Do you have any antivirus recomendations for Linux.

  • RoboRay@kbin.social
    582·
    2 years ago

    Do you have any antivirus recomendations for Linux.

    Install all applications from your package manager.

    Don’t run things as root.

    Don’t visit sketchy websites.

    Run an ad-blocker that isn’t owned by an advertising company.

    • necrxfagivs@lemmy.worldEnglish
      2·
      2 years ago

      Can you get a virus just for visiting a sketchy website?

      Also, some programs aren’t available via my package manager (I use Fedora) so I have to add 3rd party repos. Is there a general security guide for linux?

      Thank you!

      • MonkderZweite@feddit.ch
        7·
        2 years ago

        Can you get a virus just for visiting a sketchy website?

        Not with an uptodate browser. But there was malware in adverts on normal webpages. Even CIA recommends an adblocker.

      • c1177johuk@lemmy.world
        71·
        2 years ago

        Nowadays it is almost impossible to get a virus just from visiting websites. As for security recommendations I would recommend never running applications as roo that 100% don’t need it, as for 3rd party repos I would always be a by mindful of the apps but generally there isn’t too much of a risk, of getting a virus.

      • RoboRay@kbin.social
        4·
        2 years ago

        There have been cases of malware exploiting scripts and even images being displayed, whether directly hosted on the site or via compromised ads.

      • kyub@social.tchncs.de
        1·
        2 years ago

        Highly unlikely. A site could try to exploit unpatched security holes in your browser, but if your browser is up to date, this is unlikely to succeed. Modern browsers are very complex and large so they have lots of weaknesses, but they also get fixed quickly, a lot of eyes are on their code and they utilize sandboxing techniques as well to isolate things from your system.
        Still, it’s a good idea to harden your browser further yourself, or run it in an additional sandbox.

        Check Flatpaks as well.

  • bushvin@pathfinder.social
    434·
    2 years ago

    I wouldn’t recommend using anti-virus software. It usually creates a lot more overhead, plus it usually mimics existing solutions already in linux. The only viruses I have ever caught using an anti-virus software on Linux are the test viruses to see if all is working fine.

    Anyway, here’s my 20+ enterprise experience recommendations with Linux :

    • enable secure boot: will disable launching non-signed kernel modules (prevent root kits)
    • enable firewall: and only allow ports you really need.
    • SELinux: it is getting better, and it will prevent processes to access resources out of their scope. It can be problematic if you don’t know it (and it is complex to understand). But if it doesn’t hinder you, don’t touch it. I do not know AppArmor, but it is supposed to be similar.
    • disable root over ssh: or only allow ssh keys, or disable ssh altogether if you do not need it.
    • avoid using root: make sure you have a personal account set up with sudo rights to root WITH password.
    • only use trusted software: package managers like apt and rpm tend to have built in functionality to check the state and status of your installed software. Use trusted software repositories only. Often recommended by the distro maintainers. Stay away from use this script scripts unless you can read them and determine if they’re the real thing.

    Adhering to these principles will get you a long way!

    edit: added section about software sources courtesy of @dragnucs@lemmy.ml

    • stravanasu@lemmy.sdf.orgEnglish
      4·
      2 years ago

      Thank you for the advice!

      Firewall on Linux is something I still don’t understand, and explanations found on Internet have always confused me. Do you happen to know some good tutorial to share? Or maybe one doesn’t need to do anything at all in distros like Ubuntu?

      Regarding ssh: you only mean incoming ssh, right?

      • stravanasu@lemmy.sdf.orgEnglish
        4·
        2 years ago

        @bushvin@pathfinder.social @toikpi@feddit.uk @hevov@discuss.tchncs.de @ChonkaLoo@lemmy.world @HotBoxghost2743@lemmy.ml @c1177johuk@lemmy.world (I’m surely forgetting someone, sorry)

        Thank you ALL for the great advice and guides! I’m writing from behind a laptop firewall now, and don’t notice anything :) It was smoother than I expected. In the end I used UFW because it was already installed, but I’ll take a look at firewalld too in some days! I don’t have any incoming ssh connections (not a server), so I didn’t need to worry about that :)

        Really great people here at Lemmy :)

      • bushvin@pathfinder.socialEnglish
        3·
        2 years ago

        Yes, usually you configure your endpoint firewall to block incoming traffic, while allowing all outgoing.

        Unless you’re in a very secure zone, like DMZ’s.

      • Ghost@lemmy.ml
        3·
        2 years ago

        What don’t you completely understand about Linux firewall? I don’t mind helping you learn

        • stravanasu@lemmy.sdf.orgEnglish
          5·
          2 years ago

          Thank you everyone, also @bushvin@pathfinder.social @toikpi@feddit.uk.

