#8 reawakened my nervousness about the lack of virus protection on Linux. With every milestone we celebrate it becomes more likely that malicious people target desktop Linux with their malware, and I don’t think the “Linux is inherently secure” mentality helps. I hope clamav’s on access scanner is fixed and improved so it becomes commonplace before there’s some big newsworthy scandal.
Granular permissioned access for apps from trusted supply chains is better than attempting deny lists based on signatures (AV).
I still use it, but I put way more effort into SLSA, securing containers, flatpaks, and limiting their blow back. From there its keeping up with CVEs in ways that do not create more or break functionality.
I will say A LOT of the Linux software ecosystem is was more secure than Window’s default.
I don’t think a Linux anti virus program would be such a big security win. Phishing is the biggest security threat to most users, and no amount of software can prevent that.
Sure, downloading and running random shit is a concern, but people in that group are a bit of a lost cause. The best solution for that is to harden the OS, prevent running executables through the GUI, or from user folders (I think SELinux could do that), disable sudo on the user account, and only allow installing Flatpaks. The security of Flathub may not be perfect, but it’s a smaller attack surface than the whole internet.
But even if you do that, an Indian call center scam is still going to manipulate your grandma into buying Amazon gift cards, so… It’s a lost cause.
… but people in that group are a bit of a lost cause.
touche. I don’t think the existence of other threats is a reason to dismiss this one. And I don’t think simply prohibiting running random executables is sufficient as it isn’t ‘most users’ who are switching to Linux. The people likely to switch to Linux are also the people likely to want to run programs that aren’t yet distributed in repos. I can imagine a scenario where the malware is hidden in a program hosted on a custom flatpak repo and requires permissions for normal operation that’d make flatseal ineffective for stopping the malware.
The ideal anti-virus in my mind would ignore programs installed from official repos and on access scan ones installed from anywhere else. It’d also keep track of critical vulnerabilities to give you a heads up about updating your system.
Is there antivirus for Android? I mean there surely is, but Android does not really need it because it’s built from scratch to give each app as little permissions as possible*. Desktop Linux is going in the same direction.
* technically. This does not mean that Android is secure in terms of privacy.
For sure. I recall installing an open source mahjong from the android google store when I bought my first ever android device about a decade ago. Instantly took over my tablet and kept throwing ads at me. And it got into the root and wouldn’t go away when doing a reinstall. Fortunately it was a super cheap tablet that I only got to toy around with. But I have had no interest in ever getting another android device since then.
AFAICS this screens software before it goes into the store, or screens sideloaded apps on device before installation. That’s still far from antivirus as Windows users know it.
App Scanning: It automatically scans all apps on your device—regardless of where they were downloaded (though it focuses heavily on apps from the Google Play Store and those sideloaded).
Real-time Protection: It runs safety checks on apps before you download them from the Play Store.
Periodic Device Scan: It periodically scans your device for Potentially Harmful Applications (PHAs), which are sometimes called malware.
Warnings and Removal: If it finds a potentially harmful app, it will warn you, disable the app, or in some cases, remove the app automatically.
#8 reawakened my nervousness about the lack of virus protection on Linux. With every milestone we celebrate it becomes more likely that malicious people target desktop Linux with their malware, and I don’t think the “Linux is inherently secure” mentality helps. I hope clamav’s on access scanner is fixed and improved so it becomes commonplace before there’s some big newsworthy scandal.
Granular permissioned access for apps from trusted supply chains is better than attempting deny lists based on signatures (AV).
I still use it, but I put way more effort into SLSA, securing containers, flatpaks, and limiting their blow back. From there its keeping up with CVEs in ways that do not create more or break functionality.
I will say A LOT of the Linux software ecosystem is was more secure than Window’s default.
People were saying the exact same thing when I first started using Linux in 1999-ish
What is survivorship bias aka gambler’s fallacy?
I’m not saying Linux is immune, just that people have said that, practically word-for-word, forever.
I don’t think a Linux anti virus program would be such a big security win. Phishing is the biggest security threat to most users, and no amount of software can prevent that.
Sure, downloading and running random shit is a concern, but people in that group are a bit of a lost cause. The best solution for that is to harden the OS, prevent running executables through the GUI, or from user folders (I think SELinux could do that), disable sudo on the user account, and only allow installing Flatpaks. The security of Flathub may not be perfect, but it’s a smaller attack surface than the whole internet.
But even if you do that, an Indian call center scam is still going to manipulate your grandma into buying Amazon gift cards, so… It’s a lost cause.
touche. I don’t think the existence of other threats is a reason to dismiss this one. And I don’t think simply prohibiting running random executables is sufficient as it isn’t ‘most users’ who are switching to Linux. The people likely to switch to Linux are also the people likely to want to run programs that aren’t yet distributed in repos. I can imagine a scenario where the malware is hidden in a program hosted on a custom flatpak repo and requires permissions for normal operation that’d make flatseal ineffective for stopping the malware.
The ideal anti-virus in my mind would ignore programs installed from official repos and on access scan ones installed from anywhere else. It’d also keep track of critical vulnerabilities to give you a heads up about updating your system.
Why are we shouting?
Anyway, don’t waste your time with “antivirus” software. That is not how you secure a system.
Your viewer must be parsing
#8as# 8.You’re free to not ‘waste time’ with anti-virus but I prefer the peace of mind.
You need to put a backslash before the hash tag. In Markdown a # is a headet
No? There needs to be a space between on piefed and that’s how it works on github too.
https://piefed.social/comment/8602660
Yes, but projects like Wayland which are trying to do this get shouted down.
Is there antivirus for Android? I mean there surely is, but Android does not really need it because it’s built from scratch to give each app as little permissions as possible*. Desktop Linux is going in the same direction.
* technically. This does not mean that Android is secure in terms of privacy.
For sure. I recall installing an open source mahjong from the android google store when I bought my first ever android device about a decade ago. Instantly took over my tablet and kept throwing ads at me. And it got into the root and wouldn’t go away when doing a reinstall. Fortunately it was a super cheap tablet that I only got to toy around with. But I have had no interest in ever getting another android device since then.
The Linux desktop is not really going in the same direction as Android
Not that “antivirus” software any more or less useful. It is mostly snake oil.
deleted by creator
I’m not sure if you’ve spent much the in the industry but it kind of is
Yes there is a Google Play Protect. There is also a service that checks every single App on the Store separately.
Though the effectivity is debatable.
There are third party ones but I have not heard anything good about any of them. I am not sure they are legitimate
AFAICS this screens software before it goes into the store, or screens sideloaded apps on device before installation. That’s still far from antivirus as Windows users know it.
In theory it does all of below:
Yes, and it’s better. Each app gets scanned before it even reaches your device. You can’t do that on a PC.
AV is a joke. Best thing is ephemerality. No persistence
Immutable, ephemerable, granularly permissioned, and encrypt EVERYTHING to enforce said permissions.
1000x better than software signature hunting