Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware for Linux Mint...


  • Please log in to reply
48 replies to this topic

#1 RJNB

RJNB

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:In front of my laptop
  • Local time:08:18 PM

Posted 18 May 2017 - 06:09 AM

Hello,

 

As some of you may know, I am quite new to Linux Mint and hence, I have no idea about which AV/Antimalware software is good for Linux...

 

I am running Linux Mint Xfce 18.1 along with Windows XP SP3...So, I am looking for one which can protect against both Linux and Windows malware...

 

Moreover, it would be better if it has a GUI as I am new to the terminal and not yet comfortable with it...

 

So, what would you all suggest?

 

Thanks!

 

RJ


Edited by RJNB, 18 May 2017 - 06:10 AM.


BC AdBot (Login to Remove)

 


#2 The-Toolman

The-Toolman

  • Members
  • 1,411 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 18 May 2017 - 08:16 AM

Hey  RJNB,

 

Anti-virus / Anti-Malware Suites aren't needed when using Linux.

Just make sure you have enabled the ufw firewall which can be checked by the terminal command sudo ufw status.

 

As far as Anti-virus / Anti-Malware Suites for Windows XP I'm uncertain of who is still supporting Windows XP anymore.

 

Here are some useful sites to help you with your new install of Linux Mint.

 

https://sites.google.com/site/easylinuxtipsproject/

 

https://sites.google.com/site/easylinuxtipsproject/first-mint-xfce

 

https://sites.google.com/site/easylinuxtipsproject/security

 

Hope this helps.


Edited by The-Toolman, 18 May 2017 - 08:23 AM.

I'm grumpy because I can be not because I'm old.

 

The world is what you make of it, if it doesn't fit, you make alterations.

 

Under certain circumstances, profanity provides a relief denied even to prayer.  (Mark Twain)


#3 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 3,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:10:48 AM

Posted 18 May 2017 - 09:00 AM

Yeah there is zero and i mean zero antimalware software for linux as really it doesnt need it and if you do want anti malware for XP you are not in the best of luck as XP has become unsupported so security suites for it are rare now.

Now one can run antivirus clients in linux as even though linux does does not need antivirus theyt are built to maintain mail clients so that viruses dont sneak into windows systems via email and the like.

ClamAV is the only true linux anti virus client as the other bitdefender is non free.


You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#4 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 18 May 2017 - 11:11 AM

No anti-virus or anti-malware software will make Windows XP secure.

 

XP is no longer supported by Microsoft, and therefore any exploits of that OS will remain unpatched. It does not matter how many security products you install on it, it will still remain unpatched and therefore still be exploitable.

 

A computer running Windows XP should never be connected to the internet ................... period.

 

As far as Linux goes, there are very very few Linux infections, mostly because people are not writing them, and the reason for that is that they are not profitable.

 

Linux has a very small share of the market, so the payback from writing an infection for Linux is very small. For that reason nobody really bothers writing stuff to exploit Linux. What little Linux malware there is, is mostly targeted at servers.

 

For this reason, most Linux users do not usually use AV or AM programs. To secure their machines against infection, it's only usually necessary to switch on their firewall, and to harden their browser (usually by the installation of add-ons).



#5 Rocky Bennett

Rocky Bennett

  • Members
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:08:48 AM

Posted 18 May 2017 - 11:57 AM

No anti-virus or anti-malware software will make Windows XP secure.

 

XP is no longer supported by Microsoft, and therefore any exploits of that OS will remain unpatched. It does not matter how many security products you install on it, it will still remain unpatched and therefore still be exploitable.

 

A computer running Windows XP should never be connected to the internet ................... period.

 

As far as Linux goes, there are very very few Linux infections, mostly because people are not writing them, and the reason for that is that they are not profitable.

 

Linux has a very small share of the market, so the payback from writing an infection for Linux is very small. For that reason nobody really bothers writing stuff to exploit Linux. What little Linux malware there is, is mostly targeted at servers.

 

For this reason, most Linux users do not usually use AV or AM programs. To secure their machines against infection, it's only usually necessary to switch on their firewall, and to harden their browser (usually by the installation of add-ons).

 

 

I agree. There is no way to make Windows XP secure. This old software is not supported and can be dangerous.

