Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Anti-virus program needed?
#1
Hi guys/gals, I'm a new user of Mint, and was wondering if I need to install some kind of security on my system to foil any attempts to access my computer, and if so which programs would you recommend. Thanks in advance  Expresso.
Reply
#2
You will not need an anti-virus program.

There is basically no malware that targest desktop Linux.
And the distributions are different enough that it is
incredibly hard to write malware that would compromise
all of them.

As long as you have a firewall and do not randomly execute
commands you find on the internet, you are fine.
My website - My git repos

"Things are only impossible until they’re not." - Captain Jean-Luc Picard
Reply
#3
(06-22-2019, 05:40 AM)Expresso Wrote: Hi guys/gals, I'm a new user of Mint, and was wondering if I need to install some kind of security on my system to foil any attempts to access my computer, and if so which programs would you recommend. Thanks in advance  Expresso.


I would encourage you to read the four informative links listed below.

Code:
https://www.linux.com/learn/intro-to-linux/2017/9/security-tools-check-viruses-and-malware-Linux

https://www.linux.com/learn/myth-busting-linux-immune-viruses

https://news.sophos.com/en-us/2015/03/26/dont-believe-these-four-myths-about-linux-security/

https://help.ubuntu.com/community/Linuxvirus 
Idea Give a person a fish, and you feed them for a day. Teach a person how to fish, and you feed them for a lifetime. ✝️ Proverbs 4:7 Wisdom is the principal thing; therefore get wisdom: and with all thy getting get understanding.
Reply
#4
(06-22-2019, 09:58 AM)deck_luck Wrote: I would encourage you to read the four informative links listed below.

Code:
https://www.linux.com/learn/intro-to-linux/2017/9/security-tools-check-viruses-and-malware-Linux

https://www.linux.com/learn/myth-busting-linux-immune-viruses

https://news.sophos.com/en-us/2015/03/26/dont-believe-these-four-myths-about-linux-security/

https://help.ubuntu.com/community/Linuxvirus 


Those sites engage in pretty heavy fear mongering, in my opinion,
with the exception of the "Linuxvirus" list. One of the Sites is
literally run by a company selling anti-virus software and therefore
is obviously not a reliably source.

Some of those sites admit it themselves that their argumentation is
not as solid as they would like:

Quote:[...] Linux is less prone to such attacks than, say, Windows [...]
Quote:Because of the Linux user privilege system and the thousands of versions of Linux, it [the virus] didn't do well at all.
Linuxvirus Wrote:There is no virus by definition in almost any known and updated Unix-like operating system, but you can always get infected by various malware like worms, trojans, etc. If you are an unaware user who does dangerous non-advised actions like login as root. However most GNU/Linux distros like Ubuntu, come with built-in security by default and you may not get affected by malware if you keep your system up to date and don't do any manual insecure actions.
Quote:Why are email attachments not so dangerous in Linux? Well, generally speaking it is because nearly all malicious email attachments target Windows machines.

And basically half the viruses in the "Linuxvirus" list are research
projects where you have to deliberately infect your system yourself,
while the other half is outdated and will not work on any remotely
modern system.

Quote:The virus was a Linux executable module (ELF file).

Which do not simply appear on your disk and execute themselves. You
have to deliberately execute them (and possibly even make them executable
beforehand), just like any other binary file or script.

Quote:I’ve been a victim of a (very brief) hacker getting onto my desktop, because I accidentally left desktop sharing running

This is plain stupidity; No anti-virus software, no firewall or anything would have helped here.



Generally, most viruses are written not for Linux. Most viruses written for
Linux target servers. Most viruses written for Linux that do not target servers
target IoT. Most Linux virusses that do not target servers or IoT target workstations
(and therfore RHEL). A lot of Linux virusses targetting the general desktop user
will not work on all distributions. A lot of Linux viruses targeting the general
desktop user depend on tricking the user into downloading and executing them.

Also most viruses listed are overly complicated and completely miss the most
vulnerable attack vector: The user. You do not need a rootkit, root access,
any complex ELF or assembly binary hackery. A simple bash script can install
a keylogger acces and updload your personal files and introduce new or altered
files into your system, mostlikely undetectable by anti-virus software, especially
since most anti-virus software running on Linux  just searches for Windows malware.

So as long as you have an up-to-date system, have a firewall, do not disable AppArmor
or other security meassures and most importantly do nothing plain stupid, you are
relatively safe.

