MODERATOR EDIT: The welcome message for this megathread is HERE.



im extremely new to linux so bare with me here. i have a feeling that this is going to be a stupid question but im gonna ask anyway. do i need to install any type of anti-virus software? what about software to handle spyware, malware and the like? any suggestions would be appreciated. thanks.

I wouldn't worry

There are viruses for Linux but they are kept to lab confinements and are not released in the wild. Overall you should be fine to not run any antivirus/spyware/malware software. One thing you need to understand is that Linux and Windows are 2 entirely different systems so code that was specifically written for Windows will not execute on Linux. Granted there are ways you can make Windows app run on Linux (usually through something called an emulator...WINE is a popular one for Linux) and maybe in that sense you might need that software. But other than that, nope.

Oh, you also don't even need to defrag your hard drive either...Linux plays very nice with hard drives and puts things back where they're supposed to be.

1 members found this post helpful.

Anyone whose unsecured and unaudited box got 0wn3d running misconfigured, unmaintained, outdated or otherwise vulnerable software wanna chip in here?..

If the machine is ever be in contact with a Windows machine, I would run an anti-virus. Not for your safety, but for theirs since you could be a carrier. You could potentially share a file (via samba, ftp, apache, etc) or email a file that had a windows virus in it. You obviously wouldn't get it, but they would then be infected.

Note: I don't always follow this rule of thumb, but I'm pretty careful about what I send out to my friends and family...

Edit: Oh yeah, if you're on broadband, you should also try to have a hardware firewall/router (like a Linksys WRT54G, etc) between you and the broadband connection. It helps cut down attacks on your actual machine since the firewall is what is exposed to the net.

1 members found this post helpful.

Also check which services you have running that you don't use/need - e.g. sshd, httpd etc. And I second the firewall.

1 members found this post helpful.

Let me see if I can dispel some of the profitable-myths about "viruses."

The very word, virus, is a marvelous invention of a marketing department. It implies that these vermin, which I choose to call rogue programs, are somehow "biological." They are not.

There is nothing that we humans can do about the viruses that are on this planet, except to maintain strong immuould not have called for it.ne-systems. An entire industry has developed around the very-appealing notion that the same "prudent" reasoning ought to apply to computers. But this argument is false.

Here's what you need to bear in mind....

You cannot keep a "rogue program" from attempting to attack your system... There are simply too many ways for a program to find itself "executing on your machine." That's unrealistic, more or less, depending on what you do.

...But you can keep such a "rogue" from being able to do anything harmful! The things that a "rogue" wants to do are not things that "ordinary mortals" on a well-run computer would ever be able to do. Rogues need to find themselves running as all-powerful users on the machine. And, unfortunately, better than 95% of the Windows machines on the Internet are used by all-powerful Administrator users who have no passwords; no protection at all.

On Unix and OS/X systems, the default user is not "all-powerful", and the much-advertised "virus resistance" of those systems basically derives entirely from this. Yet it is a very powerful protective spell: if a program tries to do something, and it is told by the operating system, "the answer is 'no', and oh by the way, you are now dead..." well, that's that. Game over.

On all types of systems, Windows certainly included, you should do everything that you do from a "perfectly ordinary, absolutely un-privileged, Joe Blow account." It should have access to your files, and nothing more.

You've got a backup system ... use it! Well, Linux does not necessarily have one by default, but they're very easy to come by. A backup-system can copy your recently-modified files to a separate location that you cannot directly get to. (Hence, a "rogue" that would attack those files cannot do so either.)

Get rid of the anti-virus software. It can be extremely hard to do, but it can be done. AV software is unfortunately highly privileged, highly pervasive, and therefore usually the most frequent successful target, above all, to a successful virus-attack.

2 members found this post helpful.

keeping software updated/maintained/correctly configured is not the job of any anti-virus software. You should know that, heh

Agreed. Only if you have a Linux server serving Windows clients OR happen to be running Wine would I recommend some sort AV/spyware protection software. And as long as this person is behind a router they shouldn't need an additional software firewall. They could install one though for extra protection if they wanted...which honestly extra protection never hurts.

Thanks for the input, guys. And thanks to sundialsvcs. Everyone keeps telling me that viruses aren't a problem with Linux, but I could'nt figure out why until I read your post. I'm just getting familiar with the whole User/Superuser enviroment, but I can see now why it's such an issue with Windows. Let me fill you in on something though, just as an fyi. I'm in the medical field, so I can tell you that real world viruses act very much like computer viruses. They simply attach themselves to a host cell, wait for that cell to become active, and then replicate and spread! Pretty nasty, huh? Anyway, computer viruses do the same thing, at least as far as I understand. I thought thats why they named them viruses. To bad theres no superdrug that would give us humans the equivalent protection that Linux provides for computers. Now that would be a hell of a contrast.

What I'm saying is what I've been saying for the past years: don't narrow your scope to solely AV and "viruses": thinking about viruses is related to other platforms. GNU/Linux has it's own set of troublemakers we should educate users about those. The part you chose to quote is all about that. The chance a fresh GNU/Linux user gets bitten by any of those is unfortunately a realistic one.

Hi all,

Since Linux become more popular (for server and client), it is possible some hacker want to write virus to Linux/*nix OSes. So I would like to propose a topic what threat can be done to write a Linux viruses/worms.

1st of all, we review some current treats(Which already have counter measures).

1. Modify some common application source code (like ls or apache2), let people download the rpm/deb file. When user want to install it, the virus/back door can plant into their system.


2. Phishing, email some program to users, inside the email show step-by-step to install the particular virus into users computer.

Both attack can be avoid via some good IT practices, however it can compromise Linux/Unix system as well if particular administrator don't aware it.

What else others people opinion?

Regards,
Ks

You can always sneak a trojan in. For example in games like Nexuiz. I downloaded it because the version in the repos was already a couple of months old. I didn't test it. I think things will get considerably harder once app-armor becomes the standard for desktop linux pc's

I'm not sure what you are asking. There's no technical reason why someone wouldn't be able to write a GNU/Linux virus (or one for any other generic OS). We've actually seen some already in the past. It's not something surprising or anything like that IMHO. There have been some misguided GNU/Linux fanboys that believe (and spread the misconception) that GNU/Linux is virus-proof.

Personally, I use a virus scanner (ClamAV) on almost anything I download, and I do my best to only install/execute programs from trusted sources (preferably digitally signed). Pretty basic techniques, but very effective. If you get yourself in the habit of taking similar precautions, your chances of avoiding a virus infection will be high, both now and in the future. Of course, nothing is foolproof, and no malware scanner is a replacement for common sense.

On servers I'd worry much more about worms than viruses, as there really isn't any reason why one should be downloading and executing rubbish on a server like most people do on desktops. Really, you've got much bigger problems to worry about than viruses (rootkits, trojans, remote exploits, worms, DoS, etc.).

1 members found this post helpful.

App-armor is a SUSE thing... most systems are starting to implement SELinux policies to secure the system. SELinux will do a alot better job then App-armor. App-armor is a basic implementation of ALSR plus a few other security systems. To run a more secure linux distro look into hardened gentoo using SELinux or GrSecurity and feature like PIC PIE and SSP.