this post was submitted on 06 Jun 2024

23 points (100.0% liked)

technology

23303 readers

17 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

[email protected]

Does linux need some form of antivirus? (hexbear.net)

submitted 5 months ago by [email protected] to c/[email protected]

19 comments fedilink hide all child comments

and if so any suggestions? i have like 6 on my windows phoenix-bashful

top 19 comments

sorted by: hot top controversial new old

[–] [email protected] 21 points 5 months ago (2 children)

Antivirus is a fucked approach, it basically scans files for what they call malware "signatures", which they accumulate over the years from malware found in the wild. Problems with that:

False positives.
False negatives.
Slows down the computer.
Malware developers can obviously see what the antivirus is doing, so they change their malware till it is no longer detected, and/or sabotage the antivirus once they're on the computer.
You now have a privileged uberparser on your computer, that unpacks and parses all manner of file formats, and it is being run on everything. This increases attack surface a lot.

The whole idea is misguided, and only exists because these companies managed to scare people into buying their snake oil.

[–] [email protected] 15 points 5 months ago (1 children)

im guessing that's a "no" then? blob-no-thoughts

[–] [email protected] 9 points 5 months ago

saul-your-honor

[–] [email protected] 2 points 5 months ago (1 children)

Sooo... What is a good approach then?.. especially for us idiots who still use Windows?

[–] [email protected] 3 points 5 months ago

Don't download random .exe's off the internet. This is pretty much the only thing that an antivirus has any chance of catching, since it's where you'll find "old" malware your antivirus knows about. If you do risky stuff like that (pirating PC games?) maybe don't use that computer for anything important or personal.

Then the usual stuff, which you want to do anyway, because antivirus doesn't help with that:

Update your software.
If you have any reason to believe your computer might be compromised, completely wipe the hard drive, start from scratch, and change all your passwords.
Install an ublock origin to block ads. Ads are a common attack vector.
Assume every link or attachment from an email or message is a scam unless you were expecting it or you can prove otherwise.

[–] [email protected] 17 points 5 months ago* (last edited 5 months ago) (1 children)

Generally no. If you are installing software from trusted sources (I.e. your distribution's package repository) and applying security updates in a timely manner, there is very little to worry about. If you are processing untrusted files and forwarding them to third parties (I.e. you're running a mail server) there are tools like ClamAV to check for KNOWN viruses.

It is entirely possible to install viruses if you are running software from untrusted sources. This includes viruses designed for Windows by running sketchy things in Wine/Proton. These are compatibility layers, and if they are working correctly that includes compatibility with malware. Isolation is explicitly not a design goal of these projects. If you run a Windows ransomeware in Wine, you WILL lose your data. If you run a naive Limewire worm in Wine, Limewire WILL autostart and spread the worm.

Always be careful with pirated software. It doesn't hurt to run ClamAV on a torrent before trying to use it.

[–] [email protected] 5 points 5 months ago (1 children)

How effective is something like virtual box at isolating windows?

[–] [email protected] 6 points 5 months ago

It's not impossible for malware running in a type 2 hypervisor like Virtual Box to do a guest-to-host attack, but those attacks are pretty specialized and most viruses aren't going to affect the host system.

[–] [email protected] 14 points 5 months ago (1 children)

Nope, not really. The way Linux keeps userspace very limited in what it can do means that as long as you don't do something very unwise like deliberately giving more privileges to a shady program you're not really at risk. Just try to only install stuff through your package manager if you can help it and only directly install programs that you trust. If you want to pirate software it can be a little tricky to do safely, I run my games through Lutris and Wine which creates a layer of isolation.

[–] [email protected] 10 points 5 months ago (2 children)

What I don’t like about Linux is that a lot of things require you to sudo to install if you’re installing outside of the App Store, which is often. Even then a lot of apps require you to sudo to download from the store.

I have no problem with it because I understand my computer, but it just seems like a disaster waiting to happen for a noob who wants to install a bunch of shit and all the tutorials just casually instruct them to do so without warning of the implications.

[–] [email protected] 8 points 5 months ago* (last edited 5 months ago)

Most of this software can be installed without sudo by changing the prefix in the (pre-compile) configuration step. The prefix usually defaults to /usr/local, which requires root, but you can change it to (e.g.) /home/your_user_name/.local and install without special privileges. You need to add the directories to PATH/LD_LIBRARY_PATH etc. but then it works practically as an overlay on top of your distribution-provided packages without any permanent side effects or impact on other users.

You're right that most instructions don't explain this, though. They just kind of assume GNU Autoconf / CMake / Meson is intuitive to mere mortals.

[–] [email protected] 8 points 5 months ago

Indeed, it's a big problem with Ubuntu/Snap but I haven't been burned yet. Other distros have better app managers, and of course it does depend on what the user is doing. Most people should only need LibreOffice, Firefox, Steam, and some random apps here and there since almost everything runs on the browser nowadays, so it really isn't a huge problem.

[–] [email protected] 9 points 5 months ago* (last edited 5 months ago)

The main reason that you don't need an "antivirus software" on GNU/Linux is that software is treated in a fundamentally different way. On windows, it is pretty common for people to download exe files from random website and run them. On GNU/Linux, you should not being running random executables that you found on the internet. The majority of the software that you use should be installed from your distro repository.

If you are very concerned about security, you can use a security auditing tool like Lynis. Lynis is a tool that I have used before. You run it and it makes a checklist of things that you can do to improve the security of your GNU/Linux system. It will probably tell you to set up an Intrusion Detection System like TripWire. It might recommend you to do something like having your system files on a separate partition and booting your system partition as read only when you use your computer normally. Most people don't do all these things, but Lynis will tell you what is possible and you can decide what meets your security needs. Lynis is probably in your distro repository.

https://en.wikipedia.org/wiki/Lynis

This is a pretty good checklist of security practices for a GNU/Linux desktop system.

https://github.com/lfit/itpol/blob/master/linux-workstation-security.md

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (3 children)

I don’t use antivirus on any OS these days, with the exception of the default Windows Defender on windows.

People say that Linux is inherently safer, which I’m inclined to believe, but it’s also not widespread enough to put that theory to the test. Windows and Mac are commonly targeted because that’s what most people use. You’ll see more effort put into hacking Linux if it became normalized.

It’s not really analogous to seatbelts and condoms either, because while those things aren’t foolproof, you don’t really know what antivirus is doing besides what they advertise. I believe a few big name vendors were caught mining bitcoin.

But if you must, having more than one will not make you safer. In this case, it’s like using a condom. Using multiple will just slow things down, potentially break your system, have a bunch of conflicts, and send your stuff to multiple places. I recommend deleting them and using the default Windows Defender.

[–] [email protected] 7 points 5 months ago* (last edited 5 months ago)

it’s also not widespread enough to put that theory to the test.

In a way it is in that most large servers are running Linux, which offers a pretty high value target for attackers. That doesn't translate perfectly to desktop Linux because the attack surfaces are slightly different, but I think it's safe to say Linux is targeted.

[–] [email protected] 6 points 5 months ago (1 children)

Linux dominates web, iot, mobile, supercomputers, financial, cloud and development devices.... Targets that are way more valuable than desktops which is probably what you're thinking of.

[–] [email protected] 3 points 5 months ago

True, but also more secure by virtue of being valuable and maintained by large companies with resources. Windows and macs are used by the everyday shlub so it can be anywhere from an encrypted brick to “123admin” level of secure.

[–] [email protected] 5 points 5 months ago

dw the ones i have dont overlap, i have some understanding of how the computer works

[–] [email protected] 2 points 5 months ago

Yes. Growing marketshare and new unfamiliar users who have picked up the bad habit of copy/pasting stuff from random websites into their terminals creates a great environment for malware.

Selinux and apparmor both handle this like windows did, where stuff that you usually shouldn’t be doing raises a red flag and the computer says something on the “uhh, you sure bout that?” To “absolutely not. Boot into a different environment if you wanna pull that!” Spectrum.

The problem is that you gotta learn one of those two.