has root access it can do whatever it wants

          Things like SElinux and sandboxing is what secures systems.

    • JoYo
      link
      fedilink
      English
      112 days ago

      is that the goal with immutable distros? i thought they were primarily used for rollbacks.

  • @[email protected]
    link
    fedilink
    1111 days ago

    I recently learnt you can fully delete your root account. Can that fully deter viruses? (Assuming viruses need root access to cause damage)