I know that Linux is more secure than Windows and normally doesn’t need an antivirus, but know myself I’m gonna end up downloading something at some point from somewhere on the internet, and it would be good to be prepared. So, which antivirus would you recommend for Linux (Mint specifically) just to double up on security?

  • machiavellian@lemmy.ml
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    edit-2
    7 days ago

    DISCLAIMER
    I am not a computer security expert, merely a hobbyist having read some blogs from people who sounded smart. It is more than probable that I am mistaken in one or more parts of this post.

    Linux is not more secure than Windows. By default, it’s actually considerably more vulnerable than Windows. Source

    In my opinion an antivirus doesn’t really solve your problem. What you actually want is sandboxing, which means restricting user and program privileges. I recommend getting familiar with SELinux (or alternatively AppArmor, although it isn’t nearly as effective) and bubblewrap (or alernatively Firejail, which requires root privileges to run and is thus a bigger threat vector than bubblewrap).

    Aside from that just disable any service you aren’t using (like ssh), use a deny-all-allow-some firewall, and verify what you download. If the link says “100% REAL 1 MILLION FREE ROBUX DOWNLOAD CLICK HERE NOW, then maybe don’t click there.

    Because even an antivirus won’t help you if you download malware, which isn’t compiled by skids who lifted the code from some darknet hacker forum. Antivirus isn’t some magical tool which makes your computer inherently more secure. Meaning you can’t offload your responsibilty to a program running with kernel level privileges. Your computer, your responsibilty.

    P.S: If you want a more secure computer, I’d recommend a minimal and/or rolling release distro (openSUSE, Arch, Void, Debian) or FreeBSD/OpenBSD (BSD variants mitigate many of Linux’s inherent flaws).

    • Ek-Hou-Van-Braai@piefed.social
      link
      fedilink
      English
      arrow-up
      9
      ·
      7 days ago

      The best security is to limit your risk vector.

      Like you said Anti-viruses aren’t some magic bullet, in university a bunch of us wrote Malware and wrecked each other’s lab computers or did things like having the whole Lab’s computers CD trays open at 10am every morning.

      The AV didn’t pick up any of them and we barely knew what we were doing.

      Afik, AV’s mostly scan for known threats

      • frongt@lemmy.zip
        link
        fedilink
        arrow-up
        4
        ·
        7 days ago

        Old AV did. Modern AV (like, the last 10+ years) is behavioral. They still scan for signatures too, but they primarily work by analyzing software’s behavior for known or unusual techniques.

        • Ek-Hou-Van-Braai@piefed.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 days ago

          I’d be curious to rewrite some of the malware we made in class and see if AVs would pick it up now.

          Most of them didn’t make any network calls etc. they would just mess with your files and system Things like Set background to Justin-Bieber, play Justin-Bieber randomly, we were very mature

          • utopiah@lemmy.ml
            link
            fedilink
            arrow-up
            4
            ·
            6 days ago

            12 years ago I took “Malicious Software and its Underground Economy: Two Sides to Every Story” and it was quite interesting not so much for the technical aspect (which was still nice) but for the economical aspect that is often underappreciated. The core idea was that scammers or hackers might be doing it for fun, as you did, or learning, as I did… but the ones who keep on doing it sustainably make money out of it, consequently they are predictable. Namely they need repeatable methods that scale or that target a specific group. I really recommend taking a similar class but anyway, the big picture here is sure, maybe AV would miss such things and yet it wouldn’t really matter because nearly nobody does that and/or it wouldn’t propagate much.