With the increase popularity of the linux desktop and the steamdeck, will new viruses and malwares be developed for linux systems? should we better use an antivirus?
We always say that McAfee uses all the system resources so the virus doesn’t have anything to work with.
At home I have MS defender turned on by default on my windows machine. I was copying the contents of one nvme to another the other day and noticed I was only getting 60MiB/sec. I looked at task manager, realized why, turned off proactive scanning of files, and watched it jump to over 2GiB/sec. Really nailed that point home.
You can also do fun stuff like running the app as a separate user, and using sudo+xhost to access it. Most Linux firewalls allow you to set a rule with uid-affinity, so you could restrict the additional user to a whitelist of IP's.
Same here. Ever since I remember I don't have AV, just staying out of sketchy sites is enough. Most of malware is targeted at the least aware and cautious users.
I don't because no antivirus can protect you from yourself, I learned that the hard way while I was still using Windows many years ago.
I had antivirus and antimalware on Windows and I kept them updated and ran scans regularly, almost religiously, than I got a malware that antivirus couldn't detect (they take a while to be updated with new viruses/malware that constantly come out) and the only way to remove it was a blank new install following a specific procedure to clean it all.
That day I understood that no matter how attentive you are about your antivirus, you're never really protected until it's you who learns what to do and what not while accessing the web, so I did a bit of research about how to better configure my PC, how to better recognize phishing/scamming, using adblocker, don't download random software, stuff like that.
I basically learned "how to behave". I stopped using antivirus/antimalware on Windows and I didn't catch a virus since, then I switched to Linux and I still apply the same principles of "good behavior".
That's not to say I'm immune to viruses, I'm certainly not, but my mindset now is that if I ever catch a virus, it will be my fault for doing something I shouldn't have done, and I'll do my best to learn from it instead of relying on software to do that for me.
Virus scanners only detect a fraction of the harmful programmes.
Virus scanners can often be tricked.
Virus scanners often have security vulnerabilities themselves, which are usually quite serious, since such programmes embed themselves quite deeply in the operating system.
Virus scanners cause many users to become careless because they rely too much on such tools.
Therefore, from my point of view, the disadvantages outweigh the advantages. Therefore, I do not have such a tool permanently installed, neither under Linux nor under Windows. However, every 6 months I scan my Windows installation with a USB-bootable virus scanner. No actually harmful programme has been found for years.
In my opinion, the following things are much more important than any security software.
Install updates as soon as possible. Under Windows, you can use tools like Chocolatey for this.
Only install software from trustworthy sources.
Only install software that you really need.
Only use root or administrator rights if you have to. For everything else, the rights of the user account are sufficient.
Create backups regularly.
Think before you act.
Especially the last point is a problem for many users. I can't tell you how many times I've witnessed someone receiving an alleged invoice from mobile provider A by email and opening it, even though they had a contract with provider B.
Haven't really felt the need to. On Linux ad blocking + common sense has worked out fine. When I was still using Windows I just relied on Windows Defender since around the Windows 8.1 days, but either way my time downloading .exe files from sketchy sites is long behind me.
I wonder how people get phished on IG and FB. Like the get account taken over and blackmailed over a social media account.... That shit baffles me. I'm pretty sure I know how they get phished but I'm just shocked it happens to smart people.
And if that link verifiably goes to a website I trust, and I was expecting them to reach out, and I just have to login to check my orders and… wait, why does the url have a “redir=” parameter? Oh fuck oh god oh fuck why does the login page say “amzaon.com” instead of “amazon.com” like in the email’s link??? FUCK DAMMIT SHIT
This is definitely a situation where having a password manager with auto-filling is nice. When you save your login for amazon.com it ties it to the URL as well. So if you end up going to amzaon.com by any means and don't manage to catch it, your password manager won't fill in your details because it doesn't recognize the domain.
Of course, this won't stop you from say, using one of the "Login with Google/Apple/Amazon/etc" buttons on some dodgy website, and granting it access to your account (because you'd be redirected to google.com / apple.com / amazon.com) but it's at least an layer of "Wait, something isn't right here" when the auto-fill doesn't trigger.
you don’t know what you don’t know you don’t know, and we’re all just apes prone to lapses in judgment at innoportune times.
Oh for sure, I 100% agree! My reply was more of an educational "Hey, in case you've run into this before, this is a great way to prevent it from occurring again" sort of deal. No one is born with all-encompassing knowledge of the world and everything/anything they could ever interact with, and subsequently no one should be faulted for running into something like phishing scams where they're designed to exploit someone's potential lack of knowledge or even as you mentioned, a lapse in judgment.