          For example, if I open my settings (I’m on Ubuntu+KDE) I don’t see any firewall settings to configure. So I expect this is automatically done by the OS, but maybe I’m wrong. A bit surprised that the system itself doesn’t recommend using a firewall, to be honest.

          Many firewall tutorials start speaking about “your server”. Then I wonder: is this really for me? I don’t have a server. Or do I?

          I now see that the tutorial from @toikpi@feddit.uk gives a better explanation, cheers! So I see it’s good to have a firewall simply because one connects to public wifis from time to time.

          I see that both UFW and firewalld are recommended… is it basically OK whichever I choose?

          • Ghost@lemmy.ml
            3·
            2 years ago

            The main one everybody uses at least from my knowledge and from what I’ve used over the last 13 years is UFW. That is what you want to use.

            A firewall is very important not just for being on public Wi-Fi connections. A firewall is your extra layer of protection

            I don’t know what Distro you run. But it’s almost the same for each one

            https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04

            UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.

            Using IPv6

            sudo nano /etc/default/ufw

            That command should come back with this

            IPV6=yes

            Save and close the file. Now, when UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules. However, before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Let’s start with setting the default policies.

            Setting up default policies

            sudo ufw default deny incoming sudo ufw default allow outgoing

            These commands set the defaults to deny incoming and allow outgoing connections. These firewall defaults alone might suffice for a personal computer, but servers typically need to respond to incoming requests from outside users. We’ll look into that next.

            To configure your server to allow incoming SSH connections, you can use this command:

            sudo ufw allow ssh

            This will create firewall rules that will allow all connections on port 22, which is the port that the SSH daemon listens on by default. UFW knows what port allow ssh means because it’s listed as a service in the /etc/services file.

            However, we can actually write the equivalent rule by specifying the port instead of the service name. For example, this command works the same as the one above:

            sudo ufw allow 22

            If you configured your SSH daemon to use a different port, you will have to specify the appropriate port. For example, if your SSH server is listening on port 2222, you can use this command to allow connections on that port:

            sudo ufw allow 2222

            To enable UFW, use this command:

            sudo ufw enable
            • bushvin@pathfinder.social
              4·
              2 years ago

              The main one everybody uses at least from my knowledge and from what I’ve used over the last 13 years is UFW. That is what you want to use.

              I could easily say that for firewalld… 😃

              Ufw is typically available/pre-installed with Debian based systems (Debian, Ubuntu, zzz), while Firewalld is typically available on Red Hat Enterprise Linux and derivates (Fedora, CentOS, Rocky, …)

              But it boils down to what you prefer, really.

              • Ghost@lemmy.ml
                2·
                2 years ago

                I know all this already. But I also use arch and have been for the last 6+ years and I use ufw lol

          • bushvin@pathfinder.socialEnglish
            2·
            2 years ago

            I see that both UFW and firewalld are recommended… is it basically OK whichever I choose?

            Yes. Whichever works for you should be fine. In the end you should be able to manage it

      • hevov@discuss.tchncs.de
        3·
        2 years ago

        I don’t think you need to configure your firewall. Firewalls are usualy used to block incomming connectings. Usualy a Firewall that blocks all incomming connections is already active on your modem/router. Adding exception to the modem/router Firewall usualy happen through port forwords.

      • bushvin@pathfinder.socialEnglish
        2·
        2 years ago

        ebtables and iptables can be very complex. And I failed my 1st RHCE exam because of them. But once you learn, you will never unlearn, as they are quite beautifully crafted. You just need to get into the mindset of the people who wrote the tools…

        Look into firewalld It has a rather simplified cli interface: firewall-cmd

        The manpages will tell you a lot.

        firewall-cmd —add-service=ssh Will open the ports for your ssh daemon until you reload your firewall or reboot your system firewall-cmd —permanent —add-service=ssh Will open the ssh ports until you remove them

        firewall-cmd —list-all Will show you the current firewall config

        • kool_newt@lemm.ee
          4·
          2 years ago

          Try nftables directly, it’s simple and straightforward, scripting syntax is easy.

        • c1177johuk@lemmy.world
          3·
          2 years ago

          Another simpler frontend for iptables I think is well suited for desktop environemnts is ufw. It does what it’s supposed to do and is extremely simple to use

          • bushvin@pathfinder.social
            1·
            2 years ago

            I personally do not know ufw, but if it does what it must, then you’re solid.

            Linux is also about choices: do stuff the way you choose to, and makes you comfortable.

    • hevov@discuss.tchncs.de
      3·
      2 years ago

      Thanks for the helpful list. I had concerns in the past about flatpak, because as far as I know the dependencies are bundled into the flatpak and are not using the latest version of your distro. But that means that some flatpaks probably use outdated and unsecure dependencies.

      Whats your opinion on that matter?

      • pastermil@sh.itjust.works
        3·
        2 years ago

        I found flatpak to in fact be ahead of distros’ packages. Granted, I use distros that are rather conservative on update (Debian, Gentoo, and Linux Mint). If you use something bleeding edge like Arch, things may be different, but shouldn’t be far off.

        Either way, I find flatpak to be reliable.

    • AFlyingCar@lemmy.blahaj.zoneEnglish
      1·
      2 years ago

      I would actually like to see your Bubblewrap script if you wouldn’t mind sharing. I’ve been thinking about trying to learn how to use it for a while now, but I’ve kept putting it off since getting Xorg programs to work with it seemed difficult/confusing to me.

    • zwekihoyy@lemmy.ml
      1·
      2 years ago

      do not use browsers from flatpak. browsers have their own built in sandbox that is crippled or sometimes fully disabled in order to make flatpaks sandboxing work, which are often less restrictive than the browser’s.

      flatpak is better than nothing for the average user but most packages completely ignore the sandboxing it is supposed to use and require manual changes on flatseal.

  • ashtefere@lemmy.world
    191·
    2 years ago

    Most antivirus software are just root level tools to harvest your data, that pretend to help

  • shirro@aussie.zoneEnglish
    10·
    2 years ago

    The typical consumer Windows antivirus was designed to solve a different set of problems in a different environment and analysing files for signatures and behaviors against known threats was very valuable when so many people were running executables from unsafe sources intentionally or not. Even on Windows an antivirus has never been the best way to secure a machine. It was always the lowest common denominator solution that you put on everyone’s machine because it was better than nothing.

    Linux has been well served for a long time by the division or privileges between root and users and signed trusted distro sources. The linux desktop is trending towards containerized flatpak applications running in seperate namespaces with additonal protection via seccomp. Try and understand the protections Linux provides and how to best take advantage of them first and only reach for an antivirus if you still think it is needed.

  • rayon@lemm.ee
    81·
    2 years ago

    I don’t understand why we keep telling new users that it is useless to use an antivirus on Linux. For people with computer knowledge, sure. However more widespread Linux adoption will mean more casual users will start using it. Most of them don’t have the “common sense” that is often mentioned ; these users will eventually fall for scams that tell them to run programs attached in emails or random bash scripts from the internet. The possibility is small, but it’s not zero, so why not protect against it?

    • XTL@sopuli.xyz
      81·
      2 years ago

      Because snake oil is not helping, or a working substitute.

      Security is a process, not a solution.

        • bushvin@pathfinder.social
          1·
          2 years ago

          The problem with AV s/w in my experience, is that they do not work very well, and hinder the system’s functioning, because they provide duplicate behaviour of existing solutions and compete with them directly.

          In one instance I discovered McAfee to disable write access to /etc/{passwd,shadow,group} effectively disabling a user to change their password. While SELinux will properly handle that by limiting processes, instead of creating a process that would make sure those files aren’t modified by anyone.

          People need to understand Linux comes pre-equipped with all the necessary tools and bolts to protect their systems. They just don’t all live in the same GUI, because of the real complexity involved with malware…

      • rayon@lemm.ee
        01·
        2 years ago

        You might be legitimately annoyed by the amount of free antivirus software on Windows that don’t offer good protection, on top of being filled with ads. But I don’t agree that scanning for malicious files and preventing dangerous commands (regardless of how good the implementation is) can be labelled as snake oil.

    • lemmyvore@feddit.nlEnglish
      51·
      2 years ago

      You should protect against it, but antiviruses are not the answer. It’s more efficient to prevent breaches by building good security into software by design (and keeping your system up to date) than to play an endless game of catch-up enumerating pieces of malware after they’re already circulating.

      Windows tried this approach and it turned into a mess, antivirus companies turned into villains themselves and it still didn’t fix the underlying problems. Eventually they came around to actually fixing security problems, and keeping Windows up to date, and offering a curated source of apps and so on.

      You can still use scanning on Linux, but apply it efficiently on entry points, like attachments in your email client or your Downloads dir. Don’t run a scanner all the time on all your processes and files, that’s a gross waste of resources.

      It also makes no sense for a properly secured modern system. Take for example Android, where a userspace antivirus can’t work because userspace processes are isolated from each other, and a system level antivirus cannot be trusted because it needs to download signatures externally and can (and probably will) be a breach of privacy.

      • rayon@lemm.ee
        0·
        2 years ago

        I basically agree with all the points you are making. Only scan downloads, email attachments and whatnot. Don’t try to play cat and mouse with sophisticated malware because that’s a waste of resources. I don’t think software like this exists?

        Perhaps SELinux on desktop is the way to go as other posts are suggesting, although I heard that it has some usability problems and can break some programs.

    • Potatos_are_not_friends@lemmy.world
      2·
      2 years ago

      Schrödinger’s Linux fanbase

      Linux is so much better and easy to use for casual users. But in order to use it, you have to understand terminal, bash scripting, understand permissions, understand the difference between various flavors, etc

    • FoxBJKEnglish
      1·
      2 years ago

      Same thing happened on macOS. We used to say it’s immune because everything was written only for Windows. That stopped being true a long time ago and the majority of web servers have been running Linux for a decade. Doesn’t seem so crazy to me that someone would want to regularly scan their Linux boxes for bad code.

  • dragnucs@lemmy.ml
    6·
    2 years ago

    There are anti viruses that run on GNU/Linux like ClamAv and kaspersky but they actually do not target the machine they run on or at least they are not so useful. Their intention is to stop the spread of malware.

    In general, you just need to install softwaref uaong the package manager from trusted sources that are usually the defaults of your distribution and not input your password when you are not expecting it.

    When copying commands to the terminal, most terminals will warn you if you are copying a command that requires root privileges.

    That said for the operating system, apply it to the browser as well by being eclectic on what extensions you install and voila. 99.99% guaranteed malware free.

  • Mandy@beehaw.org
    6·
    2 years ago

    Use common sense and dont install random shady shit from the internet.

    Best antivrius in the world

    • ReakDuck@lemmy.ml
      2·
      2 years ago

      After happily not following your advise my entire life on Arch Linux… I got this weird Virus on my PC while game developing. This virus made my entire PC glitch and my friend also wondered what the fuck is going on. Weird and creepy music started and sounded like its telling me I am dumb. After unplugging my entire PC from electricity, the music was still there… and I cried.

      After waking up I asked myself how the fuck did I dream this and why this dream felt so real (like a lucid dream but I thought this is real life). I maybe dreamed this after having a discussion why I should get an IPhone. As a GrapheneOS user I explained myself, but restarted my thinking about Security. (But even without being a Security focused guy, an IPhone has not enough features like Sideloading Open Source apps)

  • danielfgom@lemmy.worldEnglish
    5·
    2 years ago

    Yes, no antivirus. You don’t need it. There are no viruses. Plus, the way Linux is setup it’s not easy for a virus to do alot of damage.

      • danielfgom@lemmy.worldEnglish
        2·
        2 years ago

        Put the AV on Windows only. Linux cannot run any .exe files anyway so they are useless, unless you try run them under wine, but I wouldn’t recommend it.

  • virtualbriefcase@lemm.ee
    4·
    2 years ago

    Virustotal is great to scan anything you download that does not contain sensitive information, and ClamAV + TK will work locally to scan anything that contains sensitive information (e.g. documents sent by others) or things too big for Virustotal.

    Like others are saying, there’s less of a need for antivirus on Linux since there’s less easy entry points (e.g package manager over downloading an installer) and less (but far from 0) malware made for Linux. But we all probably download app images or get documents related to job searches at some point and I personally prefer to scan almost file that I get from a remote computer.

  • eatstorming@lemmy.world
    3·
    2 years ago

    1. Do not run a root account for regular stuff. This is a lot less common now since most distros require you to create a non-root account during install and a lot of the systems annoy you if you’re running as root, but you’d be surprised by the sheer number of people who use accounts with UID 0 daily. This may also be caused by “”“more experienced”“” friends/family setting it up that way to try cutting corners regarding access rights, but the bottom line is: don’t be that person. Use root when necessary only.

    2. Get into the habit of not blindly running every command you see online or trying every trick you read/hear, at least not on your main system. Try to setup a VM (or multiple) for the purpose of trying stuff out or running something you’re not sure what the impact might be.

    3. Keep your system updated, from kernel to userland.

    4. Get into the habit of reading news regarding exploits, malware and the responses for them. You don’t need to become an infosec professional or even understand what they actually do. What is important is for you to learn what to avoid and when something really bad is discovered so you can update as soon as possible.

    These 4 steps are arguably more important and create better results than any anti-virus could ever hope to do for you. They won’t ever get to 100% security, but then again, nothing will.