Best anti-virus anti-malware security software for Linux and privacy?

Discussion in 'Linux' started by roga, Sep 9, 2015.

  1. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    Linux needs antivirus and antimalware. Search online shows many results of linux malware and linux server hacking. Yes Linux is more secure than Windows because of the way root access is set up. But Linux can still be messed up without root access. Keyloggers for Linux do exist.

    Which antivirus and antimalware software is best for Linux? It needs to have real time protection. And how to be sure the security software does not contain spyware in itself? Security software scans all your files, can it phone the files home? I moved away from Windows to Linux to escape Windows spying, I do not want to install security software on Linux that take away my privacy.

    Some people could recommend HIPS for Linux but I fear this is too complicated for me to understand, I am a Linux noob and prefer not to spend days learning about HIPS for Linux.
     
  2. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,561
    1,401
    90
    *nix gets patched 10x faster than windows ever will. Just keep your *nix distro up to date with security patches and you'll be good
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    What if someone sneaks a keylogger on my computer through infected usb or motherboard firmware, security patches won't pick up a customized keylogger like that. Only security software can.
     
  4. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,561
    1,401
    90
    That can only happen if you allow that program root access.
    Think of it as administrator mode in windows (default) which is one reason why windows is so insecure
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. netlords

    netlords MDL Novice

    Jun 20, 2012
    33
    6
    0
    have you ever experienced such an attac?

    imho some of this scenarios are possible, but not soo realistic

    however - there are some tools for securing systems - rkhunter for example. most ids-tools checks the checksum of all the files in your system - which causes false positives.

    the best care is attention!
     
  6. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    #6 roga, Sep 9, 2015
    Last edited: Sep 9, 2015
    (OP)
    Suppose keylogger got into my hardware firmware through USB stick insertion. Search for BadUSB, it is scary malware. After wiping hard drive it still infects the computer as it resides in the firmware unseen by any antivirus.
    After installation of new linux, the keylogger surviving in the motherboard firmware could still be operating to capture my keystrokes, no?
    Are you saying if this were to happen, there will be a popup asking for root access for no apparent reason every time in Linux, alerting me of the malware? Are you sure?
    This is not hypothetical, search online show other malware hiding in video card and hard drive firmware, which cannot be detected easily.
     
  7. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,250
    11,063
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,250
    11,063
    340
    #9 Yen, Sep 9, 2015
    Last edited: Sep 9, 2015
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. eyecheck

    eyecheck MDL Junior Member

    Jul 15, 2015
    65
    12
    0
    :eek: Nope... But some users do by their actions.

    So you are not sure your Software Distributor is trusted? Then don't use them .. you read something on the internet and now you are chasing your tail. Keep sure your software is from the recognised distros and a hint while you are starting out .. run a VM and check your installs/trials/errors there first.

    Searching for "Does linux require AV" will give you similar results to "Does liposuction need humans".

    A different kettle of fish. You are assuming linux is not secure (100% of the time no but rest assured it will be securely fixed before M$ chewsday). This all depends on the flavor you use. Stick to stable repositories until you know more - I prefer testing but 20 years of linux use on servers and lately on desktops gives me that freedom.

    Good luck and enjoy your linux adventure.
     
  10. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    4,706
    4,313
    150
    @roga
    If you have trusted ppa's then you should not get infected through software. There is very little malware on Linux and it mainly affect you through user error.
     
  11. VDev

    VDev MDL Junior Member

    Sep 9, 2015
    67
    41
    0
    Maldetect is one AV combining ClamAV & other engine to detect keyloggers & other malwares designed for linux.
     
  12. John Sutherland

    John Sutherland MDL Addicted

    Oct 15, 2014
    628
    896
    30
    Hello roga - There are a few conditions where you would want to install antivirus software on your Linux machine:

    1.) Your are running Windows as a virtual machine from your Linux machine.

    2.) Your are on a network with Windows machines and need to scan them for viruses/malware.

    3.) You've set up file sharing with one or more Windows machines.

    4.) You receive emails from Windows machines and forward them to other Windows machines.

    5.) You've installed Wine on your Linux machine in order to run Windows based applications.

    Do you see a pattern here? In all of the above situations I've mentioned Windows. And now I'll let you in on something I read a long time ago: The purpose of installing antivirus software on a Linux machine is to protect the Windows machines it interacts with. And here's the kicker: All of the virus definitions contained in this software are designed to look for Windows based viruses and do absolutely nothing to protect the host Linux OS.

    This is because the overwhelming majority of viruses/malware are designed to infect Windows. A Linux OS is unaffected by them. It can only act as a "carrier" for the infection, remaining healthy while infecting every machine it comes in contact with.

    The two best things you can do are: Set up your router and firewall to block unwanted connections to your network and your machine. And then set up a second user account (i.e. guest) that is not allowed root access and use this account whenever you go online. This will deny anyone from taking over your machine by posing as the root user. And when you need to do things that require root access, go offline, logout as guest and login as the root user. It only takes 10-15 seconds to do so and does a lot more to protect your Linux machine than installing any antivirus software.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    #14 roga, Sep 10, 2015
    Last edited: Sep 10, 2015
    (OP)
    Thanks for all the replies. But they do not address my concern.

    My concern is not general malware that target a wide audience. I know this kind of general malware has no effect on Linux, because whoever made it does not know the specific linux configuration, it fails to execute on Linux. This is the reason most of you are saying do not need AV on linux, but it is not the kind of malware I worry about.

    My concern is not malware hiding in deb and ppa files from bad sources. I only install Linux software from repositories included in default installation of Linux. I do not open attachments in emails from unknowns.

    My concern is not Windows malware anymore, I have physical airgapped my Windows computer to work offline. And do not use wine or virtualization on my Linux.

    My concern is targeted malware that could already be in my hardware, coming from a strong adversary with a special interest in me. They can tailor make their malware, usually a keylogger, to work on linux. Someone had physical access to my USB devices one time and after it my motherboard and video card became unstable in Windows, I ran 6 of the top Windows security softwares, found no malware. I am paranoid they implanted malware in the USB firmware, spreading to my motherboard and video card firmware. Reading the internet show it is a real threat, like BadUSB and Equation Group. I want to know if this kind of malware can execute in Linux without me knowing, and if there is security software to discover it on Linux. There are many processes running in Linux that I do not understand, is there software to tell me if any of the processes are suspicious? Some one recommended ClamAV and other open source detectors, I think they discover general malware rather than targeted malware and firmware malware. My knowledge of Linux is not strong. I need to know what strong software can defend this kind of attack on Linux.

    There is no easy to use firewall for Linux, only thing I done is turned on ufw, I not know how to customize it.
     
  14. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    3,649
    3,950
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    3,649
    3,950
    120
    @roga: I have spent the majority of My life learning electronics and computer engineering. I said what I did because it is not an easy path to take. In no time at all, technologies become obsolete and You must retrain. Equipment becomes obsolete and you must re-invest to remain current. And that's in the most ideal sense.

    In My life, I have learned that there are limits on how far You can go to achieve a goal. There are some battles that are best not fought.

    But that is all part of your own personal journey. You must determine that for yourself.

    You must determine what is enough to afford You a sense of inner peace.

    Classic example: Audiophiles. They fall into two classes; Those who are constantly searching for the perfect sound, and those who are happy with what they have.

    People from the former camp are always dissatisfied, because they believe that, just around the corner, there's something better. They're never truly happy with what they have.

    People from the latter camp are happy and they enjoy the systems that they have. They know that they could spend more money / time to get something a little better, but they don't allow it to taint the joy of what they already possess.

    For Me, I ask myself which camp I want to be a part of. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    Wise words. I agree cannot fight everything, it is about choosing what is important. If seeking perfect everything, there is never happiness or time for other things.

    All my searching for perfect computer security is tiring. The more I read the more vulnerabilities I see in my computer. Having already taken many steps towards better security, I was hoping to complete my journey by finding and installing the best security software for Linux. If there is none, I must be satisfied with what I have. Learning about electronics creation and spending money on special equipment is going to be too much, it won't leave me enough happiness or time for other things :)
     
  17. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,561
    1,401
    90
    The best security you can get, is to reach behind your pc and unplug the ethernet cable from your NIC port. Then go into your bios and disable your usb ports. You'll never have to worry about getting a rootkit, malware, adware, key logger or any kind of malicious ware that could infect your hardware.
    You'll always be safe and secure
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...