LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-15-2017, 02:29 AM   #1
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Rep: Reputation: Disabled
What anti-virus/malware programs for Linux?


I am using Linux Mint 17.3 Rosa Cinnamon.

What anti-virus / anti-malware programs should I use please?

Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.

I used to use Sophos, but as that did not have a GUI I had no idea what if anything it was doing. I then switched to ClamTk, but that only works when you tell it to rather than in the background, and it does not check emails either.

As a side note, I gave up using WinXP only because it was no longer supported by anti-virus/malware programs (*), but Linux currently seems to have even less of these than WinXP would have if I was using it now.

Thanks.

(*) Just before giving up using WinXP, I was using Avast!, Malwarebytes, and Superantispyware. Avast ran in the background but stopped supporting XP and I could not find any replacement for it which still supported XP, except Clam which had a bad reputation. Malwarebytes and Superantispyware would only do a scan when you told them to, and I do not know if they still support WinXP. As I indicated above, I switched from XP to Linux in the expectation of having greater security, but paradoxically it now appears that I have less.
 
Old 02-15-2017, 02:42 AM   #2
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,836

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
Originally Posted by grumpyskeptic View Post
I am using Linux Mint 17.3 Rosa Cinnamon.

What anti-virus / anti-malware programs should I use please?

Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.

I used to use Sophos, but as that did not have a GUI I had no idea what if anything it was doing. I then switched to ClamTk, but that only works when you tell it to rather than in the background, and it does not check emails either.

As a side note, I gave up using WinXP only because it was no longer supported by anti-virus/malware programs (*), but Linux currently seems to have even less of these than WinXP would have if I was using it now.

Thanks.

(*) Just before giving up using WinXP, I was using Avast!, Malwarebytes, and Superantispyware. Avast ran in the background but stopped supporting XP and I could not find any replacement for it which still supported XP, except Clam which had a bad reputation. Malwarebytes and Superantispyware would only do a scan when you told them to, and I do not know if they still support WinXP. As I indicated above, I switched from XP to Linux in the expectation of having greater security, but paradoxically it now appears that I have less.
Without going into the debate of wheather you need this kind of software, a lot of the major AV vendors do not write GUI's for their software in terms of Linux.

I use Sophos myself, which I have found to be one of the best available (for both Linux and Windows). If you want real-time/on-access protection, Sophos is probably your best bet in terms of Linux (and you can get it to check emails as well, if you would like it to). There is a GUI for AVG but, it is not written by AVG's vendor and therefore may not be available for your distro.

I would recommend you go with Sophos, if you want on-access protection and email checking.
 
1 members found this post helpful.
Old 02-15-2017, 06:33 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
Purchase every single "anti-malware" program that you can find for Linux. The more money you spend, the more secure you will be. (If you spend $1,000 on this software, you will be twice as secure as if you'd only spent $500.)

Spend as much money as you possibly can, until you f-e-e-l "protected."

But, y'know, maybe you should switch to Windows 10, which does still have these "protective" programs. Buy every single one of them at their "most secure" (most expensive) editions, and install all of them at once. So that you will f-e-e-l protected.

Be sure to run as an "Administrator," and do not use passwords. Passwords are evil. Passwords exist only to be guessed by bad programs who will sneak into your computer at night and do bad things. So, if you don't have a password at all, they can't guess what it is, and that will make you even safer.

. . .
 
2 members found this post helpful.
Old 02-15-2017, 07:04 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
http://linux.oneandoneis2.org/LNW.htm
 
Old 02-15-2017, 07:23 AM   #5
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915
Sophos can be used for on-access scanning as well as on-demand scanning.

As can clamav.
 
Old 02-15-2017, 08:58 PM   #6
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 17,230
Blog Entries: 27

Rep: Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332Reputation: 5332
I've used AVG in that past and found it quite well-behaved and innocuous. It has nothing really to do with my thinking Linux is vulnerable, but more with a promise I made to myself years ago never to connect anything to the internet without an AV installed.)

