Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Why "libssl0.9.8" package doesn't exist for Debian?

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Why "libssl0.9.8" package doesn't exist for Debian?

#1 Post by hack3rcon »

Hello,
Why "libssl0.9.8" package doesn't exist for Debian? I saw https://wiki.debian.org/DontBreakDebian and I know install these kind of packages will break Debian, but how to install Comodo Antivirus for Debian?

Code: Select all

$ sudo dpkg -i cav-linux_x64.deb 
Selecting previously unselected package cav-linux.
(Reading database ... 272412 files and directories currently installed.)
Preparing to unpack cav-linux_x64.deb ...
Unpacking cav-linux (1.1.268025-1) ...
dpkg: dependency problems prevent configuration of cav-linux:
 cav-linux depends on libssl0.9.8 (>= 0.9.8m-1); however:
  Package libssl0.9.8 is not installed.

dpkg: error processing package cav-linux (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 cav-linux
A security tool that makes Debian insecure!!!
An Antivirus like ClamAV is as good as Comodo Antivirus?

Thank you.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#2 Post by Head_on_a_Stick »

hack3rcon wrote:Why "libssl0.9.8" package doesn't exist for Debian?
Because it's outdated. Debian buster has v1.1 at the moment.
deadbang

hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#3 Post by hack3rcon »

Head_on_a_Stick wrote:
hack3rcon wrote:Why "libssl0.9.8" package doesn't exist for Debian?
Because it's outdated. Debian buster has v1.1 at the moment.
Thus, this is impossible to install Comodo Antivirus on Debian 10?

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1400
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 79 times
Been thanked: 175 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#4 Post by steve_v »

hack3rcon wrote:impossible to install Comodo Antivirus on Debian 10?
Until Comodo fix their package, it's impossible to install without also installing an outdated and insecure version of openssl... Which will break all the other things on your system that need openssl.
Since that package is proprietary software, nobody here can fix it.

Aside, why do you want it to begin with? ClamAV works just fine for mailservers and the like, but that looks like desktop AV... Are you intending to scan a windows install on another disk or something?
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#5 Post by stevepusser »

Ask yourself if an ancient program like that is even still supported, and why you think it would have modern virus definitions. I sincerely doubt it, and Comodo has a bad security reputation to begin with.
MX Linux packager and developer

hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#6 Post by hack3rcon »

steve_v wrote:
hack3rcon wrote:impossible to install Comodo Antivirus on Debian 10?
Until Comodo fix their package, it's impossible to install without also installing an outdated and insecure version of openssl... Which will break all the other things on your system that need openssl.
Since that package is proprietary software, nobody here can fix it.

Aside, why do you want it to begin with? ClamAV works just fine for mailservers and the like, but that looks like desktop AV... Are you intending to scan a windows install on another disk or something?
I want to protect my Linux desktop from Malwares and...

hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#7 Post by hack3rcon »

stevepusser wrote:Ask yourself if an ancient program like that is even still supported, and why you think it would have modern virus definitions. I sincerely doubt it, and Comodo has a bad security reputation to begin with.
Thus, which Antivirus is OK for a Linux Desktop? I know something like Bitdefender, Dr.Web, Kaspersky and Sophos, but they are not free :(

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#8 Post by stevepusser »

Linux is still quite free from malware. Keep your system updated, don't do stupid things like run programs from dodgy sites, and you can be safe. You only need AV if you want to scan files for Windows malware to avoid passing on to someone else still running Win.

Lots more users hose their own systems by following idiotic random guides in some blog to get the latest (insert program here).
MX Linux packager and developer

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1400
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 79 times
Been thanked: 175 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#9 Post by steve_v »

hack3rcon wrote:I want to protect my Linux desktop from Malwares
That's easy, just don't install any malware... Like Comodo Antivirus for example.
The reality is that there isn't enough desktop-oriented malware that runs on GNU/Linux for it to be a concern, so there's no need for this kind of parasitic scareware either.
Trust your maintainers, get your software from the official repos, and don't leave unsecured SSH servers exposed to the 'net. You'll be fine.
hack3rcon wrote:I know something like Bitdefender, Dr.Web, Kaspersky and Sophos, but they are not free

Not only are they not free, they're not useful either.
99.99% of the signatures they ship are for Windows malware, and the .01% that affect GNU/Linux primarily target webservers and out of date wordpress installs anyway. Those are not a problem unless you are a terminally-lazy sysadmin.
Forget what you know. GNU/Linux is not Windows, and installing random .deb files (or .run installers, *shudder*) from a proprietary vendors website is not how software should be installed if you value your sanity.

