Most modern antivirus software is a virus in and of itself.
this post was submitted on 16 Jul 2023
60 points (100.0% liked)
Linux
1253 readers
69 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
We always say that McAfee uses all the system resources so the virus doesn’t have anything to work with.
At home I have MS defender turned on by default on my windows machine. I was copying the contents of one nvme to another the other day and noticed I was only getting 60MiB/sec. I looked at task manager, realized why, turned off proactive scanning of files, and watched it jump to over 2GiB/sec. Really nailed that point home.
I don't use antivirus on Windows, let alone Linux. Just be mindful of what you're downloading and you'll be fine.
Same here. Ever since I remember I don't have AV, just staying out of sketchy sites is enough. Most of malware is targeted at the least aware and cautious users.
load more comments
(1 replies)
Antivirus is a technical attempt at solving a stupid user problem. It does not actually prevent any problems and causes many of its own.
- run only what you need
- get what you need only from trusted sources
- keep what you need up to date
- configure what you need conservatively
- admin/root account only for admin stuff. Don't use root as your general login.
- Virus scanners only detect a fraction of the harmful programmes.
- Virus scanners can often be tricked.
- Virus scanners often have security vulnerabilities themselves, which are usually quite serious, since such programmes embed themselves quite deeply in the operating system.
- Virus scanners cause many users to become careless because they rely too much on such tools.
Therefore, from my point of view, the disadvantages outweigh the advantages. Therefore, I do not have such a tool permanently installed, neither under Linux nor under Windows. However, every 6 months I scan my Windows installation with a USB-bootable virus scanner. No actually harmful programme has been found for years.
In my opinion, the following things are much more important than any security software.
- Install updates as soon as possible. Under Windows, you can use tools like Chocolatey for this.
- Only install software from trustworthy sources.
- Only install software that you really need.
- Only use root or administrator rights if you have to. For everything else, the rights of the user account are sufficient.
- Create backups regularly.
- Think before you act.
Especially the last point is a problem for many users. I can't tell you how many times I've witnessed someone receiving an alleged invoice from mobile provider A by email and opening it, even though they had a contract with provider B.
I don't, but that's because of how I have things setup around the network. While most people here say it's because they don't need it, I am in a position that I need SOMETHING simply because others in the household could bring in malware and rather than trust them to make smart decisions, I proactively monitor all network activity for anything unusual. That being said, I have clamAv installed and run a weekly scan, but my real "antivirus solutions" are as follows: A syslog server that's connected to grafana/MySQL and alerts me based on very specific criteria. Along this, I've got my network firewall configured to block all "untrustworthy countries" in and out 100%, as well as use an IDS/IPS (also connected to syslog for alerts). Lastly, an internal DNS which grabs from like 20 sources that include some reliable lists with malware domains and such, and a custom list of my own that I add to as useful security news feeds hit my RSS feed with urls in their blog posts.
Actually got a list of other things going on in the network to make it even more secure, but just wanted to list the main things that'll give you a step up in the anti-malware front.
None of this is buletproof without proper care for how you use the Internet, though.
- Check for router/modem/firewall updates weekly if they can't be auto updated
- never click any links in an email even if you feel you know you trust it (exception to this would be something you KNOW is coming into your inbox, such as an account registration verification)
- avoid tiny urls or suspicious looking urls when possible
- don't open ports unless you really really really know what you're doing. If you absolutely need to open a port, then for the love of god define the source IP address/CIDR. Opening ports to the world includes opening them to cyber criminals
- turn off upnp, I don't care what that game or service you use says, it doesn't need it
You get the idea. My message got way too long and turned into a rant lol.
Haven't really felt the need to. On Linux ad blocking + common sense has worked out fine. When I was still using Windows I just relied on Windows Defender since around the Windows 8.1 days, but either way my time downloading .exe files from sketchy sites is long behind me.
You dont need an antivirus if you don't run software from unknown sources, and you keep your machine up to date.
For the most part, if you do all that and you're still attacked, they would probably get past an antivirus, anyways. I've never had an antivirus catch anything after decades of running Windows.
A bit thing to note for people running home servers is to watch what they expose to the internet. Insecure software and insecure configurations are huge targets for botnets these days.
No. Not needed for the most part if you aren't downloading dumb shit on the internet and keeping things up to date.
No. That would defeat the purpose of me installing Linux in (old) laptops. Windows feels sluggish enough with a sea of bad things wanting your minimum wage and have Windows Defender prevent it but not all of it, obviously.
I put all my attention to prevention and set strict rules on the router. It can be as simple as setting the DNS to stuff like dnsforge.de or DIY it with PiHole with hosts lists of your hearts content that update itself weekly, I do the latter. Nothing beats a cross platform solution that protects every device in the network, if you're after 100% performance. Of course you can still catch bad things, such as social engineering by email that happened over at Linus Tech Tips. You better stay vigilant no matter what solution you use and don't sleep on making backups, which can be as simple and automated when you use Syncthing for example.
I'm not sure if you recommended syncthing a backup tool, because it isn't one. Just making sure that there's no confusion...
load more comments
(1 replies)
Nope.... Raw dawg that shit online.
I wonder how people get phished on IG and FB. Like the get account taken over and blackmailed over a social media account.... That shit baffles me. I'm pretty sure I know how they get phished but I'm just shocked it happens to smart people.
