Why "libssl0.9.8" package doesn't exist for Debian?

New to Debian (Or Linux in general)? Ask your questions here!

Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-03 08:02

Hello,
Why "libssl0.9.8" package doesn't exist for Debian? I saw https://wiki.debian.org/DontBreakDebian and I know install these kind of packages will break Debian, but how to install Comodo Antivirus for Debian?
Code: Select all
$ sudo dpkg -i cav-linux_x64.deb
Selecting previously unselected package cav-linux.
(Reading database ... 272412 files and directories currently installed.)
Preparing to unpack cav-linux_x64.deb ...
Unpacking cav-linux (1.1.268025-1) ...
dpkg: dependency problems prevent configuration of cav-linux:
 cav-linux depends on libssl0.9.8 (>= 0.9.8m-1); however:
  Package libssl0.9.8 is not installed.

dpkg: error processing package cav-linux (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 cav-linux

A security tool that makes Debian insecure!!!
An Antivirus like ClamAV is as good as Comodo Antivirus?

Thank you.
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby Head_on_a_Stick » 2021-04-03 08:45

hack3rcon wrote:Why "libssl0.9.8" package doesn't exist for Debian?

Because it's outdated. Debian buster has v1.1 at the moment.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-03 13:49

Head_on_a_Stick wrote:
hack3rcon wrote:Why "libssl0.9.8" package doesn't exist for Debian?

Because it's outdated. Debian buster has v1.1 at the moment.

Thus, this is impossible to install Comodo Antivirus on Debian 10?
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby steve_v » 2021-04-03 16:32

hack3rcon wrote:impossible to install Comodo Antivirus on Debian 10?

Until Comodo fix their package, it's impossible to install without also installing an outdated and insecure version of openssl... Which will break all the other things on your system that need openssl.
Since that package is proprietary software, nobody here can fix it.

Aside, why do you want it to begin with? ClamAV works just fine for mailservers and the like, but that looks like desktop AV... Are you intending to scan a windows install on another disk or something?
steve_v
 
Posts: 720
Joined: 2012-10-06 05:31
Location: New Zealand

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby stevepusser » 2021-04-04 00:37

Ask yourself if an ancient program like that is even still supported, and why you think it would have modern virus definitions. I sincerely doubt it, and Comodo has a bad security reputation to begin with.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12285
Joined: 2009-10-06 05:53

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-04 08:59

steve_v wrote:
hack3rcon wrote:impossible to install Comodo Antivirus on Debian 10?

Until Comodo fix their package, it's impossible to install without also installing an outdated and insecure version of openssl... Which will break all the other things on your system that need openssl.
Since that package is proprietary software, nobody here can fix it.

Aside, why do you want it to begin with? ClamAV works just fine for mailservers and the like, but that looks like desktop AV... Are you intending to scan a windows install on another disk or something?

I want to protect my Linux desktop from Malwares and...
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-04 09:02

stevepusser wrote:Ask yourself if an ancient program like that is even still supported, and why you think it would have modern virus definitions. I sincerely doubt it, and Comodo has a bad security reputation to begin with.

Thus, which Antivirus is OK for a Linux Desktop? I know something like Bitdefender, Dr.Web, Kaspersky and Sophos, but they are not free :(
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby stevepusser » 2021-04-04 20:54

Linux is still quite free from malware. Keep your system updated, don't do stupid things like run programs from dodgy sites, and you can be safe. You only need AV if you want to scan files for Windows malware to avoid passing on to someone else still running Win.

