Most of the documentation of programmes or general troubleshooting on Linux requires copying and pasting commands on the terminal. It is not like Windows where you can use the GUI for most functions.
I have been using computers since the DOS days, so I have been running Windows since Windows began. In all that time, I have had 1 virus and that was on Windows 95 and I would say it was my fault that I got that one. No anti-virus program can protect you from yourself. Not a single one can stop a virus that you give permission to run. I have reloaded many PCs that had hundreds of virus and malware programs on them at the same time. The users waited till they could no longer use the PC before doing anything at all. I did a clean install of all their stuff and gave them a stern talk about their habits. Most "got it" and I never had to deal with their PCs again. Some were back in weeks with the same infections. They could not stop going to the places that got them infected. They are their own worst enemy. "I just need a better anti-virus program," is all they would say. For these people, it wouldn't matter if they were running Linux, they would still find a site that would infect them.
For the vast majority of people and circumstances, what you said is absolutely true. However, there are still attacks that can infect devices without user action. One of the most high-profile examples is the Pegasus spyware that targeted smartphones. Despite the existence of such threats, though, it’s unlikely that antivirus would be equipped to handle them in a timely manner, and they are rare enough that we could almost move them into the tinfoil hat category of security. Consider my comment a mere asterisk on a generally true statement.
@@OcteractSG there is rarely anything you can do in these cases even with the antiviruses. Pegasus for example is a targeted malware to spy on state leaders so run off the mill stuff mostly won't work.
This makes me remember, one time I was an undergrad student, the new guy on the IT of the chemistry dpto of my university, as a sort of temp scholarship. The previous person (also undergrad student) was talkin to me how their PC(windows) was slow, that to even open the browser it was slow. Fast forward a bit, to my first day. I enter the PC, now under my responsibility, try lookin around, everything is kinda slow, then I look at the pc specs. It was an i5, with 4GB ram, for the time, waaay beyond anything you would ever need. I notice that Avast was having issues to start with the system, and google chrome was really slow. I was like "How is this even possible, this thing is a beast and its slow, I will do a malware check just in case, you never know, things are weird here" I download, I think malwarebytes, at the time they weren't so annoying about their free version. I shit you not, it had **+6000 infections**. Avast was compromised, also the browser was fake. And better yet, the things on the machine were somewhat sensible (not money worth sensible, but if lost, there was no backup). It took me 3 days to clean that thing completely.
The only time I ran into a virus was when I received, what looked like an email from my sisters work email address. I forget the way I was tricked into clicking on it. I think it said “Check this out, or pics” or something like that. After clicking on it the HD quickly became unusable slowing to a crawl. I forget what program I was using at the time that I was using to take a “snapshot” of the system but I kept going back to a good version of the Windows os and after an hour or so, I was back to the same messed up situation. I went to the local computer store and bought a new hd and just reinstalled the os. Problem solved. But I can’t help myself, based on what you have seen what do we noobs do that get our systems infected?
As a *relatively* new Linux user, the advantage of having the device running without antiviruses or data collection (both consuming so much of the resources) breaks any disadvantage. Been quite the journey switching to Linux, but the worthiness and the end result is what makes all the effort feel like nothing.
@@kendarr Nice! I started around 3-4 weeks ago on a virtual machine on Windows. Tried Arch and Manjaro for Unity and sound production purposes, but turned out rough. Tried Ubuntu Studio, Kubuntu, Mint, and Xubuntu, and I seemed to settle down on Ubuntu Studio, as it provides the best backend for sound production. I felt ashamed, at first, of being a developer that can't deal with Linux, but as soon as I learned the basics, it turned out way better and more fun than Windows.
@@sohypeak432 you've only seen the light, now you must walk into it! Wipe that spyware off your disk and treat yourself with some love and respect - you deserve to use an OS that actually works.
I just switched today to Zorin OS based on Ubuntu 20.4 LTS and I'm really enjoying it , is just amazing. Also Zorin is friendly UI for those that always use mac os or windows
I worked at a very large company and we had windows and linux users in the same network. The internal servers that ran linux did have anti virus to hinder the distribution of windows and mac malware (mostly ransomware) because we were sometimes attacked by hackers.
Excellent. As a noob to Linux and a very long time Windows user this is reassuring. I’ve brought up the Typhoid Mary-ish aspect in a couple of different places and most everyone couldn’t care less. But with all the crap that’s happened and will happen, better to harden things in my view!
Most users use their OS as a bootloader for their browsers. If you use linux I recommend that instead of intalling an antivirus you do what's said on the video + hardening your browser like installing an adblocker and blocking popups
I would say "do you need" and "should you" are very different questions. You don't need but you should consider it. Yes, there are not many linux based viruses, but as you said, if you use linux as a file server it makes a lot of sense. So it depends. The other thing to keep in mind is, that when it comes to security it doesn't hurt to be ahead of the curve. Since you mentioned firewalls. Do you need to run a firewall: no. If you are a regular desktop user then there should be nothing configured that listens on external ports. Everything should only use loopback. Yes, firewalls are a lot more common. The reason is that there are a lot of systems that need it thats why it is rather easy to do. It would be nice if that happened with virus scanners as well. Make it a lot more easy and accessible to use them and that only happens when a lot more people use them.
Note on ClamAV: it actually ships with an "on-access daemon" (at least it does on RHEL & Fedora) that uses kernel APIs to scan and block access to malicious files when users try to read them. If you are deploying Clam on a server that accepts arbitrary data upload, this is likely what you want to set up (of course, alongside regular full disk scans). I've had Clam deployed in this configuration on a file server for a small office for more than a year now, and I've had significantly reduced number of virus-related tech support calls. But again, this is only to protect Windows clients in the network. TBH it was quite a hassle to set up correctly (especially with enforcing SELinux), so if you've got a Linux desktop instead of a server, it's most likely more work than it's worth.
I’m a new user of Linux and the AV issue keeps crossing my mind. Correct me if I’m wrong but your saying that ClamAV is more helpful when used on servers as opposed to the desktop. Using an AV on servers to prevent a Typhoid Mary-ish situation seems like a good idea.
@@RobertJohnson-lb3qz I’m still a Linux newbie so please don’t quote me on this. I’m only paraphrasing what I’ve learned from people WAYY more knowledgeable about Linux than me and whom I have asked the same darn question [(about ClamAV)] to: ClamAV is a AntiVirus software-program written for the “Linux” operating-system (ie. actually “GNU+Linux”) that scans for Windows viruses. So that you don’t accidentally transfer Windows viruses into someone-else when sharing files between Windows-users and yourself.
There are tons more attack vectors that are very hard to protect against. Imagine a malicious npm package repository gets hijacked and it has millions of installs. If a software previously known to be legitimate pushed some malicious updates you're going to get infected no matter the OS you're running. Having an AV may protect you against some obvious malicious behaviour or known malicious files and that's good on any OS.
I appreciate not only the definitive answer but the reasoning behind the answer. Again, thank you so much for your videos and all you do for the Linux/FOSS community, esp us noobs out here. 🙂
This was so funny. I was do a Linux Mint install on my stream today and we got talking about viruses and malware on Linux. At the end I always tell people about your channel and low and behold here you are talking about the same thing. I remember back in college, in one of my classes about operating systems, someone asked "Why does Windows get all of the viruses and Linux gets none?" I raised my hand and told the class that the reason for this is because all of the viruses are written on Linux and we are not going ti infect our own systems. Joking aside, if Windows users treated their system the same way those of us on Linux do, update the system every time it shows one available, use strong password, stop auto logging in , and stop downloading stuff without knowing who or where it came from, then they would not have to user anti-virus. Using common sense is the biggest thing you can do to stop, I am guessing, 90% of the viruses out there.
I've noticed that, when I immigrated (moved from windows to Linux full time) I realized Linux doesn't really need AV, so that put my digital brain/heart at peace.
Having an anti-virus program on Linux is the best way to scan a hard drive with Windows on it. A Windows virus or trojan is totally dead and can't hide while being scanned from a Linux OS. I either take the drive out and plug it in a Linux desktop or use a bootable USB or CD Linux distro with an antivirus on it. Other than being used as a tool to fix Windows I really don't need an antivirus.
Can u ellaborate? I'd like to use my Linux distros to scan my Windows PC from time to time or the CD method. Please tell me the exact steps it might help others too.
I'm someone who does like having AVs just in case, cuz the best viruses are the ones you can't see/expect and I reckon Linux will see more of those in the future. If you're already "nerdy" enough to use Linux though you might as well harden your system security by yourself, run everything in a VM and make (preferrably external) backups. That's pretty much the foolproof way for any PC user imo
@@julietlouisatravels Well I'm a Windows user so Defender, but also Malwarebytes for scanning every now and then and VirusTotal for everything I download.
