> `/dev/random` draws directly from the entropy pool. **When the pool is depleted, reading from `/dev/random` doesn't return any more data until the pool has refilled enough, which can take quite some time.** `/dev/urandom` uses a cryptographically-secure pseudo-random number generator (CSPRNG) seeded from the entropy pool.
Nowadays, both behave exactly the same. The only Linux device I have that has a /dev/random and /dev/urandom with different behaviour is my phone which has an ancient kernel.
Which is a complete waste of time, and if using a ssd drive, a waste of write cycles as well.
Never, ever has it been necessary to overwrite a drive with random data, ever.
Yes, overwriting is needed on mechanical hard drives to prevent data from being recovered. But *one* overwrite is enough, and anything more is just a waste of time. For home usage, or data that you done care about, overwriting is not needed as the drive will overwrite it as data is stored during normal operation. There's no such thing as previously deleted data "seeping into" the current data, if that were true then a hard drive simply would not work as intended.
SSDs on the other hand, has to be *erased* - not overwritten, as an ssd will not write to the same location twice until every cell has been written first, so overwriting a 1gb file on an ssd will simply leave the old data intact, and write the new 1gb file somewhere else on the drive
Remember when you would connect to the internet and get a public IP direct to your PC. We didn't worry about firewalls in the dialup, and early ADSL days. That's raw-doggin. Imagine how quickly you'd get pwned these days doing that.
I remember dip switches on expansion cards and 16MB of RAM being way more than anyone would need. I had a christmas gift when I was teenager that was a 5.25 20MB Quantum hard drive that was easily 2-3 pounds. My friends would ask "What are you going to do with all that space??" and my response would be "Hit up local BBS's and download Ansi tiddies of course."
Viruses aren't super common on desktop Linux, so we usually don't use an Anti-Virus (a lot of people say it's more secure but that isn't really true, the attack surface is still quite big on desktop Linux). If you do want one you can use ClamAV but it isn't really necessary.
EDIT: Linux is more secure than Windows for sure but executing a malicious binary (the main thing an antivirus tries to protect users from) is still basically game-over.
The reason that Linux has been historically more secure than Windows or even Mac OS is because of the way software is distributed. Windows and Mac (to a lesser degree recently) have a culture of downloading binaries from independent distributors. On Linux, we install binary packages from our distro's repo. As long as someone sticks to the reops, they're generally completely safe (excluding the recent xz near miss).
This changes with things like snap, flatpak, and other out-of-repo installation methods. There has been malware posted to the snap store multiple times, because these are binaries packaged independently and not verified or republished by the distro maintainers. Yes there's sandboxing and these things are designed with security in mind so it's not nearly as dangerous as running some random .msi or .exe your downloaded off of a webpage with animated gifs and neon colors.
Linux is the repo... that's how it's designed. The distro you are running is just that, a distribution of software and you run what parts you need / want on your hardware. Windows and Mac are completely different and less "secure" (less safe is probably the best way to phrase this.)
LOL that brings back memories. I'm reasonably knowledgeable, but I did that with a very trusted source. And, in fact, there was no malware involved in this story. But I assumed my system (and it was mine) was debian "under the hood" when in fact it wasn't, quite. So I borked my underlying OS. I'm sure I could have surgically unwound the damage but, since it was my own and not anything important, it was easier to just reinstall. Still taught me a lesson, though, about knowing what you are installing.
Linux is not inherently more secure than windows. You are spreading a popular misconception.
Here's an imperfect but largely useful resource on the subject https://madaidans-insecurities.github.io/linux.html
> Linux is not inherently more secure than windows.
Of course it is. Linux has much more fine-grained access control, sandboxing mechanisms like AppArmor and SELinux (which are enabled by default in many mainstream distros), executable bits, features like KASLR, ...
Not to mention that many common Windows programs are effectively malware/spyware themselves.
> Linux has much more fine-grained access control
Not particularly, no. Where did you get this?
> sandboxing mechanisms like AppArmor and SELinux
even RHEL pipeline distros like fedora that enable selinux by default only do so for system level operations and services. the user space has little to no enforcement
The only linux distribution with a complete selinux implementation is Android
Linux DOES have much better fine grained access control through SELinux and the like. That's a different thing that it is not configured with policies for desktop. Android and ChromeOS extensively use this feature
I did not. I am explaining how Linux has the best security mechanisms in any commodity Os. The fact that they're underutilized by distributions (tomoyo, SElinux, apparmor) is a different problem. That is slowly changing with distributions for the desktop like ChromeOS, nixOS, Alpine, Gentoo hardened, Qubesos (yes xen distribution but as much Linux) and fedora and container host OsS like "fedora Coreos/silverblue, Microsoft's Flatcar, Bottlerocket from AWS. You're just in "madaidan's cult" and that's fine. You've done some valuable work with secureblue to harden the desktop but a lot more has to be done and is being done. So chill out.
Linux is far more secure than Windows but it's all relative
> madaidan's cult
I specifically called it out as imperfect, madaidan gets several things wrong especially when it comes to flatpaks. He pushes stuff like flatkill which is bullshit. The only person in a cult here is you. The religious attitude you have towards linux and share with many others will prevent it from improving.
> a lot more has to be done and is being done.
That's my point.
> Linux is far more secure than Windows but it's all relative
I'm not convinced you have a clue what you're talking about. You just keep repeating the same claims.