Lots more users hose their own systems by following idiotic random guides in some blog to get the latest (insert program here).
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12285
Joined: 2009-10-06 05:53

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby steve_v » 2021-04-05 00:14

hack3rcon wrote:I want to protect my Linux desktop from Malwares

That's easy, just don't install any malware... Like Comodo Antivirus for example.
The reality is that there isn't enough desktop-oriented malware that runs on GNU/Linux for it to be a concern, so there's no need for this kind of parasitic scareware either.
Trust your maintainers, get your software from the official repos, and don't leave unsecured SSH servers exposed to the 'net. You'll be fine.

hack3rcon wrote:I know something like Bitdefender, Dr.Web, Kaspersky and Sophos, but they are not free

Not only are they not free, they're not useful either.
99.99% of the signatures they ship are for Windows malware, and the .01% that affect GNU/Linux primarily target webservers and out of date wordpress installs anyway. Those are not a problem unless you are a terminally-lazy sysadmin.
Forget what you know. GNU/Linux is not Windows, and installing random .deb files (or .run installers, *shudder*) from a proprietary vendors website is not how software should be installed if you value your sanity.

If you really must have your Antivirus-placebo, you're far better off using ClamAV from the Debian repos than trying to install some random blob from a random website... Because the latter is a much bigger threat to your system than any malware that actually exists.

stevepusser wrote:Lots more users hose their own systems by following idiotic random guides in some blog

Indeed, for newcomers that's probably almost as common as hosing their systems trying to install the "Linux version" of whatever nasty proprietary software they were using on Windows. :P
steve_v
 
Posts: 720
Joined: 2012-10-06 05:31
Location: New Zealand

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-05 06:01

stevepusser wrote:Linux is still quite free from malware. Keep your system updated, don't do stupid things like run programs from dodgy sites, and you can be safe. You only need AV if you want to scan files for Windows malware to avoid passing on to someone else still running Win.

Lots more users hose their own systems by following idiotic random guides in some blog to get the latest (insert program here).

You wrong: https://en.wikipedia.org/wiki/Linux_malware#Botnets
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-05 06:10

steve_v wrote:
hack3rcon wrote:I want to protect my Linux desktop from Malwares

That's easy, just don't install any malware... Like Comodo Antivirus for example.
The reality is that there isn't enough desktop-oriented malware that runs on GNU/Linux for it to be a concern, so there's no need for this kind of parasitic scareware either.
Trust your maintainers, get your software from the official repos, and don't leave unsecured SSH servers exposed to the 'net. You'll be fine.

hack3rcon wrote:I know something like Bitdefender, Dr.Web, Kaspersky and Sophos, but they are not free

Not only are they not free, they're not useful either.
99.99% of the signatures they ship are for Windows malware, and the .01% that affect GNU/Linux primarily target webservers and out of date wordpress installs anyway. Those are not a problem unless you are a terminally-lazy sysadmin.
Forget what you know. GNU/Linux is not Windows, and installing random .deb files (or .run installers, *shudder*) from a proprietary vendors website is not how software should be installed if you value your sanity.

If you really must have your Antivirus-placebo, you're far better off using ClamAV from the Debian repos than trying to install some random blob from a random website... Because the latter is a much bigger threat to your system than any malware that actually exists.

stevepusser wrote:Lots more users hose their own systems by following idiotic random guides in some blog

Indeed, for newcomers that's probably almost as common as hosing their systems trying to install the "Linux version" of whatever nasty proprietary software they were using on Windows. :P

Thanks, but some software doesn't exist in the official repositories. For example, Maya Linux.
If Windows OS has more Malware because it has more users.
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby steve_v » 2021-04-05 07:52


Like I said, all targeting servers. Many of which spread using vulnerabilities long since patched (shellshock) or services nobody in their right mind would run on a desktop or expose to the internet (telnet). IOT is a special case and falls squarely in the "terminally lazy" category because manufacturers never ship updates on time.

Pretty much all malware that can infect a GNU/Linux box does so through a vulnerable and/or out of date internet-facing service... Since the vast majority of people don't run those on their desktops, the vast majority of GNU/Linux users have nothing to worry about.

hack3rcon wrote:Thanks, but some software doesn't exist in the official repositories.