I normally am good about avoiding phishing scams but almost fell victim to one because a close trusted friend of mine had their account compromised, and sent a link to something on Steam that seemed in line with what they'd normally bring up with me - and it was exactly the fact that my password manager didn't prompt me to fill in my Steam login details on that fake page that prevented me from trying to login.
(Well that and I do have Steam Guard/MFA enabled, but still)
You dont need an antivirus if you don't run software from unknown sources, and you keep your machine up to date.
For the most part, if you do all that and you're still attacked, they would probably get past an antivirus, anyways. I've never had an antivirus catch anything after decades of running Windows.
A bit thing to note for people running home servers is to watch what they expose to the internet. Insecure software and insecure configurations are huge targets for botnets these days.
Just have to remember which repos are “managed” and which are not. Installing stuff from PyPi or NPM might actually require you to read through quite a lot of code before installing. I don’t think most people are that diligent.
Yup, and much of stuff is just common apps. A browser based exploit may not care which OS you're running Firefox/Chrome under (or Edge, I suppose if you're one of the dozen running that in Linux). The log4j vulnerability was first seen in Minecraft hosts and clients, and that equally affects those running on Linux. Steam has also had vulnerabilities in the past, as have various document editors.
That said, I really can't say there's any consumer-level antivirus that I'd trust to be effective on my desktop (especially without impacting performance) even on Windows, let alone Linux. If you really know what your box is doing and it doesn't change much you might consider SELinux rules etc, but those are a significant amount of work even for servers (which tend to behave more predictably).
Not using software from untrustworthy sources or visiting sketchy sites, plus some monitoring of your network traffic may be a more effective solution.
This (Also is there a service that audits code's maliciousness for me? I sometimes use some unfamous stuffs from github for gaming, customizing etc. As long as I don't give them a root permission I should be ok?)
There are tools that do this but it's mostly for known issues or vulnerabilities (i.e. bad practice in coding or done after the fact).
Some stuff runs code on at sandbox looking for sketchy behavior, but hackers may work around that by having malware that only activates in CD l specific circumstances or times.
There can also be "privilege escalation" exploits which can allow a rogue process to obtain root/admin, and even without the process would have full access to whatever the user does in terms of network/device/hardware/process access (or sudo, as applicable).
Not being able to run as root doesn't help all that much if the process is able to access sensitive saved data, files and/or the internet
No. That would defeat the purpose of me installing Linux in (old) laptops. Windows feels sluggish enough with a sea of bad things wanting your minimum wage and have Windows Defender prevent it but not all of it, obviously.
I put all my attention to prevention and set strict rules on the router. It can be as simple as setting the DNS to stuff like dnsforge.de or DIY it with PiHole with hosts lists of your hearts content that update itself weekly, I do the latter. Nothing beats a cross platform solution that protects every device in the network, if you're after 100% performance. Of course you can still catch bad things, such as social engineering by email that happened over at Linus Tech Tips. You better stay vigilant no matter what solution you use and don't sleep on making backups, which can be as simple and automated when you use Syncthing for example.
I usually haven't, but I installed Clam about a month ago on my desktop, ran a full and complete scan, then left it running scheduled scans.
Hasn't found anything, and I get a lot of software from outside of my package manager, and use wine for a lot of it, so I'd say my risk/exposure is higher than most.
I think it's fine to go without AV on a linux desktop, but I like the peace of mind. There will definitely be more things targeting linux sytems as/if more market share is acquired, but in terms of security it's more important that you harden the system than run an AV.
This is great and most relevant answer from all comment on this topic imo! Viruses are evolve everyday, hacker always find a way to intercept computer that has same framework system.
QubesOS breaks that framework pattern and make their system more dynamic with VM-ing everything, so the impact of viruses are near-to-zero.
++ QubesOS also provide all security enhanced out of the box SO we can enhanced it more with other security tools rather than start from RAW system like majority Linux OS..
It works because every time I launch the browser it does so in a Disposable VM. When you close the browser, the VM is deleted. Launch a new browser, and it creates a fresh VM.
What about performance? I have an 8 gb ram machine, so I can't imagine ever runnign Qubes. What sort of specs would you recommend for trying a system like that?
The anti virus industry boomed because of operating systems that were exceptionally vulnerable to attacks. Simply visiting a website could install software. The root cause of this problem isn't that a user didn't run third-party software. It's that the operating system was vulnerable.
