Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I haven't heard of eset before this post. Their website doesn't give a lot of information on how the product performs and what it does or looks for in a Linux environment. Rather it has a small click-able picture in the lower right corner of the home products page. I would want to know more about these things before making any sort of decision. For example, does it focus on Linux oriented mal-ware or does it just scan your files for Windows signatures? In my humble opinion, the biggest advantage to running any sort of virus/spyware scanner on Linux is to prevent infection from spreading to a Windows host rather than for protection of the Linux system itself.
As far as would I use it, well, they want $40 / year for their product. Without a solid understanding of the features, advantages, and benefits compared to the competing free product offerings, why would I spend money on it?
@X.Cyclop
Yeah, I don't use any antivirus software and haven't seen any virus on my Linux machines in the last 7 years or so since I'm using it, but as I said Linux is more and more popular each day, that means on the desktop too and things might change about amount of malware, spyware or what not is targeting Linux, so for a newbie for example, ESET might be the solution.
@Noway2
Well ESET is really popular and high rated security software in the Winblows universe.
Here's the award page with other links that might interest you; http://www.eset.com/us/press-center/awards
And it's clear that they are offering protection for Linux but if you're on the network with Winblows and/or Mac machines they'll protect them too, so they say. And what that protection looks like in Linux, well I don't know, that's what I asked too.
Dunno how it performs on Linux but on Windows it is worth it's price tag - has great comments from many advanced people and i also used it some time ago on Windows as trial. There is still trial for Win in homepage so should be for Linux aswell. But why buy if there is ClamAV?
I've never used AV on any of the Linux machines I've admin'd. IMO, its not needed. I did work at a place that mandated that every security device should have AV installed...then they started wondering why their IDS devices were dropping packets. The sensors were already at the ragged edge of performance due to them sniffing large amounts of traffic. Adding AV clients to the systems pushed them over the edge. AV definitely doesn't belong on dedicated servers, IMO. And I don't think Linux desktops need AV either. I've been using Linux desktop and server configurations since 1997. I've yet to see a real need for AV on Linux hosts.
Posts like this show up every few months. Run it if you want, but I've yet to see any substantiated reason to use AV on a Linux environment (other than as a mail server solution to filter inbound/outbound mail...probably more for an environment with Windows endpoint machines).
One reason almost never mentioned is that for it to pour money into (research) and sustain business with it must be economically viable for a company. Given the main problems IMO with commercial signature-based detection are the 0) Linux platform architecture itself not providing much of a foothold for easy injection or propagation of threats compared to other platforms, 1) the types of threats facing the Linux platform not being as diverse and fast-evolving as they are for other platforms and 2) the economy depending on and sustaining those threats not as much being targeted on (ab)using Linux compared to the other OS you could conclude these are reasons why not many Linux users run AV (unless being forced to care for lesser OSes ;-p) and why not many AV vendors see Linux as a booming market. (I personally run several AV products but my motives in no way equal those of the average user.) And as far as experience with ESET products was concerned (see my old web log posts about AV detection) I have had no problems with their product (running on the other OS), it's performance or support.
since my first install of "Fedora 4" 6+ years ago ClamAV has NEVER found anything on Linux .( except for the test files in the clam build folder)
It DID find things on Windows XP 32 bit that Norton missed
Now RKhunter and chrootkit also have never found anything
There are a lot of companies that have AV for linux. McAfee, Symantec, etc.
I run AV for two reasons:
I run AV on my linux boxes; however not for them. If I pass a file to someone who is running windows, I don't want to rely on their AV (which may already be compromised) to detect if the file I'm sharing contains a virus of some sort.
Just another layer.
The second reason I actually am going to leave off.
I run anti-virus on my personal servers and use it to scan the email that they handle it, but not on my personal PCs. The purpose isn't because I am so much concerned about my machines themselves catching something, it is that I consider part of being responsible mail server operator that I not pass something on to Windows machines. At work, where I manage one Linux server that is connected to a cluster of Windows based machines, I run a full anti-virus scan on a weekly basis in a cron-job. Again, not because I am concerned about that machine being infected, but rather to help detect and prevent the spread of malware to the Windows based hosts.
I understand Eset NOD32 Antivirus performance better on Linux compare to others but fact of the matter is that antivirus on desktop Linux is not only superfluous but also *decreases* your security: AV software itself is currently being attacked more and more.
Because it has by definition high permissions on the system and because it's often inadequately protected against hacking.... This makes AV software an ideal target for hackers.
Antivirus applications have been designed to read and open as many file types as possible. Because everything can contain a virus. Unlike ordinary applications, which can only read and open certain specific file types.
For example: word processors can usually only open document related files and no mp3 music files. For media players the reverse is true.
Because antivirus can read and open everything, and actually does precisely that during a scan, its potential vulnerability (attack surface) is much bigger. And therefore also its attraction as the target for people with malicious intentions. That's not just theory....
Furthermore, it is actually not true that "everything can contain a virus." The term, virus, is a biological term that applies only to biology, not computers.
In biology, a virus is a scrap of RNA that can insert itself into the DNA of a cell and cause that cell to reproduce massive amounts of the viral DNA before the cell dies. Biological organisms must mount continuous, pro-active defenses to detect and to thwart this process, which they do by killing the cells.
In computer parlance, this is rogue software that is executed without your knowledge or consent. It necessarily runs with your privileges, and that's why "your privileges" should be the least necessary to do "your" job. You should never use an account that is capable of sudo su. (Just as, with Windows, you should never be an "Administrator.") And, you should always run backup software that protects the backup archives from modification.
The very concept of "computer anti-virus software" is fundamentally flawed, and the idea is a dangerous one. In the name of "protecting yourself" against a threat that you cannot even identify, you run pervasive software that, in the end, cannot really detect anything.
I"ve run ESET Nod32 4 Linux for 2 years on my personal Slackware64 14.2 multilib system. Rogue software does exist and does attack Linux computers, it just isn't reported as often because the base is so small. I recommend you use an AV. ESET Detection is as good as it gets on ShadowServer.org in 2015 was one of the top rated products by av-test.org. In those two years it never found a virus to block. Now I'm moving on to a different product, because of a recent very poor technical support response time. ESET memory requirements are light, probably the smallest needed. It has good manuals for setup. I've written some helps in other posts here on LQ. But if they can't keep the technical support up to speed, then it is time for me to try another product. Oh ESET costs are probably lower than most, other than the "free" products with low detection rates and ratings from legitimate testing houses, like VB100, av-test, and avcomparatives. YMMV. Cheers
It's unnecessary. I have been using GNU/Linux (Ubuntu, openSuse and now Gentoo) for ~5 years and NEVER installed an antivirus.
+1
I had once clamav but it is a ressource waste. Not worth.
i also do not have a firewall, although that would make more sense.
I do create custom entries in /etc/hosts for any source which annoys me with their ads.
I would pay more attention to browser security, having an up to date gnu / linux (which is definitely not debian) and user behaviour.
I would pay attention to not using a binary newbie distro, which most of the time fits any binary distro, with the default settings. suse is one example of how to not do it.
remove anything you do not need. which does not exist can not cause any harm. binary distros ship too much crap. and also does not need any disk / backup space / backup time / download time / compilation time
---
The most stupid thing I do is running unknown windows software (aka games) with wine.
+ windows steam / + FAke linux steam
--
with those +20 cpu bugs on my ivybitch cpu my biggest concern is to which platform i should switch. and i can not answer it as of now. (just for information recently there were just 8 new intel based cpu bugs numbered)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