Of course. But installing it is very much at your own risk. Be careful which dubious blog post you follow, and make a system backup before you go mucking with important config files, especially /etc/apt/*.
You can't expect the Debian maintainers to maintain, update, or audit software they have no source code for, so you'll just have to trust $corporation instead. In the case of outdated libraries like libssl, it's neither practical nor reasonable to hold up the entire OS just for one piece of uncooperative software.
Personally I suggest you try native alternatives wherever possible. We may not have an open-source Maya, but there is a lot of good stuff in the repos, and it's all free.


hack3rcon wrote:If Windows OS has more Malware because it has more users.

It does, and it is. But it's also because Microsoft's hopeless installer system and dubious privilege separation has trained users to constantly download random software from random websites, and "run as administrator" or disable UAC as the first step in any troubleshooting.
GNU/Linux has been a multi-user OS from the very beginning, so user-separation and security has always been a priority. UNIX-like systems were running on mainframes with hundreds of users back when Windows still ran on top of DOS with no access controls whatsoever. Hell, they were doing it before windows existed.
UNIX started the internet, and the vast majority of internet-facing servers today run systems built around the same principles - namely GNU/Linux or BSD. That is at least in part because they're more secure by design.
steve_v
 
Posts: 720
Joined: 2012-10-06 05:31
Location: New Zealand

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby reinob » 2021-04-05 11:17

hack3rcon wrote:
stevepusser wrote:Linux is still quite free from malware. Keep your system updated, don't do stupid things like run programs from dodgy sites, and you can be safe. You only need AV if you want to scan files for Windows malware to avoid passing on to someone else still running Win.

Lots more users hose their own systems by following idiotic random guides in some blog to get the latest (insert program here).

You wrong: https://en.wikipedia.org/wiki/Linux_malware#Botnets


I bet the probability of you managing to *actively* run one of those "malware" pieces is lower than that of you getting to install/run that Comodo antivirus of yours, which is already low enough.

So don't worry.. or worry about something else :)
reinob
 
Posts: 910
Joined: 2014-06-30 11:42

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-08 12:12

steve_v wrote:

Like I said, all targeting servers. Many of which spread using vulnerabilities long since patched (shellshock) or services nobody in their right mind would run on a desktop or expose to the internet (telnet). IOT is a special case and falls squarely in the "terminally lazy" category because manufacturers never ship updates on time.

Pretty much all malware that can infect a GNU/Linux box does so through a vulnerable and/or out of date internet-facing service... Since the vast majority of people don't run those on their desktops, the vast majority of GNU/Linux users have nothing to worry about.

hack3rcon wrote:Thanks, but some software doesn't exist in the official repositories.

Of course. But installing it is very much at your own risk. Be careful which dubious blog post you follow, and make a system backup before you go mucking with important config files, especially /etc/apt/*.
You can't expect the Debian maintainers to maintain, update, or audit software they have no source code for, so you'll just have to trust $corporation instead. In the case of outdated libraries like libssl, it's neither practical nor reasonable to hold up the entire OS just for one piece of uncooperative software.
Personally I suggest you try native alternatives wherever possible. We may not have an open-source Maya, but there is a lot of good stuff in the repos, and it's all free.


hack3rcon wrote:If Windows OS has more Malware because it has more users.

It does, and it is. But it's also because Microsoft's hopeless installer system and dubious privilege separation has trained users to constantly download random software from random websites, and "run as administrator" or disable UAC as the first step in any troubleshooting.
GNU/Linux has been a multi-user OS from the very beginning, so user-separation and security has always been a priority. UNIX-like systems were running on mainframes with hundreds of users back when Windows still ran on top of DOS with no access controls whatsoever. Hell, they were doing it before windows existed.
UNIX started the internet, and the vast majority of internet-facing servers today run systems built around the same principles - namely GNU/Linux or BSD. That is at least in part because they're more secure by design.

Thanks.
I think illumos is better than BSD ;)
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Re: Why "libssl0.9.8" package doesn't exist for Debian?

Postby hack3rcon » 2021-04-08 12:13

Thank you to all.
An my final question: Is ClamAV useful for a desktop Linux?
hack3rcon
 
Posts: 530
Joined: 2015-02-16 09:54

Next

Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable