and if so any suggestions? i have like 6 on my windows
Antivirus is a fucked approach, it basically scans files for what they call malware “signatures”, which they accumulate over the years from malware found in the wild. Problems with that:
- False positives.
- False negatives.
- Slows down the computer.
- Malware developers can obviously see what the antivirus is doing, so they change their malware till it is no longer detected, and/or sabotage the antivirus once they’re on the computer.
- You now have a privileged uberparser on your computer, that unpacks and parses all manner of file formats, and it is being run on everything. This increases attack surface a lot.
The whole idea is misguided, and only exists because these companies managed to scare people into buying their snake oil.
Sooo… What is a good approach then?.. especially for us idiots who still use Windows?
Don’t download random .exe’s off the internet. This is pretty much the only thing that an antivirus has any chance of catching, since it’s where you’ll find “old” malware your antivirus knows about. If you do risky stuff like that (pirating PC games?) maybe don’t use that computer for anything important or personal.
Then the usual stuff, which you want to do anyway, because antivirus doesn’t help with that:
- Update your software.
- If you have any reason to believe your computer might be compromised, completely wipe the hard drive, start from scratch, and change all your passwords.
- Install an ublock origin to block ads. Ads are a common attack vector.
- Assume every link or attachment from an email or message is a scam unless you were expecting it or you can prove otherwise.
Generally no. If you are installing software from trusted sources (I.e. your distribution’s package repository) and applying security updates in a timely manner, there is very little to worry about. If you are processing untrusted files and forwarding them to third parties (I.e. you’re running a mail server) there are tools like ClamAV to check for KNOWN viruses.
It is entirely possible to install viruses if you are running software from untrusted sources. This includes viruses designed for Windows by running sketchy things in Wine/Proton. These are compatibility layers, and if they are working correctly that includes compatibility with malware. Isolation is explicitly not a design goal of these projects. If you run a Windows ransomeware in Wine, you WILL lose your data. If you run a naive Limewire worm in Wine, Limewire WILL autostart and spread the worm.
Always be careful with pirated software. It doesn’t hurt to run ClamAV on a torrent before trying to use it.
Nope, not really. The way Linux keeps userspace very limited in what it can do means that as long as you don’t do something very unwise like deliberately giving more privileges to a shady program you’re not really at risk. Just try to only install stuff through your package manager if you can help it and only directly install programs that you trust. If you want to pirate software it can be a little tricky to do safely, I run my games through Lutris and Wine which creates a layer of isolation.
What I don’t like about Linux is that a lot of things require you to sudo to install if you’re installing outside of the App Store, which is often. Even then a lot of apps require you to sudo to download from the store.
I have no problem with it because I understand my computer, but it just seems like a disaster waiting to happen for a noob who wants to install a bunch of shit and all the tutorials just casually instruct them to do so without warning of the implications.
Indeed, it’s a big problem with Ubuntu/Snap but I haven’t been burned yet. Other distros have better app managers, and of course it does depend on what the user is doing. Most people should only need LibreOffice, Firefox, Steam, and some random apps here and there since almost everything runs on the browser nowadays, so it really isn’t a huge problem.
Most of this software can be installed without sudo by changing the prefix in the (pre-compile) configuration step. The prefix usually defaults to /usr/local, which requires root, but you can change it to (e.g.) /home/your_user_name/.local and install without special privileges. You need to add the directories to PATH/LD_LIBRARY_PATH etc. but then it works practically as an overlay on top of your distribution-provided packages without any permanent side effects or impact on other users.
You’re right that most instructions don’t explain this, though. They just kind of assume GNU Autoconf / CMake / Meson is intuitive to mere mortals.
The main reason that you don’t need an “antivirus software” on GNU/Linux is that software is treated in a fundamentally different way. On windows, it is pretty common for people to download exe files from random website and run them. On GNU/Linux, you should not being running random executables that you found on the internet. The majority of the software that you use should be installed from your distro repository.
If you are very concerned about security, you can use a security auditing tool like Lynis. Lynis is a tool that I have used before. You run it and it makes a checklist of things that you can do to improve the security of your GNU/Linux system. It will probably tell you to set up an Intrusion Detection System like TripWire. It might recommend you to do something like having your system files on a separate partition and booting your system partition as read only when you use your computer normally. Most people don’t do all these things, but Lynis will tell you what is possible and you can decide what meets your security needs. Lynis is probably in your distro repository.
https://en.wikipedia.org/wiki/Lynis
This is a pretty good checklist of security practices for a GNU/Linux desktop system.
https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
I don’t use antivirus on any OS these days, with the exception of the default Windows Defender on windows.
People say that Linux is inherently safer, which I’m inclined to believe, but it’s also not widespread enough to put that theory to the test. Windows and Mac are commonly targeted because that’s what most people use. You’ll see more effort put into hacking Linux if it became normalized.
It’s not really analogous to seatbelts and condoms either, because while those things aren’t foolproof, you don’t really know what antivirus is doing besides what they advertise. I believe a few big name vendors were caught mining bitcoin.
But if you must, having more than one will not make you safer. In this case, it’s like using a condom. Using multiple will just slow things down, potentially break your system, have a bunch of conflicts, and send your stuff to multiple places. I recommend deleting them and using the default Windows Defender.
it’s also not widespread enough to put that theory to the test.
In a way it is in that most large servers are running Linux, which offers a pretty high value target for attackers. That doesn’t translate perfectly to desktop Linux because the attack surfaces are slightly different, but I think it’s safe to say Linux is targeted.
Linux dominates web, iot, mobile, supercomputers, financial, cloud and development devices… Targets that are way more valuable than desktops which is probably what you’re thinking of.
