Do Linux users need anti-virus and malware apps?
I know that until now Linux users haven't needed anti-virus and malware protection, and was wondering whether this still applies when there are so many little oiks out there with nothing better to do than try to upset other peoples lives.
|
Wow, this question has never been asked before ... or is it?
|
Quote:
Common sense matters more than rumor or the OS 'religion' of choice. |
The more best practices you learn and use, the greater chance that your data will be safe.
|
Hey at least you didn't ask... "how do i get this *video* to play in Kali?" :D
https://www.debian.org/doc/manuals/s...-tools.en.html :hattip: http://www.linuxquestions.org/questi...3/#post5563948 ;) http://www.linuxquestions.org/questi...0/#post5585210 |
Thank you all for your replies. I had, in fact, checked for previous threads on this subject, but the latest one that showed in the list was from 2014, so I didn't know whether it was still considered unnecessary to have av.
I already have a firewall up and running, and I try to be careful about what I download and sites that I visit. Which are considered to be the best detectors of, and protections against, av, malware etc. Sorry, Jamison, your comment about playing videos in Kali went right over my head; anyway,I use vlc to play videos :-) |
Kali (for the most part) is an OS for professionals to try and hack into your system, thus finding the vulnerabilities to fix. Most :newbie: questions there are not what they should be. :doh:
I like FirewallD and its "Firewall Applet" with script and ad blocking add-ons in Chrome and Firefox, that's about the extent of it for me tho Sid may have more under its hood... ;) |
Quote:
No home user should be PAYING for the kind of professional, in depth, multi-level protection our best people can provide, that would be serious overkill. Some simple and free rootkit protection, antivirus, and change detection or prevention is appropriate. SELINUX can provide some of that, but can be a handful for a non-admin to set up properly: but using the default rules can be a start and it comes with most modern distributions. Clam-AV is free, in most distro repositories, and works well against most malware, but is not as current as the best of the commercial AV solutions: I recommend it. A firewall (software or network) can help if you come under attack. My home network used a honeypot and fail2ban: and was blocking on the order of 200 addresses a day from China alone. (More from the Soviet block, Africa, and a few from Europe and South America, very few from within the U.S.A., and one ONE - Just one, from Ireland. I always wondered about that one.) I recommend a rootkit detection such as RootKitHunter, and AV such as Clam-AV, and a firewall. If you want or need to add onto that, you have a special problem and should research specific solutions to answer the kind of attack you are experiencing, and you might want to enlist your ISP in your protection effort. The minimal protection I recommend does not load your system down, will not slow your processing, but only provides basic protections. Normally, that is all you need. Attackers will see you are protected and attack your more vulnerable neighbor instead. You also want a log analysis tool. Ignoring the logs from your protections renders them pointless. They will tell you about the threat, but if you ignore what they say they served no purpose. Alas, reading the logs on a daily basis can be a chore, and will push you to ignore them. A log analysis tool should be able to trim the noise and present you with a short, simple list of just the significant changes that you need to notice. Make it part of your daily routine to spend a minute of your time checking that no one has broken into or powned your system, and it will not be a burden. The only systems I have had a rebuild due to a threat breakin were either Windows, or some business owner had put in a simple, short password to make it easy to remember. And break or guess. Do not subvert your system security: if you do you are not the only one that can take advantage of that. [Special Exception: if you reload your machine every one to three months (we see you Fedora users) and never store information on your machine then you can worry less: if someone breaks your machine and steals that data, just reload your machine and change your passwords. You only need protection if you have something to protect or hate reloading your machines.] |
Code:
$ apt search psad |
I've heard of Fail2ban from Frank and others but maybe over kill if not running a server? PSAD sounds cool, checking it out now. :)
Some of LQMCA2015:
|
Quote:
I have little bits of Irish, Norse, Dane, Welsh, German, and Scot (and some little bits of who knows what, perhaps Neanderthal) in my blood, and irony in my soul. It does me good to give some of the worms and script kiddies a bit of their own medicine from time to time. Carefully. |
I did forget to mention backups in post #7, if you have data you want (or need to keep) back it up more ways than one! ;)
|
Quote:
It really depends on your situation and your stand point on whether Linux boxes need antivirus protection. If you are also using Windows PC's, personally I would recommend you do install some form of protection as this can prevent you spreading viruses to Windows PC's. If you have a mixed network (both Windows and Linux PC's) you defiantly should, as this can stop your network going down because of virus attack. Let's say you have a Linux file server and Windows workstation's, you can protect your workstation's from becoming infected in the first place (prevention is better than the cure). I hope this helps. Edit: You should also make regular backups as well, just in case. |
The simple answer is NO!, Is important undertand that a "malware" program can run in all systems, if i write a program in C or other language, that, for example, delete all documents in your /home, if you execute the program and it has permissions, work well. But there are two points here:
1.- GNU/Linux is more secure because the system not execute programs automatically like to windows, in windows, you insert cd/dvd and a program can execute and with admin account... horrible, and in emails etc... in gnu/linux in some distributions a usb/hdd can mount automatically when it is plugged but it is not execute files automatically. 2.- GNU/Linux philosophy is based on official repositories, the most software is installed with apt, yum, pacman... then is very difficult that a malware is installed with this method, windows user download malware in cracks etc... The important is that you dont execute binary files without know that is. Anyway people in email servers or ftp servers installed a antimalware because there are windows users in the service, but not is for gnu/linux. |
Quote:
It does not depend upon your standpoint whether you need Antivirus, though that may drive your decisions. The parts of your situation that apply are your exposure and the level of risk. If you are not detecting and monitoring attack vectors you will have no idea of the risk level. There was a study done about the time XP came out (years old number alert) that indicated that when an unprotected windows machine came onto the internet the average time before first attack was 22 seconds, and the average time before it joined a threat network (all without the users knowledge) was less than 90 seconds. I am not sure where they ran those tests, but my testing indicates you should double those numbers. If you are running Linux, double them again. The only OS I am sure could resist all attack without AV or security software is KolibriOS, and that will only last until some nut decides to create malware for that unique environment. Points to note: 1. If you are not testing the threat, you have no basis for judging it or making security decisions. In this case it is better to err on the side of security. 2. If your system has been taken over by malware, you may not know. This is even more likely if you do not think you need to CHECK! Checking after infection may not tell you enough, because smart malware HIDES: you have to catch it on the way IN. 3. No matter what the real numbers are, if there is a successful attack it progresses very FAST. Human reactions are rarely fast enough to make any difference. Plan and automate your responses before you position your machine into a threat environment like the internet. 4. Run Linux not Windows: you will cut your threat level about in half. That is still not good. Run selinux, AV, and a firewall, turn off or isolate any listening services you need not expose, apply security updates often, and take regular backups: these enhance your security significantly. There is no SURE protection, but SOME is a LOT better than NONE, and these are easy, painless, and low impact. BTW: I recommend Windows users also run the latest version, run AV, run Firewall. I add that they should pray a LOT: because Microsoft is still the most popular target out there and known vulnerabilities are sometimes fixed in a day, and sometimes not for YEARS. If you are on this forum, you are already likely to be among the smarter or luckier ones that are more likely to use protection and less likely to suffer. Just don't get cocky! |
All times are GMT -5. The time now is 11:12 AM. |