|
ClamAV effectiveness / Desktop antivir
Hi, this is going to be about ClamAV in order to protect desktops.
Recently I bumped into opinions that ClamAV is not effective any more as it was in the past. This guy, thinks its because Cisco took over ClamAV group. av-test.org seems to confirm poor effectiveness too: https://www.av-test.org/en/news/news...t-to-the-test/ and system-rescue-cd.org dropped ClamAV from the software list due to poor effectiveness. I want to ask you all: what do u think about ClamAV nowadays and what antivir do u use on yours Linux boxes? |
I don't use it or recommend it for "users"
IT DOESN'T CLEAN infections. They get careless if they think there's an "undo" button for Stupid. Scan / with PUA, it's like a noobie disease. W.O.M.B.A.T. |
No antivirus can catch all viruses. Major antivirus software providers agree about 1/3 of badwares is not detected. The whole idea of antivirus as a reliable protection is nonsense. If your OS has thousands of exploitable security holes you should not connect it to the internet.
|
@Emerson - probably guys from av-test.org would disagree with your measurement about 1/3 "badwares" not detected.
But anyway, question is rather what do u use, not what u dont use ;) |
ClamAV effectiveness / Desktop antivir
On a Linux desktop? Nothing. There is no need... Been running Linux desktops without any AV software since 1999. :-)
|
In fact, "anti-virus software" is often a vector because it is very pervasive. (It needs to be able to read and maybe write everything.) All you need to do, then, is to insert your malware into it!) :eek:
Anti-virus software is quite useless, even for Windows machines, because computers are not biological organisms. They are machines which execute software programs, according to rules set by the operating system. If you exercise reasonable care, e.g. by not using a login with administrative or "sudo" privileges, then rogue software cannot do anything. You could get Ebola by walking into the wrong elevator unless your body's immune system pro-actively and successfully fought it off. The same is not true of computers. |
Ya, but did u guys hear about this?
http://thehackernews.com/2016/09/cro...m-malware.html |
You'ld be better served spending your time looking for a clickbait filter for your browser :)
|
Quote:
backdoor. Not a virus. ClamAV probably wouldn't find it. |
I run ClamAV on all of my Linux servers, but I only run it on a couple of my Linux desktops. The major use is to filter traffic passing THROUGH (email, as one example: sftp server another) to provide some protection for the desktops BEHIND the server. ClamAV on Linux is more protection for any attached Windows machines than for the Linux desktops. SELINUX, FireWire (and it's children), even change detection using GIT provide all of the security Linux normally needs without explicit AV.
While I have used MalwareBytes to 'clean' an infected system, I normally do not expect AV to 'UNDO" an infection. I expect to purge and destroy to get the system clean, then restore clean files from the last clean backup. I prefer a total reinstall to daily fighting recurring infections because your AV package missed something. ClamAV is not as good as it once was, but it is still far better than nothing. Just understand what you are getting, and use the tool for what it does best. Do not expect your software to make Julienne fries unless you play in Robotics (and cooking). |
clamav or not, this is actually interesting:
https://securelist.com/blog/research...rs-discovered/ i particularly enjoyed: Quote:
:D but joking aside, no false sense of security! 10 years ago this would have caused the linux community's eyes to BULGE. ...they're homing in... edit: also interesting to notice that this completely relies on linux non-native apps and toolkits: dropbox, firefox, Qt. |
Quote:
1. How does the executable file get onto your machine? 2. Who sponsored that article? I'll repeat myself... I've been running Linux on the Desktop without any AV software since 1999 and have never once had an issue. |
Quote:
I no longer download programs from my web browser since apt-get handles effectively everything. I routinely got viruses during normal(?) usage of windows. I've yet to get one in linux. I can't beat rkelsen (4 years myself) but linux hasn't avoided viruses simply because it's a small desktop market, it's because things are done fundamentally more secure then other OS's. ___ Feel free to start downloading random programs from the internet from shady sites while running linux (make sure to make the program executable!) - windows style, I'm sure you'll find a use for ClamAV soon enough. |
Quote:
|
I have KlamAV which is part of ClamAV I click on scan and click boxes I want to scan. I have found some malware in downloads. I usually just delete these otherwise quarntine them. I have around 14 problems.
I usually scan downloads,mozilla,opera and home folder. |
| All times are GMT -5. The time now is 07:22 AM. |