New to Linux: Best antivirus and Security suite?

Alir

New-ish to Linux. I have a few questions but it's best if I dedicate each question to a single thread.

I understand Linux is more secure than Windows, but this is a must: What antivirus should I get?

I am also curious to know if I need a complete security suite as you do on Windows. Which firewall should I go for? I want something that is as user friendly as possibly. I am a bit tech savvy, just don't go balls in with a bunch of stuff about kernels and such.

I don't mind a terminal-based security suite/firewall/whatever-else-is-needed. Though I would prefer a gui.

I use Windows a lot and am also interested in protecting my Linux install from any and all threats. Also, any devices I use with Linux, I use with Windows, so you see how an antivirus is necessary.

Currently know of and know how to install:

Avast

ClamAV

Bitdefender (have managed to install it before on Mint Cinammon but the bugger always crashed after starting a scan).

Any other information in regards to security from malicious software as well as network-based attacks is appreciated.

Thanks!

Alir

Once again, before I get someone trying to convince me I don't need Linux, one of the reasons I want to use Linux is so that I can secure my Window PCs from any viruses. A type of malicious software on my Windows PC was what re-ignited the Linux in me. I managed to use Avast of all anti viruses on Linux to find a kill the bugger. ESET, Norton, ClamWin, SpyBot and Malwarebytes all remarkably failed on Windows in trying to find it. So yes, I do need antivirus!

For those who are unaware of what it did, every few seconds my Windows window would unclick and re-click. It was a pain in the behind for a few months. [Suffice it to say, it took a while for me to realise this wasn't a software or driver conflict].

Alir

And I don't mind paying for an antivirus or security suite if it's worth it.

paulparker

Viruses and Malware for Windows are extremely common, in advertisements pushing nasty software that is practically malware, many file-sharing sites are full of infected programs, and there are malicious individuals who target security vulnerabilities to install Windows malware without your permission.

So few viruses and malwares suit Linux this greatly reduces your risk.

Anti-Virus and Anti-Malware progams are freely available to suit common linux versions.

Many linux users do install and operate Anti-Virus and Anti-Malware programs so as to identify, then fix or remove files which may later impact MS-Windows users who access those files, as part of their helping make internet safer for everyone.

From time to time do test others Hard Drives, USB's etc (MS-Windows partitions included) for Virus and Malware, often finding and removing same they did not know were there, while saving their data.

Exist some risks using HTML, Java, JavaScript, PDF (Portable Document Format), Perl, php, Ruby and SWF (Adobe Flash) as these are all frameworks or languages supported under Linux, so evil minds can use these to target Linux like they do Windows or sometimes Mac OS X.


A significant advantage for linux users is their underlying linux operating system remains more difficult, more expensive to attempt to exploit.


IMHO the most significant advantage for linux users is almost all of their underlying linux operating systems freely provide and update effective Anti-Virus and Anti-Malware programs :-)


Among my linux system's provided, kept up to date, programs I use are : clamav and rkhunter

paulparker@linux-7769:~> [b]zypper info clamav[/b]
Loading repository data...
Reading installed packages...
 
 
Information for package clamav:
-------------------------------
Repository: Main Repository (OSS)
Name: clamav
Version: 0.98.7-2.7
Arch: x86_64
Vendor: openSUSE
Installed: Yes
Status: up-to-date
Installed Size: 13.4 MiB
Summary: Antivirus Toolkit
Description: 
  ClamAV is an open source (GPL) antivirus engine designed for detecting
  Trojans, viruses, malware and other malicious threats. It is the de
  facto standard for mail gateway scanning. It provides a high
  performance mutli-threaded scanning daemon, command line utilities for
  on demand file scanning, and an intelligent tool for automatic
  signature updates. The core ClamAV library provides numerous file
  format detection mechanisms, file unpacking support, archive support,
  and multiple signature languages for detecting threats.
paulparker@linux-7769:~> [b]zypper info rkhunter[/b]
Loading repository data...
Reading installed packages...
 