The best security advice for desktop Linux users:
  • Do not download scripts and execute them. A script can access your personal files, install a keylogger and more all without root access. Anti-virus software will mostlikely not catch a script. The danger here is that new users often think that a simple script can do no harm.
  • Do not download binaries and execute them.
  • Do not download and install .deb or .rpm files you found on the internet.
  • Only install and update software using the official repositories. Do not ever use PPAs, the AUR, the Snapstore, the Flathub, AppImages, or anything else.
  • Do not execute commands you found on the internet unless you are sure you understand what they do.
  • Do not ever disable anything security related, even if it might annoy you somehow.
  • Regularly install updates.

True, there is a chance something more exotic can affect your system,
like someone using some JavaScript or WebAssembly hackery to trick your
browser into executing malicious code. But those are incredibly hard to
write, the security issues they are using get almost immediately fixed
and also most of these will not target Linux and also also the chance is
high they will not work on your web browser.
My website - My git repos

"Things are only impossible until they’re not." - Captain Jean-Luc Picard
Reply
#5
Would you walk in a "bad" part of town at night with a pocket full of money with no protection? Of course not, that would be foolish. Likewise, don't do stupid things in Linux, like being in root and opening a email attachment without knowing the source. Or going to known "bad" websites, like anything else if you open yourself to danger then you might get hurt.
Reply
#6
The previously posted Sophos link contains this key information as additional links. 

So, if you are a tech-savvy Linux user, you should at least look at the basic security guidelines of your Linux distro.

Ubuntu: https://wiki.ubuntu.com/BasicSecurity
openSUSE: https://activedoc.opensuse.org/book/open...rity-guide
Fedora: https://fedoraproject.org/wiki/SecurityBasics
Arch: https://wiki.archlinux.org/index.php/security
CentOS: http://wiki.centos.org/HowTos/OS_Protection
Sabayon: https://wiki.sabayon.org/?title=En:Security

If the links are read I think most Linux destkop users can come to their own conclusion.   There are additional useful inks in the additional links listed above.  So allocated some time and go through them.
Idea Give a person a fish, and you feed them for a day. Teach a person how to fish, and you feed them for a lifetime. ✝️ Proverbs 4:7 Wisdom is the principal thing; therefore get wisdom: and with all thy getting get understanding.
Reply
#7
(06-22-2019, 01:09 PM)Joel920 Wrote: Would you walk in a "bad" part of town at night with a pocket full of money with no protection? Of course not, that would be foolish. Likewise, don't do stupid things in Linux, like being in root and opening a email attachment without knowing the source. Or going to known "bad" websites, like anything else if you open yourself to danger then you might get hurt.

Good point Joel, the problem is that you can get mugged in a safe part of town in broad daylight...I suspect that hacking attempts would be quite sophisticated these days, so I'll have to learn as much as I can over the coming months!

Thanks guys, I obviously have a lot of reading to do!
I'm really happy with the set-up,  it loads sites about 4 times faster than my old windows system Big Grin
Reply
#8
It is not necessary to run A/V on Linux despite the scare mongers.

In fact Google's Project Zero (Labs) has proved even on Windows you often more vulnerable running A/V.  Project Zero showed running Symantec (Norton) A/V actually increased the change of infection.  Symantec, of course, didn't like this and threaten Google.  The response by Google was bring it on as we can back up our claims.

Here is a link to just one issue with Symantec A/V:  https://www.cbc.ca/news/technology/norto...-1.2694494

So don't kid yourself that A/V even on Windows is good defense in and of itself.  It isn't.  Now I personally wouldn't run Windows without a better scanner but still the bottom line is A/V isn't the end all it is made out to be and I have seen many many many Windows computers running A/V and full of infections.  One computer for a neighbor had Symantec running reporting all was fine.  However it wasn't running well and was doing odd operations.  Malwarebytes revealed over 50 viruses active and over 1,500 infection points.  So much for that crappy A/V.

Now back to Linux.  As stated it isn't very easy to create viruses for Linux for many reasons.  Some say that is because Linux isn't used heavily.  Nonsense!  Linux runs more servers than everything else combined and then some.  Google is Linux based, Amazon is Linux based, eBay is Linux based, Facebook is Linux based, etc, etc, etc.  Those are high value targets that are hammered daily over and over and over.