Smart people are not immune to moments of panic or laziness or cockiness. I don't know about you, but I don't always check email headers even tho that's the closest to best way to verify the identity of the sender. And if that link verifiably goes to a website I trust, and I was expecting them to reach out, and I just have to login to check my orders and... wait, why does the url have a "redir=" parameter? Oh fuck oh god oh fuck why does the login page say "amzaon.com" instead of "amazon.com" like in the email's link??? FUCK DAMMIT SHIT
Exactly, my last full time gig was in cyber, soc analyst. Stay at home dad now screw all that stress.
And if that link verifiably goes to a website I trust, and I was expecting them to reach out, and I just have to login to check my orders and… wait, why does the url have a “redir=” parameter? Oh fuck oh god oh fuck why does the login page say “amzaon.com” instead of “amazon.com” like in the email’s link??? FUCK DAMMIT SHIT
This is definitely a situation where having a password manager with auto-filling is nice. When you save your login for amazon.com it ties it to the URL as well. So if you end up going to amzaon.com by any means and don't manage to catch it, your password manager won't fill in your details because it doesn't recognize the domain.
Of course, this won't stop you from say, using one of the "Login with Google/Apple/Amazon/etc" buttons on some dodgy website, and granting it access to your account (because you'd be redirected to google.com / apple.com / amazon.com) but it's at least an layer of "Wait, something isn't right here" when the auto-fill doesn't trigger.
Password managers are an absolute must-have in this day and age. That and MFA. And making as few accounts as humanly possible.
But, the more general concepts I'm trying to get at are that pobody's nerfect, you don't know what you don't know you don't know, and we're all just apes prone to lapses in judgment at innoportune times.
you don’t know what you don’t know you don’t know, and we’re all just apes prone to lapses in judgment at innoportune times.
Oh for sure, I 100% agree! My reply was more of an educational "Hey, in case you've run into this before, this is a great way to prevent it from occurring again" sort of deal. No one is born with all-encompassing knowledge of the world and everything/anything they could ever interact with, and subsequently no one should be faulted for running into something like phishing scams where they're designed to exploit someone's potential lack of knowledge or even as you mentioned, a lapse in judgment.
I normally am good about avoiding phishing scams but almost fell victim to one because a close trusted friend of mine had their account compromised, and sent a link to something on Steam that seemed in line with what they'd normally bring up with me - and it was exactly the fact that my password manager didn't prompt me to fill in my Steam login details on that fake page that prevented me from trying to login.
(Well that and I do have Steam Guard/MFA enabled, but still)
Personally I don't use one on any platform because the antivirus companies tend to... Create problems in order to solve them. If you're going to use one on Linux, ClamAV is probably the play. However, far better for your security is to pick a distro that publishes security patches quickly, like Debian or Arch Linux, and then to update your system frequently
No because I use QubesOS. If I got a virus it would be gone the next time I launched my browser.
I have just a simple question: Why?
I use it because of the protection it provides.
It works because every time I launch the browser it does so in a Disposable VM. When you close the browser, the VM is deleted. Launch a new browser, and it creates a fresh VM.
What about performance? I have an 8 gb ram machine, so I can't imagine ever runnign Qubes. What sort of specs would you recommend for trying a system like that?
It depends how many VMs you want to run at once. RAM reqs in Qubes keep pace usually with Windows. You'll want 16G minimum.
No I don't use an antivirus because I don't download and run untrusted programs or scripts from the internet.
I do have some block lists on my firewall that block a lot of malware, phishing, and scammer sites though.
Properly educating the users is far more effective than any anti virus software.
I have clamav installed, but only run it sporadically during attacks of paranoia. The only thing it's ever found was a Windows virus in an old email attachment among some files that had come from a Windows box.
The main thing you need to do to avoid viruses is avoid running untrusted code, which means, among other things, using paranoid browser settings. Linux tends to have fewer random holes where script execution environments ooze into places where they really shouldn't be, although even Windows isn't quite as bad about that as it was twenty-five years ago.
Yes of course. It’s like basic hygiene, washing your hands after visiting the restroom.
Which AV do you use for Linux? I searched for it a while ago and could not find good options. Either discontinued or extremely expensive (focused on business / servers). Of course there is Clam, but AFAIK it is still lacking in quality and not easy to set up for continuous monitoring.
I’ve been using ESET for a long time, but I don’t actually know what it costs, I get licenses from my company. Might not be suitable price range for home use.
I'd agree if most antiviruses weren't the equivalent of washing your hands with plain tap water and nothing else, or often, poop in place of soap
Yeah. I guess that depends on your use case, but I do quite a lot “sewage plumbing” (malware analysis) so it’s nice to have that extra layer just in case I fuck up.
No. Because there is no need.
Antivirus just make people more negligent even in Windows.
Nope, nothing. I use ESET Endpoint on Windows though.
No because I don't download software via unsafe tools like web browsers or flatpak.
I don't believe we have antivirus.
Sooner or later, though, I imagine it will become necessary. There was a time when Macs were considered malware-proof…until they became popular enough to be worth writing malware for.
I don't use one, it's unnecessary. Keep your system light, use only free software and utilize some of your common sense and you'll be all right.
This one time my brother had his pc(winblows) infested just by plugging in a flash-drive, seriously, just that!!. I hate proprietary software.
The Linux kernel just received a fix for a privilege-escalation vulnerability that, if I'm not mistaken, could in theory be exploited by plugging in and mounting a maliciously crafted flash drive.
But on Linux this is considered a vulnerability and is fixed, whereas on Windows, automatically running potentially-malicious code on a removable drive is (was?) considered a feature.
No. I only use Android as my PC via AR glasses. Is there even any antivirus software for Android? Probably, but I don't care I guess. Never had a problem.
I pay for Dr Web for Linux and Android because I like the idea that I'm supporting white hat hackers find malware. Do I think I need it? No.