 

I also agree with the other fellows, you do not need to concern yourself about the Linux Mint installation, you will not need any anti/virus protection for that.


594965_zpsp5exvyzm.png


#6 RJNB

RJNB
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:In front of my laptop
  • Local time:08:18 PM

Posted 18 May 2017 - 12:33 PM

Hello,

I see that there exist very few-almost negligible- threats in the wild which affect Linux... However, I am more concerned about the threats which may affect my other OS...

I wouldn't want to infect XP by downloading Windows threats in Linux...For example, say I download some e-mail attachment in Linux which has a threat... As that file was meant to trick Windows users, it won't affect me, as I am using Linux... However, that file may mess up with my Windows OS when I boot into XP, can't it?

Yes, I do agree that no AV can really protect XP, or rather any unpatched OS... That's precisely why I have installed Linux... I intend to perform all the tasks I used to on XP...But I am not ready to let go of XP yet, maybe I will in the future... However, I am not going to connect XP to the internet...That's something I would do only on Linux...

Although I believe that I am a vigilant user, I also believe that I can be tricked into downloading a bad file... Moreover, I wouldn't want to spread Windows malware by giving/sending an infected file to others...

Thanks!

RJ
 


Edited by RJNB, 18 May 2017 - 12:33 PM.


#7 Rocky Bennett

Rocky Bennett

  • Members
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:08:48 AM

Posted 18 May 2017 - 02:34 PM

If I am understanding your scenario, no there is no way that a an infection can jump across OSes in a multiboot situation unless you actually download an infected file, store it on your hard drive and then open up said infected file while you are running your Windows XP. Another reason not to run Windows XP.


594965_zpsp5exvyzm.png


#8 The-Toolman

The-Toolman

  • Members
  • 1,411 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 18 May 2017 - 03:23 PM

I would recommend using firejail sand box with your Linux Mint.

 

https://sourceforge.net/projects/firejail/files/firejail/

 

download 2nd from top for 64bit.

 

download 3rd from top for 32bit.

 

 

Read about firejail sandbox here.

 

https://sites.google.com/site/easylinuxtipsproject/sandbox


I'm grumpy because I can be not because I'm old.

 

The world is what you make of it, if it doesn't fit, you make alterations.

 

Under certain circumstances, profanity provides a relief denied even to prayer.  (Mark Twain)


#9 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:12:48 AM

Posted 18 May 2017 - 05:40 PM

 

If I am understanding your scenario, no there is no way that a an infection can jump across OSes in a multiboot situation unless you actually download an infected file, store it on your hard drive and then open up said infected file while you are running your Windows XP.

That is correct.

 

You would need to download the file and save it on the Windows drive not the Linux one, Because Windows don't even know your Linux drive exists.



#10 mremski

mremski

  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:10:48 AM

Posted 19 May 2017 - 03:07 AM

Are there potential issues with applications on Linux?  Yes, but note:applications.  Very few exploits have been found in the kernel.

Are there packages that can be used to scan email on the Linux side for Windows "badstuff"?  Yes, but as noted, you would have to explicitly share the file with your Windows side.

Windows XP:  I think Kaspersky still supports it.  Yes you have to pay for it, sometimes it's a bit heavyweight, but it does a good job.  Problem is (as with all AV stuff) they wind up playing a bit of catch-up, they need to see a sample first before they can protect against it.

 

Easiest ways to minimize impact in Linux, even if you hit a bad website:

Don't run as root.  Login as a nonpriviledged user, use sudo or su from a terminal when needed.

Firewall.  Make sure the firewall is enabled, default deny inbound and outbound, only turn on things as you need them.  90% of normal everyday stuff can be done by allowing the following:

UDP: domain, ntp, https, imaps, 1935, 1194 (last 2 are typically used for VPN stuff)

TCP: domain, http, https, imaps, pop3s, smtps, 1935, 1194

SSH/SCP add port 22 to TCP.  I know HTTPS is not a UDP protocol but it's a Google thing (QUIC)

The firewall should be stateful so that inbound connections are only a response to an outbound request.

Get to know what traffic is normal for your network.  You'll want to learn how to use tcpdump or wireshark to look at traffic, also embrace the terminal/CLI.  One of your most important commands for network stuff is:

netstat

so man netstat

one of the best is netstat -aln  this lists all the listening sockets which could allow a connection to the machine.


