Forums updated to SMF version 2.1.1

New to Linux: Best antivirus and Security suite?

Started by Alir, November 05, 2015, 10:13:22 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


New-ish to Linux. I have a few questions but it's best if I dedicate each question to a single thread.

I understand Linux is more secure than Windows, but this is a must: What antivirus should I get?

I am also curious to know if I need a complete security suite as you do on Windows. Which firewall should I go for? I want something that is as user friendly as possibly. I am a bit tech savvy, just don't go balls in with a bunch of stuff about kernels and such.
I don't mind a terminal-based security suite/firewall/whatever-else-is-needed. Though I would prefer a gui.

I use Windows a lot and am also interested in protecting my Linux install from any and all threats. Also, any devices I use with Linux, I use with Windows, so you see how an antivirus is necessary.

Currently know of and know how to install:
Bitdefender (have managed to install it before on Mint Cinammon but the bugger always crashed after starting a scan).

Any other information in regards to security from malicious software as well as network-based attacks is appreciated.



Once again, before I get someone trying to convince me I don't need Linux, one of the reasons I want to use Linux is so that I can secure my Window PCs from any viruses. A type of malicious software on my Windows PC was what re-ignited the Linux in me. I managed to use Avast of all anti viruses on Linux to find a kill the bugger. ESET, Norton, ClamWin, SpyBot and Malwarebytes all remarkably failed on Windows in trying to find it. So yes, I do need antivirus!

For those who are unaware of what it did, every few seconds my Windows window would unclick and re-click. It was a pain in the behind for a few months. [Suffice it to say, it took a while for me to realise this wasn't a software or driver conflict].


And I don't mind paying for an antivirus or security suite if it's worth it.

Mad Penguin

Linux is not susceptible to what you would normally refer to as viruses, two reasons;

The main way Windows Viruses spread is via email and a Windows feature that allows macros and the like to (auto)run when you open email attachments .. this is typically not a feature enabled on Linux.

Secondly, on Linux you run as a "user", so any exploits can get at "the system".

I've been a Linux user since 1991. I've never even installed an anti-virus package on Linux.
IMHO; if Linux needs an anti-virus solution, it's reached the end of the road.

What it does need is exploit and rootkit detection systems, but to be honest unless you're working on very sensitive material, or running Internet facing servers with sensitive material on them, you don't even need these. (by sensitive, I'm talking nuclear power-plant designs, not embarrassing emails)

http://www.chkrootkit.org/ (http://www.chkrootkit.org/)
http://www.tripwire.org/ (http://www.tripwire.org/)
http://www.ossec.net/ (http://www.ossec.net/)

(there's lots more, none are 100% comprehensive)


Did you even read my posts? >:(

It must be because they aren't approved by the mods. Any year now, they will. :p

I need antivirus to protect my Windows installs, my friends, family and clients who I will be emailing and also because I'm not convinced Linux is actually immune to viruses. Nothing is. And as I like to say, if you think you can't get a virus, you will. If you think you will get a virus, you won't.
They say 99.9% viruses are for Windows. But that .1% could do all sorts of damage. Don't convince me that malicious software can't do as much damage on linux. I swear to God I already know that. lol Last several months' of research can be summed up with those words by fans of Linux.

But it misses the point that people who use antivirus on linux do so because 1) They are careful and prefer to be safe rather than sorry. 2) Care about others' PCs as well as their own.

I'm generalising viruses here as any and all malicious software for convenience

Mad Penguin

Yes I did. Your reply reminds me of a U-Tube video that came out many years ago with the first iPhones .. it went something like this;

User> "iPhone4, I must have an iPhone4".
Retailer> "why do you want an iPhone4?"
User> "because it's an iPhone4, I must have an iPhone4"

So Mr Rude Dude, yes, I did read your post. You said you *must* have an Anti-Virus package.
What you missed is that (a) you won't need one and (b) if you have one, it won't do you any good.

To use an analogy;
Wearing a lifejacket in an aircraft is not preferring to be safe rather than sorry.
You will be uncomfortable for a lifetime of air-travel and if you ever do crash, the chances of it saving you are floating around 'negligible'.

Mad Penguin

Maybe I can expand on how Anti-Virus software works .. it's all about pattern matching. Your virus update feeds are lists of patterns that allow the software to identify new viruses based on viruses that have already been discovered elsewhere. So when viruses appear they ALWAYS hit someone, and continue to do so until the AV people find a mechanism to identify and neutralise a virus and put it out as an update. That's why you're continually getting new virus definitions and why if you've not had a definition for a week, you're exposed to all new viruses.

Because there are so few viruses on Linux, this mass-market protection is pointless. By the time the AV people see it, anyone who's going to get hit has probably already been hit, because it affects so few people. The reason AV software is so useful on Windows is because there are soooo many viruses and sooo many infections. If the virus/infection count were low, Windows AV would also be useless.

Is this making sense so far?

What you actually want is something that detects viruses based on activity rather than signature. This means you can detect viruses that are as yet unknown to the the AV software. This type of software is classed as rootkit detection, rather than Anti-Virus and they employ lots of different techniques to try to spot things that are 'unexpected'.

Tripwire for example is designed to be run after a clean install, it will run through all your files and generate a signature for each file and store it in a database, this database includes definitions of files that it's expecting to change, and those that aren't. It will then monitor the filesystem looking at all changes and report 'unexpected' changes, like a rootkit trying to replace core system binaries with exploited versions.

If you need this sort of thing you probably need to employ a security expert / consultant, regardless of your Operating System. If you're a home user, you really don't ....


I wonder if this is a misunderstanding.
I think he wants an AV system in place because he uses his peripherals on windoze as well as Linux and is worried about getting a windoze virus via Linux->onto the peripheral->onto windoze and so wants to detect it if it comes onto the Linux system.
Personally I would just scan the peripheral when attached to windoze.
If you need help ask a professional, then act upon their advice.
Anything less and you're just wasting peoples time.

Mad Penguin

galaxytdm :: possibly, although it's a fairly short logic hop to get to "the best Anti-Virus applications for Windows, will be running on Windows" .. whatever he tries to do on Linux "before" stuff gets to his Windows boxes, can't be as good as or replace the AV software he will need on Windows.

Anti-Spam on the other hand, different case. SpamAssassin works well in this space.
You can run Amavis for Anti-Virus filtering, which works well with ClamAV, but my experience is that these don't pick up as much as local AV installations.