You have more to fear from social-engineering attacks--dodgy websites, phishing attacks, and the like that try to get you to click on something you shouldn't--than from viruses. The biggest security threat of all, regardless of OS, is a careless user.
 
2 members found this post helpful.
Old 02-15-2017, 09:53 PM   #7
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 630

Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Quote:
Originally Posted by grumpyskeptic View Post
I am using Linux Mint 17.3 Rosa Cinnamon.

What anti-virus / anti-malware programs should I use please?

Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.

(*) ... I switched from XP to Linux in the expectation of having greater security, but paradoxically it now appears that I have less.
When you define "secure" as installing misc anti-virus / anti-malware, it will appear that way.
I would argue that your insecurity without anti-virus is now making you more secure. You're more worried about your browsing, what you download, maybe?

Take some time. Learn what anti-virus actually does and look behind the magic curtain.
The gist is, anti-virus stops bad executable code that has been detected before (using a signature).
So... don't run untrusted executable code. This is much easier on linux then windows (where everything is a .exe and doing things like photo.jpg.exe is trivial)

They're not required. They're not needed.
Most importantly, if someone comes up with a argument for why they are required that makes sense, I'll change my mind
Good luck!
 
Old 02-15-2017, 09:58 PM   #8
jefro
Moderator
 
Registered: Mar 2008
Posts: 20,676

Rep: Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333
Security is based on learning and using as many best practices as you can to avoid problems. It is not just a simple program or edit to be secure. Part of the problem is that you are starting with what I might consider a less that secure distro. It is a mainstream distro with good security but not set out to be secure by default.
 
2 members found this post helpful.
Old 02-16-2017, 03:38 AM   #9
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,836

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
Originally Posted by Sefyir View Post
Take some time. Learn what anti-virus actually does and look behind the magic curtain.
The gist is, anti-virus stops bad executable code that has been detected before (using a signature).
So... don't run untrusted executable code. This is much easier on linux then windows (where everything is a .exe and doing things like photo.jpg.exe is trivial)

They're not required. They're not needed.
Most importantly, if someone comes up with a argument for why they are required that makes sense, I'll change my mind
Good luck!
I have to agree with the first half of what Sefyir is saying, spot on!

But as the the last half have a look at the following, as it's relevant to Sefyir's argument;

http://www.linuxquestions.org/questi...ps-4175594230/

Quote:
Originally Posted by jefro View Post
Security is based on learning and using as many best practices as you can to avoid problems. It is not just a simple program or edit to be secure. Part of the problem is that you are starting with what I might consider a less that secure distro. It is a mainstream distro with good security but not set out to be secure by default.
Could not agree more! Some very good advice there grumpyskeptic!
 
Old 02-16-2017, 03:48 AM   #10
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915
Quote:
Originally Posted by jefro View Post
Security is based on learning and using as many best practices as you can to avoid problems. It is not just a simple program or edit to be secure. Part of the problem is that you are starting with what I might consider a less that secure distro. It is a mainstream distro with good security but not set out to be secure by default.
What would you do to make the distro more secure?
 
Old 02-16-2017, 04:27 AM   #11
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 2,816

Rep: Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995
Quote:
Originally Posted by grumpyskeptic View Post
I switched from XP to Linux in the expectation of having greater security, but paradoxically it now appears that I have less.
Security is a state of mind.
 
Old 02-16-2017, 05:10 AM   #12
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Any OS is only as safe as the nut behind the keyboard.
 
Old 02-16-2017, 09:33 AM   #13
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
Quote:
Originally Posted by hydrurga View Post
What would you do to make the distro more secure?
The first thing that I do, with any distro, is to always start with a minimal install. I don't use any of the "canned" options such as, say, LAMP Server, however well thought-out and well-intentioned they might be. I do this because I want to know precisely what is and isn't going to be on this server.

