LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-20-2017, 12:56 PM   #31
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,681

Rep: Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655

Quote:
Originally Posted by grumpyskeptic View Post
Do not know if RootKitHunter has a GUI or not. There might be other little-known ones, but the three above seem to be the current choice from better-known providers.
Normally you would not WANT a GUI front end for RootKitHunter. It is not Antivirus, but it is AntiMalware of a different and specific kind. Normally you want it to run ONCE manually, and automated forever after. While it does email a report to the root user, a better solution is a gui log file analysis tool to show your the log updates and changes. Such a log tool might also be useful for other things.

Log file analysis tools can include Loggly, Greylog2, LogCheck, the ManageEngine Event Log Analyser, KLogView, lnav, log.io, or others. Some research may be indicated so you do not waste time on one that does not look good to you.
 
2 members found this post helpful.
Old 03-30-2017, 03:47 AM   #32
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,836

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
Originally Posted by grumpyskeptic View Post
Thanks. So in summary the free anti-v/ms for Linux with GUIs are:

ClamTk
FProt

The free one without a GUI:

Sophos

Do not know if RootKitHunter has a GUI or not. There might be other little-known ones, but the three above seem to be the current choice from better-known providers.

1) Am I correct to think that I could install both ClamTk and Fprot, since I assume they both only do on demand scans rather than running in the background, and could command then to do scans from time to time (not at the same time) as I used to with Window's SuperAntiSpyware and MalwareBytes?

2) Is there any way of scheduling them to do a scan periodically, or reminding me to run them?

Regarding ClamTk, I had set the scheduler to do a scan every day, but since the history shows that the last scan was done several days ago it appears that either it does not work or it does not catch up with overdue scans that are scheduled to occur at a time when the computer is turned off.

Thanks.
As wpeckham has said, rkhunter is a command-line app (or script to be more precise). One anti-virus app is a enough (with rkhunter as well, if you wish).

Can you please also indicate, which reply's you have found helpful, by at least clicking on "Yes" next to "Did you find this post helpful?", if you find a reply helpful, thank you.
 
Old 05-14-2017, 07:26 AM   #33
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Original Poster
Rep: Reputation: Disabled
There are more free Linux AVs available - surprised nobody mentioned them.

Someone in this forum gave a link to http://www.makeuseof.com/tag/free-li...irus-programs/

This describes seven programs: ClamAV, Sophos, Comodo, Chkrootkit, F-Prot, Rootkit Hunter, and BitDefender.

The link to Comodo:

https://www.comodo.com/home/internet...-for-linux.php

The Comodo program looks like being the most polished and modern of them all, and includes email scanning, although I am having a problem trying to get it to work fully in Linux Mint.

Edit: I have found a webpage from two years ago which rates the efficiency of various Linux AVs at finding bad stuff: https://www.av-test.org/en/news/news...t-to-the-test/ it suggests that all of the Linux AV listed above are poor at finding either Linux or Windows malware.

Going through the article for the results for each AV, I note the success rate for Linux malware followed by the success rate for Windows malware. Chkrootkit and Rootkit Hunter are not mentioned in the article. I assume that the AVs mentioned in the article but not in the list of seven above are discontinued. For several AVs only a range within which the results fell can be identified, rather than the actual result.

ClamAV 23-66%, 15%
Sophos 66-99%, 99%
Comodo 23-66%, 83%
F-Prot 23-66%, 22%
Bitdefender 66-99%, 99%

So as the article says, Sophos and Bitdefender are the better options, while ClamAV Comodo and F-Prot are poor. From comments I've read, and my own experience, Clam gives a lot of false positives.

Last edited by grumpyskeptic; 05-14-2017 at 08:48 AM. Reason: more info
 
Old 05-14-2017, 09:34 AM   #34
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
The problem with all of these tools is that they are ex post facto. Someone has to identify the existence of a rogue program, create a "signature" for it, and distribute it. Then, you must install it. Meanwhile, the rogue software has already been spreading itself for an unknown amount of time.

These are not "static, biological organisms" that we're talking about: they are the work of people. And people can be very clever. (Very evil, but also very clever.)

