Virus guards for Linux? Is it necessary

There's also antivirus live CD http://antiviruslivecd.4mlinux.com/

IMHO, installing an AV in Linux is a waste of time and resources. I've been using Linux like for 10 years or so and never, ever had a single issue regarding viruses, malware or any other kind of "infection". That being said, I think using something like AV live CD might be a better approach; don't have to install, just boot the live OS, and scan my system(s).
Yeah, i guess thats a better idea. I was in a doubt whether to install an AV or not. Ill try this. Thanks for the reply
 


So, to clearly answer your question. No, Linux isn't absolutely necessary on Linux.
Hmmm ... that doesn't seem any "clearly" to me ;) Did you mean, "AVs are not necessary on Linux?
 
Hey @Tharindu! :) Welcome to Linux, and linux.org! :D It's up to you, as to whether or not you want to use AV Software in your Linux Distro. I use ClamAV because, well, I can... ;) And, 'cuz it never hurts, though I've never, to my knowledge, had some dangerous Virus or Trojan or some Malware on the Linux Distro(s) I use. Linux IS more secure, mostly due to the fact that it's Free and Open Source, which means many people can (and do) scan the Code for any bugs. :) And though a few ones don't get spotted for a while, they do eventually. ;)

Also, Linux uses Programs from the BSDs (FreeBSD, NetBSD, OpenBSD, etc.) that are really good, like OpenSSH, among many others. But the most important Antivirus is YOU. :) Always use common sense, and don't install anything that isn't in a given Linux Distro's repositories, or if outside Programs ARE known to be secure and reliable, than you can use those too. Though, I've never had much of a reason to that often, since pretty much anything and everything you'd need (especially if you're a person who just watches videos, listens to music, goes Online, etc.). :)

Lastly, usually Linux Servers run AV Software, because many Windows users ALSO use those Servers, like Google's or this lovely, sexy Website here. :D

Always use common sense
I guess this advice is better than any AV. .
Thank u very much
 
Hmmm ... that doesn't seem any "clearly" to me ;) Did you mean, "AVs are not necessary on Linux?
Ha, yeah. I was trying to compose that while I'm at work. I was actually on a scrum with my team when that happen.
 
Never even knew that they have their own brave search engine.
I do not use their search engine. I use duckduckgo. Why?...see my signature below
 
seeing as this is fairly current , i guess I can't be accused of poring Coca Cola on it as in "come alive with coca cola"


if you are going to use clamav a couple of tips

Firstly clamscan doesn't create output to a log unless you tell it to.

So a simple way of getting output is a simple text file on your Desktop and include something like this , in your instruction --log=/home/andrew/Desktop/clamscan.txt


Unless you use -v flag you can't see what its doing, if anything, nor where its scanning . Trouble is, with -v flag there's a lot of output and if clamscan finds something its all mixed in with it, or you just use the --infected flag, but as i said a scan could take quite sometime and then you wonder if its frozen or something else. Also there's some locations which i understand can't be infected with a virus because they don't exist ! By that I mean they are virtual .

So i include these tags --exclude-dir=/sys/ --exclude-dir=/proc/ --exclude-dir=/dev/

To play with clamscan you can get a free virus from https://www.eicar.org/?page_id=3950

A typical test for that was :

Code:
[andrew@darkstar:~/Desktop][1]$ sudo clamscan -r --infected --remove=no  --log=clamscan2.txt  virus
/home/andrew/Desktop/virus/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/home/andrew/Desktop/virus/eicar.com: Win.Test.EICAR_HDB-1 FOUND


where "virus" was the directory on my Desktop holding the test virus

Recently i ran this :

Code:
sudo clamscan -r -v -o --infected --remove=yes --exclude-dir=/sys/ --exclude-dir=/proc/ --exclude-dir=/dev/ --log=/home/andrew/Desktop/clamscan.txt

Now thats produced quite a bit of output too much to mouse scroll through , in the summary it just said "1 infection" or something along those lines , but not waht nor where. So how do you find it ?

First thing is to know how clamscan "flags up" a problem , is it "infected" - no , is it "virus" -no

its simply the word "FOUND" so to get entries from clamscan.txt i used:


Code:
$ grep "FOUND" clamscan.txt                    (10-08 09:48)
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/httpd/error/HTTP_NOT_FOUND.html.var
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/man/man3/SD_BUS_ERROR_FILE_NOT_FOUND.3.gz
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/man/man3/SD_BUS_ERROR_MATCH_RULE_NOT_FOUND.3.gz
Scanning /usr/share/httpd/error/HTTP_NOT_FOUND.html.var
Scanning /usr/share/man/man3/SD_BUS_ERROR_MATCH_RULE_NOT_FOUND.3.gz
Scanning /usr/share/man/man3/SD_BUS_ERROR_FILE_NOT_FOUND.3.gz
/home/andrew/.thunderbird/t5di4c7x.default-release/ImapMail/imap.gmail.com/INBOX: Heuristics.Phishing.Email.SpoofedDomain FOUND


So it was showing /home/andrew/.thunderbird/t5di4c7x.default-release/ImapMail/imap.gmail.com/INBOX: Heuristics.Phishing.Email.SpoofedDomain FOUND as the issue
 
Alright, lets create a question and answer post to better explain the question of Linux and security.

Okay, here goes.

A: Yes, Linux is more secure than Windows.

Q: Why you ask?

A: Not because Linux is some super duper operating system. It's an operating system like all others and don't let anyone lie to you and say otherwise. Nothing, and I mean nothing is absolutely secure!

Q: So if that's the case, why is it more secure than Windows?

A: Ah yes. Here is where we discuss a multitude of whys.
  1. First you must understand there are two different *ROOT* attack vectors at play. You can attack servers and you can attack end-users. Consider this, while there are millions of servers, there are *BILLIONS* of end-users.
  2. There is a numbers game at play. If you wanted to compromise a system. Any system, the smart play it to play the numbers. Do you attack servers or do you attack end users? Yes, you attack end users. Windows accounts for over 40% of all operating systems in use today. Therefore attackers will undoubtedly focus there attacks on Windows because MacOS holds about a 6.3% share and Linux is *less than 1%* share. Therefore, most end-user attacks come against Windows. Don't let Apple tell you they are more secure, they are the same. They just have less people attacking them!
Q: So that's the only thing at play making Linux *seem* more secure?

A: Nope! There is more!
Back in the day, Microsoft made some ENORMOUS mistakes! Not just around security, but around many things! You can look back at quotes and many other areas and see how many mistakes Microsoft made. (BG saying "640k memory is enough", saying the Internet is just a fad leading to Microsoft's late entry into the Browser wars, etc... But there are their security related mistakes and that's what we are here to discuss!​
Back in the 1990s, Microsoft wanted to dominate the PC industry and "by-golly, they did!". They did so by doing what today is considered a cardinal sin! They ignored security and pumped all resources into usability and feature sets! By doing so, not only did they create the dominate end-user operating system, but they also dominated the productivity suites with Microsoft Office which basically killed off their competition in sector. (Apple Lisa, WordPerfect, IBM Lotus, Borland Office / Quattro Pro, Corel Office, etc)​
In the process of doing this, they were adding immense complexity to both Windows and to their Office suite and doing so without regard to security.​
Microsoft was unable to undo the damage without reverting everything they had built. They had no choice but to restart and rebuild while maintaining the operating system that users come to expect. That took DECADES to get to where we are and why you ended up seeing dramatic changes in the Windows architecture while the Linux kernel did not start over, but only evolved over time.​
Linux also followed the core values I still hold today that Windows continues to fail at. Keep It Simple Stupid (K.I.S.S) While the Linux kernel has become HUGE, the kernel is the brain and it only holds what is necessary to support the core system. The normal features you're used to seeing as a user, are bolted on. (X, CLI utilities, etc) That cannot be said about Windows even though they are trying to move that direction. Even their PowerShell ties everything at the core of Windows together making is complex to the extreme. Linux has complexity issues too, but not even remotely on the level of Windows.​
Window's complexity creates a tangled web if structures within Windows. This complexity creates a enormously large attack surface for hackers to attack. For instance, lets look at Windows Mail Server, Exchange. If you've ever setup a mail server before and worked with MS Exchange. You already know Exchange is a BEAST! It's not just a mail server, its so much more! Linux mail servers normally store email in text files, but not Exchange. It has it's own database to store emails!​
That was an enormous mistake and they've looked at fixing it by storing attachments outside the database. Yeah, lets add more complexity! lol. Enter Microsoft Sharepoint Servers! Google "Sharepoint nightmare" and here we go again in massive complex mistakes that open up ungodly amount of attack surfaces and not to mention system management nightmares!​
Anyhow, while I made it clear MS has major self-created issues. They have actually done a really good job of trying to secure their complex environment. Of course, they've spent enormous amounts of money (more than most companies can afford) doing so by hiring some of the best engineers in the industry. (I'm an enormous fan of Mark Russinovich, CTO of Microsoft Azure and Windows Internals / Sysinternal utilities)

Q: Do I need AV on Linux?

A: It doesn't hurt, because it can happen. As a matter a fact, if you were to get an Anti-Virus system for Linux. I don't recommend a free one. I recommend you buy a paid one that also supports HIPS. (HIPS = Host Intrusion Protection System). HIPS doesn't just look for virus signatures like a normal anti-virus does. It watches command executions on the kernel level and when it sees something doing something that isn't' normal or appears nefarious. It will stop it or even sandbox the application!

Have you ever heard the term, "Better Safe Than Sorry"?

Anyhow, if there are any upstart Linux or infrastructure guys reading this. Here is some some core rules I teach guys that work for me.

IT and Security rules to Live by:
There are some core rules that I always teach new IT and Infrastructure engineers. Those are:​
  • All mistakes start with an assumption. Never assume anything, or you're likely to end up correcting a mistake. Sometimes a very bad mistake! One that could cost you (or more people) your/their job!
  • Follow the Principal of KISS. (K)eep (I)t (S)imple (S)tupid. Complex systems create complex problems. Simple systems create simple problems. Only get as complex as is absolutely necessary!
  • Before accepting a course of action, take the horse blinders off and ask yourself. What collateral damage could this cause? What I mean by that is don't just look at A->D of what you're doing. Look at how these changes or this system could negatively impact other operations. Don't find that out after it goes live and you're running around with your hair on fire!
  • Follow the Principal of Lease Privilege: Only give someone or something only the privileges they need to do their job. While it does create more work and even more complexity in privilege management. It can be the difference between having a job and not having one. In some cases, all your co-workers having a job and them not having one. Security, especially today can be that difference. A ransomware infection can kill a company and all the jobs of those employed by the company.
  • Follow the Principal of Zero-Trust: This is more complex to explain, so just Google Zero Trust Architecture. While it's a complex subject. The high level overview of this subject matter can and should be applied to life in general.
  • Finally, Understand that backups, snapshots, resiliency, RAID, high availability, and a multitude of other terms and/or facilities are not the same! Business continuity is a wide ranging requirement and most of the terms you hear about are only a piece of them. Not the single requirement.
As a matter a fact, if you were to get an Anti-Virus system for Linux. I don't recommend a free one. I recommend you buy a paid one that also supports HIPS. (HIPS = Host Intrusion Protection System == can you recommend one for standalone computer please? the ones I 've seen are all for managed systems, thanks in advance :)
 
First I should apoligize if this is a dumb question:).
As I know Linux is the safest OS , but I saw few articles that Linux isn't completely safe bcz it is becoming an increasingly attractive target for malwares and viruses. Windows has hundreds of anvirus softwares like Avast, Kaspersky etc. But however, I couldn't find any reliable (free)antivirus program for Linux which is quite a surprise bcz millions of developers and normal users use Linux distros everyday.
Are there any reliable free antivirus softwares for Linux? Or do we really have to install one if there isn't any major threats for Linux distros?
Thanks for your answers
general security stuff will do and if you want clam av would work : )
 
Clam Av is notorious for false positives, and generally is a pain in the butt to use

Enable the Firewall......(FIRST)

Practise safe browsing

Stay away from questionable sites.

Do not click on email attachments/links that you are not expecting, or if the email is from an unknown source.
 
i know, and reading over the other posts it apears op doesnt want an av anymore but still, out of all other av's for linux i still think that clam is best if you have to use one
 
clam av is installed on my RPI4 as a precaution though I haven't installed it on my main machine. Java scripts are disabled on most of browsers and when I want to do something spooky, there's virtual machines whenever I want it.
After all, it's all about practising good opsec
 
The best defence is common sense. Have firewall configured correctly. Browser extensions such as Privacy Badger, Adblocker etc can be useful too.
 
Below is an excerpt from the above link:

Why Linux is Safer Than Windows

Here are a few reasons why Windows struggles with a malware problem, while few pieces of malware target Linux:
- Package Managers and Software Repositories: When you want to install a new program on your Windows desktop, you head to Google and search for the program. When you want to install most programs on Linux, you open your package manager and download it from your Linux distribution’s software repositories. These repositories contain trusted software that has been vetted by your Linux distribution — users aren’t in the habit of downloading and running arbitrary software.
- Other Security Features: Microsoft has been doing a lot of work to fix serious security problems with Windows. Until UAC was introduced with Windows Vista, Windows users almost always used the Administrator account all the time. Linux users normally used limited user accounts and became the root user only when necessary. Linux also has other security features, like AppArmor and SELinux.
- Market Share and Demographics: Linux has historically had low market share. It has also been the domain of geeks that tend to be more computer-literate. Compared to Windows, it’s not nearly as big or easy a target.

Staying Secure on Linux
While you don’t need an antivirus, you do need to follow some basic security practices, no matter which operating system you use:
- Keep Your Software Updated: In an age when browsers and their plug-ins — particularly Java and Flash — are the top targets, staying up-to-date with the latest security patches is important. The biggest malware problem on Mac OS X was caused by the Java plug-in. With a cross-platform piece of software like Java, the same vulnerability can work on Windows, Mac, and Linux. On Linux, you can update all your software with a single, integrated updater.
- Beware Phishing: Phishing — the practice of creating websites that pretend to be other websites — is just as dangerous on Linux or Chrome OS as it is on Windows. If you visit a website that pretends to be your bank’s website and enter your banking information, you are in trouble. Luckily, browsers like Firefox and Chrome on Linux have the same anti-phishing filter they do on Windows. You don’t need an Internet security suite to protect against phishing. (However, bear in mind that the phishing filter doesn’t catch everything.)
- Don’t Run Commands You Don’t Trust: The Linux command prompt is powerful. Before you copy-paste a command you read somewhere into the terminal, ask yourself whether you trust the source. It could be one of the 8 Deadly Commands You Should Never Run on Linux.

Edit: Check out this discussion Quora too. It is informative.

If you use Ublock Origin, you can block malware/phishing domains from its settings. Go to settings > Filter list > Scroll down and check the boxes below.

Screenshot-2022-04-24-06-51-32.png
 
Last edited:

Members online


Top