After many years of neglect by operating system vendors, there really wasn't much of a choice in how to be responsible if you insisted on running a vulnerable operating system. Therefore, the industry boomed and it became status quo for users of these operating systems.
Or you could run an OS that regularly fixes vulnerabilities.
plus if your someone that makes malware are you really going to waste time making a linux version of your malware or just stick to the windows version.
I have clamav installed, but only run it sporadically during attacks of paranoia. The only thing it's ever found was a Windows virus in an old email attachment among some files that had come from a Windows box.
The main thing you need to do to avoid viruses is avoid running untrusted code, which means, among other things, using paranoid browser settings. Linux tends to have fewer random holes where script execution environments ooze into places where they really shouldn't be, although even Windows isn't quite as bad about that as it was twenty-five years ago.
No I don't use an antivirus because I don't download and run untrusted programs or scripts from the internet.
I do have some block lists on my firewall that block a lot of malware, phishing, and scammer sites though.
Properly educating the users is far more effective than any anti virus software.
I don't think there's a need. I keep my system patched and I only install from trusted sources. It might make sense in a corporate environment but for a single user machine I can't image ever needing it.
No. I only use Android as my PC via AR glasses. Is there even any antivirus software for Android? Probably, but I don't care I guess. Never had a problem.
I don't use one, it's unnecessary. Keep your system light, use only free software and utilize some of your common sense and you'll be all right.
This one time my brother had his pc(winblows) infested just by plugging in a flash-drive, seriously, just that!!. I hate proprietary software.
Which AV do you use for Linux? I searched for it a while ago and could not find good options. Either discontinued or extremely expensive (focused on business / servers). Of course there is Clam, but AFAIK it is still lacking in quality and not easy to set up for continuous monitoring.
I’ve been using ESET for a long time, but I don’t actually know what it costs, I get licenses from my company. Might not be suitable price range for home use.
We always say that McAfee uses all the system resources so the virus doesn’t have anything to work with.
At home I have MS defender turned on by default on my windows machine. I was copying the contents of one nvme to another the other day and noticed I was only getting 60MiB/sec. I looked at task manager, realized why, turned off proactive scanning of files, and watched it jump to over 2GiB/sec. Really nailed that point home.
You can also do fun stuff like running the app as a separate user, and using sudo+xhost to access it. Most Linux firewalls allow you to set a rule with uid-affinity, so you could restrict the additional user to a whitelist of IP's.
I don't use antivirus on Windows, let alone Linux. Just be mindful of what you're downloading and you'll be fine.
Same here. Ever since I remember I don't have AV, just staying out of sketchy sites is enough. Most of malware is targeted at the least aware and cautious users.
I don't because no antivirus can protect you from yourself, I learned that the hard way while I was still using Windows many years ago.
I had antivirus and antimalware on Windows and I kept them updated and ran scans regularly, almost religiously, than I got a malware that antivirus couldn't detect (they take a while to be updated with new viruses/malware that constantly come out) and the only way to remove it was a blank new install following a specific procedure to clean it all.
That day I understood that no matter how attentive you are about your antivirus, you're never really protected until it's you who learns what to do and what not while accessing the web, so I did a bit of research about how to better configure my PC, how to better recognize phishing/scamming, using adblocker, don't download random software, stuff like that.
I basically learned "how to behave". I stopped using antivirus/antimalware on Windows and I didn't catch a virus since, then I switched to Linux and I still apply the same principles of "good behavior".
That's not to say I'm immune to viruses, I'm certainly not, but my mindset now is that if I ever catch a virus, it will be my fault for doing something I shouldn't have done, and I'll do my best to learn from it instead of relying on software to do that for me.
Antivirus is a technical attempt at solving a stupid user problem. It does not actually prevent any problems and causes many of its own.
Frankly, some phishing attempts, especially at work, are pretty good in my opinion.
Therefore, from my point of view, the disadvantages outweigh the advantages. Therefore, I do not have such a tool permanently installed, neither under Linux nor under Windows. However, every 6 months I scan my Windows installation with a USB-bootable virus scanner. No actually harmful programme has been found for years.
In my opinion, the following things are much more important than any security software.
Especially the last point is a problem for many users. I can't tell you how many times I've witnessed someone receiving an alleged invoice from mobile provider A by email and opening it, even though they had a contract with provider B.
Run sandboxed software when possible and avoid doing unsafe things.
There is no useful AV for Linux desktops.
Haven't really felt the need to. On Linux ad blocking + common sense has worked out fine. When I was still using Windows I just relied on Windows Defender since around the Windows 8.1 days, but either way my time downloading .exe files from sketchy sites is long behind me.