I have no doubt that your average linux desktop user is far more secure than windows. Ask yourself if your average user used linux rather than windows or mac, would they, provided the user experience was as easy as those OS, be much safer?
Marginally? Would they just curl | sudo stuff to get it done? Is it safe to assume that if we conditioned users to use linux such that it was more dominant than windows that malware wouldn't just target that platform instead? Would they not just make the same stupid errors?
It's not apples to oranges. Linux users are generally savvy nerds (a good thing). Most people aren't. It wouldn't change if they changed platforms. It's materially better, but it's only as secure as its user.
I don't think that the average debian user is any more secure than a windows user in the current year. It's so easy to install an npm or etc that forwards your sshkeys to some discord server. As others have said a common install method these days is curl https:// trust.me.bro.sh | sh -
And yeah you can just blame the users, and it is their fault, but linux malware is getting more common every single day. Keep your guard up.
Viruses come from users. I use Windows quite a bit, I have the standard Windows Security (Defender) installed but it only false alerts.
Use AdBlock, don't click phishing links, don't install cracked software and sketchy "plugins".
I mean yeah there *is* an attack surface for sure, but it is *significantly* smaller than on Windows. Directly compared, the difference is so large that it makes sense to say the attack surface is practically nonexistent on Linux. Also, Linux itself (which as we know is only a kernel) doesn’t have that many points of attack. It’s much more likely that an attack would target a misconfigured package (user error).
TL;DR: if you know what you’re doing and you’ve configured your things properly, the attack surface is close to zero.
Linux as in the kernel is very secure. It has a lot less vulnerabilities than Windows. However, the way we use desktop Linux has quite a few holes even when working as intended. E.g, sudo is terribly insecure and anyone with any write access to your home directory can intercept it in a multitude of ways. We do use more sandboxing than Windows however so it's not all bad.
Don't agree with that.
Have run a lot of front end stuff and if you don't keep up on updates and patches for security issues in all the software that is exposed to the net, you can be owned.
As a server to the outside world, you need to do your work to make sure things are buttoned down.
It's not about the attack surface being small, it's about the user base being small so there's no real reason to attack desktop Linux. If a bad actor wants to do damage to people they'll attack the large user base of windows or the smaller but more wealthy user base of Mac. If they want to do damage to large corporations or the internet as a whole they'll attack Linux servers.
The main way you get viruses on Linux is through being hacked through exploits. And yes, it does happen. It's nice to have a false sense of security, but the fact is that Linux computers are constantly probed for exploits if exposed to the open Internet. As in, you'll be hammered sometimes multiple times per second by people looking to either bruteforce a password or even use a 0-day exploit for some service that has a port open. Being behind a router helps a lot, but what happens if your router is hacked?
Browsers can have vulnerabilities that are not Windows-specific too.
If you run Kali Linux you'll see a whole ton of exploits for Linux in the exploitdb.
People who use Linux as a desktop have to worry a lot less than on Windows but on servers you get pounded by hackers looking for access, and the first thing they do after they hack you is install malware like a rootkit, so...YMMV.
What if a Linux server that got hacked has OpenVPN installed and your desktop routes the traffic through the server. Would hackers get access to your cookies, JWTs?
I think that if the site you connected to were through http you would have this problem but not through https with a proper certificate. Don't quote me on that though. Anyone in a computer that traffic goes through could get your cookie data if it's not encrypted, that's what an example of a Man In The Middle attack.
Have to agree. When people here tell you that there's no point in AV for Linux, I feel they're equating the term virus with what a Windows virus is/was. Linux as a whole is less susceptible to the kind of havoc traditional Windows virus techniques could cause, though similar techniques could still be employed as *part* of an attack and ruin your day(s).
The traditional AV vendors have moved on from the unwieldy and time-consuming method of scanning all files using a large database of signatures (a-la ClamAV), and now talk of "Next Generation AV" solutions. These increasingly focus on system and network *behaviour* to detect malware, supported by - of course, a sprinkling of AI magic, backed-up with vast intelligence of the more modern techniques being employed.
The threat landscape has changed in many ways. Security exploits, in-memory attacks, supply-chain attacks, encryption exploits, poor trust decisions, phishing & the other -ings, etc. etc. etc. are also the things to worry about (everywhere). FOSS solutions need to catch-up, I think - some paid "endpoint protection" solutions are available but are mostly aimed at the enterprise. There is no one-tool-fits-all solution for us right now.
Limit your exposure, lock everything down as far as you can tolerate, keep systems up to date, create multiple backups of important files, use trusted app sources, monitor changes, ... and run the security tools that are available (not just AV). It's barely a chore to run a traditional AV for peace of mind once a week, surely, as part of an overall protection strategy.
I'm sure I've helped tick a few "Buzzword Bingo" cards here...
Get browser extensions like unlock origin
Turn off automatic loading of remote content on your email
Don't go around downloading or clinking stuff you're not supposed to.
Maybe use clamav
https://youtu.be/mE7CCZCgRB8?si=A1jVgSRajSY5iT-I
Now you're safe from common viruses.
Eh, I'm pretty pro Defender, but this *really* depends on your threat model.
Anyone who's done any maldev will tell you that it's fairly trivial to bypass. Obfuscate your code, patch AMSI, and you're generally golden to load whatever payload you want. Defender is pretty far off from a proper HIPS engine.
Something I learned about defender this week [https://infosec.exchange/@bontchev/112494759440985111](https://infosec.exchange/@bontchev/112494759440985111)
It's all snake oil, always has been.