If you really must have your Antivirus-placebo, you're far better off using ClamAV from the Debian repos than trying to install some random blob from a random website... Because the latter is a much bigger threat to your system than any malware that actually exists.
stevepusser wrote:Lots more users hose their own systems by following idiotic random guides in some blog
Indeed, for newcomers that's probably almost as common as hosing their systems trying to install the "Linux version" of whatever nasty proprietary software they were using on Windows. :P
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#10 Post by hack3rcon »

stevepusser wrote:Linux is still quite free from malware. Keep your system updated, don't do stupid things like run programs from dodgy sites, and you can be safe. You only need AV if you want to scan files for Windows malware to avoid passing on to someone else still running Win.

Lots more users hose their own systems by following idiotic random guides in some blog to get the latest (insert program here).
You wrong: https://en.wikipedia.org/wiki/Linux_malware#Botnets

hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#11 Post by hack3rcon »

steve_v wrote:
hack3rcon wrote:I want to protect my Linux desktop from Malwares
That's easy, just don't install any malware... Like Comodo Antivirus for example.
The reality is that there isn't enough desktop-oriented malware that runs on GNU/Linux for it to be a concern, so there's no need for this kind of parasitic scareware either.
Trust your maintainers, get your software from the official repos, and don't leave unsecured SSH servers exposed to the 'net. You'll be fine.
hack3rcon wrote:I know something like Bitdefender, Dr.Web, Kaspersky and Sophos, but they are not free

Not only are they not free, they're not useful either.
99.99% of the signatures they ship are for Windows malware, and the .01% that affect GNU/Linux primarily target webservers and out of date wordpress installs anyway. Those are not a problem unless you are a terminally-lazy sysadmin.
Forget what you know. GNU/Linux is not Windows, and installing random .deb files (or .run installers, *shudder*) from a proprietary vendors website is not how software should be installed if you value your sanity.

If you really must have your Antivirus-placebo, you're far better off using ClamAV from the Debian repos than trying to install some random blob from a random website... Because the latter is a much bigger threat to your system than any malware that actually exists.
stevepusser wrote:Lots more users hose their own systems by following idiotic random guides in some blog
Indeed, for newcomers that's probably almost as common as hosing their systems trying to install the "Linux version" of whatever nasty proprietary software they were using on Windows. :P
Thanks, but some software doesn't exist in the official repositories. For example, Maya Linux.
If Windows OS has more Malware because it has more users.

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1400
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 79 times
Been thanked: 175 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#12 Post by steve_v »

Like I said, all targeting servers. Many of which spread using vulnerabilities long since patched (shellshock) or services nobody in their right mind would run on a desktop or expose to the internet (telnet). IOT is a special case and falls squarely in the "terminally lazy" category because manufacturers never ship updates on time.

Pretty much all malware that can infect a GNU/Linux box does so through a vulnerable and/or out of date internet-facing service... Since the vast majority of people don't run those on their desktops, the vast majority of GNU/Linux users have nothing to worry about.
hack3rcon wrote:Thanks, but some software doesn't exist in the official repositories.
Of course. But installing it is very much at your own risk. Be careful which dubious blog post you follow, and make a system backup before you go mucking with important config files, especially /etc/apt/*.
You can't expect the Debian maintainers to maintain, update, or audit software they have no source code for, so you'll just have to trust $corporation instead. In the case of outdated libraries like libssl, it's neither practical nor reasonable to hold up the entire OS just for one piece of uncooperative software.
Personally I suggest you try native alternatives wherever possible. We may not have an open-source Maya, but there is a lot of good stuff in the repos, and it's all free.

hack3rcon wrote:If Windows OS has more Malware because it has more users.
It does, and it is. But it's also because Microsoft's hopeless installer system and dubious privilege separation has trained users to constantly download random software from random websites, and "run as administrator" or disable UAC as the first step in any troubleshooting.
GNU/Linux has been a multi-user OS from the very beginning, so user-separation and security has always been a priority. UNIX-like systems were running on mainframes with hundreds of users back when Windows still ran on top of DOS with no access controls whatsoever. Hell, they were doing it before windows existed.
UNIX started the internet, and the vast majority of internet-facing servers today run systems built around the same principles - namely GNU/Linux or BSD. That is at least in part because they're more secure by design.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#13 Post by reinob »

hack3rcon wrote:
stevepusser wrote:Linux is still quite free from malware. Keep your system updated, don't do stupid things like run programs from dodgy sites, and you can be safe. You only need AV if you want to scan files for Windows malware to avoid passing on to someone else still running Win.

Lots more users hose their own systems by following idiotic random guides in some blog to get the latest (insert program here).
You wrong: https://en.wikipedia.org/wiki/Linux_malware#Botnets
I bet the probability of you managing to *actively* run one of those "malware" pieces is lower than that of you getting to install/run that Comodo antivirus of yours, which is already low enough.

So don't worry.. or worry about something else :)

hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#14 Post by hack3rcon »

steve_v wrote:
Like I said, all targeting servers. Many of which spread using vulnerabilities long since patched (shellshock) or services nobody in their right mind would run on a desktop or expose to the internet (telnet). IOT is a special case and falls squarely in the "terminally lazy" category because manufacturers never ship updates on time.

Pretty much all malware that can infect a GNU/Linux box does so through a vulnerable and/or out of date internet-facing service... Since the vast majority of people don't run those on their desktops, the vast majority of GNU/Linux users have nothing to worry about.
hack3rcon wrote:Thanks, but some software doesn't exist in the official repositories.
Of course. But installing it is very much at your own risk. Be careful which dubious blog post you follow, and make a system backup before you go mucking with important config files, especially /etc/apt/*.
You can't expect the Debian maintainers to maintain, update, or audit software they have no source code for, so you'll just have to trust $corporation instead. In the case of outdated libraries like libssl, it's neither practical nor reasonable to hold up the entire OS just for one piece of uncooperative software.
Personally I suggest you try native alternatives wherever possible. We may not have an open-source Maya, but there is a lot of good stuff in the repos, and it's all free.

hack3rcon wrote:If Windows OS has more Malware because it has more users.
It does, and it is. But it's also because Microsoft's hopeless installer system and dubious privilege separation has trained users to constantly download random software from random websites, and "run as administrator" or disable UAC as the first step in any troubleshooting.
GNU/Linux has been a multi-user OS from the very beginning, so user-separation and security has always been a priority. UNIX-like systems were running on mainframes with hundreds of users back when Windows still ran on top of DOS with no access controls whatsoever. Hell, they were doing it before windows existed.
UNIX started the internet, and the vast majority of internet-facing servers today run systems built around the same principles - namely GNU/Linux or BSD. That is at least in part because they're more secure by design.
Thanks.
I think illumos is better than BSD ;)

hack3rcon
Posts: 746
Joined: 2015-02-16 09:54
Has thanked: 48 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#15 Post by hack3rcon »

Thank you to all.
An my final question: Is ClamAV useful for a desktop Linux?

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1400
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 79 times
Been thanked: 175 times

Re: Why "libssl0.9.8" package doesn't exist for Debian?

#16 Post by steve_v »

hack3rcon wrote:Thank you to all.
An my final question: Is ClamAV useful for a desktop Linux?
Not really, IMO. There is a GUI frontend aimed at desktop use in the form of ClamTK, but it's extremely unlikely that it will ever find anything but Windows viruses. It certainly won't hurt though. vOv
You might also look into rkhunter, which is more concerned with detecting evidence of worms and rootkits, but again it's probably more useful on a server.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Post Reply