No. Not needed for the most part if you aren't downloading dumb shit on the internet and keeping things up to date.
Nope.... Raw dawg that shit online.
I wonder how people get phished on IG and FB. Like the get account taken over and blackmailed over a social media account.... That shit baffles me. I'm pretty sure I know how they get phished but I'm just shocked it happens to smart people.
This is definitely a situation where having a password manager with auto-filling is nice. When you save your login for
amazon.comit ties it to the URL as well. So if you end up going toamzaon.comby any means and don't manage to catch it, your password manager won't fill in your details because it doesn't recognize the domain.Of course, this won't stop you from say, using one of the "Login with Google/Apple/Amazon/etc" buttons on some dodgy website, and granting it access to your account (because you'd be redirected to
google.com/apple.com/amazon.com) but it's at least an layer of "Wait, something isn't right here" when the auto-fill doesn't trigger.Oh for sure, I 100% agree! My reply was more of an educational "Hey, in case you've run into this before, this is a great way to prevent it from occurring again" sort of deal. No one is born with all-encompassing knowledge of the world and everything/anything they could ever interact with, and subsequently no one should be faulted for running into something like phishing scams where they're designed to exploit someone's potential lack of knowledge or even as you mentioned, a lapse in judgment.
I normally am good about avoiding phishing scams but almost fell victim to one because a close trusted friend of mine had their account compromised, and sent a link to something on Steam that seemed in line with what they'd normally bring up with me - and it was exactly the fact that my password manager didn't prompt me to fill in my Steam login details on that fake page that prevented me from trying to login.
(Well that and I do have Steam Guard/MFA enabled, but still)
Exactly, my last full time gig was in cyber, soc analyst. Stay at home dad now screw all that stress.
Nope.
I don't have wine installed.
Even then, the good old "Reinstall if things feel sluggish" always helps.
You dont need an antivirus if you don't run software from unknown sources, and you keep your machine up to date.
For the most part, if you do all that and you're still attacked, they would probably get past an antivirus, anyways. I've never had an antivirus catch anything after decades of running Windows.
A bit thing to note for people running home servers is to watch what they expose to the internet. Insecure software and insecure configurations are huge targets for botnets these days.
Anti-virus software is like a condom. If you don’t go sticking your computer in places it doesn’t belong you won’t really need one.
Today I learned what a dickhead my computer is
Linux still can get viruses. Just not as likely
The pattern of using managed repositories instead of downloading random shit off the internet prevents a lot of it outright.
Just have to remember which repos are “managed” and which are not. Installing stuff from PyPi or NPM might actually require you to read through quite a lot of code before installing. I don’t think most people are that diligent.
yup, that's why i avoid it like the plague.
It's .deb's and .rpm's all the way down.
And sometimes flatpaks. And sometimes AppImages.
But never pips, gems or any of that sort of ...
Yup, and much of stuff is just common apps. A browser based exploit may not care which OS you're running Firefox/Chrome under (or Edge, I suppose if you're one of the dozen running that in Linux). The log4j vulnerability was first seen in Minecraft hosts and clients, and that equally affects those running on Linux. Steam has also had vulnerabilities in the past, as have various document editors.
That said, I really can't say there's any consumer-level antivirus that I'd trust to be effective on my desktop (especially without impacting performance) even on Windows, let alone Linux. If you really know what your box is doing and it doesn't change much you might consider SELinux rules etc, but those are a significant amount of work even for servers (which tend to behave more predictably).
Not using software from untrustworthy sources or visiting sketchy sites, plus some monitoring of your network traffic may be a more effective solution.
This (Also is there a service that audits code's maliciousness for me? I sometimes use some unfamous stuffs from github for gaming, customizing etc. As long as I don't give them a root permission I should be ok?)
There are tools that do this but it's mostly for known issues or vulnerabilities (i.e. bad practice in coding or done after the fact). Some stuff runs code on at sandbox looking for sketchy behavior, but hackers may work around that by having malware that only activates in CD l specific circumstances or times.
There can also be "privilege escalation" exploits which can allow a rogue process to obtain root/admin, and even without the process would have full access to whatever the user does in terms of network/device/hardware/process access (or sudo, as applicable).
Not being able to run as root doesn't help all that much if the process is able to access sensitive saved data, files and/or the internet
I asked 😺👍
The duality of the man, so old but so edgy.
No one cares
No. That would defeat the purpose of me installing Linux in (old) laptops. Windows feels sluggish enough with a sea of bad things wanting your minimum wage and have Windows Defender prevent it but not all of it, obviously.
I put all my attention to prevention and set strict rules on the router. It can be as simple as setting the DNS to stuff like dnsforge.de or DIY it with PiHole with hosts lists of your hearts content that update itself weekly, I do the latter. Nothing beats a cross platform solution that protects every device in the network, if you're after 100% performance. Of course you can still catch bad things, such as social engineering by email that happened over at Linus Tech Tips. You better stay vigilant no matter what solution you use and don't sleep on making backups, which can be as simple and automated when you use Syncthing for example.
I usually haven't, but I installed Clam about a month ago on my desktop, ran a full and complete scan, then left it running scheduled scans. Hasn't found anything, and I get a lot of software from outside of my package manager, and use wine for a lot of it, so I'd say my risk/exposure is higher than most.
I think it's fine to go without AV on a linux desktop, but I like the peace of mind. There will definitely be more things targeting linux sytems as/if more market share is acquired, but in terms of security it's more important that you harden the system than run an AV.
No because I use QubesOS. If I got a virus it would be gone the next time I launched my browser.
This is great and most relevant answer from all comment on this topic imo! Viruses are evolve everyday, hacker always find a way to intercept computer that has same framework system.
QubesOS breaks that framework pattern and make their system more dynamic with VM-ing everything, so the impact of viruses are near-to-zero.
++ QubesOS also provide all security enhanced out of the box SO we can enhanced it more with other security tools rather than start from RAW system like majority Linux OS..
I have just a simple question: Why?
I use it because of the protection it provides.
It works because every time I launch the browser it does so in a Disposable VM. When you close the browser, the VM is deleted. Launch a new browser, and it creates a fresh VM.
What about performance? I have an 8 gb ram machine, so I can't imagine ever runnign Qubes. What sort of specs would you recommend for trying a system like that?
It depends how many VMs you want to run at once. RAM reqs in Qubes keep pace usually with Windows. You'll want 16G minimum.
The anti virus industry boomed because of operating systems that were exceptionally vulnerable to attacks. Simply visiting a website could install software. The root cause of this problem isn't that a user didn't run third-party software. It's that the operating system was vulnerable.
After many years of neglect by operating system vendors, there really wasn't much of a choice in how to be responsible if you insisted on running a vulnerable operating system. Therefore, the industry boomed and it became status quo for users of these operating systems.
Or you could run an OS that regularly fixes vulnerabilities.
plus if your someone that makes malware are you really going to waste time making a linux version of your malware or just stick to the windows version.
This also assumes that Linux is vulnerable the same way that Windows is for the software, which is probably isn't.
I have clamav installed, but only run it sporadically during attacks of paranoia. The only thing it's ever found was a Windows virus in an old email attachment among some files that had come from a Windows box.
The main thing you need to do to avoid viruses is avoid running untrusted code, which means, among other things, using paranoid browser settings. Linux tends to have fewer random holes where script execution environments ooze into places where they really shouldn't be, although even Windows isn't quite as bad about that as it was twenty-five years ago.
No. Because there is no need.
Antivirus just make people more negligent even in Windows.
No I don't use an antivirus because I don't download and run untrusted programs or scripts from the internet.
I do have some block lists on my firewall that block a lot of malware, phishing, and scammer sites though.
Properly educating the users is far more effective than any anti virus software.
I don't think there's a need. I keep my system patched and I only install from trusted sources. It might make sense in a corporate environment but for a single user machine I can't image ever needing it.
Nope, nothing. I use ESET Endpoint on Windows though.
I pay for Dr Web for Linux and Android because I like the idea that I'm supporting white hat hackers find malware. Do I think I need it? No.
No. I only use Android as my PC via AR glasses. Is there even any antivirus software for Android? Probably, but I don't care I guess. Never had a problem.
No because I don't download software via unsafe tools like web browsers or flatpak.
I don't use one, it's unnecessary. Keep your system light, use only free software and utilize some of your common sense and you'll be all right.
This one time my brother had his pc(winblows) infested just by plugging in a flash-drive, seriously, just that!!. I hate proprietary software.
Yes of course. It’s like basic hygiene, washing your hands after visiting the restroom.
Which AV do you use for Linux? I searched for it a while ago and could not find good options. Either discontinued or extremely expensive (focused on business / servers). Of course there is Clam, but AFAIK it is still lacking in quality and not easy to set up for continuous monitoring.
I’ve been using ESET for a long time, but I don’t actually know what it costs, I get licenses from my company. Might not be suitable price range for home use.