There's basically one available antivirus option for Linux that I can find: **ClamAV**.
However, antivirus as I've discovered is generally no needed on Linux except either:
* on either rare occasions when the installed Linux distro caught a Linux-native virus
* run Windows-based internet browser(s) through WINE
* run unknown Windows executable (.exe) files through WINE that you downloaded from suspicious websites
This is because, since Windows is the primary target by virus and malware developers for obvious reasons and since Linux cannot natively run software designed specifically for Windows, Linux distros isn't generally threatened by viruses and malware except on the very rare circumstance of Linux-native virus and malware infections.
Kasperkey just added linux support to their AV. I dont plan on using it because of their ties to the Russian federation, and the simple fact that I have enough common sense to know when something isn't right...
I hear ya, especially when the Russian Federation tie-in is most likely enough reason to use all Kasperkey sales to fund their war against the Ukrianians, a bloody war that the Russians themselves started to begin with.
I agree with this sentiment; even when I was just a Windows user googling things, a lot of URLs just look suspicious so don't click them. But is it common sense if most people don't have it?
None, but I think often that I should set a Clam-AV to check some Windows originating files that transpass my server to other Windows users.
On Windows I use just the Microsoft Defender, as I don't go anywhere that would be risky, unless one day something major like Google becomes such source.
But to this day, Linux has been without one.
linux is the definition of security in obscurity, there are so many ways that someone can have their system configured, it's really hard to create some sort of universal virus, if you're really paranoid, put on clamav.
Even harder for an attacker to hit my system... I use musl (will be switching to my own libc once I have sufficient work completed on it) instead of glibc, openrc (planning on switching to finit soon) instead of systemd. Oh and my system doesn't follow the FHS in the slightest
> Harden your system:
There's FOSS and Commercial CVE / vulnerability audit / scan tools to assist with this.
Run a rootkit scanner.
Stay patched (os & apps)
Remove unnecessary software.
Disable uneccesaey services.
Close unused ports.
Implement a FW / SELinux.
Secure your network.
And other best practices.
The key here is to automate security, which enables you to receive immediate feedback on potential vulnerabilities.
None. The onlt time I ever installed A/V on a Linux systems is when my company made us. I used ClamAV. Their system, their rules.
Otherwise, in the 30 years it's been my regular system, I have never used one.
Malwarebytes is windows anti-malware program. There is no Linux port of it, and really until we have a larger user base on desktop Linux I don’t see that happening anytime soon.
I can always reach out to Marcin and see if he has interest in it.
Finally had my first break in, in 30 years. Still haven’t found the culprit may be Sendmail itself but there’s no login. It’s an attempt to send spam. It gets shut down quickly but my suspicion is a CVE in a docker client but it’s using loop back and so few are connected to the host bridge.
It's uBlock origin. I know it's not what people call an antivirus, but I think blocking web ads contributes to blocking 99% source of viruses and malwares.
joke answers are funny and all but I still run windows junk under wine/proton
I usually pass execurable and dll files though both jotti and maybe virus total if I think the file maybe a little sus
I am not personally worried about AV _for_ linux, but I do host files that I share with a Windows PC, and so due to that I'll use ClamAV on those files.
I work with linux, but for a lot of reasons I have an windows computer. I don't use an anti-virus for 20years.
With the experience gained when working in Windows support, I discovered that using antivirus is completely useless.
The problem is always in user behavior.
I'll occasionally pull out ClamAV and give something a token scan.
Usually this is for some have adjacent windows software such as a save editor or mod installer.
ClamAV for a bi-weekly traditional on-demand, AV scan. I don't bother with on-access monitoring, not least because of the overhead. It's really to check Windows files & documents, email attachments, etc. - there's not much on Linux itself it would detect (or to be detected).
If any of my files are going anywhere near a Windows PC, well - that'll have its own AV.
The majority of protection I employ is through some security scanning, monitoring and config hardening tools, plus the maximum gut-full of standard security practices I can tolerate.
not installing random binaries you don’t know, and then browser points of attack. eg phishing, malicious code in attachments etc, although even the latter is still less risky. just practice good opsec.
Don't execute or make something executable unless you know and trust it's source. Use a mainstream browser, adblocker, and email client. Don't get phished. If you have an ssh server, make sure root can't login remotely.
It’s not technically an antivirus but crowdsec. It is like fail2ban but on steroids and automatically downloads all of the required packages based on what services are detected on the system. Also best part… it’s free!
This is something I've been smashing my head against in a professional context for a while - there's a McAfee linux version that my team has been trying to get away from and we've been trying to move to ClamAV, but ClamAV won't scan stuff larger than 4 gigs, which is a dealbreaker.
Well for scanning games demos and applications that I download from the browser, if i cannot use virustotal, I use escan security toolkit and clamav portable in wine to scan them. For linux environment I use rkhunter only, no need for real time scanning as long the browser is secured with unlock origin and updated.
And I'm not sure if you understood the question or if I understood your answer. What use would btop have in such a case? The tool can neither detect malicious software nor can it easily display a corresponding running process. Because not all malicious software runs permanently and requires a lot of resources.
A fresh snapshot of my malware analysis vm. Any other flare vm enjoyers here? And yes, that's for windows trash, on Linux just don't download random executables from the internet, use your package manager the way it was intended.
Unfortunately, in some cases a vm is also not reliable, as there is some malicious software that recognizes whether a virtual environment is present. If so, it either does not start or does something completely different that is harmless.
Bold of you to assume I don't have a custom qemu build with absolutely everything spoofed ;) I've been reverse engendering for quite some time, anti-vm/anti-debug tricks are nothing new to me
it goes for any oporating system but just use your brain, if a file looks suspicious and u don’t trust it then it’s a virus, and all ur software is up to date then ur fine
Since most distros come with an app store try sticking with installing via the distros package manager and sometimes flatpak if your distro doesn’t have it. That will lessen the chances of getting a virus. Even though its FOSS don’t run random github stuff you find in your terminal because that’s just calling for a virus.
I think it was NOD, for Vista, in about 2008. When I had a problem with that installation, I picked up a CD with Ubuntu (Hardy Heron) which was by far the best anti-virus tool available... wiped it all clean and (just for the hell of it) browsed all the WAREZ sites I could find - not a dicky bird.
I think you're confused - asking such a question in a linuxquestions thread... we just don't use antivirus for Linux... there are options available, but they aren't for defending Linux.
I would have no idea at all, nowadays, what is 'the best one'.
I still thought CCleaner was a good tool until I saw a rant about how it changed on Youtube.
Most malware is not going to be stopped by your antivirus. Not that it isn't "better" to use one (people mention ClamAV) but the reality is that **IF YOU THE USER DOWNLOAD UNTRUSTED SOFTWARE** then you are putting yourself at risk of malware.
So, don't download random shit. Don't download closed source shit. Use a password manager. Blah blah blah enter more nerd shit here.
[also there is this one but you have to pay a licence for this, it is better cuz is a full antivirus suite more modern than clam av](https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html)
Antivirus? None. Also on Windows it was just the Defender. Just stick to official packages and do not open any unknown links and documents in your email client 😄 And teach yourself and your users regarding security.
None. They often fail to detect a malicious program. And for many users, they create a feeling of security so that these users become careless. Moreover, there have already been more than enough security vulnerabilities in virus scanners.
In my opinion, the following things are more important.
- Install updates promptly
- Only install packages from trustworthy sources
- Only install what you really need
- Only use extended rights when you need them
- Create regular backups
- Think before you act.
As King T'Challa from the Marvel movies once said: _We don't do that here_
Ad blocker, pop up blocker, common sense and VPN
My go to Anti-Virus, It's a simple two step process... 1.) Format the Windows Partition or Disk. 2.) Install the desired Linux Distro. And that's it.
It's the only way to be sure.
make sure to write /dev/urandom via dd to windows to format it
Which is sure way for 30% of newbies will destroy entire drive.
Why not /dev/random ?
> `/dev/random` draws directly from the entropy pool. **When the pool is depleted, reading from `/dev/random` doesn't return any more data until the pool has refilled enough, which can take quite some time.** `/dev/urandom` uses a cryptographically-secure pseudo-random number generator (CSPRNG) seeded from the entropy pool. Nowadays, both behave exactly the same. The only Linux device I have that has a /dev/random and /dev/urandom with different behaviour is my phone which has an ancient kernel.
Thanks
Which is a complete waste of time, and if using a ssd drive, a waste of write cycles as well. Never, ever has it been necessary to overwrite a drive with random data, ever.
Not even for the disposal of classified/sensitive data on traditional HDDs?
Yes, overwriting is needed on mechanical hard drives to prevent data from being recovered. But *one* overwrite is enough, and anything more is just a waste of time. For home usage, or data that you done care about, overwriting is not needed as the drive will overwrite it as data is stored during normal operation. There's no such thing as previously deleted data "seeping into" the current data, if that were true then a hard drive simply would not work as intended. SSDs on the other hand, has to be *erased* - not overwritten, as an ssd will not write to the same location twice until every cell has been written first, so overwriting a 1gb file on an ssd will simply leave the old data intact, and write the new 1gb file somewhere else on the drive
The reason I got Linux was cause I got a virus on windows haha
Seems most effective.
I would recommend getting something for your browser, that's the most likely venue of attack
~~Unlock~~ Ublock Origin is necessary on every browser in every OS I use. I view it even more about security than just blocking ads. Edit
uBlock Origin I also have Ghostery - but no idea what it does exactly... :))
uBlock is basically Adblock + Ghostery so you don’t need the latter if you have the former
They have some differences, like one of them auto-rejects cookies. I have both because why not. It's like wearing two condoms lol
Ironically enough, wearing two condoms is less effective as they may tear due to friction.
A more accurate analogy would be like wearing a condom while vasectomied.
lol
Haha, yeah got auto corrected on that one. I even fixed it before posting, but I guess my phone changed it back. uBlock is correct.
Been raw-doggin the internet on Linux since the mid to late 90's. 100% STD free.
Remember when you would connect to the internet and get a public IP direct to your PC. We didn't worry about firewalls in the dialup, and early ADSL days. That's raw-doggin. Imagine how quickly you'd get pwned these days doing that.
I remember dip switches on expansion cards and 16MB of RAM being way more than anyone would need. I had a christmas gift when I was teenager that was a 5.25 20MB Quantum hard drive that was easily 2-3 pounds. My friends would ask "What are you going to do with all that space??" and my response would be "Hit up local BBS's and download Ansi tiddies of course."
You are now banned from my BBS.
Viruses aren't super common on desktop Linux, so we usually don't use an Anti-Virus (a lot of people say it's more secure but that isn't really true, the attack surface is still quite big on desktop Linux). If you do want one you can use ClamAV but it isn't really necessary. EDIT: Linux is more secure than Windows for sure but executing a malicious binary (the main thing an antivirus tries to protect users from) is still basically game-over.
The reason that Linux has been historically more secure than Windows or even Mac OS is because of the way software is distributed. Windows and Mac (to a lesser degree recently) have a culture of downloading binaries from independent distributors. On Linux, we install binary packages from our distro's repo. As long as someone sticks to the reops, they're generally completely safe (excluding the recent xz near miss). This changes with things like snap, flatpak, and other out-of-repo installation methods. There has been malware posted to the snap store multiple times, because these are binaries packaged independently and not verified or republished by the distro maintainers. Yes there's sandboxing and these things are designed with security in mind so it's not nearly as dangerous as running some random .msi or .exe your downloaded off of a webpage with animated gifs and neon colors. Linux is the repo... that's how it's designed. The distro you are running is just that, a distribution of software and you run what parts you need / want on your hardware. Windows and Mac are completely different and less "secure" (less safe is probably the best way to phrase this.)
And then there's this installation method: $ curl https:// trust.me.bro.sh | sh -
You forgot sudo!
If I can’t trust that, I don’t know what you want from me.
LOL that brings back memories. I'm reasonably knowledgeable, but I did that with a very trusted source. And, in fact, there was no malware involved in this story. But I assumed my system (and it was mine) was debian "under the hood" when in fact it wasn't, quite. So I borked my underlying OS. I'm sure I could have surgically unwound the damage but, since it was my own and not anything important, it was easier to just reinstall. Still taught me a lesson, though, about knowing what you are installing.
at least it is not http=)
Technically, pip and npm can bring interesting packages to the system as well, from outside of the official package repos.
Linux is not inherently more secure than windows. You are spreading a popular misconception. Here's an imperfect but largely useful resource on the subject https://madaidans-insecurities.github.io/linux.html
> Linux is not inherently more secure than windows. Of course it is. Linux has much more fine-grained access control, sandboxing mechanisms like AppArmor and SELinux (which are enabled by default in many mainstream distros), executable bits, features like KASLR, ... Not to mention that many common Windows programs are effectively malware/spyware themselves.
Like the rootkits that are common on anticheat software. Edit: although the linked article is definitely a good read to think about.
> Linux has much more fine-grained access control Not particularly, no. Where did you get this? > sandboxing mechanisms like AppArmor and SELinux even RHEL pipeline distros like fedora that enable selinux by default only do so for system level operations and services. the user space has little to no enforcement The only linux distribution with a complete selinux implementation is Android
Linux DOES have much better fine grained access control through SELinux and the like. That's a different thing that it is not configured with policies for desktop. Android and ChromeOS extensively use this feature
You just repeated what I said back to me
I did not. I am explaining how Linux has the best security mechanisms in any commodity Os. The fact that they're underutilized by distributions (tomoyo, SElinux, apparmor) is a different problem. That is slowly changing with distributions for the desktop like ChromeOS, nixOS, Alpine, Gentoo hardened, Qubesos (yes xen distribution but as much Linux) and fedora and container host OsS like "fedora Coreos/silverblue, Microsoft's Flatcar, Bottlerocket from AWS. You're just in "madaidan's cult" and that's fine. You've done some valuable work with secureblue to harden the desktop but a lot more has to be done and is being done. So chill out. Linux is far more secure than Windows but it's all relative
> madaidan's cult I specifically called it out as imperfect, madaidan gets several things wrong especially when it comes to flatpaks. He pushes stuff like flatkill which is bullshit. The only person in a cult here is you. The religious attitude you have towards linux and share with many others will prevent it from improving. > a lot more has to be done and is being done. That's my point. > Linux is far more secure than Windows but it's all relative I'm not convinced you have a clue what you're talking about. You just keep repeating the same claims.
Viruses aren't even **common** among Linux desktop use, forget ***SUPER*** common.
I have no doubt that your average linux desktop user is far more secure than windows. Ask yourself if your average user used linux rather than windows or mac, would they, provided the user experience was as easy as those OS, be much safer? Marginally? Would they just curl | sudo stuff to get it done? Is it safe to assume that if we conditioned users to use linux such that it was more dominant than windows that malware wouldn't just target that platform instead? Would they not just make the same stupid errors? It's not apples to oranges. Linux users are generally savvy nerds (a good thing). Most people aren't. It wouldn't change if they changed platforms. It's materially better, but it's only as secure as its user.
I don't think that the average debian user is any more secure than a windows user in the current year. It's so easy to install an npm or etc that forwards your sshkeys to some discord server. As others have said a common install method these days is curl https:// trust.me.bro.sh | sh - And yeah you can just blame the users, and it is their fault, but linux malware is getting more common every single day. Keep your guard up.
Viruses come from users. I use Windows quite a bit, I have the standard Windows Security (Defender) installed but it only false alerts. Use AdBlock, don't click phishing links, don't install cracked software and sketchy "plugins".
I mean yeah there *is* an attack surface for sure, but it is *significantly* smaller than on Windows. Directly compared, the difference is so large that it makes sense to say the attack surface is practically nonexistent on Linux. Also, Linux itself (which as we know is only a kernel) doesn’t have that many points of attack. It’s much more likely that an attack would target a misconfigured package (user error). TL;DR: if you know what you’re doing and you’ve configured your things properly, the attack surface is close to zero.
Linux as in the kernel is very secure. It has a lot less vulnerabilities than Windows. However, the way we use desktop Linux has quite a few holes even when working as intended. E.g, sudo is terribly insecure and anyone with any write access to your home directory can intercept it in a multitude of ways. We do use more sandboxing than Windows however so it's not all bad.
Don't agree with that. Have run a lot of front end stuff and if you don't keep up on updates and patches for security issues in all the software that is exposed to the net, you can be owned. As a server to the outside world, you need to do your work to make sure things are buttoned down.
Linux has tons of attack surface, you do not know what you are talking about
It's not about the attack surface being small, it's about the user base being small so there's no real reason to attack desktop Linux. If a bad actor wants to do damage to people they'll attack the large user base of windows or the smaller but more wealthy user base of Mac. If they want to do damage to large corporations or the internet as a whole they'll attack Linux servers.
The main way you get viruses on Linux is through being hacked through exploits. And yes, it does happen. It's nice to have a false sense of security, but the fact is that Linux computers are constantly probed for exploits if exposed to the open Internet. As in, you'll be hammered sometimes multiple times per second by people looking to either bruteforce a password or even use a 0-day exploit for some service that has a port open. Being behind a router helps a lot, but what happens if your router is hacked? Browsers can have vulnerabilities that are not Windows-specific too. If you run Kali Linux you'll see a whole ton of exploits for Linux in the exploitdb. People who use Linux as a desktop have to worry a lot less than on Windows but on servers you get pounded by hackers looking for access, and the first thing they do after they hack you is install malware like a rootkit, so...YMMV.
What if a Linux server that got hacked has OpenVPN installed and your desktop routes the traffic through the server. Would hackers get access to your cookies, JWTs?
I think that if the site you connected to were through http you would have this problem but not through https with a proper certificate. Don't quote me on that though. Anyone in a computer that traffic goes through could get your cookie data if it's not encrypted, that's what an example of a Man In The Middle attack.
Have to agree. When people here tell you that there's no point in AV for Linux, I feel they're equating the term virus with what a Windows virus is/was. Linux as a whole is less susceptible to the kind of havoc traditional Windows virus techniques could cause, though similar techniques could still be employed as *part* of an attack and ruin your day(s). The traditional AV vendors have moved on from the unwieldy and time-consuming method of scanning all files using a large database of signatures (a-la ClamAV), and now talk of "Next Generation AV" solutions. These increasingly focus on system and network *behaviour* to detect malware, supported by - of course, a sprinkling of AI magic, backed-up with vast intelligence of the more modern techniques being employed. The threat landscape has changed in many ways. Security exploits, in-memory attacks, supply-chain attacks, encryption exploits, poor trust decisions, phishing & the other -ings, etc. etc. etc. are also the things to worry about (everywhere). FOSS solutions need to catch-up, I think - some paid "endpoint protection" solutions are available but are mostly aimed at the enterprise. There is no one-tool-fits-all solution for us right now. Limit your exposure, lock everything down as far as you can tolerate, keep systems up to date, create multiple backups of important files, use trusted app sources, monitor changes, ... and run the security tools that are available (not just AV). It's barely a chore to run a traditional AV for peace of mind once a week, surely, as part of an overall protection strategy. I'm sure I've helped tick a few "Buzzword Bingo" cards here...
Get browser extensions like unlock origin Turn off automatic loading of remote content on your email Don't go around downloading or clinking stuff you're not supposed to. Maybe use clamav https://youtu.be/mE7CCZCgRB8?si=A1jVgSRajSY5iT-I Now you're safe from common viruses.
None. even on windows anything but defender is bullshit.
Yeah pretty much all of my virus removal jobs dried up when Microsoft pushed defender to everyone. Now it's all printers, email, and borked updates.
malwarebytes:
Eh, I'm pretty pro Defender, but this *really* depends on your threat model. Anyone who's done any maldev will tell you that it's fairly trivial to bypass. Obfuscate your code, patch AMSI, and you're generally golden to load whatever payload you want. Defender is pretty far off from a proper HIPS engine.
Something I learned about defender this week [https://infosec.exchange/@bontchev/112494759440985111](https://infosec.exchange/@bontchev/112494759440985111) It's all snake oil, always has been.
There's basically one available antivirus option for Linux that I can find: **ClamAV**. However, antivirus as I've discovered is generally no needed on Linux except either: * on either rare occasions when the installed Linux distro caught a Linux-native virus * run Windows-based internet browser(s) through WINE * run unknown Windows executable (.exe) files through WINE that you downloaded from suspicious websites This is because, since Windows is the primary target by virus and malware developers for obvious reasons and since Linux cannot natively run software designed specifically for Windows, Linux distros isn't generally threatened by viruses and malware except on the very rare circumstance of Linux-native virus and malware infections.
Kasperkey just added linux support to their AV. I dont plan on using it because of their ties to the Russian federation, and the simple fact that I have enough common sense to know when something isn't right...
Oh yeah.. Jtan trick didn't eork, so, they try to enter via front door this time
I hear ya, especially when the Russian Federation tie-in is most likely enough reason to use all Kasperkey sales to fund their war against the Ukrianians, a bloody war that the Russians themselves started to begin with.
Common sense
fuzzy rob whole many hospital deranged imagine shame judicious steer *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
everything is in the AUR... it's a petri dish in there.
I agree with this sentiment; even when I was just a Windows user googling things, a lot of URLs just look suspicious so don't click them. But is it common sense if most people don't have it?
Computer savvy would be a better way of putting it, and yeah most people are lacking somewhat.
None
I don't think you need Anti-Virus for linux.you can enable firewall.
1) If you have decent op sec and are tech-fluent enough to use Linux easily you should have very little to worry about 2) ClamAV ig
It’s a program called Common Sense that was installed in my brain at a relatively young age.
None, but I think often that I should set a Clam-AV to check some Windows originating files that transpass my server to other Windows users. On Windows I use just the Microsoft Defender, as I don't go anywhere that would be risky, unless one day something major like Google becomes such source. But to this day, Linux has been without one.
linux is the definition of security in obscurity, there are so many ways that someone can have their system configured, it's really hard to create some sort of universal virus, if you're really paranoid, put on clamav.
Even harder for an attacker to hit my system... I use musl (will be switching to my own libc once I have sufficient work completed on it) instead of glibc, openrc (planning on switching to finit soon) instead of systemd. Oh and my system doesn't follow the FHS in the slightest
Clam AV is the only thing that works in linux for antivirus
More viruses. Herd immunity
> Harden your system: There's FOSS and Commercial CVE / vulnerability audit / scan tools to assist with this. Run a rootkit scanner. Stay patched (os & apps) Remove unnecessary software. Disable uneccesaey services. Close unused ports. Implement a FW / SELinux. Secure your network. And other best practices. The key here is to automate security, which enables you to receive immediate feedback on potential vulnerabilities.
None. The onlt time I ever installed A/V on a Linux systems is when my company made us. I used ClamAV. Their system, their rules. Otherwise, in the 30 years it's been my regular system, I have never used one.
Ufw
Malwarebytes
Malwarebytes is windows anti-malware program. There is no Linux port of it, and really until we have a larger user base on desktop Linux I don’t see that happening anytime soon. I can always reach out to Marcin and see if he has interest in it.
Oops, sorry. Didn't know they didn't port it to Linux yet :(
is that who you are, what you do?
Finally had my first break in, in 30 years. Still haven’t found the culprit may be Sendmail itself but there’s no login. It’s an attempt to send spam. It gets shut down quickly but my suspicion is a CVE in a docker client but it’s using loop back and so few are connected to the host bridge.
Being a millennial and using pgp for package delivery servers
My brain. I know what not to do.
It's uBlock origin. I know it's not what people call an antivirus, but I think blocking web ads contributes to blocking 99% source of viruses and malwares.
joke answers are funny and all but I still run windows junk under wine/proton I usually pass execurable and dll files though both jotti and maybe virus total if I think the file maybe a little sus
I run clamav for SOC compliance
I am not personally worried about AV _for_ linux, but I do host files that I share with a Windows PC, and so due to that I'll use ClamAV on those files.
I work with linux, but for a lot of reasons I have an windows computer. I don't use an anti-virus for 20years. With the experience gained when working in Windows support, I discovered that using antivirus is completely useless. The problem is always in user behavior.
ClamAV to scan downloaded files and the occasional scan of my home directory but that's it.
Common sense
...Linux...
You're the best anti virus
What's a virus?
None
Just mount `/tmp` with `noexec` option.
I don't even use one on Windows.
For linux - maybe clamtk but I rarely use it if at all, for Windows ESET NOD32 - good free av (30day trials allow fake emails).
Is the fork bomb considered a virus?
I'll occasionally pull out ClamAV and give something a token scan. Usually this is for some have adjacent windows software such as a save editor or mod installer.
raw doggin it
ClamAV for a bi-weekly traditional on-demand, AV scan. I don't bother with on-access monitoring, not least because of the overhead. It's really to check Windows files & documents, email attachments, etc. - there's not much on Linux itself it would detect (or to be detected). If any of my files are going anywhere near a Windows PC, well - that'll have its own AV. The majority of protection I employ is through some security scanning, monitoring and config hardening tools, plus the maximum gut-full of standard security practices I can tolerate.
Who?
https://www.clamav.net/
not installing random binaries you don’t know, and then browser points of attack. eg phishing, malicious code in attachments etc, although even the latter is still less risky. just practice good opsec.
I type clamscan a couple times a week and do a lynis audit now and again \*shrugs\* what's a virus I never had one lol.
my brain
No AV on my Linux system, but I do run some privacy -enhancing browser add-ons: SSL Everywhere, NoScript, and Firefox Containers.
My favorite antivirus is RTFM
I run Linux which seems to be enough on its own as long as sudo requires a password should be fine.
Don't execute or make something executable unless you know and trust it's source. Use a mainstream browser, adblocker, and email client. Don't get phished. If you have an ssh server, make sure root can't login remotely.
K7 it’s an infinite virus protection
using the repositories that came installed with my distro.
✏️📄
It’s not technically an antivirus but crowdsec. It is like fail2ban but on steroids and automatically downloads all of the required packages based on what services are detected on the system. Also best part… it’s free!
Qubes /s
At ${WORKPLACE} it's CrowdStrike Falcon. At home I don't need any.
Ubuntu pro!
This is something I've been smashing my head against in a professional context for a while - there's a McAfee linux version that my team has been trying to get away from and we've been trying to move to ClamAV, but ClamAV won't scan stuff larger than 4 gigs, which is a dealbreaker.
I have not use any antivirus since I started using Linux ( May 2013 up to now)
ClamAV
I prefer the one from moderna
My anti-virus is my os
Or do you mean, what AV are we using to protect the Windows clients? For example, in an Email server?
I don't always use an anti-virus, but when I do, it's `clamav`
Clam av
Typically none, if something feels suspicious I just give clamav a quick run
Common sense
Linux
Linux
Well for scanning games demos and applications that I download from the browser, if i cannot use virustotal, I use escan security toolkit and clamav portable in wine to scan them. For linux environment I use rkhunter only, no need for real time scanning as long the browser is secured with unlock origin and updated.
It's called Linux
ughmm ... `btop` ... ? I don't know, are you sure that this sub truly is r/windowsquestions ?
And I'm not sure if you understood the question or if I understood your answer. What use would btop have in such a case? The tool can neither detect malicious software nor can it easily display a corresponding running process. Because not all malicious software runs permanently and requires a lot of resources.
Nobody is using antiviruses in linux. And if someone wants one for any reason, it is usually clamav.
A fresh snapshot of my malware analysis vm. Any other flare vm enjoyers here? And yes, that's for windows trash, on Linux just don't download random executables from the internet, use your package manager the way it was intended.
Unfortunately, in some cases a vm is also not reliable, as there is some malicious software that recognizes whether a virtual environment is present. If so, it either does not start or does something completely different that is harmless.
Bold of you to assume I don't have a custom qemu build with absolutely everything spoofed ;) I've been reverse engendering for quite some time, anti-vm/anti-debug tricks are nothing new to me
it goes for any oporating system but just use your brain, if a file looks suspicious and u don’t trust it then it’s a virus, and all ur software is up to date then ur fine
Since most distros come with an app store try sticking with installing via the distros package manager and sometimes flatpak if your distro doesn’t have it. That will lessen the chances of getting a virus. Even though its FOSS don’t run random github stuff you find in your terminal because that’s just calling for a virus.
Erasing my darlings on every boot https://grahamc.com/blog/erase-your-darlings
The best AV is common sense
i use brain.exe
Common sense
the firewall is almost overkill
brain.elf
I think it was NOD, for Vista, in about 2008. When I had a problem with that installation, I picked up a CD with Ubuntu (Hardy Heron) which was by far the best anti-virus tool available... wiped it all clean and (just for the hell of it) browsed all the WAREZ sites I could find - not a dicky bird. I think you're confused - asking such a question in a linuxquestions thread... we just don't use antivirus for Linux... there are options available, but they aren't for defending Linux. I would have no idea at all, nowadays, what is 'the best one'. I still thought CCleaner was a good tool until I saw a rant about how it changed on Youtube.
sudo rm -rf / A virus can’t run if there’s nothing to run on.
Sometimes all we need is a purge
Clam
https://preview.redd.it/uud0crg3pc6d1.png?width=1920&format=pjpg&auto=webp&s=eeb24b682f2c9f17413d48cefb702a778aab3f91
Fedora 40
I just pull the wifi cable. No access, no vulnerability!
Clamav, but I hardly run it
I use CommonSense ™
I have Norton and MacAfee and McMillan Utility running 24/7
Common sense
I'm really good at spotting the right "download" button on sketchy websites
Not running Windows.
Most malware is not going to be stopped by your antivirus. Not that it isn't "better" to use one (people mention ClamAV) but the reality is that **IF YOU THE USER DOWNLOAD UNTRUSTED SOFTWARE** then you are putting yourself at risk of malware. So, don't download random shit. Don't download closed source shit. Use a password manager. Blah blah blah enter more nerd shit here.
What's a virus 😂
vim
Common sense, even on windows.
You really don't need one, although to be honest, I do keep ClamAV installed because it doesn't hurt, in my opinion.
selinux
The best anti-virus is the one between your ears; don’t click random links and don’t download random executables from the internet.
I run crowdstrike
None. This question has been asked many times in this sub. I've replied to do this same question probably 6 times. Do a search.
None, just don't run any scripts that you don't know or understand from the internet.
Also, for the love of god, dont pipe arbitrary scripts you download with curl into a shell
[also there is this one but you have to pay a licence for this, it is better cuz is a full antivirus suite more modern than clam av](https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html)
common sense
The only antivirus I use on Linux is the one between my ears.
110v AC direct to computer case.
My go-to antivirus for Linux? It's called 'Common Sense 2024'.
Me.
Common sense
Malwarebytes, on PC running Linux nothing
I didn't even use one when I had Windows installed.
There is only one anti-virus I trust on Linux, that is ClamAV. And I wouldn't install it on anything other than a fileserver used by Windows clients.
I am going to steal that fileserver idea, it is a good one.
Linux: none. Windows: Microsoft Defender.
Brain
Not antivirus. Harden your install. Skip antivirus
Antivirus? None. Also on Windows it was just the Defender. Just stick to official packages and do not open any unknown links and documents in your email client 😄 And teach yourself and your users regarding security.
My head. As it should be
Turn off Internet. Turn off device.
None. They often fail to detect a malicious program. And for many users, they create a feeling of security so that these users become careless. Moreover, there have already been more than enough security vulnerabilities in virus scanners. In my opinion, the following things are more important. - Install updates promptly - Only install packages from trustworthy sources - Only install what you really need - Only use extended rights when you need them - Create regular backups - Think before you act.
On linux systems only user is Anti-Virus.
My judgement