Debian User Forums

[sickpig]

yup true, i agree with "Linux systems are very secure and not affected by the huge amount of Windows viruses, trojans, worms or malware out there." of course win progs are not binary compatible with linux, but i dont agree with "Anti-virus software is not required." perhaps i was not clear in my initial post but a blanket statement like "Anti-virus software is not required." is what i find misleading. Especially on arch based systems like manjaro which make heavy use of aur repos which are essentially user created packages.

i also don't use anti-virus as a deamon but on an on demand basis. but i make it a point to religiously scan all archive or binary files downloaded online. better be safe than sorry

[Head_on_a_Stick]

a blanket statement like "Anti-virus software is not required." is what i find misleading. Especially on arch based systems like manjaro which make heavy use of aur repos which are essentially user created packages.

AUR packages *are* user-created packages, I have a few of them myself:

https://aur.archlinux.org/packages/?O=0 ... _Search=Go

I'm not sure why you think anti-virus software will protect you from them though, I could upload a package there now that would delete your entire system via a postinstall script and no anti-virus software would detect that...

This is why the ArchWiki recommends that the PKGBUILDs and supplied .install files & .hooks are checked manually before installation.

[sickpig]

ohh thanks i wasnt aware that anti-virus will not be able to detect malicious behaviour as described by you of aur packages
good thing i m not using them then

[Job]

Has anyone been affected by a virus or malware on Linux? I started using Linux (RedHat) either in 1998 or 1999 and I never had a virus or malware. Post 3 by Bloom says it all and I feel the same way. There are various Linux installations within the same distro. Some people boot from portable drives, some have their /home elsewhere....and so on. For a virus to affect computers, those computers have to have been configured the exact same way. Windows fits that bill perfectly.

[GarryRicketson]

It has to do with architecture. The Windows architecture is such that malware can get started from almost any source and modify system files. In Linux, that's just not possible because the Linux architecture doesn't allow that.

I have never had one, and my first Linux was around 2002 knoppix. Clamav did not yet exist. For Linux there is no need for it, and it is not required, however the fact that so many Windows users do accesses Linux servers, and receive / send e-mail via Linux servers, its main uses is on mail servers as a server-side email virus scanner.
For those that think they need it, that's fine, they can use it, those that know better and realize they don't need it, are NOT REQUIRED to use it, just because some one claims they must use it, this argument by people trying to promote it's use is old, kind of like beating on a dead horse.
Just like the other controversy, no body is required to use it.

[yeti]

All strange behaviours I experienced from bootdisk/rootdisk-0.11-days to now were PEBCAK (HIT SHAPPENS!) or "normal" misbehaviour of hardware or software.
May it stay that way.

OmmmMMMmmmptimismmmMMMmmm... \o/

[sickpig]

its a choice, no issue in believing there are no viruses on linux until u become the victim.
I would rather scan anything which is not from official repos before unpacking or using it. also it doesnt consume any memory if dont run it as daemon so no impact on system resources. but yes if the user consciously chooses to believe that linux world is virus free then its good for them i guess. as they say ignorance is bliss.

most of the reputable websites say anti-virus is required
https://www.pcworld.com/article/3156931 ... ut-it.html

https://www.linux.com/learn/myth-bustin ... ne-viruses

https://www.techadvisor.co.uk/feature/l ... s-3678945/

so it boils down to choice..

[Head_on_a_Stick]

most of the reputable websites say anti-virus is required

FFS d00d, have you even read those links?

Let's go through them:

https://www.pcworld.com/article/3156931 ... ut-it.html

^ This article was written by an idiot who thinks a firewall is required even if no applications which listen to ports are running — in a GNU/Linux system the ports are closed unless an application opens them.

Leaving that aside the idiot happens to agree with me:

While Windows viruses may not affect a Linux machine, a Linux PC can still be a “carrier” for a virus that’s hiding in an executable file, script, or compromised document.

https://www.linux.com/learn/myth-bustin ... ne-viruses

^ No mention of "viruses" here apart from the semantic preamble but this fool thinks that emails with .debs attached are something to worry about...

https://www.techadvisor.co.uk/feature/l ... s-3678945/

^ From this link:

Is Linux virus-free?

