Malware anti virus

[robgoss]

Hello everyone, I was wondering if anyone here would confirm if Linux users should have some soft of Malware install on their system. I have reading up a little and someone suggested Sophos anti virus was a good program to use. What do you all think?

[Habitual]

Hello everyone, I was wondering if anyone here would confirm if Linux users should have some soft of Malware install on their system. I have reading up a little and someone suggested Sophos anti virus was a good program to use. What do you all think?

I have no malware installed on my system.
Why do you feel you need it?

I have reading up a little

Reading up a little where exactly?

[jimallyn]

Nearly all Linux users don't use any anti-virus or anti-malware software. In the 13 years I have been using Linux, none of my Linux computers have been infected with a virus or any sort of malware. Nor has the computer of any Linux user I know been infected with a virus or any malware. Linux isn't Windows.

[exploder]

15 years here with no viruses or malware. No real need for ant virus software in Linux.

[robgoss]

Hello and thanks for replying, Well I was listening to some guy on YouTube talking how most Linux user thnk they can't get any Malware on their systems but in fact you can, he also claims he him self, got Trojans on this machine and needed anti malware to get it off. I was just wondering if there was any truth to this.

Here's the video https://youtu.be/y_lhqg_p21k don't think it's true but had to ask

[jimallyn]

I noticed he has comments disabled for that video. That's probably because there would probably be a lot of people debunking his "debunking." I don't claim to be an expert, but even to me, it's clear he has a lot of misconceptions about Linux.

[karlchen]

I was wondering if anyone here would confirm if Linux users should have some soft of Malware install on their system.

The final answer to this question is and will very likely always be: No, for goodness sake, we strongly discourage people from installing any malware on their systems. Why would you want to do so?

In case the question actually was whether Linux users should have some kind of anti malware product installed on their Linux system, then the answer to this question will be: It all depends. It depends on which kind of anti-malware product you have in mind. And which system do you want to protect from which malware?

Products like Sophos or ClamAV search for Windows malware, not for Linux malware. Running such an anti-malware product on Linux will only make sense in case you download Windows software on your Linux Mint machine and pass this Windows software on to Windows machines and want to make sure you do not pass on infected Windows software.
Such products will not protect your Linux system from being infected by Linux malware.

Now there is the hypothesis there were no Linux malware. If this were true then there would be no product like rkhunter (available from the normal software repositories) It may be true that Linux malware is not as widely spread as Windows malware, but it is a bit naive to assume that Linux machines were no target for malware, though its nature may be different from Windows malware.

The best way of protecting Linux Mint from catching malware is by installing software from the official software repositories only and staying away from software coming from dubious sources. Moreover it is a wise idea to install available software updates, in particular security updates regularly and in a timely fashion.

[Buzzsaw]

I was wondering if anyone here would confirm if Linux users should have some soft of Malware install on their system.

The final answer to this question is and will very likely always be: No, for goodness sake, we strongly discourage people from installing any malware on their systems. Why would you want to do so?

Are you joking? I can't tell. He obviously means anti-malware.

[Buzzsaw]

Installing anti-virus software to protect against malware that targets Linux, is both impossible and pointless. This is because all Linux anti-virus software is designed to detect Windows viruses only.

[karlchen]

Hi, Buzzsaw.

I amended my initial reply a bit.

About your question

Are you joking? I can't tell. He obviously means anti-malware.

This is why I marked in blue letters what had been written. Of course I knew what should have been written instead. And yes, obviously this part of my reply was ironical.

Installing anti-virus software to protect against malware that targets Linux, is both impossible and pointless.

Installing rkhunter is very easy. Whether running it is pointless or not depends on whether one knows its limits and on whether one knows how to interpret its results.

Karl

[Buzzsaw]

I wasn't sure, since I'm used to seeing people put a smiley face after they write something flippant.

I forgot that there are rootkit detection programs for Linux. But are there any Linux rootkits?

[vl1969]

If you watch the video carefully, and I am not sure why his app did not work before cleaning, but the scan clearly show thay one file was an .exe, which is NOT linux but windows file. This does not prove that linux had viruses, it simply show that some apps carry with in a virus targeted for windows. But they will not really work on linux unless you run Wine AND alow the app to run.

Sent from my phone

[Hoser Rob]

Hello and thanks for replying, Well I was listening to some guy on YouTube ...

And who the frak is he????

No, you won't get viruses.

Yes, you can still get hacked. There is no OS that doesn't have any exploits.

[Pjotr]

You don't need AV. In fact, it's even a bad idea: it gives a false sense of security, and false positives might induce you to damage your system.

You might be interested in this article that I wrote on Linux security:
https://sites.google.com/site/easylinux ... t/security

As long as you install updates as soon as they become available, don't install from other sources than the official software sources and (most importantly) use your common sense, you're fine.

Don't fall for FUD. Relax, you're running Linux.

[zerozero]

here we go again

the 2 files that sophos finds are tekdefense.dll and 854137.exe, both windows-only executables, completely harmless in linux (and no, not even with wine installed they could be a threat, it was tried before >> http://archive09.linux.com/feature/42031 : doesn't work, windows .exe's or .dll's don't infect linux)

relevant topic at reddit with some interesting comments https://www.reddit.com/r/linux/comments ... _that_his/

[kkolarik]

I'm a recent (January of this year) convert to Mint. Prior to that, I used Windows, with only brief excursions into Linux. I understand the psychology of wanting to have some sort of anti malware protection. That having been said, I don't see the need to tie up my computer's resources with anti malware at this point. Linux is a very secure system. Between running the updates when required, and showing a modicum of common sense, Mint will provide you with a secure system without the sluggishness that comes hand-in-hand with an effective anti malware program.

[Cosmo.]

In fact, it's even a bad idea: it gives a false sense of security

This is true, but it is not the complete story.

If one takes some time to read about AV-programs (for Windows, usually with on-access scanner) than you can find the following problems:
AV-programs itself are a source of (partially very heavy) safety faults. It has been found, that the libraries that get used are partly very old with non-patched security holes.
AV-program in Windows need to be set deep into the system. As a consequence security holes in AV-programs can create new risks. Again and again such programs allow to attackers privilege escalation, which leads to the result, that even with a standard user logged in a malicious software may gain admin rights.
Every few weeks there comes the problem, that an AV-program runs amok (because of wrong virus-definitions, aka false-positive), which lead to the result, that they quarantine essential parts of the OS; as a consequence the OS (Windows) is no more bootable. The last one which did so was avast.

And not to forget: AV-programs take an essential part of the CPU-ressources. This is partly necessary to do other job, partly it is a consequence, that the manufacturers respectively their marketing department invent constantly new "features", to have something, what the competitors do not have.

BTW: At least since the time, when Windows needed an activation (i.e. since XP) there is the question, what information the OS phones to the company. Such a deep into the OS integrated software as AV can phone easily without the user will ever notice it. And as current virus-definitions are a indispensable part of any AV it is in reality impossible to cut their Internet connection (if this should doable at all).
Very new in this context: There does exist since years an only on-demand-scanner by McAfee named Stinger; it's purpose is to clean infected systems (leaving open if this is doable at all). Since some time there gets with Stinger without noticing the user a background-scanner named Raptor installed, which is in Beta-state. The user has no chance to opt-out if he only wants to use Stinger. Raptor sends in the background data to the server, inclusive a GUID of the system (what makes the system identifiable). I give this example to show, that AV does not automatically mean more safety.

Result: The fact, that AV is unnecessary for Linux is itself a huge security advantage.

Further reading

[Matthew Paul]

Just an opinion to the initial post.

Your concern and question appears to come from a video you watched. This is just my opinion... when it comes to utube, considering the total number of videos on that site, for this type of information, ...I would say 20% are worthy. The rest seem to have become the "Online" LameStreamMedia or Web's version of television. Many are made to encourage the viewer to buy their product or discourage you from using one they'd prefer you not use. ....like Linux

When researching such information as you were seeking, be VERY sceptical and check a minimum of 10 videos. I would agree with Pjotr. If you are unsure about the information or want to make an additional check to see if it's authentic, check for comments. If there are no comments on the video, check the number of views. If it's a large number of views, see if you can leave a comment. If not, I would not give the video much credit and move onto the next.

[1.618]

Preaching to the converted i know, but what's the point in having something that is only any good AFTER you've been infected? You wouldn't leave a bath running and just keep mopping up the floor constantly, so it would be illogical to apply the same attitude towards your computing. sensible practices and a touch of common sense can keep you out of trouble.

[Perri 7]

Hello,

I am by very far new to Linux and certainly no expert on the existence of Linux viruses or trojans. As I have said in another post, I only have many questions at this stage. One question I did ask which remains open relates to reports that the “Turla Trojan" was found lurking about in the Linux world. I asked whether the "Gufw" firewall could stop such a trojan from infecting my machine. I have to go back to that post when I have some time, but I believe the question remains open.

Perri 7.