One of the things I became used to is to always install software from either Fedora's repository or from Flathub. The sensation I have nowadays when occasionally running Windows and I need to download an application and install is of the same nature of the sensation I have if I forget to buckle my seat belt before driving... It feels unsafe and unnatural. If the day comes when we will really need an anti-virus (I don't think we're there), for me it would be enough that the repositories had an anti-virus scanning every application that is added to the store (if they don't have already). Using Linux is implicitly trusting the repositories and I'm fine with that. Users who download ELF files elsewhere do it at their own peril.
Antiviruses may be useful in scenarios where automation is needed, at the end user level in many cases they generate a false sense of security and unnecessarily consume system resources, which is bad for low-end computers, although they can help people less experienced it should be noted that false positives are not uncommon either. Another important thing is that most antiviruses programs are proprietary software, and together with controversies such as the Avast issue, they may not be as reliable as they seem at first glance.
The only problem I can foresee as a Linux user when they were sending out cd's. My first taste of Linux was Saboyan, adding unknown 3rd party repos. Hackers at least imhop are poisoning the repo in order to infect your computer. Windows uses .exe and the like. Whereas Linux uses packages and tarballs. Not really much of a chance of getting infected, but it's still possible and hackers are writing progs to do that more often now.
I'm one of those that use clam Av, because I'm pretty much the only one around me in regular contact, that uses Linux. It has saved me from passing on a virus or two to someone on a Windows machine. As many I know don't know computers well and am more likely to get something from them, that I could pass onto someone else.
Very informative. Thanks for the video. Was surprised to see that SELinux wasn't mentioned though I understand that that precaution is mainly designed for the server space.
@BWGPEI: Really handy 🙂 (to have a hardware-firewall). In my case I have both a hardware-firewall (in this particular case, it’s built-in to the router I currently-use) and a software-firewall installed in each of the computers I use 🙂. Double the protection 🙂.
AV is only a safety net for those that just randomly click on things and dont pay attention to what they're executing, you dont really need to run it on anything technically. The main issue is primarily the user's habits and how the software is distributed and obtained.
@@boody8844 thats why i always reverse engineer and binary analysis my pirate software in a virtual machine jk i dont know what any of those terms mean
This isn't entirely true either though. There are ways your machine could become compromised just from visiting sites as you normally would. Updating your machine can also cause this. While an AV isn't going to protect you from everything it can help mitigate certain attacks.
@@boody8844 eh? I mean not really. The piracy community is generally pretty bloody good at filtering out all the spam, you just need to know the right places to look. It's honestly not even a hassle to learn, you just need to know a few site names and you're set. Some are specifically curated, others run on a reputation system so people who have been frequently posting for several years with thousands and thousands of upvotes have functionally a 0% chance of containing malware, etc. Honestly I'd argue downloading cracked software with a modicum of competency is probably safer than downloading obscure freeware you can find online to do similar tasks.
@@mrnulll An antivirus can actually make you more prone to such attacks by giving you a false sense of security, which in turn leads you to visit those sites because "well, I have an antivirus, nothing will happen" without knowing that there are ways to bypass AVs, including infecting GPU VRAM, malware developers are totally aware of this.
Linux Cast, another great Linux youtuber, recommends updating your system once a week or every couple of weeks. I've set up a crontab to do it automatically.
Throwing out a generic "you don't need an AV" is throwing out a generic "I don't know who you are but I know you're smarter than any hacker you can find online" which is quite a statement without knowing who you're talking with
A lot of people bring up good points about the whole "don't visit sketchy websites or download sketchy files" but that doesn't help when more reputable piracy sites can look just as sketchy as any other site out there As someone who will openly admit to practicing piracy, I can attest some sites do look a bit sketchy but provide what you're looking for. Some of them look pretty damn legit and professional and you can still get viruses If you're gonna pirate something, you definitely need an anti-virus software just in case because it can be a mixed bag for what's safe and what's not safe Also- even though sites like VirusTotal exist- VT only works with files of around 660MB, which a lot of modern games and programs exceed in size which makes the website a bit redundant and not that useful In general some common sense can help but, it can't always stop a virus if you go through a piracy site for a copy of a game that's $500 for a real copy because of price jackers and scalpers
it will detect trojan in 99% of cases, you can't pirate and use AV at the same time effectively. if you add everything to exclusion you might as well not use av to begin with.
I hear a couple of years ago Linux servers and even a few Linux PC users in over fifty countries faced their first-ever major worm attack- and it didn't even involve the typical vectors for Linux malware, like infected email attachments from Windows or Mac users with a few lines of code at the end that, upon detecting Linux, contaminate the packages of such machines by abusing the "sudo apt upgrade" command if they see a particular repository vuln, or trojans WINE-ing their way in through infected Windows install packages. I see it as a rite of passage for a relatively-obscure type of OS.
It depends on the user and the demographic of the user as well (this actually applies to Windows users, and for crying out loud, Windows users, don't have your admin account the same as the first account that you setup, such a simple extra thin layer of protection, not much, but better compared to not doing it and not even having a password). Most of your script kiddies don't mess with Linux, because typically the users are more cautious compared to Windows users. But as far as virus/malware etc, it doesn't even have to directed at Linux specifically, but cross platform software in general. For instance, a few yrs back there was nasty malware being used in PDFs when opend/read in browsers, especially as default. That was no bueno on all 3 systems. Stuff like that.
I have ClamAV set to run and update at times when I'm unlikely to be using my computer. For me, it's like the grip safety on an M1911: It's not hurting anything to have it, and it might help.
Since you mentioned ssh there is one thing that is a must to do: Never ever use deafult port for ssh,change it to any other except 22 for security reasons. What i said doesn't come from me but from cisco. I will give you good reason to avoid default port. Few days ago i came across list of trojans and ports they use and one of them used 22. Whenever you're implementing something avoid defaults at any cost especially if you're hardening your security and you as advanced linux user know it but most don't. If you really wanna keep undesirables from your system and network consider using digital certificates. Certificates aren notorously difficult to break through but still not impenetrable but they add layer of security, they are equaly notoriously diffuclt to write.
Great video and a good topic for commenters bouncing ideas of each othe when thinking about solving problems. Sometimes the linux box is the firewall or squid proxy (or similar) and so antivirus is on there generally anyway as an option. Extra layers of security are not a replacement for security though. For example, making a choice between dependency tree and containers is an example because containers are not a replacement for security but an extra layer of security. Encouraging distros that still use dependency tree installs for software already on the (CD/DVD) ISO file _(rather than deprecating old software in favour of assuming an app-Image or SNAP packake or Flatpak as a future of application distribution)_ prevents an eggs in one basket scenario. It is often more lightweight on hardware generally and keeps older microarchitectures that stood the test of time _(and old architectures in general)_ as an extra string to the bow even if the processing power and storage are older and humble, rather than having all eggs in one basket with the latest approach of early adoption. A method of application distribution that can give you everything is also a method of application distribution that can take everything away from you. If using SSL, ask yourself if you want to use LibreSSL. Likewise SSH and secure sockets are useful so that not everything has to be done by tunnelling which after all can potentially hide a hack that somehow manages to get in. There are pros and cons to VPN. It is not to say bad things about VPN but rather to be mindful of taking a nuanced approach to having the right tool for the job at hand. The compromises of today become the standards of tommorrow. A password is one way to use an identity layer. An OpenPGP card might include GnuPG. It is not just what you are signing into but by what mechanism you do so which you take into consideration. LAM MPI (See Open MPI) comes from excellent work at Indiana University as in Open Indiana OS. sometimes looking out side of linux _(even if only to return to linux perhaps)_ for an OS and technology is a way to keep options open. Using a Linux antivirus is an opportunity to reach out to and donate a few dollars to those linux coders, keeping them in the loop. Antivirus software exists not only to protect against a malicious software but to write malicious software preemptively sort of like ethical hacking. Even if those "potential" malicious softwares never pop into existence, the knowledge of what thet technology can do thereby does come to pass. As such there is utility in the existence and publicising of the software which is also a body of knowledge in that form. This software technolgy and spreading of an idea (sometimes including peer review) can influence future hardware design for example of a custom microarchitecture. Ironically, that very microarchitecture _(for example of a CPU, gate-array or some other component)_ also may never come into existence in a more tangeable real-life (such as hardware) form but may remain in emulation forever more. Preemptive distributed "ethical hacker" hacks against ledger poisoning and DHT attacks are another way to anticipate and prevent malcious software events. Speed of scanning with ClamAV _(or some other antivirus)_ can be planned for when building your computer such as whether or not you desire a filesystem which does a lot of its work in memory (like ZFS) because do rmeber that will use memory even though you might desire that for something else at that moment. So consider using a fast journaling system like Reiser4.04 (e.g. for Debian10 see metztli) and whether or not you want to thereby use a magnetic HDD rather than a SSD (or NVMe) since journaling can be hard on the NAND semiconductors for wear and tear. The HDD also avoids the namespace passthrough mess of NVMe for virtualisation. Some might say an antivirus for a virus that does not exist yet is unnecessary detail, an answer to a question nobody asked, however, also, they say there is no such thing as bad data. Many a prototype in software exists and becomes useful later and that is not exclusive a concept to merely an antivirus software. For example the notion of voxel graphics being used on old dumbphones retroactively was an example of that happening. Remember what license you might sek for software (and it can affect antivirus too). Ask yourself of a license you seek to use, "Is there a GPLv2 or GPLv3 or or MPL or MIT or Apache or BSD and so on?"_ The Botan software library can be an impressive software where people desire that license. If you adopt container distribution, ask yourself if you seek to forever relying on the fastest for example where BitSwap is IPFS _(a use case being IPFS and Netflix as an example)._ Consider also if you are using encryption that relies on a hardware specific instruction set. Antivirus software can also be a form of proprietary software but also FOSS software (or even Public domain) and so the technology, by means of existing when written as a FOSS (or copyleft, etc.) antivirus software, can be a future contribution to a technology yet to be invented and that might be in the Public Domain such as by Copy-Left. Not only does an antiivirus get written but also some sort of documentation comes with it, be that a manual _(as in the constructive heads up for 'RTFM' meaning 'read the flipping manual')_ or a humble changelog. As somebody with a stationery fetish, knowing that I can have the liberty to draw a chart over time of antivirus changelogs to further embellish the picture-framed graph-paper adorned walls of my catacombs HQ really makes my day. I can sleep like a baby at night knowing that in my world every potential bug is a potential feature. Relax, guys. As I whisper the innoculating sweet nothing of "trust me" into your ears, you can rely on me, just like you can rely on Porton Down. My comment has no hate in it and I do no harm. I am not appalled or afraid, boasting or envying or complaining... Just saying. Psalms23: Giving thanks and praise to the Lord and peace and love. Also, I'd say Matthew6.