 
Information for package rkhunter:
---------------------------------
Repository: Main Repository (OSS)
Name: rkhunter
Version: 1.4.2-5.2
Arch: x86_64
Vendor: openSUSE
Installed: Yes
Status: up-to-date
Installed Size: 1010.6 KiB
Summary: Rootkit Hunter Scans for Rootkits, Backdoors, and Local Exploits
Description: 
  Rootkit Hunter scans files and systems for known and unknown rootkits,
  backdoors, and sniffers.  The package contains one shell script, a few
  text-based databases, and optional Perl modules. This tool scans for
  rootkits, backdoors, and local exploits by running tests like:
  * Comparing MD5 hashes
  * Looking for default files used by rootkits
  * Checking for wrong file permissions for binaries
  * Looking for suspected strings in LKM and KLD modules
  * Looking for hidden files
  * Optionally scanning within plain text and binary files
  * Checking software versions
  * Testing applications
paulparker@linux-7769:~> 

Why do Viruses and Malware fail on Linux ?

In Linux systems the Permissions system is universal.
Permissions control three things you do with files: read, write, and execute.

Permissions also come in three levels: for the "root" user, for the individual "user" who is signed in, and for the public, everyone out in the world.

Permissions can also be specific for a single program or application.

Almost always in Linux software which may effect or impact the system as a whole requires root privileges to run.

Linux is Learning :-)

ableo

Antivirus on desktop Linux is not only superfluous, but also decreases your security: AV software itself is currently being attacked more and more.

Because it has by definition high permissions on the system and because it's often inadequately protected against hacking.... This makes AV software an ideal target for hackers.

Antivirus applications have been designed to read and open as many file types as possible. Because everything can contain a virus. Unlike ordinary applications, which can only read and open certain specific file types.

For example: word processors can usually only open document related files, and no mp3 music files. For media players the reverse is true.

Because antivirus can read and open everything, and actually does precisely that during a scan, its potential vulnerability (attack surface) is much bigger. And therefore also its attraction as target for people with malicious intentions. That's not just theory....

arochester

^^^ Copy and paste from https://sites.google.com/site/easylinuxtipsproject/security

gunix

@Alir said:

I understand Linux is more secure than Windows, but this is a must: What antivirus should I get?

I used Windows from 95 up to 2017 and I stopped using Anti-Virus in 2005. I never had any issues related to Viruses. It's far more important to be careful what sites you visit and what software you install.

That being said, if you use Linux you will probably install software only from the repository offered from your distribution, so in that case everything you use has been already filtered by the community. The only problem is when you install software from untrusted sources. If you need some sort of obscure software that you found online, better ask on the forum if that software is safe before installing it.

If you want to dig deeper into security, please take into consideration that a proper approach to security is different than what people think it is. Installing an Antivirus will probably cause your system to have MORE vulnerabilities. The common approach to keep a system secure is to keep the number of installed packages at a minimum. If you need to install a high number of apps, from sources that can't be trusted, there are lots of ways to isolate those applications so that they do not cause harm to your system. Here is a list of tools that help with software isolation on Linux-based operating systems:

• Virtualization (VirtualBox or KVM)
• Flatpak
• Snap
• Docker
• SELinux
• Apparmor

A similar system is used by Android, which became this year the most used operating system world-wide. On Android, SELinux is leveraged to limit the rights that each application has. From a user experience point of view, you probably know the "allow this application to see your photos" pop-up. Similar approaches can be found on iPhone and Mac.

Considering how well Linux is protected by default, only paranoid people (like me) go really deep into security to be sure everything is properly locked down. However, this requires a lot of research and development invested into Linux and it is worth it only if you plan to have a career in technology.

There also are some Linux distributions which focus on providing a secure environment for the user, but they also have an impact on user experience and comfort (example: Tails).

riatecand

I don't know about ClamAV but between Bitdefender and Avast
I'll recommend Bitdefender, from the comparison I made, Bitdefender more:
*SECURITY
*FEATURES
*EASE OF USE
*SUPPORT
*PRICING
Comparison page resource:
https://www.safetydetective.com/comparison/avast-vs-bitdefender/