#8 reawakened my nervousness about the lack of virus protection on Linux. With every milestone we celebrate it becomes more likely that malicious people target desktop Linux with their malware, and I don’t think the “Linux is inherently secure” mentality helps. I hope clamav’s on access scanner is fixed and improved so it becomes commonplace before there’s some big newsworthy scandal.
Granular permissioned access for apps from trusted supply chains is better than attempting deny lists based on signatures (AV).
I still use it, but I put way more effort into SLSA, securing containers, flatpaks, and limiting their blow back. From there its keeping up with CVEs in ways that do not create more or break functionality.
I will say A LOT of the Linux software ecosystem is was more secure than Window’s default.
That’s not it though. Linux doesn’t have a problem with viruses, didn’t have it before, doesn’t have it now. Predicting that it’s going to start right now 20 years in a row isn’t a good idea refardless, and pointing it out is a right thing to do.
Which doesn’t mean it couldn’t really start one day.
I don’t think a Linux anti virus program would be such a big security win. Phishing is the biggest security threat to most users, and no amount of software can prevent that.
Sure, downloading and running random shit is a concern, but people in that group are a bit of a lost cause. The best solution for that is to harden the OS, prevent running executables through the GUI, or from user folders (I think SELinux could do that), disable sudo on the user account, and only allow installing Flatpaks. The security of Flathub may not be perfect, but it’s a smaller attack surface than the whole internet.
But even if you do that, an Indian call center scam is still going to manipulate your grandma into buying Amazon gift cards, so… It’s a lost cause.
… but people in that group are a bit of a lost cause.
touche. I don’t think the existence of other threats is a reason to dismiss this one. And I don’t think simply prohibiting running random executables is sufficient as it isn’t ‘most users’ who are switching to Linux. The people likely to switch to Linux are also the people likely to want to run programs that aren’t yet distributed in repos. I can imagine a scenario where the malware is hidden in a program hosted on a custom flatpak repo and requires permissions for normal operation that’d make flatseal ineffective for stopping the malware.
The ideal anti-virus in my mind would ignore programs installed from official repos and on access scan ones installed from anywhere else. It’d also keep track of critical vulnerabilities to give you a heads up about updating your system.
Is there antivirus for Android? I mean there surely is, but Android does not really need it because it’s built from scratch to give each app as little permissions as possible*. Desktop Linux is going in the same direction.
* technically. This does not mean that Android is secure in terms of privacy.
AFAICS this screens software before it goes into the store, or screens sideloaded apps on device before installation. That’s still far from antivirus as Windows users know it.
App Scanning: It automatically scans all apps on your device—regardless of where they were downloaded (though it focuses heavily on apps from the Google Play Store and those sideloaded).
Real-time Protection: It runs safety checks on apps before you download them from the Play Store.
Periodic Device Scan: It periodically scans your device for Potentially Harmful Applications (PHAs), which are sometimes called malware.
Warnings and Removal: If it finds a potentially harmful app, it will warn you, disable the app, or in some cases, remove the app automatically.
For sure. I recall installing an open source mahjong from the android google store when I bought my first ever android device about a decade ago. Instantly took over my tablet and kept throwing ads at me. And it got into the root and wouldn’t go away when doing a reinstall. Fortunately it was a super cheap tablet that I only got to toy around with. But I have had no interest in ever getting another android device since then.
https://www.markdownguide.org/basic-syntax/
Putting a space is a good practice for compatibility because different software behaves differently. But the standard doesn’t specify it per se.
The Markdown format expects a space after whatever number of #s you put at the start, for it to be a corresponding level header.
Due to different parsers having different types of leeways, it becomes a bit difficult to make sure stuff always matches.
e.g. I was once mistaken about the way tabs work for multi-level bullets and numbering because GitLab had more leeway. Using discount, I realised where I was being wrong.
Yeah. The power of MD is that it’s lightweight, versatile, and not very restrictive. You don’t need to remember a lot, and the parser is dirt easy to implement.
The negatives are that it’s not very restrictive, nobody remembers what’s what, and the parser so easy to implement, everyone and their dog has one, and they’re all slightly different
Encryption on transports protects from man in the middle and sniffing. At rest protects evil maid exploits, which for these systems is more about preventing malicious software being swapped in place of trusted software.
The same applies to encryption of links like pcie and memory with the time of transport and rest changing.
Well yeah, you need to use Linux, the Linux way to make it secure.
If you are running VSCode as root after having logged into the DE as root and installing extensions willy-nilly, it won’t matter that your RHEL has SELinux installed.
#8 reawakened my nervousness about the lack of virus protection on Linux. With every milestone we celebrate it becomes more likely that malicious people target desktop Linux with their malware, and I don’t think the “Linux is inherently secure” mentality helps. I hope clamav’s on access scanner is fixed and improved so it becomes commonplace before there’s some big newsworthy scandal.
There is virus protection for Linux if you really want it (both free and paid).
https://www.safetydetectives.com/best-antivirus/linux/
Granular permissioned access for apps from trusted supply chains is better than attempting deny lists based on signatures (AV).
I still use it, but I put way more effort into SLSA, securing containers, flatpaks, and limiting their blow back. From there its keeping up with CVEs in ways that do not create more or break functionality.
I will say A LOT of the Linux software ecosystem is was more secure than Window’s default.
People were saying the exact same thing when I first started using Linux in 1999-ish
What is survivorship bias aka gambler’s fallacy?
