Kaspersky has launched it's antivirus software for Linux.
Posted by MasterGeekMX@reddit | linux | View on Reddit | 61 comments
Posted by MasterGeekMX@reddit | linux | View on Reddit | 61 comments
Outrageous_Trade_303@reddit
just keep in mind, that we are talking about a russian software which watches everything you do and scan every file you open.
friciwolf@reddit
so if I install it on linux, do I have to step away from Windows in the real world as well?
Outrageous_Trade_303@reddit
I'm not sure what you are asking, but in any case I can't answer about windows. I'm using linux exclusively since 2000.
friciwolf@reddit
(It was a pun. Since the beginning of the war in Ukraine, there have been numerous reports about influential businessmen dying in "weird" accidents, which include them falling out from windows.)
Outrageous_Trade_303@reddit
oh well!
Scw0w@reddit
Lol antivirus SHOULD scan every file you open
Stonedd-Raccoon@reddit
Kasp. is a Russian asset
mrlinkwii@reddit
its no more spyware then every other antivirus
necrophcodr@reddit
I really do not hope you are meaning to imply that antivirus is spyware. If so, you are either sorely mistaken, or you hold some hidden holy grail for cybersecurity that I'd love for you to share with the rest of the world.
CrossFloss@reddit
Since antivirus software is a serious attack vector and useless due to false positives and negatives, it is fundamental to no install those on critical or better nay system. It's a scam.
necrophcodr@reddit
How do you protect against passive attacks without an antivirus of any kind then? I'm presuming you also disable Windows Defender on those systems.
CrossFloss@reddit
Do we use different definitions of "passive attack"? Eavesdropping is prevented via (transport) encryption.
necrophcodr@reddit
Sure, but a user in an organisation of 15.000 people might click something they shouldn't have. It won't kill the organisation, but we still want to prevent that. You are not allowed to use malware detection apparently. What do?
CrossFloss@reddit
There are so many scenarios here that it's hard to find solutions for all.
AnsibleAnswers@reddit
lol. The sheer amount of Cisco hardware in existence makes this advice meaningless, even if every company agreed to avoid purchasing Cisco devices from here on out. It’s not practical advice, just like most of the rest.
You need malware detection in any enterprise environment, whether it be traditional antivirus or modern XDR.
CrossFloss@reddit
So instead of having a secure environment you prefer compliance voodoo that obviously doesn't work. That's fine but then don't ask for cybersecurity advice.
AnsibleAnswers@reddit
Ok big guy. My point is doing all of these things is meaningless if you don’t have intrusion/malware detection. Having good security in modern environments means that you assume a breach/infection can still occur. You can’t adequately castle and moat your network because a single idiot clicking on a link in a malicious email can open the door for an attacker.
Your “best practices” didn’t even include network segmentation so I’m not going to take your “expertise” all that seriously.
CrossFloss@reddit
Malware shouldn't be able to run unless it's a zero-day browser exploit or your company relies on insecure file formats from external sources. Malware scanners do not help here - if they flag a file you don't know if it's a false positive and if they don't you don't know if this is a false negative. What you do know is, that such scanners have far too many permissions on your system and were actively exploited in the past. They can just be considered useless backdoors.
But you realise that a breach is detected by e.g. Cyberhaven and an infection can't cause much damage with limited restrictions and protected file systems?
Holy fuck, when did we get from "clicks on a link" to a complete enterprise attack mitigation strategy including network architecture?! Shall we discuss how simply getting rid of Outlook/Exchange/Active Directory prevents 99.99% of intrusions already as well?
AnsibleAnswers@reddit
Cyberhaven, i.e. the company that hackers targeted with a supply chain attack to successfully steal passwords from its users. Granted, just because a security product can be an attack vector doesn't mean it isn't useful. That's your argument, not mine.
CrossFloss@reddit
It wasn't the product itself as you already know and you probably also noticed that this was not detected by malware but network scanners.
Malware scanners are not useful because they don't give a trustworthy answer. Reasonable XDR/SIEM can be useful of course.
AnsibleAnswers@reddit
This is genuinely besides the point. Attackers gained access to their supply chain and pushed their own software. They got it. That's literally all that matters. Their product includes their supply chain. That's how things work in reality.
I also never claimed that antivirus found the breach. I was making a point related to the fact that many security products can be attack vectors. Ultimately, the threat intelligence justifies itself in terms of dollars and cents. It's just probably unnecessary to burden endpoints with most of the compute that behemoths like Defender do.
Yes. The obvious must be stated, I guess. A hammer can be used to build a house or break into one. It's true of every technology. There are always good and bad implementations of useful products.
CrossFloss@reddit
Yes, by targeted phishing during Christmas when everyone is on holiday. This is hard to prevent. It's not a backdoor by design.
You're the one bringing up one straw man after another and not a single plausible argument for malware scanners. Your "clicks on a link" example is even more likely when staff trusts a scanner which by design only finds old known bugs.
necrophcodr@reddit
I can already tell you this won't work on the scale I'm talking about. Even point 1 won't work. But point 8 always will. 15.000 people, someone is gonna make that malware happen. Not using Windows at this scale of an org is unfortunately also often unrealistic, no matter how much I personally believe we can all use it.
Entire departments and offices and locations will want it, to the point where it will be used. Fifteen thousand people.
the_abortionat0r@reddit
God reading that nonsense gave me cancer.
The only people who think antiviruss are magical dalse positive machines are kids angry that their bootleg games are infected and pretend they aren't.
CrossFloss@reddit
Sorry that you missed the last 15 years in cybersecurity and still base your decisions on advertisements. You can use antivirus scanners on read-only mounted media for further analysis but NEVER on a live system.
Outrageous_Trade_303@reddit
I believe that all antivirus are potential spyware.
Just like the street cameras
the_abortionat0r@reddit
It's literally a Russian government asset. I don't think you understand.
BranchLatter4294@reddit
Is this a joke?
Outrageous_Trade_303@reddit
Yes! That's why I'm not using any kind of antivirus.
redoubt515@reddit
Only if you trust the AV software + have somewhat risky browsing habits.
dankobg@reddit
I only trust american and british software
psylomatika@reddit
lol if you want to trust software then shop there with the most privacy rules and laws which would be any EU country that is not tied to Russia.
dankobg@reddit
I didn't say I trust it or want to use it. I never did. But saying its shit because it's ruski virus is stupid.
Leliana403@reddit
Real "bOtH sIdEs SaMe" energy.
DaddyGACanada@reddit
Hold your breath until I install it.
friciwolf@reddit
Please step away from Windows in the near future. (pun intended)
MentoRiumTutorCoach@reddit
😂😂
nmcn-@reddit
Any antivirus program is going to be intrusive. Its job is to scan everything in your computer. If it's not intrusive, then it can't do its job.
The big red flag with Kaspersky is that it is still under Russian jurisdiction. Like everything in the Russian computer world, it is subject to Roskomnadzor, and therefore at the beck and call of the state and the FSB.
Unlike software like ClamAV, it is not open source. So, what else could it be doing, besides scanning for infection?
The whole idea of Linux is that it is Open Source. There are no hidden functions or back doors into your OS, unless you invite one in. Make sure you are letting the right one in. :)
DoubleOwl7777@reddit
nah thanks i am good.
githman@reddit
While the idea is curious and it's going to be fun to watch it develop, there are complications.
Overall, I'm going to let someone else test this thing.
Ice_Hill_Penguin@reddit
In Soviet Russia even viruses run Linux.
psych0ticmonk@reddit
linux is impervious to viruses so this is just useless garbage.
the_abortionat0r@reddit
Did you hit your head? That isn't even remotely true.
2cats2hats@reddit
Let them download rando bash oneliners and figure that one out by themselves. ;)
archontwo@reddit
Kapersky has had an anti virus solution for Linux for decades. They use a live CD image to disinfect compromised machines.
Why is this even news? Just another excuse for Russophobia?
2cats2hats@reddit
That's what I was wondering. Kaspersky historically has been caught up in politics. A few years back the US removed all their softwares because they're from Russia.
It sucks but that's the world we live in now.
As for it on linux the vast majority of redditors reading our comments won't need AV on Linux anyway.
srekkas@reddit
DO NOT USE IT !!!!!!
A--E@reddit
The live cd with on demand scanner is neat and is still one of the few around.
srekkas@reddit
Does'nt matter, china, russia, iran,NK software has no place in civilized world.
A--E@reddit
and the alternative is....
vesterlay@reddit
I use kaspersky on windows, best detection engine.
Outrageous_Trade_303@reddit
Don't use any of these
rresende@reddit
I use to sell kaspersky to my clients for years, never had a problem. Easy to renew their licenses, they had a tool that sent a notification when the hard drive was about to fail. They never had problems with virus or with the russians :)
markand67@reddit
a closed source software to scan viruses on an open source software.
yes you're gonna tell me this is not legitimate argument, nevertheless adding viruses to opensource software is not the best idea out there.
however, closed source software can already be considered as a malware on its own.
6gv5@reddit
Thanks but no thanks.
Unless you're BRICS, Kaspersky isn't reliable anymore: they're forced to jump if the Russian government says so, therefore it's not a matter of writing bad software or being evil; they could have the best intentions and the best software, yet they're forced to do what Putin says, which is hardly in the interest of the western world.
Yes, that applies to every company in every country. Choose wisely your suppliers!
mrlinkwii@reddit
so no ording from the US teh?
infernys20@reddit
*its
Familiar_Plankton@reddit
*Kaspersky virus
0riginal-Syn@reddit
It seems like there is some sort of cancerous growth on Tux's tummy in that picture. No thanks.
qualia-assurance@reddit
I always wanted to install Russian spyware on my Linux distro. I was so disappointed when I discovered that it didn't work with WINE. This is fantastic news.
BranchLatter4294@reddit
I guess this is for the same type of user that installs rootkits on their Windows system.