Even in Windows, you don't really need an antivirus as long as you don't do 'stupid' things. But yea, get a firewall. Preferably a hardware firewall. I highly suggest Firewalla Purple for Internet speeds < 1Gbit or Firewalla Gold Plus for Internet speeds > 1Gbit.
Arguably, a hardware firewall and a well configured (or "notifying") software firewall are nice to have. Can recommend Firewalla for ease of use. Blue or Purple.
if you go to the right places on the internet. you will be fine. my parents tell me that all the time. i don't think linus needs an anti virus. but it is my first time using it. and i like it. it is fast on my dell pc
Very sensical. I do all of that, and I never have bank details or logins on any computer. In my head or in the little safe at home in case I forget. MacOS is in a decent position as well - it is BSD Unix at its base, so also open to eyeballs from the community.
macOS is a proprietary product, and it's actually a hybrid between Mach and BSD, macOS and derivatives use code from an old FreeBSD version and beyond that they're completely different beasts, the same goes for Sony's Orbis OS even though the latter is indeed a direct derivative of FreeBSD, since its proprietary stack and display server are completely different from the open source ones.
Just Linux users don't usually distribute software via executables due to dependencies. It's always packages that are usually from well known repositories. Modern Windows OSs also block exe-files distributed over the net.
Antivirus on Linux is more for detecting viruses for other operating systems than it is for Linux viruses. Sure Linux viruses do exist, but it's not likely for one to get on your system if you follow the common sense best security practices. I've run Linux on a desktop for over 20 years now and not once have I ever gotten a virus for Linux on a Linux desktop. I've only ever run an AV on Linux to check files for other operating systems. When security bugs are found in software on a Linux system, they are usually patched very quickly with the update available to you on your distro of choice by the time you find out about the bug. Unlike other systems that typically release patches on a monthly basis, in the Linux world a security patch gets made, tested, and pushed out very quickly. It's not just one company with thousands of programmers the hackers are fighting against, it's literally a community across the whole world they're up against so when bugs get discovered, someone is almost always working on it to fix it ASAP.
Years ago my laptop had a virus known as Windows. I installed one of the top notch anti virus to get rid of it, "Linux". Ever since then my laptop is virus free and no need of any other AV.
but behavioral analysis is always a good thing to add to your OS, I mean all EDR solutions have more feature than the behavioral analysis and probably are very stupid(still evolving) features, like the heuristic analysis. but when a malware get into your OS, it's not the end of the game(tom and jery as malware analysts say) and should not be, so even if you do a mistake which is really really common. there should be a way to detect that, which is where antiviruses/EDR solutions or any equivalent tool or script you wrote yourself etc comes in handy. for example, your got yourself a miner that persists itself by injecting itself in a dependency that must run on the startup of the OS, so would you just consider it the end? I don't think it's the good way to think of this, you still can check the integrity of your binaries or analyse behaviors of some binaries (for example some binaries shouldn't be able to spawn other processes). so there is another stage after you get "hacked", that's where having an antivirus or any thing similar could be useful. so most folks would say, don't download random stuff from the internet. don't just run command... etc. but the person himself don't read source code of a certain 3d party software some of which WMs and status bars, and so on. and to be honest almost nobody does. so we all can get hacked at any point in time. now the same person would say that he haven't got hacked ever in his life. but then, he's not a corporation and he's not attracting too much attention to his setup to begin with. so considering yourself(in general) secure just because you are careful of what you download has some shades to it. also let's consider you read each package source code before you decide to use it... even then if there is a bug in that package you probably won't know that so vulnerabilities are not a thing you avoid just by downloading the famous packages or reading the code of what you download. I know that nobody can get away form this, so here is where the automation comes in handy, now the vulnerability as simple as a very stupid buffer overflow but the user(even some security specialist) can't notice the exploit when it happens. but the automation can. so saying that you don't need an AV/EDR is kinda not really true, I wrote many malware samples on windows and even windows defender(really shitty) caught some of them when I try to do some shady remote execution. where the user won't notice anything while he's watching his cats videos on catshub.com. so basically and generaly, automation is a really good thing to have in your poor operating system.
I've been using a hosts file to block ads and unwanted sites for years. It makes the Internet a much nicer place, and makes a lot of the initial infection vectors simply unavailable. I use the winhelp2002 file, although the maintainer has kind of abandoned it at this point.
Thanks for the overview. It applies to all systems as well! Doing everything you've said will lock down most machines! Could you do a web browser security setup with password management video? Web browser's, portable hotspots & routers such as Net Gear have many settings that are not explained as optimal configs.
another nice "keep your heads up" video DT ^^ it's true enough, whatever OS got the most "normie" users, that is what OS you gonna craft your virus for. but whatever OS is used, malware that doesn't need user interaction aside. the one behind the keyboard tend to be the one that installs them. and if Linux ever become the standard desktop, I think it's interesting in the sense of "how do you craft such"
Around the 5:40 time mark, disk encryption is talked about. My questions are "Can't someone guess or crack the password for that as well? Does disk encryption stop the files on your drive from being readable when connected to another machine or from a live disk? Am I missing something?"
Usually (in case of Linux disk encryption, but also bitlocker) the startup password is a key to decode a more complicated key that is actually used to encrypt your computer. The thing is that this short "user input" key takes a long time to decode the "large key", that is then loaded in your memory and using a simpler encryption algorithm so your computer runs fast. So, unless you're using a easy password that can be found in a dictionary, even a supercomputer can take an inmesurable amount of time to brute force your short password, just because with every try it has to do very complicated calculations just to try to decode the decryption key. I have a slow laptop laying around with full disk encrytion and after inputting a 10 character password takes 30 seconds of iterations to decode the actual encryption key. Even if a supercomputer just takes a nanosecond, it would still take thousands of years. And the actual encryption key is like guessing a bitcoin address - would take a quantum leap or more time that the life of the universe. Now, if you use a computer with a TPM module (and I don't trust them) that module stores the decoding keys and is charged to disallow any tampering.
After I had some issues with external HDD, I felt I have to install clamav on my desktop. No viruses 😀 Although I'm using btrfs, I think DT reminded me about firewall. It's a good idea. Thank you, Derek! 🙂
For me, the biggest threat to my Linux distro is me. I tend to manipulate my operating system for fun and experiment. So I had to reinstall or try a new distro at least once a year. LOL :)
100% they absolutely should. It is a misconception that viruses are only related to Windows but now that viruses are targeting Linux based servers, it's becoming a thing to make Linux based viruses for databases that use Linux. The problem is there aren't any.
In general virus and malware crap is enduser caused - driveby attacks exist though - but if you’re an average user that runs in a highly privileged account because sudo is annoying (which is the main reason why windows was so open in the past until they locked that away behind the uac prompts over a decade ago) you can always cause mayhem, no matter the os - Don’t install random stuff and stay away from dodgy sites and you’ll be fine!
Yeah, just run all copy-paste scripts from Internet as sudo users :D actually it would be nice if some program could check for the user WHAT is he running from external curled or copypasted script. This would be extremely useful for new users especially.
No sure yes but as a good backup from over network possibly, self-replicating, be a good idea to still have AV on Linux and occasionally run it to scan entire drive.
When I switched from Windows to Linux I had a key for an antivirus on Windows which worked on linux as well so I installed it and has so far it has not detected a single threat, I will probably still renew my license after it expires as it is always a good to have.
DT mentions updates in linux. As soon as he mentions the word update, I look and darn sure nuff, I had an update. Getting like windows with the updates, honestly
I update at the start of every day. Takes a few minutes to download a couple of small updates rather than a big download of multiple updates plus a bunch of installs once a week or so. But that's just me.
Bad advice. Yes, you need antivirus, especially if you're using your system to store files for your other systems around the house or business, or store backups of your windows systems. The advantage of running an antivirus software on a NAS box means if your windows machine is infected, the backups will NOT carry it past that point. When I worked as a computer lab tutor, we had virus issues on our server on a DAILY basis. The server itself largely isn't affected, but do you really want to be the CAUSE of a campus wide infection?
I just installed Mint old my old Thinkpad as a testing ground before a very possible full migration once support for Windows 10 ends next year. The idea that an antivirus is not necessary is so wild to me (but a pleasant surprise of course)
i am a linux main since 2 years... i used to have a bug where windows defender would do a full scan off my SSD while booting. literally 100% drive usage all the time..
The thing is, if you use both windows and linux on different devices, even if a malware doesn't affect linux, your linux device can still be a vector for your windows device.
Great video DT. I use ClamAV which perfect for my system76 machine. Even the support team at system76 highly recommend to use it. Funny thing if you look at Norton, Symantec, McAfee, and some of the other big anti-virus software companies. They only support Windows and Mac. LOL 😆 🤣 😂.
Interesting video DT how about a video for us newcomers on setting up firewall and disc encryption and maybe SSH although the later maybe for a more experienced user
Its Funny I agree with you, but most enterprise IT shops that have to meet PCI compliance are forced to install antivirus for linux. It is a waste for the most part but compliance is compliance.
I would anyways. You always wanna make it harder for hackers to get into your system. With Linux it’s already really hard, but if you can add an extra wall of security to make it THAT much harder, why not?
DT .... Linux is getting targeted too now with virus and malware now it gets more popular and the linux community should pay attention to that and have AV programs alvailable in my eyes ....
I don't run AV mainly because I don't know a good one. (ClamAV doesn't cut it) I certainly would prefer to have AV that integrates with firefox and scans if site has sus javascript. For now I have to rely on uBlock blocklist only. Being Uncatchable Joe is not the best form of security.
Only wanted to know because i had a nightmare last night that somehow a windows virus ran on my linux mint distro using wine, started installing a bunch of windows 93 apps, and had really weird payloads that were a mishmash of every virus i know (solaris, wannacry, y.exe, youareanidiot, etc) thank god that won't happen.
Clam AV is not in the App center and I can't get it installed. I was able to install Clam TK, but I have no idea how to activate it on Linux. When I tried to activate it in terminal and something did load, but I never have seen the interface on my machine.
For your own system, I would say no reason, unless you have a family computer and kids install every game advertised. OR. Your getting paid to maintain someone else's system, if you get audited, you can blame someone else
Antiviruses are nearly always worse than a viruses itself. Even non-commercial and OpenSource ones which do not steal your data or turn your PC into a part of botnet, they're creating another layer of abstraction with a lot of rights to do with your machine which makes them a huge target to exploit.
This comment is just a suggestion for a topic. I know you do not like to review Alpha releases. But some Alpha releases are very important. For example, Debian Bookworm. That is worthy of discussion. And talk about what you expect to happen by the time another release is published, such as what version of Qt.
They have a virus checker. I ran it a few years ago and it found a lotta virus's too. But they were all attached to imported Window's files. Not much they can do without the PW. I isolated and deleted the files anyway.
i really like linux. it is my first time using it. i didn't know what it was at first. but it has chrome on it and i like it. it kind of sucks you can't put an anti virus on it. but always watch where to go. my parents tell me that all the time. i am really starting to like linux a lot,. but i am still new at it
No, you don't need antivirus. I have been a 100% dedicated Linux user since 1995. The Year of the Linux Desktop was 1995 for me. I've had root on hundreds of thousands of Linux servers at big companies you have heard of. I have never once found a virus on a Linux system. Whenever anyone says they have seen virus on Linux I always ask: Which virus, specifically, was it? How did it get into the system? And having guessed a simple password doesn't count. I have never encountered anyone who can answer these questions. Linux is definitely targeted but it's a very hard target. It isn't simply because it's not so widely used on the desktop. The Linux desktops that are out there tend to be very high value targets which have access to things. The funny thing about clamav is that it pretty much only detects Windows viruses. Linux has better security controls like SELinux and fapolicyd which obviate the need for antivirus even in a very hostile environment. Why run antivirus when you are already basically whitelisting?
Are all humans the same, since we all originated from Africa? No, mac and linux were originally based off Unix, since that was a popular and good os in that time. They've grown and evolved mostly separately. Mac binaries can't run on linux and vise versa. Of course the same source code can be compiled into the os specific binaries on both machines, but as far as downloading a file and running it, the binary needs to be formatted in a way specific to that os
@@Anonymous4045 well, all humans everywhere no matter how separately they evolved ended up pretty much equally susceptible to covid right? That said, the second part of your answer explains it perfectly. Basically any program compiled for macOS cannot run on Linux. Thanks :))
Im running Linux and a week ago every time i strt the system im getting around 10 notifications that are some type of virus or malware . So linux developers need to rethink not putting some type of protection in as standard.
Short answer: No.
Long answer: No. However, do not copy and paste random commands found on the World Wide Web, and only use sudo privileges sparingly.
right... "sparingly"
But you would need an AV only if you are a pirate
Like just incase if something happens
i use sudo all the time. and i reformat my PC always (✿◠‿◠)
Most of the documentation of programmes or general troubleshooting on Linux requires copying and pasting commands on the terminal. It is not like Windows where you can use the GUI for most functions.
just call it web nerd
I have been using computers since the DOS days, so I have been running Windows since Windows began. In all that time, I have had 1 virus and that was on Windows 95 and I would say it was my fault that I got that one. No anti-virus program can protect you from yourself. Not a single one can stop a virus that you give permission to run. I have reloaded many PCs that had hundreds of virus and malware programs on them at the same time. The users waited till they could no longer use the PC before doing anything at all. I did a clean install of all their stuff and gave them a stern talk about their habits. Most "got it" and I never had to deal with their PCs again. Some were back in weeks with the same infections. They could not stop going to the places that got them infected. They are their own worst enemy. "I just need a better anti-virus program," is all they would say. For these people, it wouldn't matter if they were running Linux, they would still find a site that would infect them.
For the vast majority of people and circumstances, what you said is absolutely true. However, there are still attacks that can infect devices without user action. One of the most high-profile examples is the Pegasus spyware that targeted smartphones. Despite the existence of such threats, though, it’s unlikely that antivirus would be equipped to handle them in a timely manner, and they are rare enough that we could almost move them into the tinfoil hat category of security.
Consider my comment a mere asterisk on a generally true statement.
@@OcteractSG there is rarely anything you can do in these cases even with the antiviruses. Pegasus for example is a targeted malware to spy on state leaders so run off the mill stuff mostly won't work.
This makes me remember, one time I was an undergrad student, the new guy on the IT of the chemistry dpto of my university, as a sort of temp scholarship.
The previous person (also undergrad student) was talkin to me how their PC(windows) was slow, that to even open the browser it was slow.
Fast forward a bit, to my first day. I enter the PC, now under my responsibility, try lookin around, everything is kinda slow, then I look at the pc specs. It was an i5, with 4GB ram, for the time, waaay beyond anything you would ever need.
I notice that Avast was having issues to start with the system, and google chrome was really slow.
I was like "How is this even possible, this thing is a beast and its slow, I will do a malware check just in case, you never know, things are weird here"
I download, I think malwarebytes, at the time they weren't so annoying about their free version.
I shit you not, it had **+6000 infections**. Avast was compromised, also the browser was fake. And better yet, the things on the machine were somewhat sensible (not money worth sensible, but if lost, there was no backup). It took me 3 days to clean that thing completely.
The only time I ran into a virus was when I received, what looked like an email from my sisters work email address. I forget the way I was tricked into clicking on it. I think it said “Check this out, or pics” or something like that. After clicking on it the HD quickly became unusable slowing to a crawl. I forget what program I was using at the time that I was using to take a “snapshot” of the system but I kept going back to a good version of the Windows os and after an hour or so, I was back to the same messed up situation. I went to the local computer store and bought a new hd and just reinstalled the os. Problem solved. But I can’t help myself, based on what you have seen what do we noobs do that get our systems infected?
@@RobertJohnson-lb3qz For most people that are constantly infected, they love porn sites. For the rest, they click anything that says "FREE!" 🤣
As a *relatively* new Linux user, the advantage of having the device running without antiviruses or data collection (both consuming so much of the resources) breaks any disadvantage.
Been quite the journey switching to Linux, but the worthiness and the end result is what makes all the effort feel like nothing.
Where did you start? What where the main issues? I'm curious, I'm 2 years now running the penguin I belive
@@kendarr Nice! I started around 3-4 weeks ago on a virtual machine on Windows. Tried Arch and Manjaro for Unity and sound production purposes, but turned out rough. Tried Ubuntu Studio, Kubuntu, Mint, and Xubuntu, and I seemed to settle down on Ubuntu Studio, as it provides the best backend for sound production.
I felt ashamed, at first, of being a developer that can't deal with Linux, but as soon as I learned the basics, it turned out way better and more fun than Windows.
I feel the same way.
@@sohypeak432 you've only seen the light, now you must walk into it! Wipe that spyware off your disk and treat yourself with some love and respect - you deserve to use an OS that actually works.
I just switched today to Zorin OS based on Ubuntu 20.4 LTS and I'm really enjoying it , is just amazing.
Also Zorin is friendly UI for those that always use mac os or windows
I worked at a very large company and we had windows and linux users in the same network. The internal servers that ran linux did have anti virus to hinder the distribution of windows and mac malware (mostly ransomware) because we were sometimes attacked by hackers.
Excellent. As a noob to Linux and a very long time Windows user this is reassuring. I’ve brought up the Typhoid Mary-ish aspect in a couple of different places and most everyone couldn’t care less. But with all the crap that’s happened and will happen, better to harden things in my view!
Most users use their OS as a bootloader for their browsers. If you use linux I recommend that instead of intalling an antivirus you do what's said on the video + hardening your browser like installing an adblocker and blocking popups
I would say "do you need" and "should you" are very different questions. You don't need but you should consider it.
Yes, there are not many linux based viruses, but as you said, if you use linux as a file server it makes a lot of sense. So it depends.
The other thing to keep in mind is, that when it comes to security it doesn't hurt to be ahead of the curve.
Since you mentioned firewalls. Do you need to run a firewall: no. If you are a regular desktop user then there should be nothing configured that listens on external ports. Everything should only use loopback. Yes, firewalls are a lot more common. The reason is that there are a lot of systems that need it thats why it is rather easy to do. It would be nice if that happened with virus scanners as well. Make it a lot more easy and accessible to use them and that only happens when a lot more people use them.
Note on ClamAV: it actually ships with an "on-access daemon" (at least it does on RHEL & Fedora) that uses kernel APIs to scan and block access to malicious files when users try to read them. If you are deploying Clam on a server that accepts arbitrary data upload, this is likely what you want to set up (of course, alongside regular full disk scans).
I've had Clam deployed in this configuration on a file server for a small office for more than a year now, and I've had significantly reduced number of virus-related tech support calls. But again, this is only to protect Windows clients in the network. TBH it was quite a hassle to set up correctly (especially with enforcing SELinux), so if you've got a Linux desktop instead of a server, it's most likely more work than it's worth.
I’m a new user of Linux and the AV issue keeps crossing my mind. Correct me if I’m wrong but your saying that ClamAV is more helpful when used on servers as opposed to the desktop. Using an AV on servers to prevent a Typhoid Mary-ish situation seems like a good idea.
@@RobertJohnson-lb3qz I’m still a Linux newbie so please don’t quote me on this. I’m only paraphrasing what I’ve learned from people WAYY more knowledgeable about Linux than me and whom I have asked the same darn question [(about ClamAV)] to:
ClamAV is a AntiVirus software-program written for the “Linux” operating-system (ie. actually “GNU+Linux”) that scans for Windows viruses.
So that you don’t accidentally transfer Windows viruses into someone-else when sharing files between Windows-users and yourself.
@@reoencarcelado5904 Good info, thanks.
@@RobertJohnson-lb3qz you're welcome :-)
I run ClamAV on my NAS since windows machines do access it.
There are tons more attack vectors that are very hard to protect against. Imagine a malicious npm package repository gets hijacked and it has millions of installs. If a software previously known to be legitimate pushed some malicious updates you're going to get infected no matter the OS you're running. Having an AV may protect you against some obvious malicious behaviour or known malicious files and that's good on any OS.
I appreciate not only the definitive answer but the reasoning behind the answer.
Again, thank you so much for your videos and all you do for the Linux/FOSS community, esp us noobs out here. 🙂
To be honest. The answer in my opinion was flawed. Need to: no. Should you: you should consider it.
This was so funny. I was do a Linux Mint install on my stream today and we got talking about viruses and malware on Linux. At the end I always tell people about your channel and low and behold here you are talking about the same thing.
I remember back in college, in one of my classes about operating systems, someone asked "Why does Windows get all of the viruses and Linux gets none?" I raised my hand and told the class that the reason for this is because all of the viruses are written on Linux and we are not going ti infect our own systems.
Joking aside, if Windows users treated their system the same way those of us on Linux do, update the system every time it shows one available, use strong password, stop auto logging in , and stop downloading stuff without knowing who or where it came from, then they would not have to user anti-virus. Using common sense is the biggest thing you can do to stop, I am guessing, 90% of the viruses out there.
I've noticed that, when I immigrated (moved from windows to Linux full time) I realized Linux doesn't really need AV, so that put my digital brain/heart at peace.
i still install ClamAv into any linux distro to check drives i plug in, its helpful if you want to check a windows drive externally.
Having an anti-virus program on Linux is the best way to scan a hard drive with Windows on it. A Windows virus or trojan is totally dead and can't hide while being scanned from a Linux OS. I either take the drive out and plug it in a Linux desktop or use a bootable USB or CD Linux distro with an antivirus on it. Other than being used as a tool to fix Windows I really don't need an antivirus.
Can u ellaborate? I'd like to use my Linux distros to scan my Windows PC from time to time or the CD method. Please tell me the exact steps it might help others too.
@@fugedabouditAvira rescue disk is a good one. ua-cam.com/video/JbTc2ytl314/v-deo.html
Seconded. Would like to know how to do this to have this trick in my arsenal
That's only true for static signature-based analysis of malware. Behavior analysis is also very important.
I'm someone who does like having AVs just in case, cuz the best viruses are the ones you can't see/expect and I reckon Linux will see more of those in the future.
If you're already "nerdy" enough to use Linux though you might as well harden your system security by yourself, run everything in a VM and make (preferrably external) backups. That's pretty much the foolproof way for any PC user imo
Which AV do you use?
@@julietlouisatravels Well I'm a Windows user so Defender, but also Malwarebytes for scanning every now and then and VirusTotal for everything I download.
One of the things I became used to is to always install software from either Fedora's repository or from Flathub. The sensation I have nowadays when occasionally running Windows and I need to download an application and install is of the same nature of the sensation I have if I forget to buckle my seat belt before driving... It feels unsafe and unnatural. If the day comes when we will really need an anti-virus (I don't think we're there), for me it would be enough that the repositories had an anti-virus scanning every application that is added to the store (if they don't have already). Using Linux is implicitly trusting the repositories and I'm fine with that. Users who download ELF files elsewhere do it at their own peril.
Antiviruses may be useful in scenarios where automation is needed, at the end user level in many cases they generate a false sense of security and unnecessarily consume system resources, which is bad for low-end computers, although they can help people less experienced it should be noted that false positives are not uncommon either.
Another important thing is that most antiviruses programs are proprietary software, and together with controversies such as the Avast issue, they may not be as reliable as they seem at first glance.
The only problem I can foresee as a Linux user when they were sending out cd's. My first taste of Linux was Saboyan, adding unknown 3rd party repos. Hackers at least imhop are poisoning the repo in order to infect your computer. Windows uses .exe and the like. Whereas Linux uses packages and tarballs. Not really much of a chance of getting infected, but it's still possible and hackers are writing progs to do that more often now.
I'm one of those that use clam Av, because I'm pretty much the only one around me in regular contact, that uses Linux. It has saved me from passing on a virus or two to someone on a Windows machine. As many I know don't know computers well and am more likely to get something from them, that I could pass onto someone else.
Very informative. Thanks for the video. Was surprised to see that SELinux wasn't mentioned though I understand that that precaution is mainly designed for the server space.
Just FYI: We have a hardware firewall, and the log shows many "Ping of Death" packets dropped in the last week.
@BWGPEI:
Really handy 🙂 (to have a hardware-firewall).
In my case I have both a hardware-firewall (in this particular case, it’s built-in to the router I currently-use) and a software-firewall installed in each of the computers I use 🙂.
Double the protection 🙂.
AV is only a safety net for those that just randomly click on things and dont pay attention to what they're executing, you dont really need to run it on anything technically. The main issue is primarily the user's habits and how the software is distributed and obtained.
when you are installing a cracked software you are basically crossing your fingers hoping it is not a virus every time
@@boody8844 thats why i always reverse engineer and binary analysis my pirate software in a virtual machine jk i dont know what any of those terms mean
This isn't entirely true either though. There are ways your machine could become compromised just from visiting sites as you normally would. Updating your machine can also cause this. While an AV isn't going to protect you from everything it can help mitigate certain attacks.
@@boody8844 eh? I mean not really. The piracy community is generally pretty bloody good at filtering out all the spam, you just need to know the right places to look. It's honestly not even a hassle to learn, you just need to know a few site names and you're set. Some are specifically curated, others run on a reputation system so people who have been frequently posting for several years with thousands and thousands of upvotes have functionally a 0% chance of containing malware, etc.
Honestly I'd argue downloading cracked software with a modicum of competency is probably safer than downloading obscure freeware you can find online to do similar tasks.
@@mrnulll An antivirus can actually make you more prone to such attacks by giving you a false sense of security, which in turn leads you to visit those sites because "well, I have an antivirus, nothing will happen" without knowing that there are ways to bypass AVs, including infecting GPU VRAM, malware developers are totally aware of this.
Linux Cast, another great Linux youtuber, recommends updating your system once a week or every couple of weeks. I've set up a crontab to do it automatically.
Thank you for this! I've been having this question on my mind for a few weeks now, glad to have it answered. Great video, keep it up! :D
Throwing out a generic "you don't need an AV" is throwing out a generic "I don't know who you are but I know you're smarter than any hacker you can find online" which is quite a statement without knowing who you're talking with
A lot of people bring up good points about the whole "don't visit sketchy websites or download sketchy files" but that doesn't help when more reputable piracy sites can look just as sketchy as any other site out there
As someone who will openly admit to practicing piracy, I can attest some sites do look a bit sketchy but provide what you're looking for. Some of them look pretty damn legit and professional and you can still get viruses
If you're gonna pirate something, you definitely need an anti-virus software just in case because it can be a mixed bag for what's safe and what's not safe
Also- even though sites like VirusTotal exist- VT only works with files of around 660MB, which a lot of modern games and programs exceed in size which makes the website a bit redundant and not that useful
In general some common sense can help but, it can't always stop a virus if you go through a piracy site for a copy of a game that's $500 for a real copy because of price jackers and scalpers
it will detect trojan in 99% of cases, you can't pirate and use AV at the same time effectively. if you add everything to exclusion you might as well not use av to begin with.
I hear a couple of years ago Linux servers and even a few Linux PC users in over fifty countries faced their first-ever major worm attack- and it didn't even involve the typical vectors for Linux malware, like infected email attachments from Windows or Mac users with a few lines of code at the end that, upon detecting Linux, contaminate the packages of such machines by abusing the "sudo apt upgrade" command if they see a particular repository vuln, or trojans WINE-ing their way in through infected Windows install packages.
I see it as a rite of passage for a relatively-obscure type of OS.
Use a strong and complicated password just like DT does !
spot on without being perfect, when this all gets too complicated at least most can do this very good step
Windows user: wait windows itself is a virus?
Linux pro: always has been
It depends on the user and the demographic of the user as well (this actually applies to Windows users, and for crying out loud, Windows users, don't have your admin account the same as the first account that you setup, such a simple extra thin layer of protection, not much, but better compared to not doing it and not even having a password). Most of your script kiddies don't mess with Linux, because typically the users are more cautious compared to Windows users. But as far as virus/malware etc, it doesn't even have to directed at Linux specifically, but cross platform software in general. For instance, a few yrs back there was nasty malware being used in PDFs when opend/read in browsers, especially as default. That was no bueno on all 3 systems. Stuff like that.
Ubuntu means "I am, because we are." It is a traditional creed here in South Africa 🇿🇦. It is pronounced ooh booon too. 😊
original african cultures are beutiful
I have ClamAV set to run and update at times when I'm unlikely to be using my computer. For me, it's like the grip safety on an M1911: It's not hurting anything to have it, and it might help.
That thing is a joke. Now really.....😊
Since you mentioned ssh there is one thing that is a must to do: Never ever use deafult port for ssh,change it to any other except 22 for security reasons. What i said doesn't come from me but from cisco. I will give you good reason to avoid default port. Few days ago i came across list of trojans and ports they use and one of them used 22. Whenever you're implementing something avoid defaults at any cost especially if you're hardening your security and you as advanced linux user know it but most don't. If you really wanna keep undesirables from your system and network consider using digital certificates. Certificates aren notorously difficult to break through but still not impenetrable but they add layer of security, they are equaly notoriously diffuclt to write.
Congratulations on 200k ...u really are doing Great 👍
I love your shirt, man. My exact feelings on Ubuntu.
Great video and a good topic for commenters bouncing ideas of each othe when thinking about solving problems. Sometimes the linux box is the firewall or squid proxy (or similar) and so antivirus is on there generally anyway as an option. Extra layers of security are not a replacement for security though. For example, making a choice between dependency tree and containers is an example because containers are not a replacement for security but an extra layer of security. Encouraging distros that still use dependency tree installs for software already on the (CD/DVD) ISO file _(rather than deprecating old software in favour of assuming an app-Image or SNAP packake or Flatpak as a future of application distribution)_ prevents an eggs in one basket scenario. It is often more lightweight on hardware generally and keeps older microarchitectures that stood the test of time _(and old architectures in general)_ as an extra string to the bow even if the processing power and storage are older and humble, rather than having all eggs in one basket with the latest approach of early adoption. A method of application distribution that can give you everything is also a method of application distribution that can take everything away from you. If using SSL, ask yourself if you want to use LibreSSL. Likewise SSH and secure sockets are useful so that not everything has to be done by tunnelling which after all can potentially hide a hack that somehow manages to get in. There are pros and cons to VPN. It is not to say bad things about VPN but rather to be mindful of taking a nuanced approach to having the right tool for the job at hand. The compromises of today become the standards of tommorrow. A password is one way to use an identity layer. An OpenPGP card might include GnuPG. It is not just what you are signing into but by what mechanism you do so which you take into consideration. LAM MPI (See Open MPI) comes from excellent work at Indiana University as in Open Indiana OS. sometimes looking out side of linux _(even if only to return to linux perhaps)_ for an OS and technology is a way to keep options open.
Using a Linux antivirus is an opportunity to reach out to and donate a few dollars to those linux coders, keeping them in the loop. Antivirus software exists not only to protect against a malicious software but to write malicious software preemptively sort of like ethical hacking. Even if those "potential" malicious softwares never pop into existence, the knowledge of what thet technology can do thereby does come to pass. As such there is utility in the existence and publicising of the software which is also a body of knowledge in that form. This software technolgy and spreading of an idea (sometimes including peer review) can influence future hardware design for example of a custom microarchitecture. Ironically, that very microarchitecture _(for example of a CPU, gate-array or some other component)_ also may never come into existence in a more tangeable real-life (such as hardware) form but may remain in emulation forever more. Preemptive distributed "ethical hacker" hacks against ledger poisoning and DHT attacks are another way to anticipate and prevent malcious software events. Speed of scanning with ClamAV _(or some other antivirus)_ can be planned for when building your computer such as whether or not you desire a filesystem which does a lot of its work in memory (like ZFS) because do rmeber that will use memory even though you might desire that for something else at that moment. So consider using a fast journaling system like Reiser4.04 (e.g. for Debian10 see metztli) and whether or not you want to thereby use a magnetic HDD rather than a SSD (or NVMe) since journaling can be hard on the NAND semiconductors for wear and tear. The HDD also avoids the namespace passthrough mess of NVMe for virtualisation.
Some might say an antivirus for a virus that does not exist yet is unnecessary detail, an answer to a question nobody asked, however, also, they say there is no such thing as bad data. Many a prototype in software exists and becomes useful later and that is not exclusive a concept to merely an antivirus software. For example the notion of voxel graphics being used on old dumbphones retroactively was an example of that happening. Remember what license you might sek for software (and it can affect antivirus too). Ask yourself of a license you seek to use, "Is there a GPLv2 or GPLv3 or or MPL or MIT or Apache or BSD and so on?"_ The Botan software library can be an impressive software where people desire that license. If you adopt container distribution, ask yourself if you seek to forever relying on the fastest for example where BitSwap is IPFS _(a use case being IPFS and Netflix as an example)._ Consider also if you are using encryption that relies on a hardware specific instruction set. Antivirus software can also be a form of proprietary software but also FOSS software (or even Public domain) and so the technology, by means of existing when written as a FOSS (or copyleft, etc.) antivirus software, can be a future contribution to a technology yet to be invented and that might be in the Public Domain such as by Copy-Left. Not only does an antiivirus get written but also some sort of documentation comes with it, be that a manual _(as in the constructive heads up for 'RTFM' meaning 'read the flipping manual')_ or a humble changelog. As somebody with a stationery fetish, knowing that I can have the liberty to draw a chart over time of antivirus changelogs to further embellish the picture-framed graph-paper adorned walls of my catacombs HQ really makes my day. I can sleep like a baby at night knowing that in my world every potential bug is a potential feature. Relax, guys. As I whisper the innoculating sweet nothing of "trust me" into your ears, you can rely on me, just like you can rely on Porton Down.
My comment has no hate in it and I do no harm. I am not appalled or afraid, boasting or envying or complaining... Just saying. Psalms23: Giving thanks and praise to the Lord and peace and love. Also, I'd say Matthew6.
Even in Windows, you don't really need an antivirus as long as you don't do 'stupid' things.
But yea, get a firewall. Preferably a hardware firewall. I highly suggest Firewalla Purple for Internet speeds < 1Gbit or Firewalla Gold Plus for Internet speeds > 1Gbit.
Arguably, a hardware firewall and a well configured (or "notifying") software firewall are nice to have. Can recommend Firewalla for ease of use. Blue or Purple.
if you go to the right places on the internet. you will be fine. my parents tell me that all the time. i don't think linus needs an anti virus. but it is my first time using it. and i like it. it is fast on my dell pc
and i agree with you what you just said. about not doing stupid things. like going to places your not suppose to go
Very sensical. I do all of that, and I never have bank details or logins on any computer. In my head or in the little safe at home in case I forget.
MacOS is in a decent position as well - it is BSD Unix at its base, so also open to eyeballs from the community.
macOS is a proprietary product, and it's actually a hybrid between Mach and BSD, macOS and derivatives use code from an old FreeBSD version and beyond that they're completely different beasts, the same goes for Sony's Orbis OS even though the latter is indeed a direct derivative of FreeBSD, since its proprietary stack and display server are completely different from the open source ones.
@SusYouAre Cry about it
Just Linux users don't usually distribute software via executables due to dependencies. It's always packages that are usually from well known repositories. Modern Windows OSs also block exe-files distributed over the net.
Antivirus on Linux is more for detecting viruses for other operating systems than it is for Linux viruses. Sure Linux viruses do exist, but it's not likely for one to get on your system if you follow the common sense best security practices. I've run Linux on a desktop for over 20 years now and not once have I ever gotten a virus for Linux on a Linux desktop. I've only ever run an AV on Linux to check files for other operating systems. When security bugs are found in software on a Linux system, they are usually patched very quickly with the update available to you on your distro of choice by the time you find out about the bug. Unlike other systems that typically release patches on a monthly basis, in the Linux world a security patch gets made, tested, and pushed out very quickly. It's not just one company with thousands of programmers the hackers are fighting against, it's literally a community across the whole world they're up against so when bugs get discovered, someone is almost always working on it to fix it ASAP.
Years ago my laptop had a virus known as Windows. I installed one of the top notch anti virus to get rid of it, "Linux". Ever since then my laptop is virus free and no need of any other AV.
@Edward G. Stone Cry 🤡
but behavioral analysis is always a good thing to add to your OS, I mean all EDR solutions have more feature than the behavioral analysis and probably are very stupid(still evolving) features, like the heuristic analysis.
but when a malware get into your OS, it's not the end of the game(tom and jery as malware analysts say) and should not be, so even if you do a mistake which is really really common. there should be a way to detect that, which is where antiviruses/EDR solutions or any equivalent tool or script you wrote yourself etc comes in handy.
for example, your got yourself a miner that persists itself by injecting itself in a dependency that must run on the startup of the OS, so would you just consider it the end?
I don't think it's the good way to think of this, you still can check the integrity of your binaries or analyse behaviors of some binaries (for example some binaries shouldn't be able to spawn other processes).
so there is another stage after you get "hacked", that's where having an antivirus or any thing similar could be useful.
so most folks would say, don't download random stuff from the internet. don't just run command... etc. but the person himself don't read source code of a certain 3d party software some of which WMs and status bars, and so on. and to be honest almost nobody does. so we all can get hacked at any point in time.
now the same person would say that he haven't got hacked ever in his life. but then, he's not a corporation and he's not attracting too much attention to his setup to begin with. so considering yourself(in general) secure just because you are careful of what you download has some shades to it.
also let's consider you read each package source code before you decide to use it... even then if there is a bug in that package you probably won't know that so vulnerabilities are not a thing you avoid just by downloading the famous packages or reading the code of what you download. I know that nobody can get away form this, so here is where the automation comes in handy, now the vulnerability as simple as a very stupid buffer overflow but the user(even some security specialist) can't notice the exploit when it happens. but the automation can.
so saying that you don't need an AV/EDR is kinda not really true, I wrote many malware samples on windows and even windows defender(really shitty) caught some of them when I try to do some shady remote execution. where the user won't notice anything while he's watching his cats videos on catshub.com.
so basically and generaly, automation is a really good thing to have in your poor operating system.
Any recommended packages?
I've been using a hosts file to block ads and unwanted sites for years. It makes the Internet a much nicer place, and makes a lot of the initial infection vectors simply unavailable. I use the winhelp2002 file, although the maintainer has kind of abandoned it at this point.
I wonder if hBlock would do what you seek for. It seems to be maintained.
If you update your system regularly and stick to software from official repositories you dont need an antivirus.
Thanks for the overview. It applies to all systems as well! Doing everything you've said will lock down most machines! Could you do a web browser security setup with password management video? Web browser's, portable hotspots & routers such as Net Gear have many settings that are not explained as optimal configs.
Linux Mint Cinnamon actually advises you when updates are available. Nice.
another nice "keep your heads up" video DT ^^
it's true enough, whatever OS got the most "normie" users, that is what OS you gonna craft your virus for.
but whatever OS is used, malware that doesn't need user interaction aside.
the one behind the keyboard tend to be the one that installs them.
and if Linux ever become the standard desktop, I think it's interesting in the sense of "how do you craft such"
I kinda like the editing of this video. The zoom in and out is pretty nice 👌
Around the 5:40 time mark, disk encryption is talked about. My questions are "Can't someone guess or crack the password for that as well? Does disk encryption stop the files on your drive from being readable when connected to another machine or from a live disk? Am I missing something?"
Usually (in case of Linux disk encryption, but also bitlocker) the startup password is a key to decode a more complicated key that is actually used to encrypt your computer. The thing is that this short "user input" key takes a long time to decode the "large key", that is then loaded in your memory and using a simpler encryption algorithm so your computer runs fast. So, unless you're using a easy password that can be found in a dictionary, even a supercomputer can take an inmesurable amount of time to brute force your short password, just because with every try it has to do very complicated calculations just to try to decode the decryption key.
I have a slow laptop laying around with full disk encrytion and after inputting a 10 character password takes 30 seconds of iterations to decode the actual encryption key. Even if a supercomputer just takes a nanosecond, it would still take thousands of years. And the actual encryption key is like guessing a bitcoin address - would take a quantum leap or more time that the life of the universe.
Now, if you use a computer with a TPM module (and I don't trust them) that module stores the decoding keys and is charged to disallow any tampering.
After I had some issues with external HDD, I felt I have to install clamav on my desktop. No viruses 😀 Although I'm using btrfs, I think DT reminded me about firewall. It's a good idea. Thank you, Derek! 🙂
You only need antivirus if your compliance requirements force you to have one.
For me, the biggest threat to my Linux distro is me. I tend to manipulate my operating system for fun and experiment. So I had to reinstall or try a new distro at least once a year. LOL :)
I’m mostly the same way but I’ve never had to reinstall because I know the basics of live system recovery
100% they absolutely should. It is a misconception that viruses are only related to Windows but now that viruses are targeting Linux based servers, it's becoming a thing to make Linux based viruses for databases that use Linux.
The problem is there aren't any.
In general virus and malware crap is enduser caused - driveby attacks exist though - but if you’re an average user that runs in a highly privileged account because sudo is annoying (which is the main reason why windows was so open in the past until they locked that away behind the uac prompts over a decade ago) you can always cause mayhem, no matter the os - Don’t install random stuff and stay away from dodgy sites and you’ll be fine!
Yeah, just run all copy-paste scripts from Internet as sudo users :D actually it would be nice if some program could check for the user WHAT is he running from external curled or copypasted script. This would be extremely useful for new users especially.
No sure yes but as a good backup from over network possibly, self-replicating, be a good idea to still have AV on Linux and occasionally run it to scan entire drive.
When I switched from Windows to Linux I had a key for an antivirus on Windows which worked on linux as well so I installed it and has so far it has not detected a single threat, I will probably still renew my license after it expires as it is always a good to have.
DT mentions updates in linux. As soon as he mentions the word update, I look and darn sure nuff, I had an update.
Getting like windows with the updates, honestly
Personally I like an av because viruses can infect you through wine, and I like my pirated games
I update at the start of every day. Takes a few minutes to download a couple of small updates rather than a big download of multiple updates plus a bunch of installs once a week or so.
But that's just me.
Bad advice.
Yes, you need antivirus, especially if you're using your system to store files for your other systems around the house or business, or store backups of your windows systems. The advantage of running an antivirus software on a NAS box means if your windows machine is infected, the backups will NOT carry it past that point.
When I worked as a computer lab tutor, we had virus issues on our server on a DAILY basis. The server itself largely isn't affected, but do you really want to be the CAUSE of a campus wide infection?
So agree! Good tips.
Maybe check out safing Portmaster. Great firewall, blocks all incoming connections by default.
I just installed Mint old my old Thinkpad as a testing ground before a very possible full migration once support for Windows 10 ends next year. The idea that an antivirus is not necessary is so wild to me (but a pleasant surprise of course)
i am a linux main since 2 years...
i used to have a bug where windows defender would do a full scan off my SSD while booting.
literally 100% drive usage all the time..
The thing is, if you use both windows and linux on different devices, even if a malware doesn't affect linux, your linux device can still be a vector for your windows device.
Great video DT. I use ClamAV which perfect for my system76 machine. Even the support team at system76 highly recommend to use it.
Funny thing if you look at Norton, Symantec, McAfee, and some of the other big anti-virus software companies. They only support Windows and Mac. LOL 😆 🤣 😂.
Interesting video DT how about a video for us newcomers on setting up firewall and disc encryption and maybe SSH although the later maybe for a more experienced user
Are Linux servers also not being attacked as well? Given servers' prevelance, I'd think they would be.
not with "viruses"
Its Funny I agree with you, but most enterprise IT shops that have to meet PCI compliance are forced to install antivirus for linux. It is a waste for the most part but compliance is compliance.
Can you tell me where to buy these t-shirts? Asking for a friend and myself
Hey dt How to load lxpanel in jwm?,and second Q Discover is already install on Devuan_beowulf_3.1 linux but you will not be able to open it!!
I would anyways. You always wanna make it harder for hackers to get into your system. With Linux it’s already really hard, but if you can add an extra wall of security to make it THAT much harder, why not?
Tbh I don't think an antivirus is needed on Windows either. Just don't be dumb
Also if you serve any files (exs e-mail, FTP, HTTP/HTTPS) it is suggested to a use virus scanner.
Great vid!
Where did you get your T-shirt?
DT .... Linux is getting targeted too now with virus and malware now it gets more popular and the linux community should pay attention to that and have AV programs alvailable in my eyes ....
TimeShift or gnome backup is also Great for newbies
I'm a newbie and I endorse this message. Timeshift has save my ass more than once.
I don't run AV mainly because I don't know a good one. (ClamAV doesn't cut it) I certainly would prefer to have AV that integrates with firefox and scans if site has sus javascript. For now I have to rely on uBlock blocklist only.
Being Uncatchable Joe is not the best form of security.
Does Ubuntu come with a built-in firewall?
the first thing I do after installing windows is uprooting windows defender entirely.
Only wanted to know because i had a nightmare last night that somehow a windows virus ran on my linux mint distro using wine, started installing a bunch of windows 93 apps, and had really weird payloads that were a mishmash of every virus i know (solaris, wannacry, y.exe, youareanidiot, etc)
thank god that won't happen.
Linux malwares are also arising as well. Better consider that too is crucial
In the past I connected into a windows file system to get rid of infected files using Linux
Another excellent guide, thank you very much👍
Thanks, very informative and helpful!
Clam AV is not in the App center and I can't get it installed. I was able to install Clam TK, but I have no idea how to activate it on Linux. When I tried to activate it in terminal and something did load, but I never have seen the interface on my machine.
Using Mint, typed clam into software manager, it was 2nd, after clam tk
For your own system, I would say no reason, unless you have a family computer and kids install every game advertised. OR. Your getting paid to maintain someone else's system, if you get audited, you can blame someone else
Antiviruses are nearly always worse than a viruses itself.
Even non-commercial and OpenSource ones which do not steal your data or turn your PC into a part of botnet, they're creating another layer of abstraction with a lot of rights to do with your machine which makes them a huge target to exploit.
Nice T-shirt. Ubuntu is an Ancient African word meaning "I can't configure Debian."
Debian is an old Greek work for, "I am too dumb for arch"
This comment is just a suggestion for a topic. I know you do not like to review Alpha releases. But some Alpha releases are very important. For example, Debian Bookworm. That is worthy of discussion. And talk about what you expect to happen by the time another release is published, such as what version of Qt.
They have a virus checker. I ran it a few years ago and it found a lotta virus's too. But they were all attached to imported Window's files. Not much they can do without the PW. I isolated and deleted the files anyway.
i really like linux. it is my first time using it. i didn't know what it was at first. but it has chrome on it and i like it. it kind of sucks you can't put an anti virus on it. but always watch where to go. my parents tell me that all the time. i am really starting to like linux a lot,. but i am still new at it
No, you don't need antivirus. I have been a 100% dedicated Linux user since 1995. The Year of the Linux Desktop was 1995 for me. I've had root on hundreds of thousands of Linux servers at big companies you have heard of.
I have never once found a virus on a Linux system. Whenever anyone says they have seen virus on Linux I always ask:
Which virus, specifically, was it?
How did it get into the system? And having guessed a simple password doesn't count.
I have never encountered anyone who can answer these questions.
Linux is definitely targeted but it's a very hard target. It isn't simply because it's not so widely used on the desktop. The Linux desktops that are out there tend to be very high value targets which have access to things.
The funny thing about clamav is that it pretty much only detects Windows viruses.
Linux has better security controls like SELinux and fapolicyd which obviate the need for antivirus even in a very hostile environment. Why run antivirus when you are already basically whitelisting?
I am Decryption my file on fedora but when i use xdm download manager does not work say your file is protected for use
The only potential issue is password-less sudo for people who aren't very smart.
What about uncomplicated firewall?
Could Linux users be vulnerable to malware created for macOS, due to the fact that both are essentially Unix systems?
Are all humans the same, since we all originated from Africa? No, mac and linux were originally based off Unix, since that was a popular and good os in that time. They've grown and evolved mostly separately. Mac binaries can't run on linux and vise versa. Of course the same source code can be compiled into the os specific binaries on both machines, but as far as downloading a file and running it, the binary needs to be formatted in a way specific to that os
No. Mac is Unix and Linux is Uninx-like. Basically, no.
@@Anonymous4045 well, all humans everywhere no matter how separately they evolved ended up pretty much equally susceptible to covid right?
That said, the second part of your answer explains it perfectly. Basically any program compiled for macOS cannot run on Linux.
Thanks :))
Im running Linux and a week ago every time i strt the system im getting around 10 notifications that are some type of virus or malware . So linux developers need to rethink not putting some type of protection in as standard.
Windows is my main OS and first thing I do after install is to disable antivirus and firewall.
Lets be honest for a moment Derek, the only way of truly staying safe on linux is to install your kernel through snap (real)
Can't a HARDWARE firewall conflict with a SOFTWARE one?