That’s not it though. Linux doesn’t have a problem with viruses, didn’t have it before, doesn’t have it now. Predicting that it’s going to start right now 20 years in a row isn’t a good idea refardless, and pointing it out is a right thing to do.
Which doesn’t mean it couldn’t really start one day.
I’m not saying Linux is immune, just that people have said that, practically word-for-word, forever.
I don’t think a Linux anti virus program would be such a big security win. Phishing is the biggest security threat to most users, and no amount of software can prevent that.
Sure, downloading and running random shit is a concern, but people in that group are a bit of a lost cause. The best solution for that is to harden the OS, prevent running executables through the GUI, or from user folders (I think SELinux could do that), disable sudo on the user account, and only allow installing Flatpaks. The security of Flathub may not be perfect, but it’s a smaller attack surface than the whole internet.
But even if you do that, an Indian call center scam is still going to manipulate your grandma into buying Amazon gift cards, so… It’s a lost cause.
touche. I don’t think the existence of other threats is a reason to dismiss this one. And I don’t think simply prohibiting running random executables is sufficient as it isn’t ‘most users’ who are switching to Linux. The people likely to switch to Linux are also the people likely to want to run programs that aren’t yet distributed in repos. I can imagine a scenario where the malware is hidden in a program hosted on a custom flatpak repo and requires permissions for normal operation that’d make flatseal ineffective for stopping the malware.
The ideal anti-virus in my mind would ignore programs installed from official repos and on access scan ones installed from anywhere else. It’d also keep track of critical vulnerabilities to give you a heads up about updating your system.
Is there antivirus for Android? I mean there surely is, but Android does not really need it because it’s built from scratch to give each app as little permissions as possible*. Desktop Linux is going in the same direction.
* technically. This does not mean that Android is secure in terms of privacy.
Yes there is a Google Play Protect. There is also a service that checks every single App on the Store separately.
Though the effectivity is debatable.
There are third party ones but I have not heard anything good about any of them. I am not sure they are legitimate
AFAICS this screens software before it goes into the store, or screens sideloaded apps on device before installation. That’s still far from antivirus as Windows users know it.
In theory it does all of below:
Yes, and it’s better. Each app gets scanned before it even reaches your device. You can’t do that on a PC.
The Linux desktop is not really going in the same direction as Android
Not that “antivirus” software any more or less useful. It is mostly snake oil.
deleted by creator
I’m not sure if you’ve spent much the in the industry but it kind of is
For sure. I recall installing an open source mahjong from the android google store when I bought my first ever android device about a decade ago. Instantly took over my tablet and kept throwing ads at me. And it got into the root and wouldn’t go away when doing a reinstall. Fortunately it was a super cheap tablet that I only got to toy around with. But I have had no interest in ever getting another android device since then.
You are talking about a decade ago, you should try modern android.
The OS changed soo much from that day
Why are we shouting?
Anyway, don’t waste your time with “antivirus” software. That is not how you secure a system.
Your viewer must be parsing
#8as# 8.You’re free to not ‘waste time’ with anti-virus but I prefer the peace of mind.
You need to put a backslash before the hash tag. In Markdown a # is a headet
No? There needs to be a space between on piefed and that’s how it works on github too.
https://piefed.social/comment/8602660
https://www.markdownguide.org/basic-syntax/
Putting a space is a good practice for compatibility because different software behaves differently. But the standard doesn’t specify it per se.
As Lojcs said…
The Markdown format expects a space after whatever number of
#s you put at the start, for it to be a corresponding level header.Due to different parsers having different types of leeways, it becomes a bit difficult to make sure stuff always matches.
e.g. I was once mistaken about the way tabs work for multi-level bullets and numbering because GitLab had more leeway. Using
discount, I realised where I was being wrong.The whole problem is because format doesn’t actually expects the space there, and it’s left to the interpretation of the parser
I thought the whole problem was that there was no de-facto standard and people kept on making their deviations while still calling it Markdown.
I personally like how Doxygen implements it.
Yeah. The power of MD is that it’s lightweight, versatile, and not very restrictive. You don’t need to remember a lot, and the parser is dirt easy to implement.
The negatives are that it’s not very restrictive, nobody remembers what’s what, and the parser so easy to implement, everyone and their dog has one, and they’re all slightly different
Yes, but projects like Wayland which are trying to do this get shouted down.
I was almost sure Wayland had succeeded… Well except for people still stuck on Xorg because of accessibility features…
AV is a joke. Best thing is ephemerality. No persistence
Immutable, ephemerable, granularly permissioned, and encrypt EVERYTHING to enforce said permissions.
1000x better than software signature hunting
It’s all fun and games until some asshole slips something into your trusted package manager.
Exploits are the deal pain
Yep SLSA is more than just a trusted end point. Package signatures, reproducible builds, SBOMs, signed commits and more!
You lost me at the encryption part. How does encrypting enforce permissions?
Enforces confidentiality and integrity.
Encryption on transports protects from man in the middle and sniffing. At rest protects evil maid exploits, which for these systems is more about preventing malicious software being swapped in place of trusted software.
The same applies to encryption of links like pcie and memory with the time of transport and rest changing.
deleted by creator
Well yeah, you need to use Linux, the Linux way to make it secure.
If you are running VSCode as root after having logged into the DE as root and installing extensions willy-nilly, it won’t matter that your RHEL has SELinux installed.