Author Topic: Linux Antimalware/Antivirus debate  (Read 19080 times)

0 Members and 1 Guest are viewing this topic.

Offline madires

  • Super Contributor
  • ***
  • Posts: 5274
  • Country: de
  • A qualified hobbyist ;)
Re: Linux Antimalware/Antivirus debate
« Reply #75 on: October 31, 2016, 12:12:34 pm »
From what I've seen there's no good reason for AV on windows either, besides for users which are clicking every link, file, or whatever. Also in case of regulation or for reliabily issues a company might be required to have an AV. AV doesn't prevent 0days, crafted malware or brand new malware. Do you you remember any AV which hasn't caused issues like breaking windows with bad signature files or high CPU load? Or security issues, especially with corporate AV management tools. Corporate-wide shutdown of IT for a few days, because the the AV didn't thwart a new virus. Sorry, but AV is just scareware nowadays.
 

Offline Zero999

  • Super Contributor
  • ***
  • Posts: 14208
  • Country: gb
  • 0999
Re: Linux Antimalware/Antivirus debate
« Reply #76 on: October 31, 2016, 06:22:25 pm »
There are also different types of anti virus software. What most people refer to is memory resident type which scans everything in the background, which I do not use because I deem it to be a waste of resources. Then there's the type which can be used to scan the odd file here and there, which is what I use because it uses no system resources.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 3969
  • Country: au
Re: Linux Antimalware/Antivirus debate
« Reply #77 on: October 31, 2016, 06:52:12 pm »
Bottomline: you don't need av on Linux.

The risk of catching malware on an updated Linux machine is much lower than on an updated windows pc with av.

If you say that, despite the very small risk, Linux users should run av, than you should also say that people shouldn't use windows
because using windows instead of Linux increases the risk...

 :palm:

Bottom line: If you are willing to take the risk and pretend that nothing will ever happen to you, go nuts. For those who want to take simple measures to reduce that risk even further, doesn't make them wrong. I'll repeat it again: This archaic "you don't need anti-virus/anti-malware/anti-bad shit on Linux" attitude is outdated and ignorant. If nothing else, even if you are an "expert" Linux user, one day you might just fuck up, because you are human after-all.

From what I've seen there's no good reason for AV on windows either, besides for users which are clicking every link, file, or whatever.

This is the worst kind of advice I've heard in a long time. I really hope you aren't an IT 'professional'. I've worked in the IT industry now for almost 20 years so I know a thing or two. AV has saved my butt a number of times and has prevented something from being run or copied across already infected media. I hardly just go clicking on "every link, file or whatever".
« Last Edit: October 31, 2016, 06:55:57 pm by Halcyon »
 

Offline setq

  • Frequent Contributor
  • **
  • Posts: 444
  • Country: gb
Re: Linux Antimalware/Antivirus debate
« Reply #78 on: October 31, 2016, 09:45:19 pm »
Backups, incremental, save your arse, not antivirus. AV allows you to limp home. There are better strategies.

I use windows defender and have done since windows 8 came out. That's more than enough.

The worst infected shitboxes I've seen over the years do have active AV software yet are still chock full of all sorts of nasty. I've seen commercial environment horror stories with paid up AV still getting owned because of user education and the simple fact you can take a sieve and stick putty over all the holes. You have to take a bowl and make just the holes you need.
« Last Edit: October 31, 2016, 09:47:28 pm by setq »
 

Offline george.b

  • Regular Contributor
  • *
  • Posts: 240
  • Country: br
Re: Linux Antimalware/Antivirus debate
« Reply #79 on: November 01, 2016, 03:06:42 am »
There was a novice who learned much at the Master's feet, but felt something to be missing. After meditating on his doubts for some time, he found the courage to approach Master Foo about his problem.

“Master Foo,” he asked “why do Unix users not employ antivirus programs? And defragmentors? And malware cleaners?”

Master Foo smiled, and said “When your house is well constructed, there is no need to add pillars to keep the roof in place.”

The novice replied “Would it not be better to use these things anyway, just to be certain?”

Master Foo reached for a nearby ball of string, and began wrapping it around the novice's feet.

“What are you doing?” the novice asked in surprise.

Master Foo replied simply: “Tying your shoes.”

Upon hearing this, the novice was enlightened.
 

