Antivirus needed or not?

[illumination]

since Linux has a different attack vector something like this could help

Arno's IPTABLES firewall

Features

Very secure stateful filtering firewall
It can be used for both single- and multi(eg. dual)-homed boxes
Masquerading (NAT) and SNAT support
Full IPv6 support (including IPv4 / IPv6 mixed mode support)
Multiple external (internet) interfaces
Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
Port forwarding (NAT)
Support MAC address filtering
Support for static and ISP assigned (DHCP) IPs
Support for (transparent) proxies
Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.
(Nmap)(stealth) portscan detection
Protection against SYN-flooding (DoS attacks)
Protection against ICMP-flooding (DoS attacks)
Extensive user-definable logging with rate limiting to prevent log flooding
Includes options to optimize your throughput
User definable open ports, closed ports, trusted hosts, blocked hosts etc.
Log & protection options are both highly customizable
Support for custom iptables rules in a seperate file
It can be used with chkconfig runlevel system (eg. RedHat/Fedora)
Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols
Plugin support (to add extra features).
SSH Brute Force (Cracking) Protection (plugin)
DynDNS (Dynamic DNS) support (plugin)
Intrusion Detection System (IDS) (plugin)
Traffic Shaping (plugin)
SIP/VOIP support (plugin)
Traffic Accounting support (plugin)
IPSEC support (plugin)
Support for DSL/ADSL modems, supporting PPPoE, PPPoA and bridging modem setups (plugin)
It works with PoPTop PPTP (http://www.poptop.org)
It works with UPnP
DRDOS protection/detection (experimental)
It's easy to install & configure
And much more...

http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=article&id=45&Itemid=63



James

Will look into this, thank you.

 

[illumination]

Again, for the last time.
Privilege escalation vulnerabilities may permit malware running under a limited account to infect the entire system on Linux, you dont have to have root from the start.

Thanks for your responses thus far.

Come on now, i was trying to rasp a response.. I know of Privilege escalation "hence why i mention "Mandatory Access Control".. It is used to thwart vulnerabilities, especially if you are going to be running Flash and other exploitable software, not to mention bugs that may be in the kernel itself. Still, back on track, an AV will not be necessary unless you need to transfer to windows, or have windows on the same network, to prevent spreading. Running the mainstream Kernels is not suggested because of the volume of bugs and patches needed, it is wiser to use stable kernels, that have been patched thoroughly...

If you would like to test my knowledge i have gained in a short amount of time, im game

 

[Arakasi]

Sorry i have been busy friend.
I don't have to go find a virus that escalates privileges.
They exist, and they are capable of being coded.
You are deflecting and its starting to sound like obtuse statements.
Maybe for you, or experienced computer users, we don't really need AV on linux.
However that dodges the question of do they exist ?
If a very very slow user, completely new to linux, decides he will no longer get malware from porn, goes right to the one site on the internet that has the drive by script, and gets a linux virus, your statement of "You do not need AV on linux" gets kicked in the *whistle*.

Respectively, perhaps we can move past this "do not need" statement and progress into, "its highly unlikely you will encounter the existing malware, therefore "the risk of infection running without it is low".

Thanks for the responses and passion regarding this issue.

 

[Arakasi]

In addition, off topic, however still dealing with computers that don't need antivirus.
OSX.

600 000 Macs were part of the Flashback botnet. The majority of the infected users surely had the mindset of "no AV is needed if you use a Mac" it kinda sets everything in perspective. I believe that number would have been much lower if all of them had an AV installed, and the botnet would probably have been detected earlier if the AV's sent statistics back to the AV Vendors.

Not linux, but hey... unix

 

[illumination]

In addition, off topic, however still dealing with computers that don't need antivirus.
OSX.

Not linux, but hey... unix

You are quite correct, not Linux..

I did not say there were not malware out there coded for Linux, i did mention how many were in the wild. I did also mention that unless given root access, they would be harmless.

Personally the fear mongering has gotten old for me, every time someone thinks they have their system secure, someone has to stand up, and try to "scare" them into buying the next "best thing" for security on the market.

I have been running my systems, for over 5 years, various operating systems, various security programs, sometimes no security at all, wona take a guess at how many times i have been infected in that time.... Yup... you guessed it... ZERO.

Im running Linux right now, my main security besides making sure all updates are current, patches are in place, is then my FIrewall "with custom rules" which i mentioned earlier, and "Noscript" in firefox which i also mentioned earlier. Im sure you are aware of how Noscript works and its purpose of hardening the browser. At this point, i see no need of an AV. Most attack vectors will either be via downloads/browser, or through open ports. Download through the repositories only, harden the browser, and close off the firewall, then what? you tell me how those malware are going to get in and run without root access..

Oh yeah, and do not forget about mandatory access control for exploits/bugs.

I should mention i used to test/play with malware as well in the virtual world, montioring its behaviors, learning to kill it off with different methods.

