Virus protection question

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
kamie
Level 2
Level 2
Posts: 89
Joined: Fri May 17, 2019 8:04 pm

Virus protection question

Post by kamie » Sat May 18, 2019 9:04 pm

I'm sure this has been covered, I searched it and got a lot of terminology that I don't understand because I'm so new. So even if the answer was clear as mud smacking me in the face, I apologize. Here is my info to let you know how new I am. I don't even have my new computer yet. viewtopic.php?f=180&t=294327

I've been watching every video I can and have heard almost all of them say when I use Mint or Linux just for normal day to day things I don't need a anti virus program, just a firewall. Is this correct? If so, how refreshing that would be coming off of windows. So if you are using and antivirus why and which one?
Sorry again if this has been beaten to death. I just don't quit understand what every is talking about. Some of it makes sense I think, but parts of it are so foreign to me. Most of the terms you all use, I've never heard before. I hope to catch up quickly in the coming weeks.
K

User avatar
catweazel
Level 18
Level 18
Posts: 8881
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Virus protection question

Post by catweazel » Sat May 18, 2019 9:13 pm

kamie wrote:
Sat May 18, 2019 9:04 pm
I've been watching every video I can and have heard almost all of them say when I use Mint or Linux just for normal day to day things I don't need a anti virus program, just a firewall. Is this correct? If so, how refreshing that would be coming off of windows.
Generally, it is correct, yes. Linux is quite different to Windwoes. While I don't run an anti-virus, and very few of the regulars here would even recommend one, linux isn't immune. It has a lower attack surface than Windwoes so the risk of getting some sort of malware is pretty much limited to your browser, which, coupled with some safe internet habits, makes anti-virus so much overkill. The main targets of linux malware are servers exposed to the internet and android rather than desktop systems.

Of course, you need to assess the risk yourself and make your own decisions. If you decide to go ahead and install an anti-virus, don't take any heed of people who tell you you don't need to. It really all depends on your surfing habits and how secure you want to feel, so it comes down to personal preference in the end. But still, an anti-virus is not absolutely necessary.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

kamie
Level 2
Level 2
Posts: 89
Joined: Fri May 17, 2019 8:04 pm

Re: Virus protection question

Post by kamie » Sat May 18, 2019 9:20 pm

Thanks for the fast reply CatW. After 17 years of only windows, and being really smart about things (except using windows) That is one of the most positive aspects of making this change.

It's really just hard to believe it. Not that I doubt it.
K

User avatar
catweazel
Level 18
Level 18
Posts: 8881
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Virus protection question

Post by catweazel » Sat May 18, 2019 9:23 pm

kamie wrote:
Sat May 18, 2019 9:20 pm
Thanks for the fast reply CatW. After 17 years of only windows, and being really smart about things (except using windows) That is one of the most positive aspects of making this change.

It's really just hard to believe it. Not that I doubt it.
K
One more thing, you need to trust your software sources. You'll eventually learn about PPAs. These are public repositories where you can get more up to date software. These are a risk and, again, you need to reassure yourself that you can trust them. Most of the PPAs mentioned in these forums are safe, but as I said, trusting them is your decision.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

User avatar
slipstick
Level 5
Level 5
Posts: 923
Joined: Sun Oct 21, 2012 9:56 pm
Location: Somewhere on the /LL0 scale

Re: Virus protection question

Post by slipstick » Sat May 18, 2019 9:29 pm

I have been using Linux Mint for 5 years now and have never used any anti-virus - haven't been hacked yet (as far as I know :) ). I am behind a NAT router and have enabled the firewall. I use FIreFox for most of my browsing and use NoScript, HTTPS Everywhere, and AdBlock Plus (many people also recommend uBlockOrigin as an ad blocker). Most importantly, I use Firejail to sandbox my system. More info here:
https://easylinuxtipsproject.blogspot.c ... urity.html

and Pjotr's home page (much good info on that site):
https://easylinuxtipsproject.blogspot.com/p/1.html
In theory, theory and practice are the same. In practice, they ain't.

jchelpau
Level 3
Level 3
Posts: 100
Joined: Mon Mar 25, 2019 11:19 pm
Location: Australia
Contact:

Re: Virus protection question

Post by jchelpau » Sat May 18, 2019 9:50 pm

Generally you want to do four things to avoid malware:

1. Have a separate admin account
This is by default on Linux Mint. Don't give permission to applications to run as administrator unless you trust them.
Usually this means only doing so if it's from software that came preinstalled on Linux Mint.

2. Only open/run files from trusted sources
Linux Mint makes this easy by having a software center as one big trusted source.
However this applies to things like Windows programs you run in Wine or email attachments.

4. Disable JavaScript in your web browser
This is where most malware will get you these days, especially with CPU bugs.
Install an extension like NoScript or uBlock Origin and configure them to disable JavaScript by default.
Only enable JavaScript on websites you trust.

4. Enable the OS firewall to stop network malware
In Linux Mint you want to do this using the firewall app.

kamie
Level 2
Level 2
Posts: 89
Joined: Fri May 17, 2019 8:04 pm

Re: Virus protection question

Post by kamie » Sat May 18, 2019 10:03 pm

slipstick wrote:
Sat May 18, 2019 9:29 pm
I have been using Linux Mint for 5 years now and have never used any anti-virus - haven't been hacked yet (as far as I know :) ). I am behind a NAT router and have enabled the firewall. I use FIreFox for most of my browsing and use NoScript, HTTPS Everywhere, and AdBlock Plus (many people also recommend uBlockOrigin as an ad blocker). Most importantly, I use Firejail to sandbox my system. More info here:
https://easylinuxtipsproject.blogspot.c ... urity.html

and Pjotr's home page (much good info on that site):
https://easylinuxtipsproject.blogspot.com/p/1.html
I'm firefox person as well, and use adblock plus and adblocker ultimate. Did you get all your extension turned off early this month too? Not sure what FF was trying to pull there. Never heard of firejail or sandboxing? I'll read the link tomorrow. Never heard of a NAT router. I've got a lot to learn.
At this point it's all Greek to me, and I'm not Greek. :D

User avatar
slipstick
Level 5
Level 5
Posts: 923
Joined: Sun Oct 21, 2012 9:56 pm
Location: Somewhere on the /LL0 scale

Re: Virus protection question

Post by slipstick » Sat May 18, 2019 10:30 pm

kamie wrote:
Sat May 18, 2019 10:03 pm
I'm firefox person as well, and use adblock plus and adblocker ultimate. Did you get all your extension turned off early this month too? Not sure what FF was trying to pull there.
It happened to nearly everyone using FF extensions.
viewtopic.php?f=47&t=293510
In theory, theory and practice are the same. In practice, they ain't.

User avatar
phd21
Level 18
Level 18
Posts: 8806
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Virus protection question

Post by phd21 » Sun May 19, 2019 12:31 am

Hi kamie,

Welcome again to the wonderful world of Linux Mint and its excellent forum!

I just read your post and the good replies to it. Here are my thoughts on this as well.

+1 for there is no need to install an antivirus or anti-malware software in your Linux Mint system. Assuming you had a working antivirus software in MS Windows, then your files that you copy or share from that system into your Linux system should be okay. There are bootable antivirus rescue discs like Avira, Kaspersky, Comodo, Dr.Web LiveDisk, etc... that you can boot to and run a scan on your system whenever you want. When I first switched to Linux Mint, I ran a bootable antivirus rescue discs and they did find one bad file from my MS Windows system that I had copied to my Linux Mint system which it deleted. Keep in mind, that not all bootable antivirus discs can scan Linux file systems.

11 Top free bootable antivirus rescue discs for Windows PCs - Digital Citizen
- some of these work on Linux file systems too.
https://www.digitalcitizen.life/top-fre ... indows-pcs

+1 Easy Linux Tips Project: Great website for Linux
(please turn off add-blockers for this website, whitelist this website)
https://easylinuxtipsproject.blogspot.com/p/2.html

+1 for installing and using the Firejail sandboxing application with your Internet enabled applications like browsers, chat messengers, etc...
Firejail and Mint 19 - Linux Mint Forums
viewtopic.php?f=42&t=273533&hilit=firejail

I always recommend that people install more than one browser because if something happens to your main browser like what happened with Firefox recently, you still have another working browser that you can use. Most browser developers will correct update issues and other issues very quickly. I always install Chrome because every now and then I will come across web pages that do not display properly in Firefox but will in Chrome and visa-versa. And, there are some really great browsers available to choose from like Vivaldi (Chromium based), Slimjet (Chrome based), Opera, Brave, etc...

It is a good idea in any computer operating system to install some security and privacy related browser extension add-ons like "ublock origin" if the browser does not already have an ad blocker, privacy badger or privacy protector plus, disconnect, anti-fingerprinting (fingerprint block or masker), "https everywhere" is usually installed, etc...

Use good passwords for everything (17-20+ mixed case characters with numbers and some symbols (no spaces or quotes though)) and use different passwords. And, change your passwords every now and then. There are great password managers available like KeePassXC and others which can also help create good passwords.


Hope this helps ...
Last edited by phd21 on Sun May 19, 2019 12:46 am, edited 1 time in total.
Phd21: Mint KDE 18.3 & 19, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

oldgranola
Level 4
Level 4
Posts: 328
Joined: Fri Sep 05, 2014 1:39 am

Re: Virus protection question

Post by oldgranola » Sun May 19, 2019 12:37 am

I'll second and third Catweazle but to make a point: One thing that makes linux especially more secure is that one is not normally working with admin/root privileges. That locks out a lot of malware as such cant change or write to system files. Surfing in general can't do much to your system but could screw with your browser. So keep your system admin login and rights separate from your usual session login. Don't surf as root! There are discovered vulnerabilities where privileges can be elevated but mostly on the server side of things, but almost always quickly patched via updates So do update regularly. But you can spread malware to others via email etc. Also, as I have been, you can fall for phishing attempts. I just had a "DOH!" experience when I used important credentials to fix a problem on my work sharepoint which turned out to be a targetted customized phishing attempt to get just that information. Nothing to do with Linux but we're all still vulnerable. We fixed it tho.
comadore, pcDOS, hpux, solaris, vms-vax ....blah blah blah..
Yet I'm still a fn nooob

Mike-Linux-Mint
Level 3
Level 3
Posts: 156
Joined: Wed Nov 21, 2018 8:26 am

Re: Virus protection question

Post by Mike-Linux-Mint » Sun May 19, 2019 5:55 am

oldgranola wrote:
Sun May 19, 2019 12:37 am
I'll second and third Catweazle but to make a point: One thing that makes linux especially more secure is that one is not normally working with admin/root privileges. That locks out a lot of malware as such cant change or write to system files. Surfing in general can't do much to your system but could screw with your browser. So keep your system admin login and rights separate from your usual session login. Don't surf as root! There are discovered vulnerabilities where privileges can be elevated but mostly on the server side of things, but almost always quickly patched via updates So do update regularly. But you can spread malware to others via email etc. Also, as I have been, you can fall for phishing attempts. I just had a "DOH!" experience when I used important credentials to fix a problem on my work sharepoint which turned out to be a targetted customized phishing attempt to get just that information. Nothing to do with Linux but we're all still vulnerable. We fixed it tho.
How do you make sure that you don't surf as root? Is there anything to implement?

User avatar
Pjotr
Level 21
Level 21
Posts: 12632
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Virus protection question

Post by Pjotr » Sun May 19, 2019 6:11 am

Mike-Linux-Mint wrote:
Sun May 19, 2019 5:55 am
How do you make sure that you don't surf as root? Is there anything to implement?
No, just don't launch Firefox from a terminal with sudo. :mrgreen:

Furthermore, don't make your system less secure by installing antivirus:
https://easylinuxtipsproject.blogspot.c ... html#ID1.1
Tip: 10 things to do after installing Linux Mint 19.1 Tessa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

DAMIEN1307
Level 7
Level 7
Posts: 1805
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico, USA

Re: Virus protection question

Post by DAMIEN1307 » Sun May 19, 2019 7:25 am

oldgranola said,
But you can spread malware to others via email etc
i almost all cases, this is simply not true as most major email like google mail (gmail), etc already scan emails using their own systems to do so before passing them onto others...DAMIEN
ORDO AB CHAO

Mike-Linux-Mint
Level 3
Level 3
Posts: 156
Joined: Wed Nov 21, 2018 8:26 am

Re: Virus protection question

Post by Mike-Linux-Mint » Sun May 19, 2019 11:30 am

Pjotr wrote:
Sun May 19, 2019 6:11 am
Mike-Linux-Mint wrote:
Sun May 19, 2019 5:55 am
How do you make sure that you don't surf as root? Is there anything to implement?
No, just don't launch Firefox from a terminal with sudo. :mrgreen:

Furthermore, don't make your system less secure by installing antivirus:
https://easylinuxtipsproject.blogspot.c ... html#ID1.1
Cool! I never do that anyway nor do I have any antivirus
But there's something bothering me, I read the link you provided and they say:

"A virus or rootkit can't install itself in Linux unless you let it. In order to install itself on your computer, a virus or rootkit needs your password. And that it doesn't have."

My first question is: What if you removed your password in the "Passwords and keys" folder, does that count?
According to what I read, a firewall on Linux would be useless too since you're supposed to have one already from the modem you're using to connect to the internet, is that right?

They also state the following:

"Or in case it's malware ( a script) that can execute itself in your home directory without password: you'll have to make it executable first. Any script that you download, is not executable: you have to set the executable bit of the script yourself, by hand."

Let's suppose that someone downloads I don't know, let's say a movie using Deluge, I'm not saying I do :D
but if that person does that and double click on the movie itself to launch it with VLC, is it possible to free the virus from the infected file and make it executable?

And last one, well, let's say I get a virus specifically targeted to Linux, which is rare at the moment but maybe not so in the future,
Well, that virus could screw my computer but if I have everything backed up on an external hard drive, it wouldn't do much harm, would it?
I mean would I have to worry about my passwords stored in my browser, like passwords to access your bank account and stuff?
Reinstalling Linux would supposedly remove the virus, right?

User avatar
phd21
Level 18
Level 18
Posts: 8806
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Virus protection question

Post by phd21 » Sun May 19, 2019 1:22 pm

Hi Mike-Linux-Mint,
Mike-Linux-Mint wrote:My first question is: What if you removed your password in the "Passwords and keys" folder, does that count?
Why would anyone do that? And, that would not delete your system's root password.
Mike-Linux-Mint wrote:According to what I read, a firewall on Linux would be useless too since you're supposed to have one already from the modem you're using to connect to the internet, is that right?
Although all hardware routers including most modem routers have a firewall which is normally turned on, it would be good to make sure it is turned on (enabled). And one of the first things Linux Mint users should do is to turn on their Linux software firewall which also helps.
Mike-Linux-Mint wrote:They also state the following:

"Or in case it's malware ( a script) that can execute itself in your home directory without password: you'll have to make it executable first. Any script that you download, is not executable: you have to set the executable bit of the script yourself, by hand."
Most really bad nasty malware from browsers will pop-up a message or ask people to enter in the password which of course no one should do on any computer using any operating system or other devices like smartphones or tablets. If your browser pops up a message saying your system is infected or about to be infected with malware, or something like that, do not click any browser windows or browser pop-up window messages, or try to close the browser or its pop-up messages and or windows, and immediately "kill" the browser using a "kill" running program option or just restart (reboot or power-off and on) the computer or device, then clear the browser cache, and you should be okay. Never open attachments in email or browsers or messengers from any source that you do not know or did not ask for.

Tip - note: There are many excellent software applications that are not in the Linux Mint Software Manager or Synaptic Package Manager (SPM) that must be downloaded and installed manually, but sometimes a browser recognizes that it is an installation file and will offer to run it and ask for your root password, I highly recommend that you say no, then using your file manager or a console terminal to locate the installation file and run it from there from outside of your browser.
Mike-Linux-Mint wrote:Let's suppose that someone downloads I don't know, let's say a movie using Deluge, I'm not saying I do :D but if that person does that and double click on the movie itself to launch it with VLC, is it possible to free the virus from the infected file and make it executable?
There is always a potential risk with anything anyone downloads from any website (torrents, etc...) which includes pictures, videos, music, and other files, etc... or receives from anyone else that it could contain malware, most of which are not designed for affecting Linux systems and therefore cannot hurt a Linux system although there are some that could. Most major email providers like Google Mail and others already provide excellent anti-malware antivirus protection on incoming and outgoing emails which includes attachments, but if you are not using an email provider that provides anti-malware protection then you might want to scan any incoming files for malware using an online antivirus website like "VirusTotal", or a bootable antivirus program, or an installed antivirus application, before accessing the file. There are some antivirus applications that can remove (clean) the malware from the infected file, but that does not always work and the file(s) should be re-scanned to verify that it is now safe to use.
Mike-Linux-Mint wrote:And last one, well, let's say I get a virus specifically targeted to Linux, which is rare at the moment but maybe not so in the future,Well, that virus could screw my computer but if I have everything backed up on an external hard drive, it wouldn't do much harm, would it? I mean would I have to worry about my passwords stored in my browser, like passwords to access your bank account and stuff? Reinstalling Linux would supposedly remove the virus, right?
If you have a clean backup from before any type of problems including malware and or viruses, then of course restoring that would eliminate the problems. Obviously, reinstalling Linux Mint would also do this.

Hope this helps ...
Last edited by phd21 on Sun May 19, 2019 2:09 pm, edited 1 time in total.
Phd21: Mint KDE 18.3 & 19, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

Mike-Linux-Mint
Level 3
Level 3
Posts: 156
Joined: Wed Nov 21, 2018 8:26 am

Re: Virus protection question

Post by Mike-Linux-Mint » Sun May 19, 2019 1:48 pm

phd21 wrote:
Sun May 19, 2019 1:22 pm
Hi Mike-Linux-Mint,
Mike-Linux-Mint wrote:My first question is: What if you removed your password in the "Passwords and keys" folder, does that count?
Why would anyone do that? And, that would not delete your system's root password.
Mike-Linux-Mint wrote:According to what I read, a firewall on Linux would be useless too since you're supposed to have one already from the modem you're using to connect to the internet, is that right?
Although all hardware routers including most modem routers have a firewall which is normally turned on, it would be good to make sure it is turned on (enabled). And one of the first things Linux Mint users should do is to turn on their Linux software firewall which also helps.
Mike-Linux-Mint wrote:They also state the following:

"Or in case it's malware ( a script) that can execute itself in your home directory without password: you'll have to make it executable first. Any script that you download, is not executable: you have to set the executable bit of the script yourself, by hand."
Most really bad nasty malware from browsers will pop-up a message or ask people to enter in the password which of course no one should do on any computer using any operating system or other devices like smartphones or tablets. If your browser pops up a message saying your system is infected or about to be infected with malware, or something like that, do not click any browser windows or browser pop-up window messages, or try to close the browser or its pop-up messages and or windows, and immediately "kill" the browser using a "kill" running program option, then clear the browser cache, and you should be okay. Never open attachments in email or browsers or messengers from any source that you do not know.

Tip - note: There are many excellent software applications that are not in the Linux Mint Software Manager or Synaptic Package Manager (SPM) that must be downloaded and installed manually, but sometimes a browser recognizes that it is an installation file and will offer to run it and ask for your root password, I highly recommend that you say no, then using your file manager or a console terminal to locate the installation file and run it from there from outside of your browser.
Mike-Linux-Mint wrote:Let's suppose that someone downloads I don't know, let's say a movie using Deluge, I'm not saying I do :D but if that person does that and double click on the movie itself to launch it with VLC, is it possible to free the virus from the infected file and make it executable?
There is always a potential risk with anything anyone downloads from any website (torrents, etc...) which includes pictures, videos, music, and other files, etc... or receives from anyone else that it could contain malware, most of which are not designed for affecting Linux systems and therefore cannot hurt a Linux system although there are some that could. Most major email providers like Google Mail and others already provide excellent anti-malware antivirus protection on incoming and outgoing emails which includes attachments, but if you are not using an email provider that provides anti-malware protection then you might want to scan any incoming files for malware using an online antivirus website like "VirusTotal", or a bootable antivirus program, or an installed antivirus application, before accessing the file. There are some antivirus applications that can remove (clean) the malware from the infected file, but that does not always work and the file(s) should be re-scanned to verify that it is now safe to use.
Mike-Linux-Mint wrote:And last one, well, let's say I get a virus specifically targeted to Linux, which is rare at the moment but maybe not so in the future,Well, that virus could screw my computer but if I have everything backed up on an external hard drive, it wouldn't do much harm, would it? I mean would I have to worry about my passwords stored in my browser, like passwords to access your bank account and stuff? Reinstalling Linux would supposedly remove the virus, right?
If you have a clean backup from before any type of problems including malware and or viruses, then of course restoring that would eliminate the problems. Obviously, reinstalling Linux Mint would also do this.

Hope this helps ...

That helped me understand many things, indeed!
Thank you very much :D

User avatar
phd21
Level 18
Level 18
Posts: 8806
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Virus protection question

Post by phd21 » Sun May 19, 2019 2:07 pm

Hi Mike-Linux-Mint,

You are welcome...

FYI: You do not need to keep the previous person's quoted text in your new reply unless you are making point for point comments to reduce duplication.
Phd21: Mint KDE 18.3 & 19, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
lsemmens
Level 8
Level 8
Posts: 2161
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Virus protection question

Post by lsemmens » Tue May 21, 2019 6:43 am

10 Things to Do First in Linux Mint 19.1 Tessa and Avoid 10 Fatal Mistakes in Linux Mint and Ubuntu .

Both from our excellent member Pjtor, all very good ideas for a newbie.
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

missmoondog
Level 2
Level 2
Posts: 94
Joined: Wed Nov 07, 2018 9:17 am

Re: Virus protection question

Post by missmoondog » Tue May 21, 2019 11:21 am

personally, wouldn't waste my resources on an av on linux. have never used one on it although i very seldom did in windows either.

a good adblocker such as ublock origin, which, imo, is WAY better than adblock plus and a good host file, which you don't really need either if you enable the msvp host file protection built into ublock origin is all you should need. some common sense helps also. personally, haven't ever had the need to install stuff using a ppa here. just stick with stuff you can get through synaptic and you should be good to go!

Post Reply

Return to “Newbie Questions”