ClamAV has a bit of a learning curve...

It's the first time I hearing of that. Can you give a few examples of good ones that run on Linux?
Sure.

Here is CloudStrike defining it: https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/

Here is Xcitium's for Linux: https://www.xcitium.com/edr-security/edr-for-linux/

We use Xcitium (used to be Comodo as in SSL certificate provider) at work for our Windows machines and will likely go on our Linux servers soon.

This link describes HIPS that I had referenced: https://www.techtarget.com/searchenterprisedesktop/definition/host-intrusion-prevention-systems-HIPS

btw, in business today. You pretty much MUST have an EDR solution deployed or you cannot obtain Cyber Insurance.
 


They seem like enterprise solutions so being overkill for a home desktop?
I have purchased 3 licenses for Comodo for $75/year ($25/machine) Though they were running on Windows machines (Family PCs) My home linux servers aren't running it though they could.

At work where we run a large e-commerce site and an enterprise with close to 1000 pcs and macs. It's extremely important to protect the company (and all the jobs)
 
btw, in business today. You pretty much MUST have an EDR solution deployed or you cannot obtain Cyber Insurance.
I have purchased 3 licenses for Comodo for $75/year ($25/machine) Though they were running on Windows machines (Family PCs) My home linux servers aren't running it though they could.
My question more is, is it worth using something like that on your regular home desktop?
 
My question more is, is it worth using something like that on your regular home desktop?
Really, only you can answer that.

People always say Linux is safer than Windows, but in truth. They are both vulnerable all the same. There are just more direct attacks against Windows because it is the most widely used OS out there and if you're looking for compromise a specific application or OS. Attacking the most prevalent one increases your odds in a successful compromise.

With that said, many applications are cross-platform. Just browsing the Internet can put you in a position to be compromised these days. Heck, even images can have nefarious executables embedded in them these days.

Cryptominers are extremely popular and can get embedded into your browser. Opening a (insert document type) can create a situation where you get compromised by fileless malware / ransomware.

Most ransomware these days use 7zip which is cross-os compatible and it usually comes packaged in the malware/ransomware and is usually filelessly loaded directly into memory.

You just have to ask yourself. How suspect is your or someone in on your network's computer usage. Add at least 20% to that risk level then re-evaluate.

In the end, you are safer with it, but that doesn't mean you would get compromised without it. It just means you're less secure than you could be.

I haven't tried all the EDR solutions out there, but I will say this. The biggest issue I usually have is HIPS blocking stuff that I do every day. (development work is almost always a trigger for HIPS) Though if I'm only doing normal PC activities. I generally do not have a problem. My PCs usually have enough horsepower than I don't notice it.
 
I was going to say myself; Comodo were touting the benefits of H.I.P.S way back around 2010, 2011 that I can remember. It's hardly a new concept, and most of Linux's own rule-based firewalls go a lot further back still.

There's nowt new under t'sun. What goes around, comes around. People just like to make out an old idea is summat new & wonderful, simply because another generation has come along that have never seen it before.....and younger generations tend to be faster adoptees of "new" tech than old gits like most of us...!! :p

(The bit about insurance doesn't surprise me one bit. Insurance companies DO have a way of sucking the fun out of anything.....especially when whatever it is becomes - or at least, equates to - a "legal requirement". They can't jump on the bandwagon fast enough then, can they?)

(Sheesh...)


Mike. ;)
 
Last edited:
Becoming part of a botnet will make your Linux system slower by draining resources. This is bad enough for me

Well looks like I'm not because my system has never been slow.

Let me see...what makes your HDD/SSD slow...could it be the User or the Drive ? Answer both.
1718239154099.gif


The User...too many to list.
The Drive...filling the Drive up and not allowing at least 20% of free space will do it. SSDs are at least 10 times faster then HDDs...so using an SSD is the better option...of course optimising the SSD to run efficiently is the way to go...a Drive starting to fail will either slow down or just stop.
1718240225512.gif
 
I see blindly trusting that an OS will forever remain free from attack as bad OpSec. That's probably why a Windows dev caught onto xz Utils while the Linux community were just shocked to their core...

Really...thank God for windoze.
1718240467211.gif
 
Well looks like I'm not because my system has never been slow.

Let me see...what makes your HDD/SSD slow...could it be the User or the Drive ? Answer both. View attachment 20438

The User...too many to list.
The Drive...filling the Drive up and not allowing at least 20% of free space will do it. SSDs are at least 10 times faster then HDDs...so using an SSD is the better option...of course optimising the SSD to run efficiently is the way to go...a Drive starting to fail will either slow down or just stop. View attachment 20439
Thanks I keep an eye on that. I have a 256GB ssd that I always leave at least 50GB free.. My computer is fast enough, I just want to keep it like that. User dcbrown73 articulated my concerns pretty well, Alot of people think they don't have virus or malware while their computers are running slow from mining crypto for someone else without even knowing... I have my CPU and RAM usage visible on my toolbar, whenever there is an unexpected spike I get worried.
 
Really, only you can answer that.
Thanks for your reply but that answer doesn't really help me but maybe I asked the wrong question or phrased it wrong?
You just have to ask yourself. How suspect is your or someone in on your network's computer usage. Add at least 20% to that risk level then re-evaluate.
I live alone and I'm the only person that makes use of my home network and I have a special guestnet that is in a separate vlan for home my setup. How much does a license like that costs and is there good opensource solution easy to setup, where you only have to install client and not also to have to run the server side of it yourself?
 

Staff online

Members online


Top