Edited by mremski, 19 May 2017 - 03:09 AM.

FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#11 RJNB

RJNB
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:In front of my laptop
  • Local time:08:18 PM

Posted 19 May 2017 - 04:22 AM

Hello,

 

If I am understanding your scenario, no there is no way that a an infection can jump across OSes in a multiboot situation unless you actually download an infected file, store it on your hard drive and then open up said infected file while you are running your Windows XP. Another reason not to run Windows XP.

Yes, you got it right! That is exactly what I would not want to happen... Yes, I agree that something like this will not happen if I don't use XP, but that doesn't prevent me from accidentally giving others an infected file (through a flash drive or through an e-mail attachment), does it?

 

 

Windows XP:  I think Kaspersky still supports it.  Yes you have to pay for it, sometimes it's a bit heavyweight, but it does a good job.  Problem is (as with all AV stuff) they wind up playing a bit of catch-up, they need to see a sample first before they can protect against it.

 

Kaspersky does support XP; it would continue to do so till 2020...Norton also supports XP but I don't know when they will be dropping support...

 

I would not go for that option because I am not planning to connect XP to the internet, so it would be difficult to keep the AV updated from time to time...Better way would be to run an AV in Linux as it could update itself every time I connect to the internet...

 

Thanks!

 

RJ


Edited by RJNB, 19 May 2017 - 04:59 AM.


#12 mremski

mremski

  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:10:48 AM

Posted 19 May 2017 - 05:33 AM

If you're not interested in connecting XP to the internet, then take a look at ClamAV.  It's available for lots of different Linux distributions, use your favorite internet search engine to look for "linux clamav".  It has the ability to scan files, email attachments, etc.

 

https://www.clamav.net/

 

As for worrying about infecting others:  That is a good stance, but shouldn't the "others" also be running some kind of AV and scanning anything you give them?


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#13 RJNB

RJNB
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:In front of my laptop
  • Local time:08:18 PM

Posted 19 May 2017 - 05:41 AM

Hello,

 

If you're not interested in connecting XP to the internet, then take a look at ClamAV.  It's available for lots of different Linux distributions, use your favorite internet search engine to look for "linux clamav".  It has the ability to scan files, email attachments, etc.

 

https://www.clamav.net/

 

Yes, I will! Thanks!

 

 

As for worrying about infecting others:  That is a good stance, but shouldn't the "others" also be running some kind of AV and scanning anything you give them?

Yes, most people do have some protection...Although that is what everyone should ideally be doing, some people are far from ideal users! :wink:

 

EDIT: Yes, I will also have a look at firejail...

 

Thanks!

RJ


Edited by RJNB, 19 May 2017 - 05:51 AM.


#14 SuperSapien64

SuperSapien64

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 20 May 2017 - 05:23 PM

I would recommend using firejail sand box with your Linux Mint.

 

https://sourceforge.net/projects/firejail/files/firejail/

 

download 2nd from top for 64bit.

 

download 3rd from top for 32bit.

 

 

Read about firejail sandbox here.

 

https://sites.google.com/site/easylinuxtipsproject/sandbox

Thats a great suggestion. :thumbup2:  I've using Firejail for over a year now, in fact I'm thinking about uninstalling Eset Nod32 on my Linux Mint KDE desktop because I've never ran into any virus/malware probably because of Firejail and Noscritp & Request Policy stop most if not all of it from loading. And theres also App Armor which I believe is compatible with FJ. And if your surfing the web and you want to be extra safe try the Private Home feature in Firejail command: firejail --private-home=.mozilla firefox. (for Firefox) :) Note: nothing is saved in Private Home such as bookmarks, history, cache, extensions or settings.


Edited by SuperSapien64, 20 May 2017 - 05:26 PM.


#15 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:12:48 AM

Posted 20 May 2017 - 07:18 PM

ClamAv is CLI that means you use terminal to run it.

 

If you dont want to run it from terminal you need to install Clam TK the front end for ClamAv.

 

To install ClamAv and its Front end ClamTk , Open terminal and run.

sudo apt-get update  

sudo apt-get install clamtk clamav  


Edited by NickAu, 20 May 2017 - 07:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users