Offline Ampera

  • Super Contributor
  • ***
  • Posts: 2566
  • Country: us
    • Ampera's Forums
Re: Linux Antimalware/Antivirus debate
« Reply #80 on: November 01, 2016, 03:36:59 am »
Kinda annoyed the delete button doesn't work so I can undo this mess.

I wanted it for my own sake, I would have gone on without it, just wanted to see what was out there. I am aware of the better security of Unix/Linux based systems, but I could gives a rat's ass about how secure it is. I wanted to have SOMETHING there even if it was some small thing. The risk exists and I want to remove it.

What other people agree is honestly up to them, I asked a question and got an argument, and not a nice debate either.

Thanks to everybody who has given real answers and not just gone on about how Linux is perfect and doesn't need protection. Windows by the same logic needs no protection because if you don't run it it can't infect you. I got news, if I give a program SU, an action I tend to do since most of my programs require it, it can do whatever it bloody wants to my system. And if an argument is that I should make sure my software is clean before I run it, I don't have an Antivirus so I can't do it. It is BLISTERINGLY easy to bust a Linux system once a program gets SU, and I want to know what programs I can trust, and if I've made a mistake a way to fix it. Windows is pretty damn similar, programs have no root access unless you give it to them, yea Windows has more ways to get around that, but if a program asks for SU access within reason, I am gonna grant it to get it to do what I downloaded it to do.

Without SOME antivirus I have no defense against sketchy sites. A lot of sites will offer perfectly fine software and look not the best (look at LWJGL's old site, not to mention a lot of soundfont sites look like rubbish, list goes on and on) and a lot of sites offer lemons. With no tool to scan anything I can't know what I can trust or not. That is why I want an antivirus, never mind the idle security of an operating system and how easy it is to crack SU, my concern is GIVING SU without knowing what it will do, something I can't figure out without (again) scanning it.

Professional complainer-in-chief criticizing other people's code
Programmer and bumbling Unix fool
Op @ EEVBlog IRC: irc.austnet.irc #eevblog
 
The following users thanked this post: Halcyon, 2N3055

Offline CatalinaWOW

  • Super Contributor
  • ***
  • Posts: 3600
  • Country: us
Re: Linux Antimalware/Antivirus debate
« Reply #81 on: November 01, 2016, 03:55:37 am »
Kinda annoyed the delete button doesn't work so I can undo this mess.

I wanted it for my own sake, I would have gone on without it, just wanted to see what was out there. I am aware of the better security of Unix/Linux based systems, but I could gives a rat's ass about how secure it is. I wanted to have SOMETHING there even if it was some small thing. The risk exists and I want to remove it.

What other people agree is honestly up to them, I asked a question and got an argument, and not a nice debate either.

Thanks to everybody who has given real answers and not just gone on about how Linux is perfect and doesn't need protection. Windows by the same logic needs no protection because if you don't run it it can't infect you. I got news, if I give a program SU, an action I tend to do since most of my programs require it, it can do whatever it bloody wants to my system. And if an argument is that I should make sure my software is clean before I run it, I don't have an Antivirus so I can't do it. It is BLISTERINGLY easy to bust a Linux system once a program gets SU, and I want to know what programs I can trust, and if I've made a mistake a way to fix it. Windows is pretty damn similar, programs have no root access unless you give it to them, yea Windows has more ways to get around that, but if a program asks for SU access within reason, I am gonna grant it to get it to do what I downloaded it to do.

Without SOME antivirus I have no defense against sketchy sites. A lot of sites will offer perfectly fine software and look not the best (look at LWJGL's old site, not to mention a lot of soundfont sites look like rubbish, list goes on and on) and a lot of sites offer lemons. With no tool to scan anything I can't know what I can trust or not. That is why I want an antivirus, never mind the idle security of an operating system and how easy it is to crack SU, my concern is GIVING SU without knowing what it will do, something I can't figure out without (again) scanning it.

I haven't read every post on this thread for exactly the reasons the OP has outlined.  But I will add a few points endorsing exactly what he has said.

1.  There are many useful and specialized pieces of code out there that pertain to the electronics field.  Many of them are works of love by a volt nut, or synthesisor nut or whatever.  They are not professionally developed or maintained and are often posted on an equally amateurish web site.

