Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by sundialsvcs
Well, the download images and packages and so-forth are digitally signed, which is why the "public key" used by a distro is updated from time to time. The integrity of the package is verified before its contents are used.
You continue to use the word, "infect." That's a biological term. It implies that, if I send a piece of malicious software to you, your computer will install it, without your knowledge, unless you run software that's supposed to act like a digital "immune system." That is not a valid analogy.
Easily, the most convenient way to install software on your machine and to have it be running is to embed it within the JavaScript that is running an innocuous-looking advertisement. (Which is why I block every advertisement from a web-site.) But, even so, that software "runs as you."
The most critical thing that you must ensure is that rogue software cannot gain elevated privileges. "Windows Home Edition" users are administrators, and it is difficult for them to be otherwise, and Microsoft never says a thing about the potential danger. Many Linux users are by-default members of the wheel group, which means that "root access" needs only their login password. These are vulnerabilities that no "scanner" can prevent: it is intrinsic to the way that they have set up their machines and their own access privileges.
"Anti-virus software" is sold just because it "feels good." Because it makes you somehow feel that you are doing something that is both necessary and prudent. And yet, what one piece of software "has access to everything?" You got it: the "anti-virus software" itself. These packages have been exploited to create vectors on many occasions.
I guess it's the same reasoning that enables pharmacies in the United States to sell "flu shots" to get a quick $25.00 profit from an 8¢ injection that won't do you any good anyhow.
Yes, I know that packages are signed and repos are checked for viruses, this is why wherever possible I install software from packages. And always make sure signatures match what they are supposed to be.
As for the word 'infect', it's a word, your reading too much into it.
I agree with you, that in order for ANY piece of software to do ANYTHING on your computer it has to actually be RUN in the first place.
The first PC I ever brought come with Windows XP Home Edition on it, and I therefore do agree with you there. As well as the point that you should be careful about which user groups your 'everyday' account is a member of.
But from what I can read (correct me if I'm wrong) you are trying to say that, there will never be any possibly that antivirus software would/could be useful and/or a valid security measure. And/or that there will never be any possibly that a virus would/could be run on your system. I could not agree with you there.
You are forgetting that humans are not prefect and could be careless/make mistakes (correct me if I'm wrong).
I'm not sure what 'flu shots' have to do with computer security.
It sounds to me like you are one of those people that believes everything/most things must be one big conspiracy (correct me if I'm wrong).
Yes, the "virus industry" is indeed one big scam. And terms like "virus" and "infect" are just marketing terms used by said industry - and the vast majority of people, not being fully computer literate, believe the "biological" scaremongering which sundialsvcs refers to. And as he states above, it's about feeling safe rather than actually being more secure. This software tends to constantly remind you, via pop up notifications, that it's protecting you and eliminating "threats". In most cases this is a few browser cookies, but the average person sees that 50 odd "problems" were resolved and this has a soothing effect. "Personal firewall" software from the same vendors also tends to show the user notifications of "attackers" (probably icmp packets...) which it has stopped.
Most anti-malware software also suffers from the problem of false positives - i.e. an innocent program in a compressed file or a bit of text or a completely innocent script is flagged up as "suspicious" and quarantined. This is because most corporate anti-malware software is designed, primarily, from a litigative perspective.
It revolves around MS windows and the big corporations creating anti-malware software for that OS and it has made some people very rich.
You only need something like clamav if you're in any way involved in administering servers and want to stop malware spreading to and from windows workstations which are using your NFS/SMB shares, mail server, whatever...
...
You are forgetting that humans are not prefect and could be careless/make mistakes (correct me if I'm wrong).
I'm not sure what 'flu shots' have to do with computer security.
...
...non sequitur... or, science as both medicine and security are a practice not right (eg most education with voting on policies plus not seeing borders or race) and wrong( voting for people(!)!
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by cynwulf
You only need something like clamav if you're in any way involved in administering servers and want to stop malware spreading to and from windows workstations which are using your NFS/SMB shares, mail server, whatever...
This was my main point originally, but clamav is not exactly up there in terms of detection rates, so personally I would go for something else in terms of antivirus software.
Also, if your not paying anything for antivirus software (clamav, AVG Free Edition, etc), the antivirus vendor is not actually making any money from you in the first place.
At the end of the day, you have to make your own judgement in terms of having antivirus software on your Linux box. And as you 'suggest' (for lack of better words) you need to work out what your actual risk(s) are in the first place.
Also, if your not paying anything for antivirus software (clamav, AVG Free Edition, etc), the antivirus vendor is not actually making any money from you in the first place.
AVG is not "free", it's proprietary software and actually adware/spyware in itself:
At the end of the day, you have to make your own judgement in terms of having antivirus software on your Linux box. And as you 'suggest' (for lack of better words) you need to work out what your actual risk(s) are in the first place.
If you are just a home desktop user, running just a single Linux box, it's probably a waste of time and effort.
clamav is not exactly up there in terms of detection rates
Also, if your not paying anything for antivirus software (clamav, AVG Free Edition, etc), the antivirus vendor is not actually making any money from you in the first place.
This is exactly why I recommended virustotal. You upload an executable, get the signature checking of all the major vendors, and don't have to install any unsavory software. The executables you get from the repo have safeguards far superior to (and in addition to) basic signature detection, with the possible exception of testing distros.
I'm not sure what 'flu shots' have to do with computer security.
It sounds to me like you are one of those people that believes everything/most things must be one big conspiracy (correct me if I'm wrong).
"Yeah, you're wrong."
"Flu shots" are heavily hyped at every pharmacy, grocery store, and roadside stand in the USA, because they are extremely profitable. (The vaccine costs almost nothing.) Because the influenza virus is very mutagenic, it is difficult to produce a vaccine that will work well "this year." (See this article from CDC.gov for a good layman's run-down of the matter.)
Yes, I am of the reasoned opinion that "anti-virus software" can in fact do more harm than good.
Last edited by sundialsvcs; 12-08-2016 at 05:27 PM.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by cynwulf
AVG is not "free", it's proprietary software and actually adware/spyware in itself:
If you are not paying anything for the software in the the first place, how is the antivirus vendor making any money out of you? And yes, it is proprietary, do agree with you there.
Quote:
Originally Posted by sundialsvcs
"Yeah, you're wrong."
"Flu shots" are heavily hyped at every pharmacy, grocery store, and roadside stand in the USA, because they are extremely profitable. (The vaccine costs almost nothing.) Because the influenza virus is very mutagenic, it is difficult to produce a vaccine that will work well "this year." (See this article from CDC.gov for a good layman's run-down of the matter.)
Yes, I am of the reasoned opinion that "anti-virus software" can in fact do more harm than good.
About?
If your talking about 'flu shots', I don't think your computer is going to get any better if you gave it a 'flu shot'! Sorry.
You don't pay for facebook, the vast majority of google services and MS recently started giving away windows 10 as a "free" upgrade... who or what do you think pays for all of this? (Hint: Read the links I posted)
If you are not paying anything for the software in the the first place, how is the antivirus vendor making any money out of you?
The quote you were responding to listed three ways.
In addition, and as mentioned, it attempts to make people paranoid enough to buy the full version by reporting cookies, pings, and most FOSS software, as dangerous threats.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by cynwulf
You don't pay for facebook, the vast majority of google services and MS recently started giving away windows 10 as a "free" upgrade... who or what do you think pays for all of this? (Hint: Read the links I posted)
And microsoft still expects you to PAY $$$ for the previous version, you are upgrading FROM. As for facebook and google, they make most of their $$$ though ADVERTISING (and also run on Linux, from what I've read). And for those of us who do not have a facebook account, I for one, am not even seeing ANYTHING (including ad's) on it. So in terms of your first point, it's a bit like saying "I PAYED $$$ for xy or z and got a FREE xy or z" in return. Well this is called capitalism, my friend!
You should also understand that it costs $$$ to develop ANY kind/type of software (FOSS or proprietary), so someone's PAYING for that as well, no?
And microsoft still expects you to PAY $$$ for the previous version, you are upgrading FROM. As for facebook and google, they make most of their $$$ though ADVERTISING (and also run on Linux, from what I've read). And for those of us who do not have a facebook account, I for one, am not even seeing ANYTHING (including ad's) on it. So in terms of your first point, it's a bit like saying "I PAYED $$$ for xy or z and got a FREE xy or z" in return. Well this is called capitalism, my friend!
You should also understand that it costs $$$ to develop ANY kind/type of software (FOSS or proprietary), so someone's PAYING for that as well, no?
I'm not sure who you're arguing with here. You were the one who asked:
Quote:
If you are not paying anything for the software in the the first place, how is the antivirus vendor making any money out of you?
And we answered. Our answers did not belie our understanding of capitalism. Nor did anyone make the claim that development doesn't cost money.
Personally, I find the dissemination of my browsing habits distasteful. One example why: It's not particularly far fetched to imagine a certain autocracy compiling a database of all this information once the ad agencies are done with it, and running some clever software over it to create profiles. If I critique a leader in that country, even under a false name, and then travel there on a business trip twenty years later, I could find myself getting arrested.
This may seem paranoid to you - fair enough. But to me, there is a cost associated with using spyware. It's also possible that they'll accidentally gather some data like your bank account number and ship it off over unencrypted channels. They could be doing anything with it, even knowingly selling your info to criminals who try to use it to steal your identity.
The cost associated with developing FOSS isn't passed on to me. It is either volunteered or amortized across the group(s) paying for it. So that point really has nothing to do with the current conversation.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by crazy-yiuf
I'm not sure who you're arguing with here. You were the one who asked:
And we answered. Our answers did not belie our understanding of capitalism. Nor did anyone make the claim that development doesn't cost money.
Personally, I find the dissemination of my browsing habits distasteful. One example why: It's not particularly far fetched to imagine a certain autocracy compiling a database of all this information once the ad agencies are done with it, and running some clever software over it to create profiles. If I critique a leader in that country, even under a false name, and then travel there on a business trip twenty years later, I could find myself getting arrested.
This may seem paranoid to you - fair enough. But to me, there is a cost associated with using spyware. It's also possible that they'll accidentally gather some data like your bank account number and ship it off over unencrypted channels. They could be doing anything with it, even knowingly selling your info to criminals who try to use it to steal your identity.
The cost associated with developing FOSS isn't passed on to me. It is either volunteered or amortized across the group(s) paying for it. So that point really has nothing to do with the current conversation.
Exactly what I quoted in the first place (see quote above yours, in my last reply). As cynwulf was talking about the Windows 10 upgrade (which is an UPGRADE, NOT a free OS), facebook and google, but the last point I made still remains the same. If you download the 'free' edition of AVG Antivirus (or the 'free' version of any other antivirus software), you are NOT paying for the use of it. But cynwulf wanted to get off topic, so once again how are you paying for the use of the 'free' edition of AVG Antivirus (or once again the 'free' version of any other such software)?
Edit: Hint, you are NOT! Unless you PAY for the FULL/paid for version of it!
From the looks of it, a user wouldn't have had to do anything other than install the software to be vulnerable. Vulnerabilities of this severity are extremely rare on Linux, most of the ones you hear about require at least two mistakes on the user's part (e.g., installing an iffy package then visiting an iffy website).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.