Therefore, the most important thing to do is to manage your own system in such a way that rogues simply don't get a chance. Probably the single most-important thing to run is an ad blocker, since "Internet ads" are in fact computer programs, and an advertising distribution system is easily the fastest way to distribute tens of thousands of copies of your malware all over the world in a matter of minutes.
 
1 members found this post helpful.
Old 05-14-2017, 10:49 AM   #35
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Original Poster
Rep: Reputation: Disabled
From a Wikipedia article, https://en.wikipedia.org/wiki/Compar...software#Linux only ClamAV, Comodo, and Sophos are now available for free, but I've just installed Bitdefender which is not mentioned in the Linux list.

I tried Comodo but could not get it to fully function, so I uninstalled it. Prior to that I used ClamAV, but it has a poor rating and the GUI was very basic. Prior to that I used Sophos, but did not like that as it did not have any GUI so I had no idea what it was doing. It may not be possible to have Sophos with a GUI as I have not been able to find any confirmation of that on the web.

But I have now downloaded Bitdefender, and although I have only used it for five minutes so far I am happy with it. It has a full GUI, and seems to offer all the things I was used to under Windows. A few minutes ago I followed the instructions for installing it on Linux Mint given here https://www.techbrown.com/install-bi...nux-mint.shtml (although as I write that link now says that the website is under construction).

The free Bitdefender for Linux was not shown on the website homepage, I had to search for it using Google.

So in summary of all the above, Bitdefender currently seems the best bet for a free Linux AV that has a GUI.

Last edited by grumpyskeptic; 05-14-2017 at 10:55 AM. Reason: gui
 
Old 05-14-2017, 11:26 AM   #36
grumpyskeptic
Member
 
Registered: Apr 2016
Posts: 336

Original Poster
Rep: Reputation: Disabled
I wrote too soon. Bitdefender will not scan because it says "engines not loaded". The solution to this requires lots and lots of console commands which I do not understand, so I will open a new thread about it in the linux Mint OS section.
 
Old 05-15-2017, 12:16 PM   #37
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,681

Rep: Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655
RootKitHunter and ChkRootKit are not mentioned in articles on AntiVirus software because they are not. These programs detect RootKits by behavior and effect on system, signatures, and other factors. Rootkits may be installed by a virus, but they are not themselves a Virus program.

Just an FYI. I run ClamAV and RootKitHunter, but I have been looking into moving from ClamAV to SOPHOS.
 
Old 05-15-2017, 02:40 PM   #38
justmy2cents
Member
 
Registered: May 2017
Location: U.S.
Distribution: Un*x
Posts: 237
Blog Entries: 2

Rep: Reputation: Disabled
◾Chkrootkit
◾ClamAV (I recommend as it's opensource, thus less likely of containing backdoors, and AV has admin privildges so that would be bad if it did)
◾Linux Malware Detect (LMD)
◾Rootkit Hunter

DONE!

https://linux-audit.com/dealing-with...r-of-rkhunter/ (inisight on the subject from the author of rkhunter)

http://www.infoworld.com/article/319...r-privacy.html (DuckDuckGo's blog on privacy tips for Linux users)

Just my two cents ...

Last edited by justmy2cents; 05-15-2017 at 02:46 PM.
 
Old 05-15-2017, 09:51 PM   #39
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
Unfortunately, "all(!) of these supossed-strategies are based on the biological metaphors of: "'infection,' that is subsequently (and, permanently(!) ... cured by 'immunization.'"

"Alas, if only it were really that simple(-minded)!!"

- - -

"A far more long-lasting strategy" ... unless you really enjoy "buying a 'flu shot'" each and every time the pharmacy's sign tells you to ... would be: "Wash Your Hands!"

Your actual opponent(!) is: "a human." Always, always, remember that.

Last edited by sundialsvcs; 05-15-2017 at 09:59 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Do Linux users need anti-virus and malware apps? Celtic Yokel Linux - General 66 01-09-2017 08:55 PM
LXer: Linux Anti-Virus Programs Explained LXer Syndicated Linux News 0 02-23-2008 09:00 AM
Anti-virus and malware remover advertising Tomermory LQ Suggestions & Feedback 4 06-28-2007 11:04 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
anti-virus programs?? ahnwhdghk Linux - Newbie 1 08-21-2003 12:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration