Why do Linux users not like antivirus/virus scanners on distros?
Posted by ambivalent_mrlit@reddit | linux | View on Reddit | 181 comments
I thought it would be common sense to have some kind of protection beyond the firewall that comes with distros. People said macs couldn't get viruses until they did. yet in my short time using mint so far I couldn't see any antiviruses in the software manager store. So what gives, should I go download something from a website instead? I don't feel entirely safe browsing without something that can detect if a random popup on a site might be malicious.
Upstairs-Category571@reddit
Since linux only has about 3% market share, most viruses target MacOS or Windows since most people use them. Hackers dont bother hacking linux because most prob theyre gonna get 1000000 robux from some guy who uses arch in his parents basement 😂
DIYnivor@reddit
There are probably a few reasons why we might not:
If users generally didn't keep their system up-to-date, downloaded random programs, and ran them as root then viruses would be a much bigger concern.
Financial_Way1925@reddit
I already go against points 1 and 2.
And if I had any idea how to do it, I'd remove the permisions model.
I don't use my PC for any sensitive data, and if it has any problems then a clean install isn't a problem, I only use it to watch movies etc.
whosdr@reddit
I wouldn't regard point 4 as all that useful a point today. It wouldn't stop ransomware or browser session hijack malware, which are some of the more...lucrative and more targetted forms of malicious desktop software today.
Well, that and crypto hijacking. All of which work fine for the most part with standard user permissions.
DIYnivor@reddit
Good point.
Weltraumsuchti@reddit
Anti-virus software generally scans a computer (especially on Windows) for malicious code. When something suspicious is found, you get an alert.
On Linux, however, this is usually not necessary, because:
a) Password separation between administrator and standard users is often a virus killer by itself. Malware usually stays trapped within the "user space" and, at worst, can only mess up your personal files — not the entire system.
b) Worms and viruses can detect antivirus software and hide, waiting for the perfect moment to strike when the AV program isn't actively scanning.
c) Linux is a niche OS, so viruses targeting Linux need to be highly specialized. When they do attack Linux, it's often with serious intent — but such cases are rare.
d) Like point c: Because nobody really knows your exact firewall or permission setups, and because Linux users typically download software carefully, the chances of catching a virus are like 1 in a million.
In short: Antivirus software is mostly useless on Linux.
What is effective, though, is using a good firewall router, like a Pi-Hole, which filters your network traffic and blocks malicious activity before it even reaches your devices.
TL;DR: Linux has strong password protection, a much smaller user base compared to Windows, and most Linux users are tech-savvy.
Honestly, most Linux users are more likely to break their own system than a virus would — and they just reinstall if something goes wrong, wiping out any possible infection in the process. :)
Soft-Butterfly7532@reddit
As much as there is a stereotype of Linux users being super security-conscious, these same Linux users will launch all their terminal sessions as root, copy-pasta random bash code from stack overflow, turn off CPU mitigations for an extra 0.1% performance, and compile and execute some git repo by some guy called xxBlackHatVladimir-420-69xx C without having ever read c code.
davidnotcoulthard@reddit
I don't know how to find this, but years ago there was someone here who got clowned after saying that part of their update process was to copy paste the contents of some web page into the kernel command line (IIRC in the grub config).
javf88@reddit
This is a good answer.
Killaship@reddit
No, it really isn't. It's based off emotions and generalizations rather than actual facts.
AnEagleisnotme@reddit
Because most of us aren't security conscious, most of us are computer cow-boys, and a few actually care. Also, I will care a lot more about hardening on my work pc than my gaming pc for instance, and I'll be even more careful with my NAS
gesis@reddit
Random popups on websites are malicious. You don't need software to tell you that.
Most software on Linux comes from trusted sources with signature verification. Viruses are mostly a non-issue as a result.
javf88@reddit
Is this true? As far as I know it is very insecure, because it is open source. Like with a lot of bugs that can be exploited
btw_i_use_ubuntu@reddit
since the source is publicly available, anyone can audit the code to try and find bugs. meanwhile with proprietary software it's just a black box and there are a lot fewer eyes on the code spotting bugs
BCBenji1@reddit
Anyone is a bit of a stretch.
I_Arman@reddit
Anyone can, though not just anyone will. Still a lot more eyes than your average closed source software though.
BCBenji1@reddit
Anyone with the skills, time and motivation can. I'd argue that cuts your 'anyone' down by 95%. Let's be realistic here. But as you rightly pointed out that's better than no eyeballs.
I_Arman@reddit
5% of a user base is probably wildly overestimating, but even so, that's a fair number of people. Far more than would be looking at any given closed source package.
BCBenji1@reddit
My point is not 'anyone' can check the code. We've already established it's more than closed sourced.
javf88@reddit
This sounds like the classic engineer that talks the talk but cannot walk the walk.
I can audit, yes, I will, no, all the info to first learn like if reading code is auditing, one also needs to know what is doing
I_Arman@reddit
To clarify: literally anyone with an Internet connection and the most basic typing skills can view the Linux codebase and all associated open source tools, modules, etc. But, the vast majority of people simply don't care and/or don't have the skill set.
That said, there is a decent sized group of people who have the skills and who are willing to donate time to reading every single line of code, every commit, in one or more codebases. And that's not an insignificant number of people; thousands of people do it as their day job, and millions of people dabble as a hobby.
You may not realize it, but you are part of "everyone". Have you audited any code? Or do you just talk the talk, too?
javf88@reddit
Unfortunately I am in other domain, embedded. I need RTOS. So I play with zephyr a lot, worked for a while with embedded linux, Yocto. I am not very fond of it. The learning curve is too long, and convoluted.
Now, I am finally actually having a lot into the kernel, but as a sidekick.
Again, it is ok that thousand eyes are auditing. However, it is still not enough. The XZ incident showed that.
javf88@reddit
I use linux, but I do not use my private info on it. Al the banking is on my phone and my mail doesn’t have sensitive info within.
It was not like 6 months ago it was a back door in a compressing library and it was on the news because it seems the password could be only “;)”
Of course there are from distros to distros, and old the code that one downloads and compile.
Like the surface of attack is huge as fuck.
ilovetacos@reddit
Psst, your phone uses Linux
javf88@reddit
I meant I use the app from the bank, I will not move it away. If I screw it, I will not be reinstated.
Within the app, if it is fucked, they paid back :)
ilovetacos@reddit
You seem to be even more confused than I thought. The operating system your phone runs on is Android, which is based on the Linux kernel. Doesn't matter what app you use, you're still using Linux. (That is unless you're using an iPhone, in which case hahaha privacy hahaha)
javf88@reddit
I use an IPhone, the fact that I don’t like to move from the banking infrastructure, I dunno even if it is possible is the following.
In my country of origin ppl tend to get their cards cloned, credit and debit. The key difference is that credit cards is bank’s money, while debit is MY money.
When you report your card, there is one good solution and other that is very painful.
Credit cards is just about reporting, canceling and requesting a new card. You do not pay for the money that was stolen.
With debit you never get your money back.
So you will understand that I always used my credit card for everything, and my debit only for withdrawal money and from not any ATM, because sometimes the devices that get your data are in the ATM.
So since I saw that issue even before becoming an adult, I always took active position towards my bank account.
so I used the apps from the bank, no matter what OS. I have an iPhone, and for my online banking I need two apps. I need to change my password every 90 mins, the biometric sensor is always used etc etc.
Also banking is a very interesting example. Even a thief would think twice before sending your money to his account. For cloned cards you get the activity in your account.
jr735@reddit
What OS do you think your bank machine is using?
javf88@reddit
I would say some sort of linux, and I will hope an even tailored flavor for their needs.
However, I have seen that not all are tech enthusiasts, as you and me :)
jr735@reddit
You'd be surprised how many things are run on Linux. I've watched ATMs boot, and lottery machines, for instance. All Linux.
javf88@reddit
I am not surprised, I know it is everywhere haha
jr735@reddit
As it should be. You thinking it's insecure doesn't make it so.
javf88@reddit
I think is a very solid OS, secure as possible.
I think for the main reason why ppl do not use antivirus is because we are not going to pay for an antivirus for an OS that is aligned with my values of free and open source projects.
I have actually never look for one, I never built the habit.
jr735@reddit
Some would argue BSD is more secure. That being said, the model of what these virus scanners do isn't really all that relevant these days, especially for Linux. We're not having people download software that turns out to be a known piece of malware, that then gets detected by the virus scanner immediately. Further, most people already have their email scanned by their email provider. Safe browsing habits are improved by things like uBlock Origin already, or even disabling javascript.
I'd use Clam AV if I were running an email server, particularly one that served Windows users.
Annual-Advisor-7916@reddit
That's all not really true. Open source software can be considered safer as there are way more controlling eyes on it and there are no obvious backdoor which sure exist on Windows for example. The XZ attack you are referring is an extreme case that did happen because of only few people maintaining a repo. This attack was perfectly executed and showed us, that even open source is not guaranteed to be 100% clean.
But closed source is always worse. You phone is mostly open source too, but with chinese manufacturer bloatware on top, just FYI
Verdict: you should use especially open source software for privacy relevant tasks...
javf88@reddit
As far as I know banks use a language that is like 40-50 years old and very few ppl like 5 can have a look at it. I don’t remember the name, I need to ask my friend that used to do IT in the banking sector.
You know that code worths economies hehe
Annual-Advisor-7916@reddit
The webserver handling the request and breaking the encryption is still on linux. No other OS would even be remotely allowed to face the internet in such a high security environment. You have a totally wrong idea of open source. The attack surface is not what you think it means. The most dangerous systems are unknown blackboxes, open source software is vey well known in that regard and very trustworthy. But neither system has a larger attack surface than the other - that's not the difference.
Doing banking on your phone (which is based on open source software) isn't inherently unsafe but definitely not safer than on a linux machine. What makes chinese phones shady are the proprietary UX tools on top.
It's healthy to assume that every non open source software is corrupted.
javf88@reddit
I hope so. It is a bank, I am sure they have more than 3 levels of security. Hehe
However, maybe my neighbor is not that careful
javf88@reddit
I do not defend any OS, I like linux and *nixes.
Windows is utterly crap.
Annual-Advisor-7916@reddit
Yeah, but you have a wrong understand on what OSS means and I'd like to point you in the right direction.
Many people believe a system is safer when nobody knows how it works, that just false. Security through obscurity is a deceptive safety.
javf88@reddit
I never said proprietary was better or safer.
Just that linux is secure, sure, as secure as pdf of a book that you don’t want to buy.
GirthyPigeon@reddit
You think open source software is insecure? Linux distributions and their components are vetted by hundreds of people before they are released, and they are built on an inherently secure system. Any security issues that are found are usually patched very quickly. As long as you're not running things as root, the things any software can do is very limited by the operating system itself.
79215185-1feb-44c6@reddit
Fucking 3 days ago man. This is a weekly affair
GirthyPigeon@reddit
That's gonna be a problem if you run a Cisco router or other high availability datacenter-tier switch or firewall, not if you're running a desktop environment on Linux. Do you just pick stuff out of your ass because of your fear? That's like giving me a Chevvy recall problem when I drive a Ford. Don't jump to conclusions if you don't understand what you're talking about.
fearless-fossa@reddit
There is a high chance that you'll have a two digit percentage of the worldwide Linux users with that scope, at least if we're excluding Android as Linux devices.
79215185-1feb-44c6@reddit
Sorry, but not all of us are gamers using linux because it's a new and trendy thing or "I can't get a free Windows license anymore".
GirthyPigeon@reddit
What does that even mean in the context of my reply?
javf88@reddit
Thanks
javf88@reddit
I know pentesters that do not report because they profit for the vulnerability.
For some the world is perfect and being idealistic is ok, in practice there is of everything.
DegenerateWaves@reddit
That doesn't seem like a profitable thing for pentesters to do? Sysadmins are primarily interested in mistakes in their own infrastructure implementation. And when the tester discloses that they gained access through a vulnerability in someone else's software, I imagine the sysadmin would much rather disclose and get a patch pushed than change their stack.
A lot of folks have a vested interest in disclosing vulnerabilities. It's basically impossible to hoard zero days and use them in your day-to-day.
javf88@reddit
Of course, there is the ethics involved. As I said, the XZ incident from last year showed the point.
GirthyPigeon@reddit
Yes, there are occasional exploits but most people involved with Linux understand what it is about and are willing to share things. The non-reporting happens way more often with Windows than it does with Linux. Linux is in every single Android device and UNIX is in every single iPhone.
javf88@reddit
If it were super secure, pentesters as a job, would not exists.
Funnily enough one of the main positions that got traction in the last decade is security.
ktbowman94@reddit
Any Linux examples of this in the past? We know there are repeated examples of windows vulnerabilities and explore
UOL_Cerberus@reddit
Would the XZ utils and SSH count as example? Even if it was an inside job. Correct me if I'm wrong
javf88@reddit
It was this the example, it was like 6-7 months ago.
What ppl do not realize is that anybody can make malicious code and be successful in making it to the codebase.
This is a very good vector of attack
UOL_Cerberus@reddit
I agree..which is why I asked if it counts as an example since it wasn't a bug or an accidental vulnerability.
javf88@reddit
I depends, for me it counts. No matter the modus operandi. Either due to technical issues, social, inside job an successful attack, there are some damages
ktbowman94@reddit
You made this statement with a wide brush. What code base? Anyone can?
Your making it sound easier and likely than in reality. You used alarmist language for people not familiar trying to walk away with an understanding or summary.
ktbowman94@reddit
Good points. But, don't those apps build and run on windows too?
I would expect windows systems are targeted more simply based on the number of windows systems vs number of Linux systems in this world.
You mentioned the possibility that open source is more dangerous because it is ... open source. In reality the nature of open source results in more eyes on the source code. As a result, the community finds issues before committing as well as after during maintenance.
javf88@reddit
No one is defending windows, I ditched all the time haha
ktbowman94@reddit
And I'm trying to be fair in comparison.
javf88@reddit
Ah well you can trash windows together with its mouse haha
javf88@reddit
You can have a look here
https://ubuntu.com/security/cves
A good engineer will report the vulnerabilities, a very smart engineer will exploit it
79215185-1feb-44c6@reddit
Alpine is way better at managing CVEs than Ubuntu in my experience.
javf88@reddit
Yes, alpine does a great job. I am aware of it.
I have used it only within docker. So I can tell not everybody is using it.
BigLittlePenguin_@reddit
Recent one? xz comes to mind.
I would also not really consider things like the AUR secure.
Overall, I think there is more security awareness in the community which makes it easier. If you stick to your standard repos and trusted companies and their flatpaks, you will probably be quite fine
hpela_@reddit
Linux is not "very insecure" - if that were the case, I don't think the majority of webservers which run on Linux would indeed be run on Linux.
People intending to exploit bugs really only can do so while the bugs are not known by the developers. In closed source, it's a lot more common for bugs to go unnoticed until after they have been used to carry out an attack. Open source means more scrutiny, so bugs are found and resolved much quicker.
javf88@reddit
Yeah maybe very was overacting, but it is not a secure OS.
It was not built with that in mind. When it was built, the internet was a virgin beach and only well behaved ppl were there.
Now you have everything in the internet.
GirthyPigeon@reddit
I'm now convinced you're a troll. You have no idea what you're talking about.
javf88@reddit
Run the scanner of docker in a macOS. You will see the report of vulnerabilities in 3 levels as far as I can remember.
I think the name is scoutscan
hpela_@reddit
Can you link to the report? I'm curious what it says, but I don't have macOS and I'm not setting up a VM just for this.
javf88@reddit
I dm it in the week. I am based in Berlin and it is time to go to bed :)
hpela_@reddit
Ah okay, thanks, I'm curious to see
TalosMessenger01@reddit
That sometimes matters, like how x11 is insecure (people complain about this statement, but idk what else you can call all windows being able to read all keypresses no matter the active window) and it is difficult to replace because it is a standard. But security is a priority and is being improved even when it is hard like in that example. Windows deals with the same problem and has a much stricter commitment to backwards compatibility but they still improve too.
javf88@reddit
I do agree, I also believe that security improves with the constant monitoring.
The thing with security is that, if you do not know how ppl will attack you, and your bugs are still there. You cannot protect you 100%
Knowledge doesn’t get created out of thin air. It is a learning curve.
ktbowman94@reddit
You said it wasn't built with security in mind. I'm curious, what does that mean exactly?
hpela_@reddit
Security is definitely a primary focus of Linux, it's a bit ignorant to pretend that it isn't.
"When" Linux was initially developed is pretty irrelevant - modern day Linux is very different and much more mature than 90s Linux. Plus, if that is your criteria, Windows is even older and I guess you would say it is even less secure for that reason?
skiabay@reddit
Every major government and company in the world is running Linux servers with info orders of magnitude more sensitive than anything you have. The fact that Linux is open source just means that all of those entities with far greater security concerns than you can audit Linux for vulnerabilities.
javf88@reddit
That is why pentesters love to study the kernel, they find bugs they exploited until is possible. Then they reported :)
skiabay@reddit
If you exploit a vulnerability, then later report it, then there's a pretty good chance you're going to get caught. Plenty of people would rather have a stable salary getting paid by some company to report vulnerabilities than incur the risk of actually using them.
Ironically, we know for a fact that the nsa has done basically exactly what you're describing, but it was with windows, not Linux. We also know US tech companies will put back doors into their software for the US gov.
javf88@reddit
I will suggest you a book:
ethical hacking: a hands-on introduction.
I have been half book, I understand how they attack. Like if you don’t know how they do it, it would be very hard to protect against
javf88@reddit
Yes I know. That actually the most interesting attacks I have seen is with assembly haha
I am an embedded so I will slowly move there :)
wreath3187@reddit
??? - a lot of eyes going through the code to fix bugs because of open source - a lot of those bugs are found by people whose job is to maintain really important servers with really sensitive data - you install packages from repositories that are maintained by the distro, instead of installing random shit from random web page - most of the developers or engineers etc are decent people who don't want to lose their reputation and jobs
javf88@reddit
I know and I do agree with but I stop short here. Because that is the spirit and essence of linux, in practice is different.
Just that, I am real
wreath3187@reddit
what do you mean in practice it's different? do you have any solid facts to back that up or is it just a gut feel?
javf88@reddit
The XZ comes to my mind.
wreath3187@reddit
yes and that was noticed by a researcher quickly. after that actually many other vulnerabilities were found because awareness rose.
also xz vulnerability doesn't really have anything to do with someone finding a vulnerability just because the code is open source. it was made by someone who gained trust for two years by actually developing the package before compromising the code and creating the backdoor. shit like that implies a government actor. but it sure was a wake up call for the open source community to be more aware.
javf88@reddit
No, but it showed that thousands eyes are not enough. Like social engineering might be more powerful than a tech attack.
Since the beginning CIA tried to convince Linus of a backdoor in linux. He said no, at least he claims so, and so far it has been the case.
Since governments got involved into cyber warfare, security has been a hot topic. China, Russia, and US have the capability.
wreath3187@reddit
yes, but you do understand that this applies to ALL systems, not just open source? thousand of eyes checking the code is better than 27 guys in some startup office whose job is to take care one part of the system, they sell for a bigger it company, works and is secure.
javf88@reddit
Yes, that is why I said before, I don’t think OS are secured :)
I am too critical with my career and skills, I try not to lie to myself and be true.
I love linux, but I just do not subscribe to the dogmatic approach to engineering, always with some doubt, this field is huge and learning is my passion so I love to deep dive into this topics.
Despite the thousands eyes, the XZ incident proved the contrary. They showed another report of this week some comments down.
Btw try to run the docker scanner in a macOS for vulnerabilities, I guess the name is scoutscan.
ElvishJerricco@reddit
Being open source is a benefit to security. That said, I don't think people should have the idea that because something is open source therefore it is secure. That's blatantly false. The best way to make something secure is to pentest and/or audit it. In that sense, Windows and Linux are similar and totally different. A lot of open source code receives little to no security attention and thus are wildly insecure despite being open source. But a lot of other open source code receives endlessly vetted and is very secure. It's not fair to say any OS is more or less secure than any other most of the time, because the attention given to each is focused on different areas. Like Linux's networking stack gets enormous attention and is pretty darn secure. Windows on the other hand has much better code signing and verification than almost any Linux distro, and consequently a much better Secure Boot implementation. And again, being open source is strictly a benefit to security, so anything that's more secure in Windows would be even better if it were open source. The overall point I'm getting at here is that it's not a simple comparison. There's nuance and individual facets that have to be considered.
javf88@reddit
I do agree with you
fleshofgods0@reddit
It's more secure, not less. It's more along the lines of how research papers are published for anyone to scrutinize for discrepancies and inaccuracies. The nature of open source allows more eyes on the code to fix potential bugs. More developers submitting fixes for bugs is a good thing.
javf88@reddit
Yes I know of this. But this is not security in mind, it is maintenance
ktbowman94@reddit
Right, Linux kernel and the OS have more eyes on it providing review and scrutiny. Universities and companies pay engineers to review kernel and gnu sw. Microsoft's kernel and OS are closed so only have the Microsoft eyes on it. It's a significant disadvantage for Microsoft in comparison and is actually telling and apparent if in the industry.
LousyMeatStew@reddit
This is the main reason.
You get viruses b/c you searched for something online and got tricked into downloading malicious software.
On Linux, this is a possibility.
On Windows, this is the primary mechanism for software distribution.
Both platforms benefit from having antivirus but the above is why it's a functional requirement on Windows.
Never-Late-In-A-V8@reddit
And some of that software has had vulnerabilities which in some cases have existed for over a decade before getting patched.
gesis@reddit
And if those same softwares were proprietary, you would likely never know.
Additionally, AV wouldn't have caught them either, as they have to be discovered prior to being added to the virus database... so it's a moot point in the context of the original question.
This isn't an "open source is insecure* problem, it's a" software has bugs" problem.
Never-Late-In-A-V8@reddit
If being open source was a guarantee of security how did this vulnerability go unnoticed for ELEVEN YEARS?
gesis@reddit
Firstly: no one said there was a guarantee of security. No OS/Software makes that claim. None.
Secondly: Do you even understand how this stuff works?
The scary clickbait article you posted does very little to explain the actual problem. Why didn't you post the actual CVE? Or even the mailing list post it came from?
Oh wait... because that would reveal it to be a big old nothingburger that can only succeed if the enduser is an idiot (and they had things set up in a way that most people won't in production).
Here's a good rule of thumb. If you're dumb enough to fall for pop up ad spam and really bad phishing attempts... The security failure is you.
RepentantSororitas@reddit
Anti virus doesnt even make sense on windows frankly.
Killaship@reddit
Because you truly don't need them. Besides, the purpose of antivirus programs aren't to be ad-blockers or to tell you about dangerous pop ups. Use a good adblocker like uBlock Origin, and don't click random links, and you'll be fine.
arkham1010@reddit
That's a dangerous opinion, because no OS is secure from bugs and exploits. One of the very first mass exploits was called the Morris worm which devastated many unix systems back in 1988.
A more likely reason why there isn't AV software is due to the nature of the open source code that makes up Linux, and any exploits that a virus could take advantage of quickly gets patched out. Its the responsibility of the OS owner to make sure they are patched and up to date, and Linux users typically are much more computer literate than the majority of people who use Windows.
Killaship@reddit
Do recall that the Unix mainframes impacted in 1988 don't remotely resemble modern PC Linux systems.
Never-Late-In-A-V8@reddit
An ancient Linux flaw might be opening up users to dangerous cyberattacks
Annual-Advisor-7916@reddit
I mean no AV software on windows patches exploits either. They all just scan your files and compare them against a known DB iirc.
necrophcodr@reddit
No. This is a classic AV. Most solutions today are endpoint protection and will also monitor systems including filesystems and network. The classic quick scan only software isn't really used anymore, except for simple mail servers.
ilovetacos@reddit
You just explained why it isn't necessary :)
LordAnchemis@reddit
Don't need it
Never-Late-In-A-V8@reddit
This attitude is how systems get infected.
necrophcodr@reddit
That's not true. A classic anti virus yes, but as endpoint protection no.
MrHyd3_@reddit
I think Bitdefender has a linux version btw
Upstairs-Comb1631@reddit
More antiviruses have Linux solutions, but few people buy them.
79215185-1feb-44c6@reddit
So doesn't CrowdStrike.
Ishpeming_Native@reddit
Popups can't give you a virus on Linux -- that's my understanding. On Windows, pretty much anything is executable, whether you gave it permission or not. On Linux, you must give permission for something to execute. Nor can a popup just write to disk, either. On Linux, you get a virus from downloading code you shouldn't have trusted from a site you didn't check.
Please correct me if I'm wrong, and tell me where and how.
TechnoRechno@reddit
> On Windows, pretty much anything is executable, whether you gave it permission or not.
Hasn't been true since Vista on the consumer side, XP was the last "everyone and everything is root" Windows.
79215185-1feb-44c6@reddit
This is not correct. Javascript 0-days that can lead to credential stealing absolutely do exist.
Annual-Advisor-7916@reddit
Could you explain how that works?
79215185-1feb-44c6@reddit
Do you have any specific CVE in mind? This one happened last month: https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
Annual-Advisor-7916@reddit
Oh I know that I'm not the target here, I just asked because I wasn't quite sure what you meant with your comment.
I thought you refered some cross site JS injection or whatever - I didn't get what you meant wih credential stealing.
Anyways, the link you provided cleared that up, thanks for that! I guess a FreeBSD jail would decrease the severity of an CVE like that.
79215185-1feb-44c6@reddit
A docker container would too, but there are some very fun exploits that can break free of container isolation. StackRot was a fun one from a few years ago that could escape docker and escalate to root on the host.
ahferroin7@reddit
Because sensible people don’t generally need AV software? A real ad-blocker (not an AV tool that does ad-blocking, but something just designed to do ad-blocking like uBlock) will cover about 99% of your exposure even on Windows unless you have legitimate reason to believe you are being targeted by a state-level actor (say for example that you live in the DPRK, or for some reason the CCP doesn’t like you).
A majority of the rest of the risk beyond that is social engineering attacks, and learning to recognize these and just not let them happen yourself is a much more effective tool than AV software will ever be.
Separately, the only real FOSS option is ClamAV, so that’s all you’re ever going to see in distro repos. There is technically third-party proprietary AV software for Linux, but most of it is a pain in the arse to use and is often targeted at corporate environments, not home users.
FlyingWrench70@reddit
The risk of the kinds of viruses your thinking of is not 0 in linux, but it is very close to it, "struck by lightning" kind of event, It does not make sense to run a constant virus scanner,
In linux all an attacker needs is for you to run thier script as root, no scanner woulkd stop it, then they own your machine. this can happen such as by going to a website and downloading things from strangers such as a "virus scanner" instead of using an official repo.
For instance Kaspersky used to be a solid name in anti-virus but there is evidence they have been taken over by the fsb.
https://oicts.bis.gov/kaspersky/
They make a Linux antivirus client that I absolutely would not touch.
Its rare and a huge deal if malware gets into an official repo. last year this was huge news and only affected some testing builds: https://en.wikipedia.org/wiki/XZ_Utils_backdoor
At the time the xz attach was active no virus scanner would have had a definitions for it and it would have slid right in.
In the Mint repo is clamav, a graphical front end for it clamtk, you can enable realtime scanning by installing and configuring clamd, its a memory and disk hog. in 25 years I have never been exposed to a Linux virus, in that same time period I have seen hundreds of windows viruses. Especialy in the early years.
ceehred@reddit
Largely agree, but once that script is out in the wild - the commercial AVs do make efforts to detect these.
For example, scripts for this AV exploit, and some (obvious) variants, are detected as malicious by at least two AV's I know - and (with on-access monitoring) are handled/removed before they are meaningfully executed.
79215185-1feb-44c6@reddit
Modern XDR platforms can detect malicious script execution and prevent it based on detecting known patterns in memory and the filesystem before they're written or executed.
DFS_0019287@reddit
I've been using Linux since 1994 and have never seen the need for AV on Linux. I don't trust the corporate AV tools, and the free ones (such as ClamAV) are pretty bad and mostly only have signatures for Windows viruses anyway.
A "random popup" can't hurt a Linux computer unless there's a bug in your web browser or you go out of your way to download and run something you shouldn't.
babiulep@reddit
Same here: used to run a mail-server for the company I worked for. They all ran Windows. So ClamAV took care of the Windows viruses in the incoming mails :-)
doc_willis@reddit
Check the Default firewall rules on most distros.
Last time i looked, they were empty. IE: No rules.
So the Distro had a 'firewall' but it was not doing anything.
The Only rules on my current Distro, i think are part of my TailScale Setup.
So basically, no AV, no real Firewall here.
A web site 'popup' is not really a VIRUS.
whosdr@reddit
A firewall that's turned on and has no rules configured is one where all ports are closed. Which is definitely doing something.
adminmikael@reddit
tl;dr: AV software in the Windows sense is basically a waste of resources on Linux, because Linux systems are not being targeted in a way that AV can protect against.
Long version: Threat actors usually want to gain something from their attacks, so they must choose on who and how to focus their efforts. The same methods just do not yield the same results for Windows and Linux.
It is worthwhile to develop malware for Windows, because it has a humongous amount of average joe users that are not very aware of security issues and will fall for scams and click on all kinds of shady links. The default way to install new software for Windows is to just grab the installer file from the internet, which leaves all of the safety verification up to the user. It's easy to fool an user to run malware this way. This is why there is an abundance of malware floating around and even advanced users should have AV on Windows just in case.
It is not worthwhile to do the same for Linux, because the amount of non server users if very small and the average user is more aware of security issues. The usual way to install new software is via a package manager from a repository maintained by trustworthy individuals, so accidentally running malware this way is much less likely. This leads to there being much less malware out there overall. Instead, the effort is directed to finding exploits in server software used by the billions of Linux servers around the world, and AV software just can't protect against threats like that.
daemonpenguin@reddit
Common sense removes the need for anti-virus on Linux.
People were fed a lot of BS from Apple ads. macOS could always get viruses. It just didn't happen frequently.
Malicious pop-ups don't give you viruses.
danGL3@reddit
A lot of Linux users generally use adblockers which blocks all these popups to begin with
mooky1977@reddit
Um, you are confusing two different things. Pop-ups can lead to the viruses. But a virus itself isn't dependant on a pop-up to begin with.
A have clamav on my arch system but I only run it on demand on files I download that I don't necessarily trust.
BigLittlePenguin_@reddit
Why install something on your computer when you can run your file through an online service like VirusTotal?
mooky1977@reddit
I trust an online service to run a virus scan through my browser as much as I trust McAfee AV not to itself not be malware/bloatware, as in not at all.
Running a web app to do a spread sheet sure, manage email sure. Run a system level virus scan through my web browser? Hard pass.
BigLittlePenguin_@reddit
You literally said that you only use it for files you download, why are you moving the goalpost?
mooky1977@reddit
Oh you caught me... You too darn smart for me....
Seriously, that's what you took away?
danGL3@reddit
Yeah, you can get viruses through multiple means, in this case the popup context was in response to OP's statement about them.
ambivalent_mrlit@reddit (OP)
Time for a community created av for distros then.
79215185-1feb-44c6@reddit
It exists, it's called Apparmor or Selinux. Access Restriction is sufficient in most cases as privilege escalation is non-trivial unlike on Windows.
danGL3@reddit
A community based AV would likely be about as effective as common sense when it comes to protecting users
AV databases are massive and not something one can just casually build
MarzipanEven7336@reddit
ClamAV
whosdr@reddit
Basically, AVs don't protect well against modern malware. And having it installed provides a false sense of security that has you let your guard down rather than thinking critically when presented with foreign files.
It's far more effective to take a preventatitve approach instead.
Have backups of files to protect against ransomware. Don't trust emails and social media messages, and be suspicious of files until/unless given a reason otherwise.
artriel_javan@reddit
No need for one.
necrophcodr@reddit
How would you know if your device was part of a botnet if you didn't have any systems to tell you about it? They won't show up in htop (or they'll be difficult to see), and they won't interfere with your operation.
javf88@reddit
I will suggest you a book:
ethical hacking: a hands-on introduction.
I have been half book, I understand how they attack. Like if you don’t know how they do it, it would be very hard to protect against
Annual-Advisor-7916@reddit
You don't download stuff from any websites, all your packages should come from official repos - no real need for antivirus there. For servers there are several monitoring solutions but for different purposes.
dinosaursdied@reddit
Clamav is a virus scanner but it doesn't work the way more active windows defender works it's not of an on demand or regularly scheduled scan kind of deal.
79215185-1feb-44c6@reddit
Windows Defender is actually incredibly efficient at what it does. It scans files on demand to provide real time protection and has very little in common with solutions that continuously scan the entire file system. Windows Defender is more like Apparmor or Selinux than whatever your vision of what an AV is.
Windows Defender is not even really a traditional EV, it's an EDR.
dinosaursdied@reddit
I'm no Windows expert, I just not it's not the same as clam 🤷♀️
ActualXenowo@reddit
Antivirus is useless if you have a brain
79215185-1feb-44c6@reddit
Antivirus is not for when you have a brain, it's for the moments when you don't have a brain.
leonderbaertige_II@reddit
Thank you for this comment. Way too many completly ignore human psychology and just put all the blame on the user.
Rich-Engineer2670@reddit
Two reasons as near as I can tell. aside form I'm a power user, I don't need an anti-virus
poetic_dwarf@reddit
It's striking though, since a lot of modern Internet infrastructure is made of Linux servers I would expect hackers to target it more.
danGL3@reddit
If you were to look at the history of companies that were hacked, it was often either due to credential leakage or exploiting a vulnerability in outdated software/libraries
Rich-Engineer2670@reddit
They do, but UNIX was beaten on for years by college students.... it's designed for that.
MedicatedDeveloper@reddit
In the enterprise it's common. All of our Linux endpoints (desktops and servers) run crowdstrike and previously we used bitdefender.
Unfortunately as far as I know there's nothing in the non enterprise space that isn't just basic file or on access scanning. These heuristic enterprise AVs (EDR) use ebpf to monitor what the kernel is doing and stop specific kinds of exploits that file based AV simply cannot.
luckynar@reddit
Crowdstrike isn't an anti virus.
FFS crowdstrike is itself spyware, and everything you do on the pc is monitored. I would not use any personal login in a pc with crowdstrike.
MedicatedDeveloper@reddit
Yes all EDR products are effectively a rootkit and spyware. It has to be due to how it functions.
EDR is just a buzz word for next generation AV. With how threats are evolving it is practically mandatory in enterprise.
etm1109@reddit
Clamtik - at least on Fedora. Sure it's not just Fedora however.
luckynar@reddit
Biggest threat on a linux pc is web browsers addons. That's how you get hacked nowadays.
RikkoFrikko@reddit
tldr: anti-virus is like a condom. It's really good at preventing STDs and unwanted pregnancies, so when you have sex you really should use one. That doesn't mean you need to be wearing a condom 24/7 even though you can.
It's not that Linux users don't like anti-virus software, or a program to scan for viruses. I think this viewpoint has been misinterpreted the more often this question gets asked, and people who don't fully understand that idea answer the question without being corrected.
Yes, although not a huge target for attackers that doesn't make Linux distros inherently invincible to attacks. The open source nature of the kernel, and various open source programs does permit a lot more eyes on what's going on with those projects, which is how many malicious actors in the open source community have been caught. That also doesn't mean some malicious isn't able to make it through. In regards to anti-virus software, the original view point is very simple.
Yes, anti-virus software is very helpful, especially if you need to clean out your system or suspect something malicious may have gotten downloaded and installed on to your system. However, anti-virus software, since it's always running and scanning when it's active, has a huge impact to the performance of your system. That's just how it works, and expecting it not to have a huge hit to performance is an unrealistic expectation. But, we don't actually need to be running such an intensive program 24/7 when we aren't doing anything opening up our system to a possible malicious attack.
Basically, it's OK to have a tool for anti-virus purposes, but you should make sure you're only using when you actually need it, i.e. downloading something you don't fully trust (or everytime you download something if you are security conscious), or running a scan of your system when you notice it's become really sluggish and suspect you could have downloaded something bad. Beyond those scenarios though, using the program when you don't need to really use it, like watching videos on YouTube, using photoshop/krita/video editing, streaming or recording, or just reading reddit, you are severely crippling the performance of your station for no real valid reason.
Boring_Material_1891@reddit
AV software wouldn’t protect against misconfiguring the system from the user, which leaves you open to LOTL attacks and privilege escalation. Those sorts of techniques are way more common nowadays too.
srivasta@reddit
Security is a trade off. Is there any data on the ROI of cost of running anti virus software on Linux vs the cost of the beaches prevented?
https://www.fairinstitute.org/blog/redefining-rosi-return-on-security-investment#:~:text=Where%20n%20is%20the%20number,to%20leverage%20Excel's%20formula%20libraries.&text=When%20using%20this%20formula%2C%20set,are%20formatted%20as%20positive%20numbers.&text=The%20great%20news%20is%20%E2%80%93%20you,explored%20in%20the%20initial%20example.
aue_sum@reddit
Virtually all "antivuruses" are shady scareware that do little more than slow down your computer.
79215185-1feb-44c6@reddit
Application Whitelisting as a tool is extremely powerful when dealing with systems where you want to restrict what applications that are allowed. If you don't have a use case for it, that doesn't mean others don't.
This isn't 2001. McAfee and Norton won't hurt you anymore.
snafu-germany@reddit
If you are not working as user root normal users should be safe.
OrSomeSuch@reddit
From rootkits and other system wide compromises but not from ransomware or cryptojacking
PotatoNukeMk1@reddit
Adblocker and scriptblocker helps to keep attack vector very from www small. Even on windows. And all the other attack vectors are controllable by user.
For example dont fucking open executable files from emails. Even if you know the sender. I think most of us linux users are a bit paranoid and so the overall security is high enough
Sadly there are systems for noobs like rasbian running with doors wide open :/
SuAlfons@reddit
we don't "dislike" them. It's just for now the threat by a Linux focussed virus (as opposed to social engineering that lures data from users) is of no concern to the majority of users.
79215185-1feb-44c6@reddit
Linux Antivirus absolutely does exist, I'm paid to maintain one.
Consumer and Enterprise spaces are not the same thing.
ousee7Ai@reddit
Its not a big enough problem on Linux.
PembeChalkAyca@reddit
There is absolutely no need for an antivirus. They just hog resources lol
ExceedinglyEdible@reddit
Because they are bad.
Reckless_Waifu@reddit
There is ClamAV that you can use to scan files and directories.
Acceptable_Rub8279@reddit
There is https://www.virustotal.com/gui/ which is great for scanning files or websites.But the main reason private individuals get hacked is just either stupidity (downloading cracked software and running it) or just lack of general computer knowledge.On Linux systems you typically install stuff from repositories and most distros check if packages are clean.Also unlike windows where virtually any Programm has admin rights on Linux Programms don’t have admin rights by default so the Programm needs to be installed on your computer and then find an exploit to gain admin rights in order to do major harm. And there are many av solutions for Linux however most of them are targeting enterprise customers and are quite expensive .Hope this helps
LocRotSca@reddit
Most people use adblockers which already remove a lot of sources you can get infected from.
By now, many (maybe most?) Linux desktop apps are packaged as Flatpaks which a) are distributed over moderated storefronts b) are sandboxed
Caution is kind of the best antivirus. I know this is a hot take but not doing stuff youre likely to get infected from should be everyones highest priority (but then again, how do you make sure everyones on the same page as to whats dangerous and what is not, etc...)
tl;dr: IMO antivirus has its uses but is probably overkill in most situations.
technige@reddit
I've been running Linux daily for the best part of twenty years, and have never run AV. Assuming you take a handful of basic precautions around how you download and run software, the risk is so small as to be practically zero.
Known-Watercress7296@reddit
in my experience long ago on windows the anitvirus nonsense often was the virus
as basic linux install of Ubuntu or whatever should be more than fine for a personal workstation ime
if you want security, the rabbit hole is as deep as you want to go
if you manage anxiety by having crapware running on your system, this is not a technical issue in my understanding, but a very common one from those that have been conditioned to run this stuff
antivirus on linux more exists as linux servers serve content to windows machines at scale, like that internet thing the kids use these days