Antivirus question

I made some research and various people stated there is no need for antivirus on any Linux. My question is though that on some sites, such as streaming sites there are pop-ups and I remember on Windows some popups automatically started a download and the antivirus detected immediately that the download the popup initiated was a Trojan. I understand that these Trojans are not made for linux so are harmless however I do not want these kinds of viruses to be present on my computer. What kind of protection do you guys apply against these? Or Firefox automatically blocks these kind of popup downloads in Linux?

Viruses are really a window issues (it’s early origins & backwards compatibility meaning inherent flaws remain)

Malware however exists on all systems, be it windows, macos, GNU/Linux (including Lubuntu), BSD or other OSes.

Most protection for GNU/Linux isn’t real-time protection as it is in windows, as almost no need for it exists (most GNU/Linux users are tech savvy & thus careful, aware users being the best protection available anyway). It primarily exists to protect windows users who may also be using files (either served via file-server, or you’re going to copy files to a flash-drive & thus want to scan contents before ejecting).

An example of a such a tool is clamav

https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=clamav

It’ll scan on a timetable, or when requests.

For my browsers, I have scripts blocked, and don’t see popups (privacy badger & ublock origin) unless I give permission for anything to run, and I rarely download anything from a browser.

If I want to download something, I copy & look at the link as pure text, then download usually via wget if I’m unaware of what it is or already trust it’s source. I’ll examine it first using file (what type of file it is), maybe look at it in hexdump & open it when I consider it safe.

Maybe my behavior isn’t normal, but I did the same when using enterprise systems with windows & paid-for virus & malware protection anyway; as new variants are coming out all the time, and it takes time for each new variation to be caught (sample files), analyzed, and new heuristic pattern discovered so anti-malware can detect it, then propagate that out to actual users. The best & latest malware protection software is always a week+ behind.

My 2c anyway.

It is a very good question, although very hard to give a good answer.

First of all, the meaning of the word “antivirus” is unclear. Please have a look for example on the wikipedia page and you will see, that the software is not only “anti-virus”.

The statement, that there is no need for antivirus on any Linux is simply wrong. Think of all the webservers running on Linux servers, all the IoT devices. You can consider Android as a kind of Linux, or iOS, which is based on UNIX.

And if there are millions of devices running on Linux, there is also a market for malware for Linux, because the malware business is driven by money. And in fact, if you are programming an exploit for iOS or Android, you can really make a lot of money with it.

You can check some prices for malware on Zerodium

And I found also a specific request:
zerodium

You see, there is a market for Linux exploits and is also well paid for useful exploits.

It is also interesting to think about how malware is developed. Whenever the new patches for Windows are released, they are immediately reverse engineered. There are people who are disassembling the patches and compare them with older versions.
Linux is open source and you see the code changes before the kernel is released. And you can find also comments in the mailing list discussions, which may point to an existing security problem.

Regarding the downloads via browser: It depends on what kind of software is downloaded. If it is based on JavaScript, it runs also with your browser on Linux, e.g. a simple keylogger.
Recently, some sites for adult entertainment had problems with a malvertising network and malware exploiting bugs in Internet Explorer and Flash Player (source). But also Firefox has some open/unknown security bugs, which might be exploited.

What can you do?

  1. Update your system often (daily)!
  2. Use browser plugins to block ads (uBlock Origin is my personal recommendation)
  3. Think and learn! The biggest security problem is and remains the user.
6 Likes

apt-ghetto pretty much knocked it out of the park. My stance on Malware has always been that ANY system can be vulnerable and the notion that Windows is more prone to these things because it’s Windows is a very outdated notion if not misjudged on how actual, real-world networks/systems function in today’s world. You better believe Linux has an attack surface, but again… ANY OS has this attack surface. I don’t want to beat a dead horse at this point but what was bulleted in apt-ghetto’s post is incredibly good advice. Firefox has a bunch of security focused add-ons like NoScript, PrivacyBadger, UBlock, etc. As long as you do your due diligence and only grab/install things that are trusted/legitimate, it will work out like any other thing you would potentially acquire which has significant value (e.g. car, house). Updates will satisfy due care!

If you’re still interested in Anti-Virus, take a look at this article I grabbed off of lxer:
https://www.fossadventures.com/rethinking-security-on-linux-evaluating-antivirus-password-manager-solutions/

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.