My Manjaro has Clamtk anti-virus installed, manjaro wiki tells me … for Mail-servers … so my question is: any reason to use anti-virus software on a default linux install?
Just read a user forum thread about a german guy who wanted to scan every 30 minutes?!!!
There are no actual GNU/Linux viruses in the wild. There exists malware that works in GNU/Linux, but then if a computer gets infected, it’s usually because of something the user did, and in most cases, it can’t affect anything beyond the user’s home directory.
To the best of my knowledge, all antivirus software for GNU/Linux actually scans for Windows viruses, so that you can scan a Windows drive or keep Windows clients safe if your GNU/Linux machine acts as a mail server for those Windows clients.
The virus scare is one of those Windows indoctrinations. People coming from the Windows world don’t know that all those viruses are specific to Windows, and that the virus makers actively target Windows because…
it is the most widely used operating system on desktop computers; and…
Windows is so poorly designed that it’s full of vulnerabilities that can easily be exploited.
The bottom line is that, no, you don’t need any antivirus software in GNU/Linux.
I am not sure this is still true. There has been a recent uptick in development of ransomware specifically targeting Linux. Several of which have been confirmed in the wild. Many businesses are now scrambling to get some type of protection on Linux workstations and servers.
Ransomwhare is not a virus. It is definitely malware, but it works differently. It has to find its way onto a computer in different ways ─ usually through social engineering, i.e. getting the user to click on something or install something.
Ransomware can’t operate outside of the user’s home directory, unless ─ see above regarding social engineering ─ trhe user is stupid enough to install it with root privileges.
Some ransomware is also installed on servers through the sloppiness of the server admin with regard to remote login security. This is the variety that appears to be going round the most when it comes to GNU/Linux, given that there are far more GNU/Linux servers than GNU/Linux workstations.
There is either way no known software that offers protection against ransomware on GNU/Linux, and if there were, then it would probably first be released commercially. All anti-malware tools currently available for GNU/Linux actually scan for Windows viruses.
There are of course things like rkhunter, to scan for rootkits. But rkhunter will always report false positives on its first run and needs to explicitly be configured to ignore certain files, because ─ at least, to the best of my knowledge (but I could be wrong) ─ the software is no longer being maintained.
And in that regard, it is also imperative that people understand what a rootkit is and what it does. A rootkit does not grant a remote attacker access to your computer; a rootkit is installed on your computer to hide the fact that the remote attacker already has access to your computer.
The ELF file is built on a Red Hat Linux distribution. It uses OpenSSL via dynamic linking. The shared object names for OpenSSL on Red Hat-based distributions are different from other Linux distributions. Because of this, it can only run on machines with Linux distribution based on Red Hat’s code base.
Also no comments with regard to how this malware makes it onto the system, other than that it is a file.
There appears to be a reference to X11 and GTK, but that’s all they’re saying about it. Which means that they themselves don’t know how the machine gets infected, and that they can only describe what the malware does once it has been installed on the machine.
By the way, the guy doing the video on Revil has the file installed on his system, and he has given it execute permission. Conveniently, he neglects to mention both of those things, just as he also neglects to mention that it only encrypts the files in his home directory.
See my last paragraph above. Maybe that’s the intent of the security firm reporting on this. They do after all make their living out of selling anti-malware tools.
I’ll have to disagree hard with the chosen solution of this thread.
I will agree it is more difficult to get viruses and/or malware on Linux compared to Windows or Mac but is untrue that there are no viruses for Linux. It is my understanding most Linux users are explorers in technology and somewhat tinkerers. Which increases the chance to get infected. We are not exempt to be fooled by phishing attempts and the likes. If a virus is made to target Linux servers… is still linux and may very well works on Desktop Linux.
But the most important argument for having an Antivirus is that it scans Windows viruses and that means if a Linux user have installed Wine, Protondb (In Steam), or share files with windows users like documents, archives, etc, it wont hurt to scan your system every once in a while.
Which is pretty much the most important part of a user system. You can argue that users have to make backups of their files but in most cases this does not happen. It could be as quick as downloading and executing a file (which you shouldn’t do if you don’t trust the source at least). Just wanted to point that “ho it’s just the user files” comment seems to make it so it is no big deal, it is in my opinion in real world scenario.
I want to challenge this statement. Because we are “tinkerers” and “explorers” it reduces the risk of infection because we know and understand what we run on our machines.
No because you never know and can never fully know if a system is compromised. If your Antivirus doesn’t find something, this means nothing.
Do you think Steam will install malware so that you need to scan its files?
Malware doesn’t just randomly appear in your own documents or archives. Most likely, you’ll receive an email attachment. For this to propagate to Windows, you have to first download the file to the shared volume. Why would you do this?