Anti-Virus in Linux? Erring On The Safe Side

[MacLindroid]

So, my son on his MacbookPro is technical production manager for a media company, LD, VJ in the making and aspiring event manager. It so happens that artists from around the globe performs at his venue and he gets loads of emails from all over, containing tech riders, full length video and audio that need effects added to, etc. Some of these artists watch online media to show compassion with those poor ladies who cannot afford a bare thread of clothes.


So, malware enters his bullet-proof Mac. ClamAV manages to identify two malwares and can't remove it. So he goes to Bitdefender and find another 40, 39 of which gets removed by Bitdefender and no. 40 exits the Mac via some tweaking in a terminal window.


It seems the malware runs in Unity in a browser, which makes me wonder exactly how safe we are in Linux. My knowledge here is as comprehensive as the theological insights of a medieval pauper. Of course, my Mint box has hardened browsers with so many show stoppers that I sometimes cannot visit even regular websites. As my life does not revolve around the Internet, no sweat. Even so, what gremlins, spooks and nasties can happily live inside my "very secure Linux" without me knowing?


I did read Kayla's 2009 post, added my own comments but I am a bit shaken after what I've seen coming from the woodwork in a Mac.


Guru's, Druids & Droids, please educate we humble little slow-growing meek geek brigade?

[computer noob]

On Linux, we are still very safe. No viruses that affect Linux computers are really in the wild, because Linux users are a minority and we generally can tell if something is wrong with our computer. You can still take precautions, though. You can get add ons for your web browser (the main vulnerability), such as Noscript, Ghostery, etc. and if you really wanted to, you can install ClamAV, which will scan for Windows viruses so you don't accidentally infect a Windows user via email. There's a great forum topic that will hopefully answer all of your questions. It's on the top of the Newbie Questions page. http://forums.linuxmint.com/viewtopic.php?f=90&t=31723

[PatH57]

Hi,


a lot of the provided updates that you get are security updates and if you maintain normally your PC you are pretty safe.
Now emails or web attachements ,well use your common sense. If you don't know who is sending it, don't open it. If you know how it is still run a virus checker before trying anything funny like opening it.
Low maintenance but well worth the couple of minutes it takes to do it.

[MacLindroid]

I run those mentioned plus a few more, my browsers look like Tokyo By Night! ClamAV? That's a waste of time as it was proven to be hugely ineffective.

Thanks for the comfort, though, appreciated.

[MacLindroid]

. No viruses that affect Linux computers are really in the wild, because Linux users are a minority . http://forums.linuxmint.com/viewtopic.php?f=90&t=31723

Just read that post from Kaye again. It is evident that Linux is not safer because of a smaller user base, but rather because of how it works. I did mention that I have read that post and also contributed to it. The thing is that this Unity thing is used to run apps within browsers and therefore the security of even Linux can be compromised. My son's Mac had no less than FORTY infections, all browser-derived, on a system deemed almost as safe as Linux. As I have said, I harden my browsers to the point where they lose usability, yet I will not be at ease until I understand how browsers run apps within themselves, what the real risks are and how to secure it.

[MacLindroid]

There is a myth that Mac & Linux are 100% immune to malware.
There is a myth that Linux has almost no malware due to a small user base / small global footprint.

Both Mac & Linux have fallen prey in the past, myth busted. My son's MacbookPro was infected by 40 malwares a week ago, resulting in him having had to format and start a new installation of Mavericks. The malware came via Chrome browser.

Linux is perhaps almost 99% immune, not because of a smaller user base but rather because of how Linux works. As far as the OS itself goes, if an executable does not have ROOT access, it cannot run by itself. My Xfce installation also won't mark any app as an executable unless I tell it to. In the same vein, there are more levels of protection in Linux requiring manual approval before any malware could become harmful.

Browsers: I have Firefox, Chromium and Opera, all of which have been hardened to some extent, not allow Java scripts to be run, Flash is disabled, ads are blocked, I use WOT and Dr Web, even have Bitdefender Traffic Light, Ghostery and others. Browsers are where the real threats to any system could be lurking, so secure that as described.

I have installed SELinux to harden my OS and I now also have COMODO and Bitdefender running. COMODO's job is to scan emails, especially SMTP to prevent me inadvertently sending malwares to my mates. Bitdefender is running just because I can. In reality, I am more running these two anti-malwares to see IF it will ever even catch anything, so this is a (most unnecessary) "prevention is better than cure." I really am not expecting harm to come to my Linux even if I had no anti-malware installed.

IF it so happens that I catch malware, I will report it here. Don't expect a whole wiki of signatures reported.

[var]

I would question what he was doing with his Mac, because there are only about 40 - 50 known Mac viruses out there that are harmful. In all my years of using a Mac (way back to Panther) I have never (EVER) had a virus on one. If you setup keychains, never run as an admin and setup the firewall, it is just as hardened as any well setup Linux machine.

Of course, the majority of Mac users are non-technical and run the system 'as is'. Which basically means they are running naked, because the firewall is not setup, the keychains need setting up and the system needs some configuration to make it hardened. My Linux box is hardened just as much as the Macbook Air at home but since the user-base is different, one system is inherently less-secure, because the technical brains are simply not there between the chair and keyboard.

[MacLindroid]

I would question what he was doing with his Mac, because there are only about 40 - 50 known Mac viruses out there that are harmful. In all my years of using a Mac (way back to Panther) I have never (EVER) had a virus on one. If you setup keychains, never run as an admin and setup the firewall, it is just as hardened as any well setup Linux machine.

Of course, the majority of Mac users are non-technical and run the system 'as is'. Which basically means they are running naked, because the firewall is not setup, the keychains need setting up and the system needs some configuration to make it hardened. My Linux box is hardened just as much as the Macbook Air at home but since the user-base is different, one system is inherently less-secure, because the technical brains are simply not there between the chair and keyboard.

One of the infections is a very NEW one called Herocritics.phishing and it affected his Mac email programme as well. I did not find any info on Google about this.

Some 22 year old though his dad was daft when warning him against using torrents. He had his FW running, his keychains are supposed to be set up right as I did check it in January. I suspect his adamant use of torrents over his work wifi which is shared with other VJ's, DJ's and alike youngsters who can do miracles in social media but not know how to partition a drive or format a SD card. You know the type.

As browsers can run software, they can execute malware code and the very secure OS becomes irrelevant, I think. Therefore, I employ a number of hardening apps and I think that using Bitdefender AV adds some comfort here, as it is better than most at least in Windows environment.

[var]

I would question what he was doing with his Mac, because there are only about 40 - 50 known Mac viruses out there that are harmful. In all my years of using a Mac (way back to Panther) I have never (EVER) had a virus on one. If you setup keychains, never run as an admin and setup the firewall, it is just as hardened as any well setup Linux machine.

Of course, the majority of Mac users are non-technical and run the system 'as is'. Which basically means they are running naked, because the firewall is not setup, the keychains need setting up and the system needs some configuration to make it hardened. My Linux box is hardened just as much as the Macbook Air at home but since the user-base is different, one system is inherently less-secure, because the technical brains are simply not there between the chair and keyboard.

Some 22 year old though his dad was daft when warning him against using torrents. He had his FW running, his keychains are supposed to be set up right as I did check it in January. I suspect his adamant use of torrents over his work wifi which is shared with other VJ's, DJ's and alike youngsters who can do miracles in social media but not know how to partition a drive or format a SD card. You know the type.

I know the type indeed, in the respect it is easy to infect a system if your grab the wrong file or really just go blind and start getting all kinds of software and executing them blindly.
For extra safety with these things I would want an IP blocker (remember the old Peer Guardian?) so I could blacklist IP's from countries where lots of virus' originate and use netcat to keep an eye on my ports.

But the best way to learn is to get infected. Too many cheek-talkin kids who think they know what they're doing and not listening to the wise eldars

[MacLindroid]

Good reads:

https://help.ubuntu.com/community/Antivirus

http://www.linux.org/threads/malware-an ... inux.4455/

My comment remains that Linux installations are by design more or less immune to malware infections, yet every browser is unsafe. If you err, err on the safe side. Use the Bitdefender http://download.bitdefender.com/repos/# freeware (home use) as this is the best around. Follow the link for setup instructions. I have been very fond of ClamAV but it had become outdated and irrelevant by now. Bitdefender is THE best you can use for Linux and generally for any Windows & Mac system as well.

My ISP allows for monthly subscriptions for paid business use at dirt cheap prices, so there is a solution as well.

[MacLindroid]

DO NOT FOLLOW THE URL'S BELOW BUT INSTEAD COPY AND PASTE THE ENTIRE LINE INTO A TERMINAL

$ sudo sh -c 'echo "deb http://download.bitdefender.com/repos/deb/ bitdefender non-free" >> /etc/apt/sources.list'

$ wget http://download.bitdefender.com/repos/deb/bd.key.asc

$ sudo apt-key add bd.key.asc

$ sudo apt-get update

$ sudo apt-get install bitdefender-scanner-gui

To Run Bitdefender:

$ /opt/BitDefender-scanner/bin/bdgui

[wanderer7]

Question: can it detect GNU/Linux viruses?

[MacLindroid]

I think I have done my bit of homework. If anyone has a technical question, for whatever reason, why not ask Bitdefender's support team directly?

http://www.tuxradar.com/content/bitdefe ... rus-unices

http://www.linuxinsider.com/story/78748.html

http://www.unixmen.com/meet-linux-viruses/

http://en.wikipedia.org/wiki/Linux_malware

Now over to Microsoft........... http://www.reuters.com/article/2014/07/ ... CU20140710

[wanderer7]

Well, no offence mate, but you advertised bitdefender and posted how to install it. Why would I install it if it's not going to work for me?
Thanks for your advice, but I'm still not convinced.
Besides, if you visit bitdefender's new website, I doubt you'll find any Unix related product for home users, let alone for GNU/Linux.
I think the last post bitdefender made about Unix was back in 2011:
"As many BitDefender Antivirus Scanner for Unices users have noticed, attempting to run the command line tool (bdscan) or the GUI application will result in an unexpected segmentation fault. The issue is caused by an incompatibility between the latest antivirus engines retrieved through update and the their platform specific component (bdcore.so) which currently cannot be updated."
I admit, it's a good antivirus for windows, but for GNU/Linux? I doubt. In my opinion, a good anti-virus for GNU/Linux doesn't exist yet. Then again, a "good" virus for GNU/Linux doesn't exist either (yet).

[MacLindroid]

In my opinion, a good anti-virus for GNU/Linux doesn't exist yet. Then again, a "good" virus for GNU/Linux doesn't exist either (yet).

Now THAT is reality. I am just erring on the safe side.

[DrHu]

First problem, few if any are competent/able to understand security and risks associated
--nor be able to fix any issues that arise from insecure connections or software

We have to assume we are all simply users/consumers and don't develop any software, so have verry little knowlwdge of any of the issues or fixes available therein.

• We mostly will be going on BLIND FAITH, no matter the source

So any antivirus, any system hardening, any logs or itrusion detection system/apps or other security measures you may take won't hurt, but they may/may not protect you from the real danger: the internet and its many avanues of accesss
--even IPP (printer) bluetooth scanning and so on

• I only print locally, not via the internet, and for browsing
• Turn of javascript for most sites
• Use adblock Plus
• Spyblock Search and destroy
  --if I was using windows
• Don't allow LSO (flash cookies)
• Always connect via my own ISP
  --and can turn off IPV6, unlike windows 7x or 8x, which seems to want/require it for some functions (which stay a mystery to a normal user)

[MacLindroid]

First problem, few if any are competent/able to understand security and risks associated
--nor be able to fix any issues that arise from insecure connections or software

We have to assume we are all simply users/consumers and don't develop any software, so have verry little knowlwdge of any of the issues or fixes available therein.

• We mostly will be going on BLIND FAITH, no matter the source

So any antivirus, any system hardening, any logs or itrusion detection system/apps or other security measures you may take won't hurt, but they may/may not protect you from the real danger: the internet and its many avanues of accesss
--even IPP (printer) bluetooth scanning and so on

• I only print locally, not via the internet, and for browsing
• Turn of javascript for most sites
• Use adblock Plus
• Spyblock Search and destroy
  --if I was using windows
• Don't allow LSO (flash cookies)
• Always connect via my own ISP
  --and can turn off IPV6, unlike windows 7x or 8x, which seems to want/require it for some functions (which stay a mystery to a normal user)

We don't know because we don't know. Nobody is losing dollars, nobody is losing face, by having protection. The invincible Mac was ruined by a piece of browser malware and only Bitdefender could fix it. On a cloudy day, we invincible Linux users may wake up to a nasty surprise. Running Comodo and Bitdefender may be like wearing a raincoat and an umbrella on the beach on a sunny day, so one risks looking like an utter fool yet no real harm is done.

[MacLindroid]

A consultant from Bitdefender visited this thread and emailed me to say that my set-up will be safe with the widgets I am using on my browser, as does DrHu. I have attached lists of what I am using in Chrome and Firefox now.

[MacLindroid]

Third Firefox Screenshot

[killer de bug]

When you have loaded all these extensions, Firefox is already taking 500Mb of RAM...