Linux

47366 readers

1999 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

193

Never-before-seen Linux backdoor is a Windows malware knockoff (arstechnica.com)

submitted 1 year ago by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 13 points 1 year ago (5 children)

What is the recommended AV scan solution for Linux? Sounds like it’s needed these days.

[–] [email protected] 18 points 1 year ago* (last edited 1 year ago) (1 children)

There's a surprising lack of them, and rather too many people who say "if you get a virus in Linux you're doing Linux wrong." ClamAV is readily available but pretty basic, slow at scanning, not real-time, and erring on the side of false positives. The commercial options are all sold to businesses under those "contact us and we'll tell you what it costs once we've figured out how much money you have" pages. And if you search for answers you find a lot of recommendations for AV products that don't seem to exist any more.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)

A lot of those enterprise solutions like crowdstrike are a pain in the ass because they use a binary kernel module that supports like 5 kernels at most too

[–] [email protected] 12 points 1 year ago

Clamav is really the only thing I've used.

[–] [email protected] 1 points 1 year ago

ClamAV if you're ok with non real-time stuff

[–] [email protected] 1 points 1 year ago (1 children)

Kaspersky Endpoint for businesses. This is the only competent solution that exists as a realtime AV. The fact is, most AV companies do not make AV for Linux, and most of those who do, make it just for the business and not from a competence POV. Regardless of your political stance, Kaspersky is by far the anti-malware industry king, both in terms of heuristic and blacklist protection and in terms of annual global reports.

[–] [email protected] 17 points 1 year ago (2 children)

Thanks, my government (UK) has banned Kaspersky for use in their infrastructure, so I’ll follow their advice for my own. Not mentioned in the replies is BitDefender, I see they have a solution as well, I’ll evaluate.

[–] [email protected] 1 points 1 year ago

Maybe Crowdstrike? I know I see it on our linux machines. I am not endorsing it one way or the other. I will say that we have had a couple of incidents where I thought it was taking up more cpu in a high cpu situation, but our admins turned it off, and that wasn't the problem. So I guess it's working ok. One of their updates caused some issues one time, and I don't recall the exact details, but I think that was a one off and they haven't done it again.

[–] [email protected] -2 points 1 year ago

I almost forgot to tell you. For the equivalent of business endpoint AVs, there exist consumer AVs. If for those products, the companies have auto renewal policy, stay away from any such money grubber AV company. Very few companies like Kaspersky do NOT have auto renewal. Norton for example has it.

[–] [email protected] -1 points 1 year ago (1 children)

Common sense antivirus (tm)

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

This isn't helpful, nor true. As technology grows, so do attack vectors, so do malware devs, so do vulnerable softwares, so do cloud servers and SaaS and android and steamos and IoT making linux a juicier target.

Two truths of "common sense" is that it's rarely actually common nor does it make sense to anyone not already In The Know. The "Sense" that is actually common is often wrong.

If by "Common sense antivirus" you mean "don't download and run the Hot Singles Finder ELF from a xxxNerdsDickedDown.com ad," that kind of common sense simply isn't enough to ensure avoiding infection anymore; if you mean "use a firewall, and don't install/run anything without checking signatures/checksums, and prefer sandboxing, and also check for exploits of application management programs like Steam or Google Play that are theoretically supposed to be checking signatures/checksums for you, and use a password manager, and don't click on the links in email, and check the headers to ensure it's actually fron who it says it's from, and..." then you're far outside the realm of "common."

If your kneejerk response is "that's just being overly paranoid," congrats, you have become a User: you are the type of person who needs something to automate checking for malware/exploits so you don't get yourself botnet'd.