Any recommendations for Linux Mint anti-virus and internet security?

[Mage of Maple]

Looks like no one has mentioned Firejail. This is a really awesome tool for hardening your browser. Most exploits are likely to come in through weaknesses in the browser - Java, JavaScript, Flash, etc. Firejail can sandbox Firefox so it has severely limited access to the system. It can actually sandbox any process and has pre-configured profiles for tons of Linux apps but the browser is the most important. Definitely worth a look.

[jimallyn]

A lot of Linux users will tell you that you don't need an antivirus, and in my 16 years of using Linux I have never used one. Until recently, when I decided to try it just for fun. I currently have Sophos and COMODO installed. Sophos has to be run from the command line, but COMODO has a nice GUI. The first time I ran an antivirus - I forget which one - it found 61 Windows viruses, all of them in deleted emails. A friend didn't have his computer hooked up until recently, so I was checking his email for him. He used to sign up for everything he could on the web, and now he gets a lot of spams and emails with viruses attached. Since I don't have Windows, it's likely none of those 61 viruses would do anything, and besides I of course didn't click on any of the emails with attachments, just deleted them. Anyway, all the viruses found were in deleted emails on my friend's account, and none had been activated.

So, when I am done playing with antivirus software, will I keep them? I might keep one of them, haven't decided for sure. Linux is FAR more secure from viruses than Windows is, so I probably don't need an antivirus, but I might keep one of them anyway, on the "better safe than sorry" theory. If I were running a web server, I would definitely run some kind of anti-malware software on that. There are viruses that affect Linux, but in the 16 years I ran without an antivirus, I never got any infection, nor has any Linux user I know of ever been infected.

[turtlebay]

Which leaves my question dated Mon Sep 17, 2018 9:19 pm still unanswered, " Why is the firewall turned of by default? Can't Clem program it so it's on by default with the option for the user to turn it off if they desire that risk? "

[absque fenestris]

if common sense is so common, why dont more people have it?...lol...DAMIEN

Common sense was somehow, sometime, a long time ago, very useful...
Compared to modern technology, common sense is hopelessly inferior: Logical conclusions do not necessarily have to solve problems - on the contrary.

My own, personal "common sense" rebels massively against what has been offered for 10 to 15 years - for example - by automotive or computer technology:
You can't see the essential gear levers anymore because of all the frippery - a car turns off the engine, but because of loud, stupid music that can't be turned off without a manual, you can't even hear it and at first you have to look for something like a credit card to start the f*** thing again.

With (any) computer system it's the same - a megalomaniac Christmas tree that flashes and beeps and plays music and plays stupid movies and ads, you'll press the wrong button sooner or later.

You can't blame completely normal (and younger) users - it's excessive and it's intentional.

Excuse me - just teaching my 20 year old niece things like Photoshop and Illustrator on a Mac in a kind of emergency crash course - Yes exactly: Mac! - but the default settings e.g. from Firefox on (any) Linux-System are not a bit better!

[philotux]

I read through all four of them

[Moem]

I read through all four of them

Just did some cleanup... they're gone now!

[Joe2Shoe]

My 2 cents worth.
Yes, Windows is a major catastrophe, and then some, if you don't have a firewall, virus scanner and malware scanner enabled. I have one laptop with Win7 x64 with Comodo Internet Security Pro (retail) installed. I use Comodo's firewall and disable Windows' firewall. Sure, Comodo finds & deletes lots of crud, and after 6 years, this laptop runs perfectly.

As has been posted above, Linux is not excluded from viruses, and to think that any of us is "safe" while online is taking the situation lightly.
Hackers, and I do mean the ones who are quite intelligent, can hack anything, including Linux and Mac OS.
Don't be fooled, I have made quite a chunk of change $$$ cleaning Windows, Mac and some Linux distros of viruses.

I use FirewallD (in Software Manager) and it has many features.
I am currently using Sophos on 2 laptops and BitDefender on 2 others running Linux Mint 19 v.2 x64.
Both antivirus programs are not on "automatic", but I update & scan once-a-week on all 4 machines manually, so they are not using system resources 24/7.
I also have another LM19 laptop with no antivirus software, and it's just fine, as far as I can tell.

Always backup your data, just in case, because you never know until it's too late.
To each their own.

[rbmorse]

Karlchen raised a good point earlier. How can one tell if a report of a vulnerability is valid or not? For example, there's this:

https://www.zdnet.com/google-amp/articl ... antivirus/

Personally, after reading the article (and considering the source) I'm inclined to believe this is more an ad for the product behind the site referenced in the ZD Net article than a real threat (it's just too juicy to be true).

But, I don't know for sure. I'm not going to buy the product advertised, though, until I know more.

[jimallyn]

Why is the firewall turned of by default? Can't Clem program it so it's on by default with the option for the user to turn it off if they desire that risk?

I know this has been asked on the forums more than once. I am sure that Clem could program it that way, and I have no idea why he and the team haven't done that.

[smurphos]

Karlchen raised a good point earlier. How can one tell if a report of a vulnerability is valid or not? For example, there's this:

https://www.zdnet.com/google-amp/articl ... antivirus/

Personally, after reading the article (and considering the source) I'm inclined to believe this is more an ad for the product behind the site referenced in the ZD Net article than a real threat (it's just too juicy to be true).

But, I don't know for sure. I'm not going to buy the product advertised, though, until I know more.

It's a genuine Linux trojan, but both of the vulnerabilities that it exploits are long ago patched in affected kernels. The only Mint users that could be vulnerable are 17 or 18.x users using a kernel older than 4.4.0-45.66 or 17.x users using a kernel older than 3.13.0-100.147 - both released October 16.

If a user want an antivirus as a crutch because they are adverse to applying kernel security updates then what can I say....

[smurphos]

Why is the firewall turned of by default? Can't Clem program it so it's on by default with the option for the user to turn it off if they desire that risk?

I know this has been asked on the forums more than once. I am sure that Clem could program it that way, and I have no idea why he and the team haven't done that.

It doesn't need to be active on a fresh installed system. There are no active listening services on a fresh mint install, any port scan that got as far as the machine will not see anything anyway - a newly installed Mint is a stealthy beast. It's only once the user starts opening ports (sets up SSH access, shares folders, sets up desktop-sharing) that it becomes potentially useful to have it on and then not in it's default state, but with specific rules to control who can access those services and from where i.e. restricting samba access to the LAN or from specific ips on the LAN etc.

So the question is should it be on by default to protect users who open up ports on their system without considering the need for a firewall? I don't know - to me that seems like excessive nannying and hand-holding. Plus if it's on and blocks for example file sharing what's the less informed user going to do - probably just turn it off again anyway, or just dump Mint because file sharing is broken and try some other distro that follows the ubuntu default. And there's no point have it on with some automated process to create a generic rule to open the ports for that particular service when the user sets it up. That's no better than no firewall.

[majpooper]

Hi, SnuffGear.

The reason why so far a dedicated Linux Mint Security sub-forum has not been created is not that we all foolishly assume that Linux Mint were unbreakable. We, the forum team, do not think so. At least, this is how I perceive it.
The reason rather is that a dedicated Linux Mint Security sub-forum is not totally unlikely to attract a substantial number of self-assigned security experts and people wearing tinfoil hats, who spread their own fears and paranoia as hard facts.
How will the majority of forum users tell apart self-assigned security experts from real security experts?
Do we have any real security experts among our forum users? (How to identify them as such?)

Best regards,
Karl

Hummm. . . . have to admit I had not thought this through - this makes a lot of sense. I listen to a security podcast Security Now with Steve Gibson - for those that know about him he is, for sure, a security expert. However I am not and hopefully no one would consider my advice/opinion as that of an expert. And there in lies the problem karlchen makes in that I have expressed my security opinions before but not everyone agrees with them, which is fine, but if you are new to linux where to you go for security/privacy guidance ?

Actually the same thing to a lesser extent applies to linux mint in general. After being on this forum for 5 years I pretty much know who is who and who the experts are and follow there advice when asking for technical guidance not that others have not been helpful. I am not sure how someone brand new to the forum could distinguish experts from non-experts unless the Mods could somehow designate certain users as such.

[turtlebay]

It doesn't need to be active on a fresh installed system. There are no active listening services on a fresh mint install, any port scan that got as far as the machine will not see anything anyway - a newly installed Mint is a stealthy beast. It's only once the user starts opening ports (sets up SSH access, shares folders, sets up desktop-sharing) that it becomes potentially useful to have it on and then not in it's default state, but with specific rules to control who can access those services and from where i.e. restricting samba access to the LAN or from specific ips on the LAN etc.

So the question is should it be on by default to protect users who open up ports on their system without considering the need for a firewall? I don't know - to me that seems like excessive nannying and hand-holding. Plus if it's on and blocks for example file sharing what's the less informed user going to do - probably just turn it off again anyway, or just dump Mint because file sharing is broken and try some other distro that follows the ubuntu default. And there's no point have it on with some automated process to create a generic rule to open the ports for that particular service when the user sets it up. That's no better than no firewall.

Users are going to do all those things anyway or why are they bothering using a computer?
Compare it with a new car. Why fit it with brakes because a new car will be standing in a showroom, so won't need brakes. But when someone buys the car / starts using Linux, the brakes / firewall is going to be needed if they go on line / drive it on a road.

[rene]

Why is the firewall turned of by default? Can't Clem program it so it's on by default with the option for the user to turn it off if they desire that risk?

I know this has been asked on the forums more than once. I am sure that Clem could program it that way, and I have no idea why he and the team haven't done that.

It doesn't need to be active on a fresh installed system. There are no active listening services on a fresh mint install, any port scan that got as far as the machine will not see anything anyway

And do please combine with AscLinux's above reply. Basically everyone these days is behind a NAT-router in the form of their modem or even a double NAT with a home-router again behind the modem. This is to say that even ports on your system accessible from your LAN are not accessible from the internet without you specifically arranging so or, as you commented before, your modem/router already being compromised. The only thing that I tend to feel needs some warning against in that context is UPnP; also see viewtopic.php?f=90&t=279354&p=1537812#p1537812. But also in that case we are talking about already having been compromised by some piece of software utilizing UPnP.

Conversely to the minor issue of having no firewall set up by default, what a by default enabled firewall does for newbies is interfere with perfectly legitimate LAN-traffic; making services undiscoverable, disallowing connections to internal network resources; turning LAN networking decidedly non-Plug 'n Play, and causing these forums to flood with messages from newbies about why Linux is so difficult and ridiculous when "everything Just Works on Window".

Given no open ports by default and current reality of NAT-routers, a firewall is on Linux not something that needs arguments to be disabled but one that needs quite specific arguments to be enabled.

[Pjotr]

If you're on your own network, and if you have enabled the firewall in your router, you don't need to have an active firewall in your Mint.

That said: I always enable the firewall as a matter of course, because I sometimes connect my laptops to other networks too.

[timbol]

I use ClamAV for the simple reason that my online banking T&Cs demand an AV. It may not be necessary, but it's needed

[smurphos]

The only thing that I tend to feel needs some warning against in that context is UPnP; also see viewtopic.php?f=90&t=279354&p=1537812#p1537812. But also in that case we are talking about already having been compromised by some piece of software utilizing UPnP.

Indeed, I've been disabling UPnP on my routers for years and set up port forwards when necessary.

[DAMIEN1307]

hi timbol...im in the U.S....could you please educate me a little here...first you say that your bank requires you to have an a/v...how do they know if you have one or not?...what country are you in that has such a bank and such a bank requirement...after all its not their computer but yours...you having or not having an a/v does not protect their systems at all but only your own if your running a windows or mac system...whether you have a/v or not should make no difference to your bank since they have their own protection in place so please tell me how this can be...any of their IT personnel should be tech savvy to know and realise that a/v on a linux system is ludicrous...not needed and actually decreases security on a linux system which is much more secure than what they must obviously be using...

[smurphos]

hi timbol...im in the U.S....could you please educate me a little here...first you say that your bank requires you to have an a/v...how do they know if you have one or not?...what country are you in that has such a bank and such a bank requirement...after all its not their computer but yours...you having or not having an a/v does not protect their systems at all but only your own if your running a windows or mac system...whether you have a/v or not should make no difference to your bank since they have their own protection in place so please tell me how this can be...any of their IT personnel should be tech savvy to know and realise that a/v on a linux system is ludicrous...not needed and actually decreases security on a linux system which is much more secure than what they must obviously be using...

In the UK is used that banks could argue you were not taking reasonable care by not running security software to wriggle out of liability for fraud claims. Not the case anymore - the onus is on the bank to prove you authorised the fraudulent transaction. Having said that if a piece of malware got on your system and fooled you into authorising a transaction that's probably a grey area. But if it nicked your log on details and then went on to drain your bank account the bank should cover you.

[DAMIEN1307]

hi smurphos and taking the time to answer this question...my least secure password is the one i use here to access the forums...howsecureismypassword.net tells me that this particular one im using is...

It would take a computer about

552 QUADRILLION YEARS

to crack your password

my most secure password protections are all different of course and are for my protonmail.com and my banking and insurance info...

It would take a computer about

177 UNDECILLION YEARS

to crack your password

needless to say my banks and insurers are more than well satisfied with this...lol