Virus guards for Linux? Is it necessary

OP
Tharindu

Tharindu

Member
Joined
May 21, 2021
Messages
46
Reaction score
39
Credits
368
When I said, "Secure your Browser' ....if you use Firefox there are many add ons to make it secure

or
You could install Brave Browser.
It has inbuilt ad blocker and tracker blocker, it automatically upgrades all connections to https, and has fingerprinting blocked.
It takes around half an hour to go through all the settings, but it is time well spent.....and it takes a load off your mind.

I use it, because it is secure and because it is quick.

Set it as default web bowser and a good part of your security worries are taken care of.
I currently use firefox with duck duck go on all of my devices. Yeah. Firefox has very good add ons like 'Https everywhere'. I hate google products, so, firefox is set as my main browser.
Firefox also have inbuilt tracking blockers. I have never really used brave browser, but I saw it has very good ratings on internet. I am installing an VM right now to install windows on it, so, after ur comment, I decided to install brave browser and try it on windows. I'm addicted to firefox, but I also like to try brave too.
 


Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
3,717
Reaction score
3,324
Credits
18,142
Be sure to go through Brave's settings, and set it up the way you like it.
 
OP
Tharindu

Tharindu

Member
Joined
May 21, 2021
Messages
46
Reaction score
39
Credits
368
There was a discussion about this topic that I read on Ubuntu forums a few months ago. https://ubuntuforums.org/showthread.php?t=2464245&p=14045850#post14045850

Here's a quote from the forum thread above:
At work we have anti-virus on the Linux systems too... but not because we fear that Linux could be infected. It's more to stop Windows viruses from spreading. Because Linux systems might pass on infected files to Windows too, even if the Linux systems themselves are usually immune to those viruses. That's not to say that "Linux is 100% safe". It is not. But Linux's security problems are different from Windows' security problems, e.g. they usually revolve around remote exploits, buffer overflows, unpatched systems that are vulnerable to remote attacks on network services that would be impossible if the system had been patched in time, etc. Linux's security problems usually do not revolve around viruses ("virus" in the same sense as a Windows user would understand that term).

The real question here is: What are you trying to achieve?

Are you trying to protect Windows systems from getting in contact with infected files? Then install anti-virus software on Linux systems too.

Are you trying to improve the security of your Linux systems? Then anti-virus software is borderline useless. You'd be better off subscribing to security mailing lists about "CVE" advisories and making sure all your Linux systems always have the latest patches. And make sure none of your Linux systems needlessly have any ports open towards the Internet, don't run any network service that you don't really need or use. And make sure the ones you do need and do use are properly configured and properly secured.
Read the thread completely. It's really helpful.
None of them agree with the concept of installing AV on Linux. Below answer alone could satisfy my question.
Screenshot_20210824-033314_Firefox.jpg
 

dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
361
Reaction score
329
Credits
3,199
I would just like to point out that *thinking* you're safe and actually *being* safe are two different things.

It's the difference in the two is why the term "a rude awaking" exists.

That said, I won't argue with people. I only attempt to help them understand. If they choose not too. That's their problem. Not mine.
 

craigevil

Well-Known Member
Joined
Feb 24, 2021
Messages
273
Reaction score
274
Credits
1,879
I am on Debian, these are the security packages I have installed:
debsecan
lynis
debsums
chksecurity
chkrootkit
systraq
firewalld

And there is apparmor, secpolicy, pam, bubblewrap, firejail, etc.

I miss Bastille.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
3,877
Reaction score
2,620
Credits
28,015
I did just come across this.
 
Last edited:

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
462
Reaction score
427
Credits
3,261
I find this blog sensible. Though it's target audience is Mint/Ubuntu much of it will apply to other Distros as well.
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
3,717
Reaction score
3,324
Credits
18,142
An extremely short summary form @kc1di's link above...

An extremely short summary of the best security practice in Linux Mint is this:
- Use good passwords.
- Install updates as soon as they become available.
- Only install software from the official software sources of Linux Mint and Ubuntu.
- Don't install antivirus (yes, really!).
- Don't install Windows emulators like Wine.
- Enable the firewall.
- Above all: use your common sense.
 

dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
361
Reaction score
329
Credits
3,199
What about malware from websites you visit...
What about malware from emails you receive...
What about social engineering... (the number one cause of breaches across *all* attack surfaces)

Did I ever tell you guys that I've been in CyberSecurity since 1997?
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
3,877
Reaction score
2,620
Credits
28,015
 

dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
361
Reaction score
329
Credits
3,199
heh I love how he is telling you one thing (spreading conspiracy theories) while he is selling you his products at the same time. Then spreading FUD to scare you.
 

dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
361
Reaction score
329
Credits
3,199
I will say this, the best defense is to educate yourself.

Here are some free videos that will teach you the basics of CyberSecurity. These videos are based around obtaining your CompTIA Security+ Certification. I think I recently posted these in a different thread here somewhere, but the are incredibly valuable in learning about different attacks, how they happen, how to architect your security to defend against them. and how to respond to them when they happen.

These videos are free to watch: Professor Messer’s SY0-601 CompTIA Security+ Course
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
3,877
Reaction score
2,620
Credits
28,015
@dcbrown73 I find it hard these days to separate truths from, from half truths. He's a youtuber and he does know quite a bit about privacy and stuff like that. The only system I run an anti-virus on is my mailserver. So with your Cyber-Security experience you would say that it's better to run an anti-virus on a Linux desktop as well?
 

Tolkem

Well-Known Member
Joined
Jan 6, 2019
Messages
1,251
Reaction score
1,021
Credits
8,725
Some others are suggesting to install clamav, so, i thought I'll give a try.
There's also antivirus live CD http://antiviruslivecd.4mlinux.com/
Antivirus Live CD is an official 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses. Ethernet, WiFi, PPP and PPPoE are supported by Antivirus Live CD to enable automatic updates of its virus signature databases. All partitions are mounted during the boot process so that they can be scanned by ClamAV. The Antivirus Live CD ISO images are fully compatible with UNetbootin, which can be used to create an easy-to-use Antivirus Live USB.
The latest version 37.0-0.103.2 is based on 4MLinux 37.0 and ClamAV 0.103.2
IMHO, installing an AV in Linux is a waste of time and resources. I've been using Linux like for 10 years or so and never, ever had a single issue regarding viruses, malware or any other kind of "infection". That being said, I think using something like AV live CD might be a better approach; don't have to install, just boot the live OS, and scan my system(s).
 
Last edited:

dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
361
Reaction score
329
Credits
3,199
@dcbrown73 I find it hard these days to separate truths from, from half truths. He's a youtuber and he does know quite a bit about privacy and stuff like that. The only system I run an anti-virus on is my mailserver. So with your Cyber-Security experience you would say that it's better to run an anti-virus on a Linux desktop as well?

CyberSecurity is a balancing act. You cannot secure everything, but you can sure as hell lock it down like a prison. That said, that is not usually something you want to do. Two things are preventative. Financial resources and complete lock down. Both a negatives to doing business.

Here is my view as it pertains to Desktops vs Servers.

Desktops
  • If you're running Windows and you do not have a HIPS base Anti-Virus. You are in the highest risk category of all cyber attacks. Failure to educate yourself and use software to protect yourself on a Windows based PC pure negligence in my opinion.
  • If you're running MacOS. You are at a much lower risk than a Windows system, but attacks on MacOS is actually becoming quite a but more common. Starting in 2020, Mac based Malware made a large upward trend and that trend has not stopped in 2021.
  • If you're running Linux, you are in an even lower risk rate than MacOS. The reason you do not see as many risks on Linux is because so few people use Linux. Do not confuse me saying that that Linux is secure. It's not. It can contract a virus just like Windows and MacOS. They *DO* exist and if you're going to get it. You will likely do so while doing something Linux related. (like visiting a website, downloading a package, installing a pip Python library. Is it necessary to install this on Linux? No, it is not, but do not confuse that with me saying you Linux desktop is safe. It is not.
  • Finally, while not *expressly* "installing an anti-virus", website / email filtering is extremely important across all desktop operating systems. Why is this the case? Because web based malware affects browser and many times it doesn't matter what the underlying OS is. The other important thing to remember is that many email and web based attacks might not even be malware. They may just be social engineering attacks. This is why web and email filtering is so important. A browser plugin (like say MalwareBytes) can block websites that are known to have malware or be known phishing sites. Many of these sites do not care what operating system you're running. That isn't the attack surface that are looking to exploit. Most likely *YOU* are their preferred attack surface. You can install utilities on your Linux machine to help deflect those attacks.
  • I say Anti-Virus, but into todays world. It's more than that. It's End-Point Threat Protection or more specifically EDR. Endpoint Detect and Response. These tools do more than just scan your hard drive for virus. The monitor and collect data that could indicate a threat, they analyze activity patterns looking for a pattern of actions (not just files) that are common with attacks, and they have built in forensic and analysis tools for machine learning to detect new and future attacks.

Servers
  • This is a an interesting subject. I've been building infrastructure for over 20 years. I've worked in the Financial District building trading platforms in Manhattan and worked with some of the best infrastructure guys in the world when I worked with some of the major banks. I've also worked with non-profit organizations who barely had a budget to even have an IT infrastructure. The difference in how secure or setup a specific infrastructure was between one IT department and another could be night and day. So, to say "This server needs an EDR solution vs that server does not" is not quite as clear as heads or tails.
  • Due to the sheer complexity of Windows servers and all the "Enterprise" level services they can offer. Not having an EDR solution installed on a Windows server is pure negligence and a complete disregard for the company you're working for.
  • As for an EDR on your Linux server. Well, if you can put one on it. I would recommend it just for the sheer fact that it's a layer of safety for your server. If your server is Internet facing and you don't have an EDR solution on it. That too is negligence. If your server is directly exposed to the Internet. You *MUST* protect it in every way possible. Any Linux user who has ever exposed their ssh, ftp, etc port to the Internet should know EXACTLY what I mean by this.
  • With encrypted services being more and more common, sometimes it's actually difficult to use IPS/IDS solutions too, but there are ways to do this. They are just difficult and sometimes so complex they create more issues than they solve. Though, for my web servers. I actually use SSL accelerators that terminate SSL then forward non-encrypted requests / response to the web servers and that is where our IPS/IDS solution resides. Though you have to be careful here as the data becomes unencrypted at this point and security must be very high in this location.
  • Linux servers that aren't Internet facing I don't always have an EDR solution on them. Not that it wouldn't help increase security. It would and isn't a negative unless it actually impacts the service itself. That said, these servers exist is a "walled garden" of sort. Data and users does not reach these servers without being scrubbed beforehand.

So, to clearly answer your question. No, Linux isn't absolutely necessary on Linux. It's not absolutely necessary on Windows either. In both cases, you are at a higher risk level without it. It's just the high water mark of risk for Windows is substantially higher than on Linux.

What annoys me is people saying an EDR solution is useless on Linux. That is completely and utterly disingenuous statement either made by one of three types of people. 1) People with nefarious intentions. (to compromise you, sell you something, or crazy conspiracy theorists, etc), 2) people so full of themselves they they *think* they know more than they do (very common), and 3) people just repeating what they heard from #1 or #2.
 

blackneos940

Active Member
Joined
May 16, 2017
Messages
332
Reaction score
195
Credits
205
First I should apoligize if this is a dumb question:).
As I know Linux is the safest OS , but I saw few articles that Linux isn't completely safe bcz it is becoming an increasingly attractive target for malwares and viruses. Windows has hundreds of anvirus softwares like Avast, Kaspersky etc. But however, I couldn't find any reliable (free)antivirus program for Linux which is quite a surprise bcz millions of developers and normal users use Linux distros everyday.
Are there any reliable free antivirus softwares for Linux? Or do we really have to install one if there isn't any major threats for Linux distros?
Thanks for your answers
Hey @Tharindu! :) Welcome to Linux, and linux.org! :D It's up to you, as to whether or not you want to use AV Software in your Linux Distro. I use ClamAV because, well, I can... ;) And, 'cuz it never hurts, though I've never, to my knowledge, had some dangerous Virus or Trojan or some Malware on the Linux Distro(s) I use. Linux IS more secure, mostly due to the fact that it's Free and Open Source, which means many people can (and do) scan the Code for any bugs. :) And though a few ones don't get spotted for a while, they do eventually. ;)

Also, Linux uses Programs from the BSDs (FreeBSD, NetBSD, OpenBSD, etc.) that are really good, like OpenSSH, among many others. But the most important Antivirus is YOU. :) Always use common sense, and don't install anything that isn't in a given Linux Distro's repositories, or if outside Programs ARE known to be secure and reliable, than you can use those too. Though, I've never had much of a reason to that often, since pretty much anything and everything you'd need (especially if you're a person who just watches videos, listens to music, goes Online, etc.). :)

Lastly, usually Linux Servers run AV Software, because many Windows users ALSO use those Servers, like Google's or this lovely, sexy Website here. :D
 
OP
Tharindu

Tharindu

Member
Joined
May 21, 2021
Messages
46
Reaction score
39
Credits
368
Be sure to go through Brave's settings, and set it up the way you like it.
I installed brave browser and wow I am really impressed by its performance.
Very fast browsing with data saving options. Never even knew that they have their own brave search engine.
 
OP
Tharindu

Tharindu

Member
Joined
May 21, 2021
Messages
46
Reaction score
39
Credits
368
An extremely short summary form @kc1di's link above...

An extremely short summary of the best security practice in Linux Mint is this:
- Use good passwords.
- Install updates as soon as they become available.
- Only install software from the official software sources of Linux Mint and Ubuntu.
- Don't install antivirus (yes, really!).
- Don't install Windows emulators like Wine.
- Enable the firewall.
- Above all: use your common sense.
"Use your common sense" that advice is golden than everything else;)
 
OP
Tharindu

Tharindu

Member
Joined
May 21, 2021
Messages
46
Reaction score
39
Credits
368
Thank u very much for those videos.
I will say this, the best defense is to educate yourself.

Here are some free videos that will teach you the basics of CyberSecurity. These videos are based around obtaining your CompTIA Security+ Certification. I think I recently posted these in a different thread here somewhere, but the are incredibly valuable in learning about different attacks, how they happen, how to architect your security to defend against them. and how to respond to them when they happen.

These videos are free to watch: Professor Messer’s SY0-601 CompTIA Security+ Course
Thank u very much for those videos, totally 177 videos.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top