2.  These web sites are at least occasionally hacked.  The original coder is NOT passionate about web site maintenance, he or she already has an all consuming passion.  It may be hours, or days, or weeks before they notice.

3.  There is malware targeted at Linux systems.  It is rarely a problem for all of the reasons that everyone can enumerate, but does that mean that it should be totally ignored?

4.  One of the primary reasons Linux is not heavily targeted is that it has low market penetration, and a much higher percentage of Linux users is technically competent.   This may change as Microsoft and Apple do things to drive their revenue which will alienate more and more users.

The OP is asking a question about a simple bit of prudence which would have little or no impact on daily operations.  No reason to bring fire down on him.
 
The following users thanked this post: Halcyon

Offline BradC

  • Super Contributor
  • ***
  • Posts: 1675
  • Country: au
Re: Linux Antimalware/Antivirus debate
« Reply #82 on: November 01, 2016, 04:52:57 am »
Kinda annoyed the delete button doesn't work so I can undo this mess.

Now you know, so you won't do it again :)

Without SOME antivirus I have no defense against sketchy sites. A lot of sites will offer perfectly fine software and look not the best (look at LWJGL's old site, not to mention a lot of soundfont sites look like rubbish, list goes on and on) and a lot of sites offer lemons. With no tool to scan anything I can't know what I can trust or not. That is why I want an antivirus, never mind the idle security of an operating system and how easy it is to crack SU, my concern is GIVING SU without knowing what it will do, something I can't figure out without (again) scanning it.

On the topic of AV, I use F-Prot & ClamAV. I have them installed on a basic live-cd & USB so I can help out in cleaning broken windows machines. I also use them to periodically run over servers that are exposed to Windows machines. My Zimbra server uses ClamAV to scan all incoming and outgoing mail. It misses a huge percentage of zero-day or even vaguely recent stuff that my users are educated not to open. In fact Greylisting inhibits more stuff than ClamAV catches. None the less, it's nice to have. I run both of them because all AV products are horrible and have huge failings, but running the two of them side by side makes a noticeable improvement in my detection rate.

One thing you'll want to learn how to do is not give random software root privileges. Using su or sudo on random software is a practice you'll want to learn to get away from. Dismantle install scripts and figure out how they work. Install software into your home directory (~/local is nice). Just learn how to avoid having to get root privilege. Unix has relatively fine grained access control. Learn how to set up your groups so you don't need to get root to do stuff.
 
Yes, linux has virus/trojan/worm/whatever the new fruit is this week. Hell, a few years ago I set up a world facing server with an account with the name and password 'backup'. I did it when I was testing in staging on an isolated network for a 10 second test and I forgot completely about it. 2 days after putting the box onto a world-facing IP I had a daemon running on the backup account ssh scanning swaths of IP address space trying to get root on boxes. Now admittedly AV would not have helped me avoid my complete brain-fade, but it proves there is stuff out there trying to get in and if you do something dumb and leave the door unlocked you'll be rapidly compromised.

Sorry for the ramble, but learn how not to need root on a day to day basis. It'll make things a bit safer. If you really want to run AV, then do it. It may or may not help, but if you are willing to put up with the hassle then it can't hurt (as long as you are not going in with the attitude that it'll save you from doing something dumb).
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1561
  • Country: 00
Re: Linux Antimalware/Antivirus debate
« Reply #83 on: November 01, 2016, 07:57:45 am »
4.  One of the primary reasons Linux is not heavily targeted is that it has low market penetration,

Agreed.

and a much higher percentage of Linux users is technically competent.

Agreed.

This may change as Microsoft and Apple do things to drive their revenue which will alienate more and more users.

Wow, the year of the Linux desktop is arriving? Really? You'r kidding, aren't you?

A system, designed by engineers, designed for engineers, is never going to reach mass adoption.

But hey, maybe I'm wrong, maybe we will see the year of the Linux desktop...


 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5274
  • Country: de
  • A qualified hobbyist ;)
Re: Linux Antimalware/Antivirus debate
« Reply #84 on: November 01, 2016, 01:18:06 pm »
From what I've seen there's no good reason for AV on windows either, besides for users which are clicking every link, file, or whatever.

This is the worst kind of advice I've heard in a long time. I really hope you aren't an IT 'professional'. I've worked in the IT industry now for almost 20 years so I know a thing or two. AV has saved my butt a number of times and has prevented something from being run or copied across already infected media. I hardly just go clicking on "every link, file or whatever".

Yes, AV protects you from old and known malware. But it doesn't do that for the latest malware and crafted stuff. When I compare how many times AV saved the day with how many times it ruined the day or missed really bad stuff, I don't see any benefit in buying an AV product. MS offers free malware protection since XP, it's not the best but it's ok. I've seen nearly all professional AV products over the years. They all have/had security issues, miss(ed) bad stuff, crash(ed) computers, ruin(ed) windows. Ever experienced that half of the PCs in the office didn't run, because the AV had quarantined an essential OS file? That's fun! And it happened too many times.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5274
  • Country: de
  • A qualified hobbyist ;)
Re: Linux Antimalware/Antivirus debate
« Reply #85 on: November 01, 2016, 01:32:33 pm »
On the topic of AV, I use F-Prot & ClamAV. I have them installed on a basic live-cd & USB so I can help out in cleaning broken windows machines.

I've used https://www.botfree.eu/en/index.html several times successfully.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1561
  • Country: 00
Re: Linux Antimalware/Antivirus debate
« Reply #86 on: November 01, 2016, 04:01:12 pm »
The purpose of av is to make the owner of the pc feel better and let him/her think he's protected.
And, ofcourse, to fill the pockets of the av vendors.

Even if his/her pc is part of a botnet, as long as your av is running & up to date, everything is ok... o wait...

"Antivirus software is now so ineffective at detecting new malware threats
most enterprises are probably wasting their money buying it, an analysis
by security firm Imperva has concluded."

http://www.cio.com/article/2390136/antivirus-software/antivirus-software-a-waste-of-money-for-businesses--report-suggests.html

 

Offline Ampera

  • Super Contributor
  • ***
  • Posts: 2566
  • Country: us
    • Ampera's Forums
Re: Linux Antimalware/Antivirus debate
« Reply #87 on: November 01, 2016, 05:39:15 pm »
The purpose of av is to make the owner of the pc feel better and let him/her think he's protected.
And, ofcourse, to fill the pockets of the av vendors.

Even if his/her pc is part of a botnet, as long as your av is running & up to date, everything is ok... o wait...

"Antivirus software is now so ineffective at detecting new malware threats
most enterprises are probably wasting their money buying it, an analysis
by security firm Imperva has concluded."

http://www.cio.com/article/2390136/antivirus-software/antivirus-software-a-waste-of-money-for-businesses--report-suggests.html

I don't even want to pay for a Linux AV. Most of the linux software is free and open source, so I could imagine some form of antimalware being the same.
Professional complainer-in-chief criticizing other people's code
Programmer and bumbling Unix fool
Op @ EEVBlog IRC: irc.austnet.irc #eevblog
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 6512
  • Country: us
    • Personal site
Re: Linux Antimalware/Antivirus debate
« Reply #88 on: November 01, 2016, 06:59:22 pm »
so I could imagine some form of antimalware being the same.
Nope. Open source people realize how silly it is, so they don't bother making anything like that. Commercial people realize that too, but they are in it for the money.
Alex
 

Offline mtdoc

  • Super Contributor
  • ***
  • Posts: 3581
  • Country: us
Re: Linux Antimalware/Antivirus debate
« Reply #89 on: November 01, 2016, 08:26:47 pm »
There was a novice who learned much at the Master's feet, but felt something to be missing. After meditating on his doubts for some time, he found the courage to approach Master Foo about his problem.

“Master Foo,” he asked “why do Unix users not employ antivirus programs? And defragmentors? And malware cleaners?”

Master Foo smiled, and said “When your house is well constructed, there is no need to add pillars to keep the roof in place.”

The novice replied “Would it not be better to use these things anyway, just to be certain?”

Master Foo reached for a nearby ball of string, and began wrapping it around the novice's feet.

“What are you doing?” the novice asked in surprise.

Master Foo replied simply: “Tying your shoes.”

Upon hearing this, the novice was enlightened.

Well done!  :clap:
 

Offline george.b

  • Regular Contributor
  • *
  • Posts: 240
  • Country: br
Re: Linux Antimalware/Antivirus debate
« Reply #90 on: November 02, 2016, 01:54:19 am »
Well done!  :clap:

:D Other such pearls of enlightenment here: http://catb.org/esr/writings/unix-koans/

In all seriousness though, under both Windows and *nix, I find it unnecessary to have an AV eating up my system's resources. On my laptop, running Windows 7, Windows Defender is unobtrusive enough, so I leave it there. Every once in a while, when I'm particularly bored, I install some other antimalware and do a full scan. Other than sketchy stuff which I knew was sketchy when I got them (and thus didn't get infected by them), things have been clean every time.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5274
  • Country: de
  • A qualified hobbyist ;)
Re: Linux Antimalware/Antivirus debate
« Reply #91 on: November 17, 2016, 03:25:35 pm »
Antivirus tools are a useless box-ticking exercise says Google security chap:
http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5274
  • Country: de
  • A qualified hobbyist ;)
Re: Linux Antimalware/Antivirus debate
« Reply #92 on: November 19, 2016, 12:37:55 pm »
Security Advisories Relating to Symantec Products - Symantec Norton Client DLL Pre-Loading Uncontrolled Search Path Elevation of Privilege: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161117_00#_SYM16-021_/_Symantec

Several Symantec AV products allow an attacker to run arbitrary code under Linux, MacOS and WIndows. Yes, it's really bad. Affected products are Symantec Endpoint Protection Cloud Client, Symantec Endpoint Protection Small Business Enterprise Client, Norton Family, Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security and Norton 360.

 

Offline rrinker

  • Super Contributor
  • ***
  • Posts: 2036
  • Country: us
Re: Linux Antimalware/Antivirus debate
« Reply #93 on: November 19, 2016, 06:18:36 pm »
 Symantec AV products - not even once. They are well-know for causing any number of issues on Windows platforms, no way would I trust them on anything else. I try to direct people away from their garbage, but we have plenty of clients who use it as their corporate-wide solution, often because of the central management - which they set once and never look at anyway.

 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 3969
  • Country: au
Re: Linux Antimalware/Antivirus debate
« Reply #94 on: November 20, 2016, 03:41:47 am »
Symantec AV products - not even once. They are well-know for causing any number of issues on Windows platforms, no way would I trust them on anything else. I try to direct people away from their garbage, but we have plenty of clients who use it as their corporate-wide solution, often because of the central management - which they set once and never look at anyway.

I'm with you. Apart from the old DOS version of Norton Ghost, I would never touch another Symantec/Norton product. They are horribly bloated and just bloody annoying. There are far better products out there (paid and free).
 

Offline rrinker

  • Super Contributor
  • ***
  • Posts: 2036
  • Country: us
Re: Linux Antimalware/Antivirus debate
« Reply #95 on: November 20, 2016, 04:18:57 am »
 The DOS products under the Norton name were actually designed by Peter Norton - he actually had something of a clue when it came to software design. he also wrote a nice learning to program in DOS column in one of the magazines at the time. Then I guess he got tired of running a company and sold the products and the rights to use his name. A shame, the original Norton Utilities were a must for anyone doing any work on MSDOS computers.

 

Offline madires

  • Super Contributor
  • ***
  • Posts: 5274
  • Country: de
  • A qualified hobbyist ;)
Re: Linux Antimalware/Antivirus debate
« Reply #96 on: November 20, 2016, 12:52:47 pm »
I'm with you. Apart from the old DOS version of Norton Ghost, I would never touch another Symantec/Norton product. They are horribly bloated and just bloody annoying. There are far better products out there (paid and free).

Unfortunately that junk is the typical bloatware coming with new PCs and laptops. It's the first thing I remove ;)
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1561
  • Country: 00
Re: Linux Antimalware/Antivirus debate
« Reply #97 on: November 20, 2016, 03:02:18 pm »
I'm with you. Apart from the old DOS version of Norton Ghost, I would never touch another Symantec/Norton product. They are horribly bloated and just bloody annoying. There are far better products out there (paid and free).

Unfortunately that junk is the typical bloatware coming with new PCs and laptops. It's the first thing I remove ;)

The same with windows...
 

Offline boz

  • Regular Contributor
  • *
  • Posts: 58
  • Country: nz
    • Roving Dynamics Ltd
Re: Linux Antimalware/Antivirus debate
« Reply #98 on: November 21, 2016, 06:19:48 pm »
 :popcorn:
Fearless diver and computer genius
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf