and if so any suggestions? i have like 6 on my windows
Antivirus is a fucked approach, it basically scans files for what they call malware “signatures”, which they accumulate over the years from malware found in the wild. Problems with that:
- False positives.
- False negatives.
- Slows down the computer.
- Malware developers can obviously see what the antivirus is doing, so they change their malware till it is no longer detected, and/or sabotage the antivirus once they’re on the computer.
- You now have a privileged uberparser on your computer, that unpacks and parses all manner of file formats, and it is being run on everything. This increases attack surface a lot.
The whole idea is misguided, and only exists because these companies managed to scare people into buying their snake oil.
im guessing that’s a “no” then?
Sooo… What is a good approach then?.. especially for us idiots who still use Windows?
Don’t download random .exe’s off the internet. This is pretty much the only thing that an antivirus has any chance of catching, since it’s where you’ll find “old” malware your antivirus knows about. If you do risky stuff like that (pirating PC games?) maybe don’t use that computer for anything important or personal.
Then the usual stuff, which you want to do anyway, because antivirus doesn’t help with that:
- Update your software.
- If you have any reason to believe your computer might be compromised, completely wipe the hard drive, start from scratch, and change all your passwords.
- Install an ublock origin to block ads. Ads are a common attack vector.
- Assume every link or attachment from an email or message is a scam unless you were expecting it or you can prove otherwise.
Generally no. If you are installing software from trusted sources (I.e. your distribution’s package repository) and applying security updates in a timely manner, there is very little to worry about. If you are processing untrusted files and forwarding them to third parties (I.e. you’re running a mail server) there are tools like ClamAV to check for KNOWN viruses.
It is entirely possible to install viruses if you are running software from untrusted sources. This includes viruses designed for Windows by running sketchy things in Wine/Proton. These are compatibility layers, and if they are working correctly that includes compatibility with malware. Isolation is explicitly not a design goal of these projects. If you run a Windows ransomeware in Wine, you WILL lose your data. If you run a naive Limewire worm in Wine, Limewire WILL autostart and spread the worm.
Always be careful with pirated software. It doesn’t hurt to run ClamAV on a torrent before trying to use it.
How effective is something like virtual box at isolating windows?
It’s not impossible for malware running in a type 2 hypervisor like Virtual Box to do a guest-to-host attack, but those attacks are pretty specialized and most viruses aren’t going to affect the host system.
Nope, not really. The way Linux keeps userspace very limited in what it can do means that as long as you don’t do something very unwise like deliberately giving more privileges to a shady program you’re not really at risk. Just try to only install stuff through your package manager if you can help it and only directly install programs that you trust. If you want to pirate software it can be a little tricky to do safely, I run my games through Lutris and Wine which creates a layer of isolation.
What I don’t like about Linux is that a lot of things require you to sudo to install if you’re installing outside of the App Store, which is often. Even then a lot of apps require you to sudo to download from the store.
I have no problem with it because I understand my computer, but it just seems like a disaster waiting to happen for a noob who wants to install a bunch of shit and all the tutorials just casually instruct them to do so without warning of the implications.
Indeed, it’s a big problem with Ubuntu/Snap but I haven’t been burned yet. Other distros have better app managers, and of course it does depend on what the user is doing. Most people should only need LibreOffice, Firefox, Steam, and some random apps here and there since almost everything runs on the browser nowadays, so it really isn’t a huge problem.
Most of this software can be installed without sudo by changing the prefix in the (pre-compile) configuration step. The prefix usually defaults to
/usr/local
, which requires root, but you can change it to (e.g.)/home/your_user_name/.local
and install without special privileges. You need to add the directories toPATH
/LD_LIBRARY_PATH
etc. but then it works practically as an overlay on top of your distribution-provided packages without any permanent side effects or impact on other users.You’re right that most instructions don’t explain this, though. They just kind of assume GNU Autoconf / CMake / Meson is intuitive to mere mortals.
The main reason that you don’t need an “antivirus software” on GNU/Linux is that software is treated in a fundamentally different way. On windows, it is pretty common for people to download exe files from random website and run them. On GNU/Linux, you should not being running random executables that you found on the internet. The majority of the software that you use should be installed from your distro repository.
If you are very concerned about security, you can use a security auditing tool like Lynis. Lynis is a tool that I have used before. You run it and it makes a checklist of things that you can do to improve the security of your GNU/Linux system. It will probably tell you to set up an Intrusion Detection System like TripWire. It might recommend you to do something like having your system files on a separate partition and booting your system partition as read only when you use your computer normally. Most people don’t do all these things, but Lynis will tell you what is possible and you can decide what meets your security needs. Lynis is probably in your distro repository.
https://en.wikipedia.org/wiki/Lynis
This is a pretty good checklist of security practices for a GNU/Linux desktop system.
https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
I don’t use antivirus on any OS these days, with the exception of the default Windows Defender on windows.
People say that Linux is inherently safer, which I’m inclined to believe, but it’s also not widespread enough to put that theory to the test. Windows and Mac are commonly targeted because that’s what most people use. You’ll see more effort put into hacking Linux if it became normalized.
It’s not really analogous to seatbelts and condoms either, because while those things aren’t foolproof, you don’t really know what antivirus is doing besides what they advertise. I believe a few big name vendors were caught mining bitcoin.
But if you must, having more than one will not make you safer. In this case, it’s like using a condom. Using multiple will just slow things down, potentially break your system, have a bunch of conflicts, and send your stuff to multiple places. I recommend deleting them and using the default Windows Defender.
it’s also not widespread enough to put that theory to the test.
In a way it is in that most large servers are running Linux, which offers a pretty high value target for attackers. That doesn’t translate perfectly to desktop Linux because the attack surfaces are slightly different, but I think it’s safe to say Linux is targeted.
Linux dominates web, iot, mobile, supercomputers, financial, cloud and development devices… Targets that are way more valuable than desktops which is probably what you’re thinking of.
True, but also more secure by virtue of being valuable and maintained by large companies with resources. Windows and macs are used by the everyday shlub so it can be anywhere from an encrypted brick to “123admin” level of secure.
dw the ones i have dont overlap, i have some understanding of how the computer works
Yes. Growing marketshare and new unfamiliar users who have picked up the bad habit of copy/pasting stuff from random websites into their terminals creates a great environment for malware.
Selinux and apparmor both handle this like windows did, where stuff that you usually shouldn’t be doing raises a red flag and the computer says something on the “uhh, you sure bout that?” To “absolutely not. Boot into a different environment if you wanna pull that!” Spectrum.
The problem is that you gotta learn one of those two.