Next, I always use OpenVPN, using 4096-bit unique keys and listening to a non-standard UDP port with tls-auth enabled, as the only outward-facing thing except possibly HTTP/HTTPS. Any services such as ssh are set to listen only to OpenVPN-supplied address ranges, and firewalls block them from ever obtaining access from, or to, the outside.

There are many other things which can be done intelligent use of user-ids and permissions, not allowing access to sudo, and so on. And, there's a cornucopia of information already on the Internet that discusses this.

The bottom line is that security is a process, not a product. There is an opponent out there somewhere, and that opponent is probably human.
 
1 members found this post helpful.
Old 02-16-2017, 10:04 AM   #14
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915Reputation: 2915
Quote:
Originally Posted by sundialsvcs View Post
The first thing that I do, with any distro, is to always start with a minimal install. I don't use any of the "canned" options such as, say, LAMP Server, however well thought-out and well-intentioned they might be. I do this because I want to know precisely what is and isn't going to be on this server.

Next, I always use OpenVPN, using 4096-bit unique keys and listening to a non-standard UDP port with tls-auth enabled, as the only outward-facing thing except possibly HTTP/HTTPS. Any services such as ssh are set to listen only to OpenVPN-supplied address ranges, and firewalls block them from ever obtaining access from, or to, the outside.

There are many other things which can be done – intelligent use of user-ids and permissions, not allowing access to sudo, and so on. And, there's a cornucopia of information already on the Internet that discusses this.

The bottom line is that security is a process, not a product. There is an opponent out there somewhere, and that opponent is probably human.
Many thanks. Probably too much of a cornucopia. ;-)

Do you fancy the idea of doing a LQ blog entry outlining the main measures that you would take and the commands/packages that you would need? It doesn't need to be comprehensive, just as inspirational as the taster you've just provided but in more detail.
 
Old 02-16-2017, 11:23 AM   #15
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,681

Rep: Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655
On my server AND laptop I run ClamAV and activate it in several ways:
1. a cron based daily scan of the entire system.
2. set by browser to scan every download and reject on failure.
3. A log report tool to filter the clam scan logs and report anything terribly odd.

I also run RootKitHunter daily on my server, and run a log report tool against that log for changes.

I do not worry about rootkits on my laptop, as I reload it regularly. This week I am running Q4OS, last it was SPARKY, before that as we go back in time it ran VSIDO, Mint-DE, Elementary, Debian, and LUBUNTU. I am thinking something arch based sometime next month. (Obviously, if I detect a successful compromise I reload it earlier.)

I also run a firewall with a DMZ honeypot that allows hacking attempts to appear to succeed
(in a container, which regenerates clean at least daily) and tracks the source IP address and sets a network block on the criminal subnets with an 8 hour lifespan. I stopped checking what all I was blocking, but last I looked it was most of Asia, 80% of Russia, about 50% of South America, but only a couple of subnets in North America.

I used to get a kick out of tracking and blocking the criminals, but there are now so many that the fun has gone out of it.
Just pick a couple of different protections (virus and rootkit are my choice, yours may depend upon your risk profile) and disable or restrict all network connections that you can and still operate.
If you have local data with any value, also Rotate backups of your critical data and settings and update them on a schedule, checking them for validity and corruption, and keep backup copies in a different location, offline, where nothing that attacks your running machines can possibly access them.

Once you have that set up, sit back and relax. Check those logs on occasion to preserve your peace of mind, and get on with your life. Unless you are a security professional you really should not have to be OCD about the risk. Detect the risk, manage the threat, and get on with what you do. Life is too short to waste it on worms and script kiddies.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Do Linux users need anti-virus and malware apps? Celtic Yokel Linux - General 66 01-09-2017 08:55 PM
LXer: Linux Anti-Virus Programs Explained LXer Syndicated Linux News 0 02-23-2008 09:00 AM
Anti-virus and malware remover advertising Tomermory LQ Suggestions & Feedback 4 06-28-2007 11:04 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
anti-virus programs?? ahnwhdghk Linux - Newbie 1 08-21-2003 12:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration