LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-16-2017, 01:59 PM   #16
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187

Quote:
Originally Posted by hydrurga View Post
Do you fancy the idea of doing a LQ blog entry outlining the main measures that you would take and the commands/packages that you would need? It doesn't need to be comprehensive, just as inspirational as the taster you've just provided but in more detail.
Having very-rarely read "blog" entries, in all these oh-so many years now, I probably would instead just put out a general thread-response entry. Of which I have already written a great many.

(1) There is no single "command or package you might need." You are dealing with an opponent – most likely a "crime of opportunity" opponent who actually has no idea who you are and doesn't care. (Your opponent might in fact just be a computer program.)

If your presumed opponent must find you, then deny him "things to find," such as open SSH ports. OpenVPN (with tls-auth) can confront him with "a smooth, featureless wall" which affords him no opportunity to enter, or even to discern that an entrance exists. And yet, authorized users can pass through virtually without impediment. Each of them may enter only because they possess a unique, one-of-a-kind, individually authorized badge (digital certificate) which can be individually revoked at any time.

"There you go: 'a badge reader.'" Just like you routinely encounter at any-and-every office building anywhere."

(2) If your presumed opponent is trying to "slip you a Mickey [Finn]," the key realization is that whatever "Mickey" he might be able to "slip you" must subsequently execute with your own authorization and privileges. Therefore, observe the Principle of Least Privilege.

All of the user-ids that I use every day ... save one ... "can't do diddly-squat." Neither with "anyone else's files but their own," nor with "the system itself." Neither can they sudo their way into ... anything-at-all.

Quote:
"When I want to be Superman®," I do know how to become Superman®. Oh yes, I do, although you can never discover how I do it.

Meanwhile: "I am not Clark Kent.®"


Therefore, even if you somehow contrive to "do something 'in my name' but without my knowledge," you will discover that you, too, are stuck firmly on the ground right along with me, because: "I can't fly."
(3) Finally ... "secure, continuous, protected, backups." Just like Apple implemented with their venerable Time Machine. Information is constantly being swept onto a protected directory on an external drive. You are never without a copy of it.

Last edited by sundialsvcs; 02-16-2017 at 02:20 PM.
 
Old 02-16-2017, 02:58 PM   #17
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Original Poster
Rep: Reputation: Disabled
So, putting aside the philosophy and in summary of all the above and the many linked threads, and their linked threads, what is the best free anti-v/m software(s) to run on my desktop computer please? (Linux Mint 17.3 Rosa Cinnamon).

Thanks.
 
Old 02-16-2017, 06:59 PM   #18
jefro
Moderator
 
Registered: Mar 2008
Posts: 20,676

Rep: Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333Reputation: 3333
If I wanted secure...
I wouldn't start with Mint and try to make it secure. It is a mainstream distro that has many features that a home user would want.

I'd start with a secure distro and as stated above, start at JEOS or minimal then add only the products that I needed to run. I'd enforce best practices like apparmor, SELinux, and tips on how to harden it.

Along with commercial/clone type of business distro documentation, hundreds of sites offer ways to learn and use more secure means.
http://www.serverhardening.com/
http://its.virginia.edu/unixsys/sec/
Are examples but many exist. Books on the subject.

Tips pointed out in thread include "backup". What a behind saver that is by the way. Don't keep it connected either. Backups have to remain out of reach of hackers.

Last edited by jefro; 02-16-2017 at 07:03 PM.
 
Old 02-16-2017, 07:39 PM   #19
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 2,816

Rep: Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995Reputation: 995
Quote:
Originally Posted by grumpyskeptic View Post
So, putting aside the philosophy and in summary of all the above and the many linked threads, and their linked threads, what is the best free anti-v/m software(s) to run on my desktop computer please? (Linux Mint 17.3 Rosa Cinnamon).
The first couple of responders gave you these recommendations:

- Sophos,
- ClamAV,
- RootKitHunter

Have you tried any of them?
 
Old 02-28-2017, 07:10 PM   #20
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by rkelsen View Post
The first couple of responders gave you these recommendations:

- Sophos,
- ClamAV,
- RootKitHunter

Have you tried any of them?
As I had written above, Sophos has no GUI and thus I had no idea if it was doing anything at all, so I replaced it with ClamTk. ClamTk only scans when you order it to rather than running in the background. I would be pleased to hear if you can in fact make Clamtk run in the background and also stop the opening of bad emails, both standard for Windows anti-v/m.

I have not tried RootKitHunter but I understand there are many more hazards than just rootkits.

Are Sophos and Clam the only real choices in Linux?

Thanks.
 
Old 02-28-2017, 09:55 PM   #21
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,681

Rep: Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655
Quote:
Originally Posted by grumpyskeptic View Post
As I had written above, Sophos has no GUI and thus I had no idea if it was doing anything at all, so I replaced it with ClamTk. ClamTk only scans when you order it to rather than running in the background. I would be pleased to hear if you can in fact make Clamtk run in the background and also stop the opening of bad emails, both standard for Windows anti-v/m.

I have not tried RootKitHunter but I understand there are many more hazards than just rootkits.

Are Sophos and Clam the only real choices in Linux?

Thanks.
There are MANY choices in the Linux world, but also some confusion. RootKitHunter is good, but it is not an antivirus application. I use ClamAV for Antivirus.

RootKitHunter specifically detects one NAST"Y kind of malware that virus protection may never detect. It can warn you if your system is compromised, or in the process of being compromised. It does this by reporting files or links that have changed from what they system reports that they SHOULD be in size or CHC sum. The initial report is almost meaningless on a clean system, but the difference form one report to the next can be VERY important.

While ClamAV is an on-demand scanner, it can be triggered to scan all incoming email and attachments in your email engine, configured to test downloads in your browser, and automated in other ways. The output may be rather large at times, but it gives you detail and a very clear message on any "hits" and can quarantine infected files.

I have not used SOPHOS for AV, so I cannot comment on that.

Generally nearly all REPOS have ClamAV packages and SOME kind of RootKit detection package. They rarely have many others, and there are commecial ($$$) options for those who need them. I think spending money for AV in the Linux world is largely wasted money unless you are in a high-risk situation, but that is a personal choice matter.
 
2 members found this post helpful.
Old 03-01-2017, 02:39 AM   #22
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,836

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
Originally Posted by grumpyskeptic View Post
As I had written above, Sophos has no GUI and thus I had no idea if it was doing anything at all, so I replaced it with ClamTk. ClamTk only scans when you order it to rather than running in the background. I would be pleased to hear if you can in fact make Clamtk run in the background and also stop the opening of bad emails, both standard for Windows anti-v/m.

I have not tried RootKitHunter but I understand there are many more hazards than just rootkits.

Are Sophos and Clam the only real choices in Linux?

Thanks.
If the app not having a GUI, is a deal-breaker for you, you may have to settle for something that may not check your emails, provide on-access protection, etc. As said above, there ARE a lot of choices out there but, ALL of these choices have their own pro's and con's.

As long as the antivirus app is providing on-access protection/scanning, particularly in Linux, you should not have much to fear.

You can also write shell scripts (and cron jobs) for Sophos, and therefore don't have to be forever using the command-line, all the time.

You are not going to find a lot of AV apps, that have a GUI, provide on-access scanning, email checking, etc in terms of Linux. This is why I personally settled for Sophos.
 
Old 03-01-2017, 03:40 AM   #23
camp0
Member
 
Registered: Dec 2016
Location: Dublin
Distribution: Fedora
Posts: 70

Rep: Reputation: 3
If you are using chrome you can use this extension https://chrome.google.com/webstore/d...okmpjbcj?hl=es, clamav and sophos are fine if you have windows exe files on a samba or something like that.

Regards
 
Old 03-01-2017, 03:56 AM   #24
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,836

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
Originally Posted by camp0 View Post
If you are using chrome you can use this extension https://chrome.google.com/webstore/d...okmpjbcj?hl=es, clamav and sophos are fine if you have windows exe files on a samba or something like that.

Regards
This solution is just an add-on for Chrome and will not provide any on-access scanning (or email checking). Sophos also can detect Linux viruses as well as Windows viruses.
 
Old 03-01-2017, 07:13 AM   #25
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Getting away from Windows is one thing, but lose the mindset that comes with it too?
http://linux.oneandoneis2.org/LNW.htm

Scan the nut behind the keyboard.
Buy a router.
Add NoScript and an Add Blocker.
Don't run services you don't need.
Don't surf where your shouldn't.
Use your eyes for something beside adjusting the height of your monitors.
https://sites.google.com/site/easylinuxtipsproject/
 
Old 03-01-2017, 11:55 PM   #26
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,836

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
Originally Posted by Habitual View Post
Getting away from Windows is one thing, but lose the mindset that comes with it too?
http://linux.oneandoneis2.org/LNW.htm

Scan the nut behind the keyboard.
Buy a router.
Add NoScript and an Add Blocker.
Don't run services you don't need.
Don't surf where your shouldn't.
Use your eyes for something beside adjusting the height of your monitors.
https://sites.google.com/site/easylinuxtipsproject/
Habitual,

The OP has clearly stated "Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.", in their question. If you do not believe AV software is necessary for Linux, that's fine, BUT it is STILL the OP's choice (which they have already MADE) and PC. I'm not trying to be rude, to you, as I can see you have some good knowledge of Linux, but it is once again up to the OP, as to what they would like to use.
 
1 members found this post helpful.
Old 03-02-2017, 11:56 AM   #27
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by jsbjsb001 View Post
Habitual,

The OP has clearly stated "Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.", in their question. If you do not believe AV software is necessary for Linux, that's fine, BUT it is STILL the OP's choice (which they have already MADE) and PC. I'm not trying to be rude, to you, as I can see you have some good knowledge of Linux, but it is once again up to the OP, as to what they would like to use.
No worries. None of those actions were meant as an argument for or against A/V.

I can't help what the user does or doesn't believe.
And the point of the thread is meant to ....?
Clearly, (to me) it's to find on-demand A/V scan "just like Windows" (list of AV).

Peace.
I stepped in this one. My fault.

Last edited by Habitual; 03-02-2017 at 12:20 PM.
 
Old 03-08-2017, 04:39 AM   #28
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Original Poster
Rep: Reputation: Disabled
I have just found F-Prot, which has a free version for home users

http://www.f-prot.com/download/home_...d_fplinux.html

http://www.f-prot.com/products/home_use/linux/

http://www.f-prot.com/support/unix/unix_faq/23.html

Does anyone know if it has a GUI?

Am I right to think that a "workstation" is just another name for a desktop computer?

Thanks.

Last edited by grumpyskeptic; 03-09-2017 at 08:32 AM.
 
Old 03-10-2017, 04:42 AM   #29
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,836

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
Originally Posted by grumpyskeptic View Post
I have just found F-Prot, which has a free version for home users

http://www.f-prot.com/download/home_...d_fplinux.html

http://www.f-prot.com/products/home_use/linux/

http://www.f-prot.com/support/unix/unix_faq/23.html

Does anyone know if it has a GUI?

Am I right to think that a "workstation" is just another name for a desktop computer?

Thanks.
Yes, in answer to your first question, see: http://www.ubuntugeek.com/f-prot-ant...interface.html

Yes, again, for your second question.
 
Old 03-19-2017, 07:25 AM   #30
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Original Poster
Rep: Reputation: Disabled
Thanks. So in summary the free anti-v/ms for Linux with GUIs are:

ClamTk
FProt

The free one without a GUI:

Sophos

Do not know if RootKitHunter has a GUI or not. There might be other little-known ones, but the three above seem to be the current choice from better-known providers.

1) Am I correct to think that I could install both ClamTk and Fprot, since I assume they both only do on demand scans rather than running in the background, and could command then to do scans from time to time (not at the same time) as I used to with Window's SuperAntiSpyware and MalwareBytes?

2) Is there any way of scheduling them to do a scan periodically, or reminding me to run them?

Regarding ClamTk, I had set the scheduler to do a scan every day, but since the history shows that the last scan was done several days ago it appears that either it does not work or it does not catch up with overdue scans that are scheduled to occur at a time when the computer is turned off.

Thanks.

Last edited by grumpyskeptic; 03-19-2017 at 08:38 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Do Linux users need anti-virus and malware apps? Celtic Yokel Linux - General 66 01-09-2017 08:55 PM
LXer: Linux Anti-Virus Programs Explained LXer Syndicated Linux News 0 02-23-2008 09:00 AM
Anti-virus and malware remover advertising Tomermory LQ Suggestions & Feedback 4 06-28-2007 11:04 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
anti-virus programs?? ahnwhdghk Linux - Newbie 1 08-21-2003 12:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration