Why would a normal Manjaro user install anti virus software?

My Manjaro has Clamtk anti-virus installed, manjaro wiki tells me … for Mail-servers … so my question is: any reason to use anti-virus software on a default linux install?
Just read a user forum thread about a german guy who wanted to scan every 30 minutes?!!!

Info:

Generated on 2021-09-30 11:51:1632995497

#################### inxi -Fxzc0 ########################

System:    Kernel: 5.10.68-1-MANJARO x86_64 bits: 64 compiler: gcc v: 11.1.0 Desktop: Xfce 4.16.0 
           Distro: Manjaro Linux base: Arch Linux 
Machine:   Type: Laptop System: LENOVO product: 81RS v: Lenovo Yoga S740-14IIL serial: <filter> 
           Mobo: LENOVO model: LNVNB161216 v: SDK0J40709 WIN serial: <filter> UEFI: LENOVO 
           v: BYCN38WW date: 12/10/2020 
Battery:   ID-1: BAT0 charge: 61.8 Wh (94.6%) condition: 65.3/62.0 Wh (105.3%) volts: 17.0 
           min: 15.4 model: LGC L19L4PD2 status: Unknown 
CPU:       Info: Quad Core model: Intel Core i7-1065G7 bits: 64 type: MT MCP arch: Ice Lake rev: 5 
           cache: L2: 8 MiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 23968 
           Speed: 1200 MHz min/max: 400/3900 MHz Core speeds (MHz): 1: 1200 2: 1201 3: 1200 
           4: 1200 5: 1201 6: 1202 7: 1201 8: 1200 
Graphics:  Device-1: Intel Iris Plus Graphics G7 vendor: Lenovo driver: i915 v: kernel 
           bus-ID: 00:02.0 
           Device-2: NVIDIA GP108M [GeForce MX250] vendor: Lenovo driver: nvidia v: 470.63.01 
           bus-ID: 2b:00.0 
           Device-3: Chicony Integrated Camera type: USB driver: uvcvideo bus-ID: 3-5:4 
           Display: x11 server: X.Org 1.20.13 driver: loaded: modesetting,nvidia unloaded: nouveau 
           resolution: 1: 1680x1050~60Hz 2: 1680x1050~60Hz 
           Message: Unable to show advanced data. Required tool glxinfo missing. 
Audio:     Device-1: Intel Ice Lake-LP Smart Sound Audio vendor: Lenovo driver: sof-audio-pci 
           bus-ID: 00:1f.3 
           Sound Server-1: ALSA v: k5.10.68-1-MANJARO running: yes 
           Sound Server-2: sndio v: N/A running: no 
           Sound Server-3: JACK v: 1.9.19 running: no 
           Sound Server-4: PulseAudio v: 15.0 running: yes 
Network:   Device-1: Intel Ice Lake-LP PCH CNVi WiFi driver: iwlwifi v: kernel port: 4000 
           bus-ID: 00:14.3 
           IF: wlp0s20f3 state: down mac: <filter> 
           Device-2: Realtek RTL8153 Gigabit Ethernet Adapter type: USB driver: r8152 
           bus-ID: 3-1:2 
           IF: enp0s20f0u1 state: up speed: 1000 Mbps duplex: full mac: <filter> 
           IF-ID-1: pan1 state: down mac: <filter> 
Bluetooth: Device-1: Intel AX201 Bluetooth type: USB driver: btusb v: 0.8 bus-ID: 3-10:6 
           Report: rfkill ID: hci0 rfk-id: 3 state: up address: see --recommends 
Drives:    Local Storage: total: 1.86 TiB used: 364.15 GiB (19.1%) 
           ID-1: /dev/nvme0n1 vendor: Micron model: MTFDHBA1T0TCK size: 953.87 GiB temp: 38.9 C 
           ID-2: /dev/sda type: USB vendor: Western Digital model: WD10EARX-00N0YB0 
           size: 931.51 GiB 
           ID-3: /dev/sdb type: USB vendor: Kingston model: DataTraveler 2.0 size: 14.54 GiB 
           ID-4: /dev/sdc type: USB model: Kindle Internal Storage size: 2.77 GiB 
Partition: ID-1: / size: 57.9 GiB used: 34.27 GiB (59.2%) fs: ext4 dev: /dev/nvme0n1p8 
           ID-2: /boot/efi size: 259.5 MiB used: 105.5 MiB (40.7%) fs: vfat dev: /dev/nvme0n1p1 
Swap:      ID-1: swap-1 type: partition size: 16.67 GiB used: 4.5 MiB (0.0%) dev: /dev/nvme0n1p9 
Sensors:   System Temperatures: cpu: 48.0 C mobo: N/A 
           Fan Speeds (RPM): N/A 
Info:      Processes: 276 Uptime: 1d 15h 31m Memory: 15.2 GiB used: 1.99 GiB (13.1%) Init: systemd 
           Compilers: gcc: 11.1.0 Packages: 1744 Client: Unknown Client: wrapper-2.0 inxi: 3.3.06 



I thought until today: no anti-virus software needed, its linux?!!

1 Like

There are no actual GNU/Linux viruses in the wild. There exists malware that works in GNU/Linux, but then if a computer gets infected, it’s usually because of something the user did, and in most cases, it can’t affect anything beyond the user’s home directory.

To the best of my knowledge, all antivirus software for GNU/Linux actually scans for Windows viruses, so that you can scan a Windows drive or keep Windows clients safe if your GNU/Linux machine acts as a mail server for those Windows clients.

The virus scare is one of those Windows indoctrinations. People coming from the Windows world don’t know that all those viruses are specific to Windows, and that the virus makers actively target Windows because…

  • it is the most widely used operating system on desktop computers; and…
  • Windows is so poorly designed that it’s full of vulnerabilities that can easily be exploited.

The bottom line is that, no, you don’t need any antivirus software in GNU/Linux.

6 Likes

I am not sure this is still true. There has been a recent uptick in development of ransomware specifically targeting Linux. Several of which have been confirmed in the wild. Many businesses are now scrambling to get some type of protection on Linux workstations and servers.

1 Like

Yes, but

  • Ransomwhare is not a virus. It is definitely malware, but it works differently. It has to find its way onto a computer in different ways ─ usually through social engineering, i.e. getting the user to click on something or install something.

  • Ransomware can’t operate outside of the user’s home directory, unless ─ see above regarding social engineering ─ trhe user is stupid enough to install it with root privileges.

Some ransomware is also installed on servers through the sloppiness of the server admin with regard to remote login security. This is the variety that appears to be going round the most when it comes to GNU/Linux, given that there are far more GNU/Linux servers than GNU/Linux workstations.

There is either way no known software that offers protection against ransomware on GNU/Linux, and if there were, then it would probably first be released commercially. All anti-malware tools currently available for GNU/Linux actually scan for Windows viruses.

There are of course things like rkhunter, to scan for rootkits. But rkhunter will always report false positives on its first run and needs to explicitly be configured to ignore certain files, because ─ at least, to the best of my knowledge (but I could be wrong) ─ the software is no longer being maintained.

And in that regard, it is also imperative that people understand what a rootkit is and what it does. A rootkit does not grant a remote attacker access to your computer; a rootkit is installed on your computer to hide the fact that the remote attacker already has access to your computer.

…there is. Vermilion strike (sort of cobalt strike). And Revil, works nativly on linux.
Linux Ransomware - YouTube

…it’s mostly targeting servers (red hat).
Linux Malware Calls Home: Vermilion Strike - YouTube

2 Likes

The ELF file is built on a Red Hat Linux distribution. It uses OpenSSL via dynamic linking. The shared object names for OpenSSL on Red Hat-based distributions are different from other Linux distributions. Because of this, it can only run on machines with Linux distribution based on Red Hat’s code base.

Also no comments with regard to how this malware makes it onto the system, other than that it is a file.

There appears to be a reference to X11 and GTK, but that’s all they’re saying about it. Which means that they themselves don’t know how the machine gets infected, and that they can only describe what the malware does once it has been installed on the machine.

By the way, the guy doing the video on Revil has the file installed on his system, and he has given it execute permission. Conveniently, he neglects to mention both of those things, just as he also neglects to mention that it only encrypts the files in his home directory.

Doesn’t that make it even more scary?

See my last paragraph above. Maybe that’s the intent of the security firm reporting on this. They do after all make their living out of selling anti-malware tools.

Yes, all true. But you (better than me) know what the average user is doing… shady third party links…and so on. No panic, but be aware.

And a loose nut between the keyboard and the chair. :stuck_out_tongue:

1 Like

I’ll have to disagree hard with the chosen solution of this thread.
I will agree it is more difficult to get viruses and/or malware on Linux compared to Windows or Mac but is untrue that there are no viruses for Linux. It is my understanding most Linux users are explorers in technology and somewhat tinkerers. Which increases the chance to get infected. We are not exempt to be fooled by phishing attempts and the likes. If a virus is made to target Linux servers… is still linux and may very well works on Desktop Linux.
But the most important argument for having an Antivirus is that it scans Windows viruses and that means if a Linux user have installed Wine, Protondb (In Steam), or share files with windows users like documents, archives, etc, it wont hurt to scan your system every once in a while.

2 Likes

Which is pretty much the most important part of a user system. You can argue that users have to make backups of their files but in most cases this does not happen. It could be as quick as downloading and executing a file (which you shouldn’t do if you don’t trust the source at least). Just wanted to point that “ho it’s just the user files” comment seems to make it so it is no big deal, it is in my opinion in real world scenario.

1 Like

I want to challenge this statement. Because we are “tinkerers” and “explorers” it reduces the risk of infection because we know and understand what we run on our machines.

No because you never know and can never fully know if a system is compromised. If your Antivirus doesn’t find something, this means nothing.

Do you think Steam will install malware so that you need to scan its files?
Malware doesn’t just randomly appear in your own documents or archives. Most likely, you’ll receive an email attachment. For this to propagate to Windows, you have to first download the file to the shared volume. Why would you do this?

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.