unbelievable whats on manjaro website!

[yeti]

All strange behaviours I experienced from bootdisk/rootdisk-0.11-days to now were PEBCAK (HIT SHAPPENS!) or "normal" misbehaviour of hardware or software.
May it stay that way.

OmmmMMMmmmptimismmmMMMmmm... \o/

[sickpig]

its a choice, no issue in believing there are no viruses on linux until u become the victim.
I would rather scan anything which is not from official repos before unpacking or using it. also it doesnt consume any memory if dont run it as daemon so no impact on system resources. but yes if the user consciously chooses to believe that linux world is virus free then its good for them i guess. as they say ignorance is bliss.

most of the reputable websites say anti-virus is required
https://www.pcworld.com/article/3156931 ... ut-it.html

https://www.linux.com/learn/myth-bustin ... ne-viruses

https://www.techadvisor.co.uk/feature/l ... s-3678945/

so it boils down to choice..

[Head_on_a_Stick]

most of the reputable websites say anti-virus is required

FFS d00d, have you even read those links?

Let's go through them:

https://www.pcworld.com/article/3156931 ... ut-it.html

^ This article was written by an idiot who thinks a firewall is required even if no applications which listen to ports are running — in a GNU/Linux system the ports are closed unless an application opens them.

Leaving that aside the idiot happens to agree with me:

While Windows viruses may not affect a Linux machine, a Linux PC can still be a “carrier” for a virus that’s hiding in an executable file, script, or compromised document.

https://www.linux.com/learn/myth-bustin ... ne-viruses

^ No mention of "viruses" here apart from the semantic preamble but this fool thinks that emails with .debs attached are something to worry about...

https://www.techadvisor.co.uk/feature/l ... s-3678945/

^ From this link:

Is Linux virus-free?

For the most part, yes

But apparently a fake ISO image counts as a "virus" to this "expert"

And finally:

I would rather scan anything which is not from official repos before unpacking or using it.

Scanning .deb packages with ClamAV is utterly pointless and will not protect you at all.

HTH

[neuraleskimo]

Interesting conversation...

It seems that we all agree that all hardware, operating systems, and additional software are vulnerable. It also seems that relying on software to scan for known vulnerabilities does not protect systems from zero-day and (a probably large number of) unknown actively used vectors. In fact, the scanning software is itself vulnerable (and potentially the target). As an example, see the following article: http://spectrum.ieee.org/the-human-os/c ... g-software To me, this article says that all/any data is a vector for attack.

It seems that good architecture, layers, safe-guards, and practices are the best defense. Of course, good logging, auditing, and IDS (e.g., OSSEC) are a part of that. To paraphrase James MIckens... If I had to summarize this in three words, "Don't read data." If I had to summarize this in two words, "No data." If I had to summarize this in one word, "Don't!" Not exactly related to this topic, but as long as I am mentioning Mickens, this is a good way to spend an hour: https://www.usenix.org/conference/useni ... on/mickens.

[sickpig]

Thanks for the analysis HOAS, your insights are of course going to be relevant than the content of those links as your expertise is probably higher than those authors. And I was referring to scanning archives like tar.gz or zip files. I am a bit wary of unpacking them before they are scanned. I avoid downloading debs from internet as far as possible, there isn't much need for that as official repos have 50k+ packages.

About firewall, for an average user like me, i wouldn't know if any application is doing something which isn't supposed to in the background. So i keep gufw to the default setting of incoming allow outgoing deny. looking at your earlier post i suppose you wouldn't approve of keeping a firewall turned on either. but ur knowledge is 1000 mine is 10 or mayb 20, so until i gain more knowledge keeping firewall on seems the right thing to do.

neuraleskimo, thanks for sharing the links. Saved them for my evening commute read

[sunrat]

So i keep gufw to the default setting of incoming allow outgoing deny.

I'm pretty sure you got that bass-ackwards.
You can check if ports are closed from the internet on your computer at Shields Up! - https://www.grc.com/x/ne.dll?bh0bkyd2 You will most likely find they are all closed on a default Debian install. If you connect using NAT through a router you will be doubly protected, no firewall configuration necessary. The only reason I use ufw is to open ports for specific applications like torrent clients or Syncthing.

[sickpig]

m using closed source alternative of synthing but yes i have opened the ports needed for it. u right about the ports, its incoming deny thats the default setting on gufw

[sickpig]

update:

I read up on firewalls and experimented. Turned it off and checked my syncthing closed source clone still worked! halleuah, i then systemctl disable ufw and turned it off in gufw as well.

rebooted, checked systemd-analyze plot > plot.svg and no mention of ufw.service, up till now it had been the longest time consumer showing up in red. but no more

then i start off my quest to see if i can find a way to scrutinize suspicious .deb files just in case if i need to. As this thread has been clear in postulating that scanning linux executables is beyond the scope of present day anti virus solutions.

Came across this article https://www.addictivetips.com/ubuntu-li ... tribution/

and then realized that i can view contents just as well using the xarchiver in right click of pcmanfm. but yes the logic of how to analyze .deb file was explained in the above link.

anyhoo i discovered another gem, when compiling from source u dont have to always install, u can always run the binary from the build out folder. hahahaha i never have to worry about packaging debs ever now, if i ever come acorss something coded in C then i will just stop at make command and run it from the build out folder. how cool.

not that i come across many situations wherein i need something which is not in official repos.

I miss my security blanket of clamav, simpler times they were when i thought nothing can harm me as long as i have scanned the downloaded file with clammy (Garry I can hear u convulsing with mirthful laugher )

[sickpig]

bass-ackwards

just like how you were birthed