[SOLVED] What anti-virus/malware programs for Linux?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What anti-virus / anti-malware programs should I use please?
Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.
I used to use Sophos, but as that did not have a GUI I had no idea what if anything it was doing. I then switched to ClamTk, but that only works when you tell it to rather than in the background, and it does not check emails either.
As a side note, I gave up using WinXP only because it was no longer supported by anti-virus/malware programs (*), but Linux currently seems to have even less of these than WinXP would have if I was using it now.
Thanks.
(*) Just before giving up using WinXP, I was using Avast!, Malwarebytes, and Superantispyware. Avast ran in the background but stopped supporting XP and I could not find any replacement for it which still supported XP, except Clam which had a bad reputation. Malwarebytes and Superantispyware would only do a scan when you told them to, and I do not know if they still support WinXP. As I indicated above, I switched from XP to Linux in the expectation of having greater security, but paradoxically it now appears that I have less.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by grumpyskeptic
I am using Linux Mint 17.3 Rosa Cinnamon.
What anti-virus / anti-malware programs should I use please?
Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.
I used to use Sophos, but as that did not have a GUI I had no idea what if anything it was doing. I then switched to ClamTk, but that only works when you tell it to rather than in the background, and it does not check emails either.
As a side note, I gave up using WinXP only because it was no longer supported by anti-virus/malware programs (*), but Linux currently seems to have even less of these than WinXP would have if I was using it now.
Thanks.
(*) Just before giving up using WinXP, I was using Avast!, Malwarebytes, and Superantispyware. Avast ran in the background but stopped supporting XP and I could not find any replacement for it which still supported XP, except Clam which had a bad reputation. Malwarebytes and Superantispyware would only do a scan when you told them to, and I do not know if they still support WinXP. As I indicated above, I switched from XP to Linux in the expectation of having greater security, but paradoxically it now appears that I have less.
Without going into the debate of wheather you need this kind of software, a lot of the major AV vendors do not write GUI's for their software in terms of Linux.
I use Sophos myself, which I have found to be one of the best available (for both Linux and Windows). If you want real-time/on-access protection, Sophos is probably your best bet in terms of Linux (and you can get it to check emails as well, if you would like it to). There is a GUI for AVG but, it is not written by AVG's vendor and therefore may not be available for your distro.
I would recommend you go with Sophos, if you want on-access protection and email checking.
Purchase every single "anti-malware" program that you can find for Linux. The more money you spend, the more secure you will be. (If you spend $1,000 on this software, you will be twice as secure as if you'd only spent $500.)
Spend as much money as you possibly can, until you f-e-e-l "protected."
But, y'know, maybe you should switch to Windows 10, which does still have these "protective" programs. Buy every single one of them at their "most secure" (most expensive) editions, and install all of them at once. So that you will f-e-e-l protected.
Be sure to run as an "Administrator," and donot use passwords. Passwords are evil. Passwords exist only to be guessed by bad programs who will sneak into your computer at night and do bad things. So, if you don't have a password at all, they can't guess what it is, and that will make you even safer.
I've used AVG in that past and found it quite well-behaved and innocuous. It has nothing really to do with my thinking Linux is vulnerable, but more with a promise I made to myself years ago never to connect anything to the internet without an AV installed.)
You have more to fear from social-engineering attacks--dodgy websites, phishing attacks, and the like that try to get you to click on something you shouldn't--than from viruses. The biggest security threat of all, regardless of OS, is a careless user.
What anti-virus / anti-malware programs should I use please?
Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.
(*) ... I switched from XP to Linux in the expectation of having greater security, but paradoxically it now appears that I have less.
When you define "secure" as installing misc anti-virus / anti-malware, it will appear that way.
I would argue that your insecurity without anti-virus is now making you more secure. You're more worried about your browsing, what you download, maybe?
Take some time. Learn what anti-virus actually does and look behind the magic curtain.
The gist is, anti-virus stops bad executable code that has been detected before (using a signature).
So... don't run untrusted executable code. This is much easier on linux then windows (where everything is a .exe and doing things like photo.jpg.exe is trivial)
They're not required. They're not needed.
Most importantly, if someone comes up with a argument for why they are required that makes sense, I'll change my mind
Good luck!
Security is based on learning and using as many best practices as you can to avoid problems. It is not just a simple program or edit to be secure. Part of the problem is that you are starting with what I might consider a less that secure distro. It is a mainstream distro with good security but not set out to be secure by default.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by Sefyir
Take some time. Learn what anti-virus actually does and look behind the magic curtain.
The gist is, anti-virus stops bad executable code that has been detected before (using a signature).
So... don't run untrusted executable code. This is much easier on linux then windows (where everything is a .exe and doing things like photo.jpg.exe is trivial)
They're not required. They're not needed.
Most importantly, if someone comes up with a argument for why they are required that makes sense, I'll change my mind
Good luck!
I have to agree with the first half of what Sefyir is saying, spot on!
But as the the last half have a look at the following, as it's relevant to Sefyir's argument;
Security is based on learning and using as many best practices as you can to avoid problems. It is not just a simple program or edit to be secure. Part of the problem is that you are starting with what I might consider a less that secure distro. It is a mainstream distro with good security but not set out to be secure by default.
Could not agree more! Some very good advice there grumpyskeptic!
Security is based on learning and using as many best practices as you can to avoid problems. It is not just a simple program or edit to be secure. Part of the problem is that you are starting with what I might consider a less that secure distro. It is a mainstream distro with good security but not set out to be secure by default.
The first thing that I do, with any distro, is to always start with a minimal install. I don't use any of the "canned" options such as, say, LAMP Server, however well thought-out and well-intentioned they might be. I do this because I want to know precisely what is and isn't going to be on this server.
Next, I always use OpenVPN, using 4096-bit unique keys and listening to a non-standard UDP port with tls-auth enabled, as the only outward-facing thing except possibly HTTP/HTTPS. Any services such as ssh are set to listen only to OpenVPN-supplied address ranges, and firewalls block them from ever obtaining access from, or to, the outside.
There are many other things which can be done – intelligent use of user-ids and permissions, not allowing access to sudo, and so on. And, there's a cornucopia of information already on the Internet that discusses this.
The bottom line is that security is a process, not a product. There is an opponent out there somewhere, and that opponent is probably human.
The first thing that I do, with any distro, is to always start with a minimal install. I don't use any of the "canned" options such as, say, LAMP Server, however well thought-out and well-intentioned they might be. I do this because I want to know precisely what is and isn't going to be on this server.
Next, I always use OpenVPN, using 4096-bit unique keys and listening to a non-standard UDP port with tls-auth enabled, as the only outward-facing thing except possibly HTTP/HTTPS. Any services such as ssh are set to listen only to OpenVPN-supplied address ranges, and firewalls block them from ever obtaining access from, or to, the outside.
There are many other things which can be done – intelligent use of user-ids and permissions, not allowing access to sudo, and so on. And, there's a cornucopia of information already on the Internet that discusses this.
The bottom line is that security is a process, not a product. There is an opponent out there somewhere, and that opponent is probably human.
Many thanks. Probably too much of a cornucopia. ;-)
Do you fancy the idea of doing a LQ blog entry outlining the main measures that you would take and the commands/packages that you would need? It doesn't need to be comprehensive, just as inspirational as the taster you've just provided but in more detail.
On my server AND laptop I run ClamAV and activate it in several ways:
1. a cron based daily scan of the entire system.
2. set by browser to scan every download and reject on failure.
3. A log report tool to filter the clam scan logs and report anything terribly odd.
I also run RootKitHunter daily on my server, and run a log report tool against that log for changes.
I do not worry about rootkits on my laptop, as I reload it regularly. This week I am running Q4OS, last it was SPARKY, before that as we go back in time it ran VSIDO, Mint-DE, Elementary, Debian, and LUBUNTU. I am thinking something arch based sometime next month. (Obviously, if I detect a successful compromise I reload it earlier.)
I also run a firewall with a DMZ honeypot that allows hacking attempts to appear to succeed
(in a container, which regenerates clean at least daily) and tracks the source IP address and sets a network block on the criminal subnets with an 8 hour lifespan. I stopped checking what all I was blocking, but last I looked it was most of Asia, 80% of Russia, about 50% of South America, but only a couple of subnets in North America.
I used to get a kick out of tracking and blocking the criminals, but there are now so many that the fun has gone out of it.
Just pick a couple of different protections (virus and rootkit are my choice, yours may depend upon your risk profile) and disable or restrict all network connections that you can and still operate.
If you have local data with any value, also Rotate backups of your critical data and settings and update them on a schedule, checking them for validity and corruption, and keep backup copies in a different location, offline, where nothing that attacks your running machines can possibly access them.
Once you have that set up, sit back and relax. Check those logs on occasion to preserve your peace of mind, and get on with your life. Unless you are a security professional you really should not have to be OCD about the risk. Detect the risk, manage the threat, and get on with what you do. Life is too short to waste it on worms and script kiddies.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.