Since the core is Linux guess what?  Some of that activity can carry over to the desktop.  However guess what?  Those companies studying the attacks and develop defenses which often get released to the community for various reasons.  That means your desktop Linux is actually hardened due to the research and efforts of attacks on Facebook, Google, Amazon, Wikipedia, etc.

Is that true of Windows or Mac systems?  Not really.  Sure you can deploy firewalls (software and hardware based), run IDS, honeypots etc with Windows and Mac but there is a huge key difference.  Those are not open source systems.  So Google, Facebook, Amazon, etc wouldn't be able to fix core system vulnerabilities.  They would have to rely on reporting it to Microsoft or Apple and then wait.

This is not true with Linux.  Those companies' staff can actually see the code and then fix, alter, or modify key code to address issues.  That is a huge advantage and as stated often they share those fixes to be included for the general Linux community.

So yes people have tried to create Linux viruses.  Are there some?  Yes but very few.  As mentioned you mainly have to infect yourself.  What is a threat on Linux (servers, desktops, IoT) are vulnerabilities.  That isn't the same as a virus.  It isn't an infection but an open gate if you will.  This is why patching and keeping up with updates is critical.

You'll sometimes hear people claim Linux isn't secure if you look at those SOHO routers (DLink, Asus, Linksys, Netgear, etc).  They are running Linux and look at their security issues.  Well those aren't getting infected with viruses.  They are just configured poorly (some have remote services on by default!!!) and more importantly they aren't getting updated with modern patches.  So yes an issue is found in some library with say version 1.21 and needs updating to 1.22 or something.  This rarely happens.

First off the vendors rarely release patches (Asus, Dlink, Netgear, etc).  Second people rarely take the time to actually update their routers.  Still these issues aren't viruses threats but software security bugs.  Android is even worse.   However the problem is many Android devices aren't getting updates and/or the vendors (Samsung, LG, HTC, etc) are slow at releasing patches; if ever.

At any rate the same holds true for the Linux desktop.  The biggest issue is just making sure that old vulnerable versions get updated so the security (and bug) fixes are applied.

A fully patched properly run Linux desktop or server is pretty hard to defeat.  However the key is properly configured and patched.  Which is another issue that you'll see a lot.  That is inexperienced persons not understanding how to properly setup operating environments and software thus digitally leaving the door wide open.

If you do want to run A/V Linux I personally only recommend eSet.  Is it necessary?  Nope.  However if you would feel better running it then well that is something.
Jeremy (Mr. Server)

* Desktop: Ubuntu MATE
* Windows are for your walls, Apple is for your health, Linux is for your computer
Reply
#9
I have Sophos and ClamAV installed, but only run them to check files for Windows vulnerabilities for family members.

For a GUI for ClamAV you can also install ClamTK.

Here is a video Joe did on ClamAV and a GUI for Uncomplicated Firewall, GUFW:

https://www.youtube.com/watch?v=4Ofj2hBlo3Q

The firewall GUI install is around 13:00. Joe details his opinion on the lack of need of AV for an average home user with best practices in the video.

Here is an even older video for a Sophos install. Not sure if any of the Sophos links are still valid. Install and use requires familiarity with basic terminal commands. Don't believe there is a current GUI for Linux:

https://www.youtube.com/watch?v=QH9gRThLEag
Reply
#10
Thanks everyone for the input.  I've been doing a lot of reading over the past week, and have found a really good step by step guide for tweaking linux distro's, at https://easylinuxtipsproject.blogspot.com/p/2.html

This site covers from choosing an installation to more advanced tweaks that really help system performance. 
    It's all step by step with copy and paste codes included with the dialogue.
I've now changed around 40 parameters on my O.S., and now have a system snapshot on a spare usb stick just in case.

Security is fairly well covered too, including Firefox tweaks to disable the easier ways into ones operating system, along with other changes to various programs.     I especially like the section on reducing harmful radiation emanating from most laptops ,  my laptop now uses about 1/5th of the transmit power to talk to the router, down from 15 dbm to 1,   (which isn't 1/15th of the power)  my (independant) radiation gauge clocked the revised power setting at approx 1/5 of the previous "normal electrosmog level". Even so, I won't sit my laptop on my lap, my gauge shows that this is too close to ones body to be considered safe.
I spent all weekend trying most of the tweaks covered on this site, it's really got me hooked! Edit...all the tweaks worked first go except for one, which was my fault.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)