I have researched thoroughly the world of Linux, its malware/attack potentials. One is at a greater threat of an actual hacker invading their Linux system then any piece of malware. What would be the odds of that. How many hackers target home users and not corporations.

People that get infected now days are either lazy, or just do not care. If you ask members in the forum, you are going to find, many of them have not been infected in ages, why, because they use common sense, keep their systems patched, and take time to learn.

I still stand by my first response to this thread, and AV is not need unless you are worried about transferring on the network, or to another windows machine.

 

[Ink]

Agree with others, if you're transferring files between Linux, Mac or Windows, then it may be sensible to use an on-demand Antivirus on Linux before sending the files. Although, I must point out any Windows PC should have an AV already installed to lower the risks.

 

[Arakasi]

Except respectfully, you are still thinking about yourself ( @illumination ), and not the ratio of experienced users,
to non. 5,000,0000/5,000
I am proud you have been clean. Bob on the other side of the world on the other hand, has not.
Linux viruses exist, they are still being made pending incentive and as we discussed privilege escalation
Linux is getting more popular.
I can't fathom the outcome of having a virus program installed and how much it would ruin someones life by having it.
Such depression because of an extra app.
Better safe than sorry. You absolutely, positively, cannot predict another persons browsing habits.
I agree you can say, "don't bother, you will be fine" then one day you are not.
It was a global widespread trend years ago, "macs can't get viruses". Now that's the biggest load of bull-honkey.
Give it a few more years, i assure you, the results will be unexpected.
My final post. Can lead a horse to water .......

 

[Cats-4_Owners-2]

Hi, my name is Bob...er, I mean Cats..! I must confess something. It is that I am not a very experienced or savvy linux user even though I feel so cool using it. ..like now!

So, among my concerns is the level of risk at cross malware contaminating of Windows 8.1 which has Manjaro Open Box, though not directly installed or duel booted, I installed it from a disk onto a virtual machine in Oracle's Virtual Box.
My esteemed and knowledgeable friends, my question(-s):

• Does sharing a network essentially mean using the same internet connection? ..and..
• Although I cannot use Sandboxie in linux, I do (sometimes) open Manjaro's VM in a sandbox since VB is on Windows. Can this render it "nearly" impregnable on the root level?
• Last one. Right now I am using Shadow Defender, without a net or my security sandbox blanket. Question: Does this still keep me safe, with no need of an AV?

(Sorry if this is off subject) My wife just mentioned the chicken we forgot about in the refrigerator! At least I know there's no AV that can cure old meat! ..good thing I know it's (probably..) still fresh!

(Back on subject) PS Alright, just (1) more my friends! With ublock, ghostery, & ScriptBlock, extensions on Chromium, can I fall into a sound sleep without any remote, albeit actual, reasons to have bad dreams??

 

[Arakasi]

Cats !! Hello,

I hope i can assist you.
Question number 1 !
Everything about question 1 can be understood by reading up on NAT.

Network Address Translation (NAT) is the simplest way of accessing an external network from a virtual machine. Usually, it does not require any configuration on the host network and guest system. For this reason, it is the default networking mode in VirtualBox.
A virtual machine with NAT enabled acts much like a real computer that connects to the Internet through a router. The "router", in this case, is the VirtualBox networking engine, which maps traffic from and to the virtual machine transparently. In VirtualBox this router is placed between each virtual machine and the host. This separation maximizes security since by default virtual machines cannot talk to each other.
The disadvantage of NAT mode is that, much like a private network behind a router, the virtual machine is invisible and unreachable from the outside internet; you cannot run a server this way unless you set up port forwarding (described below).
The network frames sent out by the guest operating system are received by VirtualBox's NAT engine, which extracts the TCP/IP data and resends it using the host operating system. To an application on the host, or to another computer on the same network as the host, it looks like the data was sent by the VirtualBox application on the host, using an IP address belonging to the host. VirtualBox listens for replies to the packages sent, and repacks and resends them to the guest machine on its private network.
The virtual machine receives its network address and configuration on the private network from a DHCP server integrated into VirtualBox. The IP address thus assigned to the virtual machine is usually on a completely different network than the host. As more than one card of a virtual machine can be set up to use NAT, the first card is connected to the private network 10.0.2.0, the second card to the network 10.0.3.0 and so on.

Question number 2 !
When you are escalating privileges, you can almost turn anything around with the amount of access you have.
Impregnable, i think not. Very very secure. Yes !
The final question !!!
When using security solutions like Shadow Defender, and Deep freeze. You don't really need an Antivirus, unless you wanted to keep your real-time threats down. The only harm you could receive would be messing up 5 minutes of your allocated work hours to perform the reboot of the system or vm. *Shucks Darn*
On a side note, i am not sure for real, but i think you could still be succeptible to router dns poisoning and similar problems, which would force you to reset your router.

 

[WinXPert]

If you practice safe browsing habits in Windows you'll be fine in Linux even without an AV.

 

[Arakasi]

If you practice safe browsing habits in Windows you'll be fine in Linux even without an AV.

The ultimate response in exclaiming and referencing opinion on anti virus is not needed in linux !
Like x2

 

[illumination]

Except respectfully, you are still thinking about yourself ( @illumination ), and not the ratio of experienced users,
to non. 5,000,0000/5,000
I am proud you have been clean. Bob on the other side of the world on the other hand, has not.
Linux viruses exist, they are still being made pending incentive and as we discussed privilege escalation
Linux is getting more popular.
I can't fathom the outcome of having a virus program installed and how much it would ruin someones life by having it.
Such depression because of an extra app.
Better safe than sorry. You absolutely, positively, cannot predict another persons browsing habits.
I agree you can say, "don't bother, you will be fine" then one day you are not.
It was a global widespread trend years ago, "macs can't get viruses". Now that's the biggest load of bull-honkey.
Give it a few more years, i assure you, the results will be unexpected.
My final post. Can lead a horse to water .......

This is what im trying to point out, you are reacting to my initial post, as if i just said, dont use a AV and your fine, that was not the case. I mentioned setting up of the firewall, i mentioned security enhanced Linux "MAC" i mentioned browser hardening. I even mentioned on demands for transfers or being on the same network.

The question was never asked, if i believe some time in the future, that malware may be an issue as Linux gets more popular, which personally, i believe it will never get to that point, as users just find windows much more convenient.

Now, this conversation has taken place as you suggested a "PAID" AV was needed to be safe on Linux, and this is anything but true.
Take a stroll through many linux forums and tell me how many of these linux using members have an AV, and better yet, how many have actually become infected.

mac/apple. while BSD is actually it's own entity now, and has become targeted. This does not mean Linux is the same, as they are not.
This will be my last post on this subject, as i feel the wheels are spinning, but not gaining traction. I have done my research, what i have suggested is enough, the original OP can take that advice or leave it.

 

[juhful]

Thanks for the discussion, I have learned a lot from what everyone has said and I appreciate it. everyone has an opinion and I respect all of yours, it's up to all of us to make our own choices based on the information that we have and you have provided me with a great deal in this thread, thanks again guys and I also appreciate that you didn't let your disagreements distract you from the points you were trying to make!

 

[Dima007]

The answer is yes, you can try DR web for linux. Eset also nice one.

 

[illumination]

Thanks for the discussion, I have learned a lot from what everyone has said and I appreciate it. everyone has an opinion and I respect all of yours, it's up to all of us to make our own choices based on the information that we have and you have provided me with a great deal in this thread, thanks again guys and I also appreciate that you didn't let your disagreements distract you from the points you were trying to make!

You are more then welcome, i truly hope all this information helps you.

I want to add one more thing to this thread on that note. The whole point of running Linux, is to use open source, and obtain freedom, never would i use a proprietary anti virus solution on linux, it defeats the purpose, one might as well run windows if they are going to do that.
Realtime scanning is definitely not a requirement. If you are worried and curious, a open source on demand like ClamAV would be enough.

When You Need an Antivirus on Linux:
Antivirus software isn’t entirely useless on Linux. If you are running a Linux-based file server or mail server, you will probably want to use antivirus software. If you don’t, infected Windows computers may upload infected files to your Linux machine, allowing it to infect other Windows systems.

The antivirus software will scan for Windows malware and delete it. It isn’t protecting your Linux system – it’s protecting the Windows computers from themselves.

You can also use a Linux live CD to scan a Windows system for malware.

 

[ZeroDay]

My answer is still the same, no you don't need an AV on Linux. The few infections that exist for Linux need YOU the user to install them. Besides there are much, much better ways of hardening Linux without ever needing an AV. Apparmor, SELinux, Custom kernel, Hardening the firewall. If you feel the need for an AV on Linux, instead of installing one educate yourself. You can learn about the methods I pointed out above pretty quickly.

I set a challenge: Set Up a VM running a Linux distro, try your hardest top infect it by just visiting dodgy sites and downloading dodgy files. Report back.

 

[Deleted member 178]

The final question !!!
When using security solutions like Shadow Defender, and Deep freeze. You don't really need an Antivirus, unless you wanted to keep your real-time threats down. The only harm you could receive would be messing up 5 minutes of your allocated work hours to perform the reboot of the system or vm. *Shucks Darn*

SD/DF/TF will protect your session from malware modifying your system ; not data leaking (made by keyloggers)

On a side note, i am not sure for real, but i think you could still be succeptible to router dns poisoning and similar problems, which would force you to reset your router.

exact

 

[illumination]

SD/DF/TF will protect your session from malware modifying your system ; not data leaking (made by keyloggers)

That is not even guaranteed ^^^

 

[Deleted member 178]

That is not even guaranteed ^^^

you are quite safe at 99.9% unless you found and installed a Bioskit then disengaged SD...

only 2 malwares bypassed SD , and now it has been fixed and the MBR is protected since one or 2 version.

 

[illumination]

and now it has been fixed and the MBR is protected since one or 2 version.

Good to know^^^ I have not run it for a little bit..