For the most part, yes

But apparently a fake ISO image counts as a "virus" to this "expert"

And finally:

I would rather scan anything which is not from official repos before unpacking or using it.

Scanning .deb packages with ClamAV is utterly pointless and will not protect you at all.

HTH

[neuraleskimo]

Interesting conversation...

It seems that we all agree that all hardware, operating systems, and additional software are vulnerable. It also seems that relying on software to scan for known vulnerabilities does not protect systems from zero-day and (a probably large number of) unknown actively used vectors. In fact, the scanning software is itself vulnerable (and potentially the target). As an example, see the following article: http://spectrum.ieee.org/the-human-os/computing/software/researchers-embed-malicious-code-into-dna-to-hack-dna-sequencing-software To me, this article says that all/any data is a vector for attack.

It seems that good architecture, layers, safe-guards, and practices are the best defense. Of course, good logging, auditing, and IDS (e.g., OSSEC) are a part of that. To paraphrase James MIckens... If I had to summarize this in three words, "Don't read data." If I had to summarize this in two words, "No data." If I had to summarize this in one word, "Don't!" Not exactly related to this topic, but as long as I am mentioning Mickens, this is a good way to spend an hour: https://www.usenix.org/conference/usenixsecurity18/presentation/mickens.

[sickpig]

Thanks for the analysis HOAS, your insights are of course going to be relevant than the content of those links as your expertise is probably higher than those authors. And I was referring to scanning archives like tar.gz or zip files. I am a bit wary of unpacking them before they are scanned. I avoid downloading debs from internet as far as possible, there isn't much need for that as official repos have 50k+ packages.

About firewall, for an average user like me, i wouldn't know if any application is doing something which isn't supposed to in the background. So i keep gufw to the default setting of incoming allow outgoing deny. looking at your earlier post i suppose you wouldn't approve of keeping a firewall turned on either. but ur knowledge is 1000 mine is 10 or mayb 20, so until i gain more knowledge keeping firewall on seems the right thing to do.

neuraleskimo, thanks for sharing the links. Saved them for my evening commute read

[sunrat]

So i keep gufw to the default setting of incoming allow outgoing deny.

I'm pretty sure you got that bass-ackwards.
You can check if ports are closed from the internet on your computer at Shields Up! - https://www.grc.com/x/ne.dll?bh0bkyd2 You will most likely find they are all closed on a default Debian install. If you connect using NAT through a router you will be doubly protected, no firewall configuration necessary. The only reason I use ufw is to open ports for specific applications like torrent clients or Syncthing.

[sickpig]

m using closed source alternative of synthing but yes i have opened the ports needed for it. u right about the ports, its incoming deny thats the default setting on gufw

[sickpig]

update:

I read up on firewalls and experimented. Turned it off and checked my syncthing closed source clone still worked! halleuah, i then systemctl disable ufw and turned it off in gufw as well.

rebooted, checked systemd-analyze plot > plot.svg and no mention of ufw.service, up till now it had been the longest time consumer showing up in red. but no more

then i start off my quest to see if i can find a way to scrutinize suspicious .deb files just in case if i need to. As this thread has been clear in postulating that scanning linux executables is beyond the scope of present day anti virus solutions.

Came across this article https://www.addictivetips.com/ubuntu-li ... tribution/

and then realized that i can view contents just as well using the xarchiver in right click of pcmanfm. but yes the logic of how to analyze .deb file was explained in the above link.

anyhoo i discovered another gem, when compiling from source u dont have to always install, u can always run the binary from the build out folder. hahahaha i never have to worry about packaging debs ever now, if i ever come acorss something coded in C then i will just stop at make command and run it from the build out folder. how cool.

not that i come across many situations wherein i need something which is not in official repos.

I miss my security blanket of clamav, simpler times they were when i thought nothing can harm me as long as i have scanned the downloaded file with clammy (Garry I can hear u convulsing with mirthful laugher )