Question Anti-virus program for Linux Mint?

[TheFlash1300]

Can someone tell me what are some good anti-virus programs for Linux Mint?

According to some articles i have read, i don't need anti-virus programs for Linux. However, i don't think this is the case. If my computer gets viruses, and there is no scanning program to show me a notification there is a virus, the virus will remain and will spread. So, i think i need an anti-virus program, even if the OS is very secure. Even if it's very secure this still doesn't guarantee with 100% that viruses will never infect my computer.

What is your opinion? Do i need anti-virus programs for Linux Mint or not? if not, explain why.

 

[hotaru.hino]

Whether or not you need an antivirus program depends on your risk assessment. If you absolutely don't trust anything you get from the internet, then sure, go ahead and install an anti-malware program. Otherwise, as long as you practice safe application practices (like downloading only from trusted sources) and have a back up plan in place for data loss, you don't need one.

 

[TheFlash1300]

Whether or not you need an antivirus program depends on your risk assessment. If you absolutely don't trust anything you get from the internet, then sure, go ahead and install an anti-malware program. Otherwise, as long as you practice safe application practices (like downloading only from trusted sources) and have a back up plan in place for data loss, you don't need one.

I installed Linux on a laptop i use only for surfing trusted and secure websites. However, how can i know the laptop won't get infected by viruses by just being connected to the internet? As far as i know, a virus can penetrate a computer that is just connected to the internet, without having to surf, visit sites, and download files.

 

[hotaru.hino]

I installed Linux on a laptop i use only for surfing trusted and secure websites. However, how can i know the laptop won't get infected by viruses by just being connected to the internet? As far as i know, a virus can penetrate a computer that is just connected to the internet, without having to surf, visit sites, and download files.

We've been over this on your other threads.

First of all, if you're behind a router, the router is going to be filtering basically all of the unsolicited internet traffic. That is, any packet that came from the internet that can't be traced back to your computer initiating the request will be dropped. And even if you set up some sort of server on your computer, the router has to have a port forwarding rule to allow the request to go through. And if your computer doesn't have a server and isn't listening to the port, it'll refuse the connection. In other words, "drive by" infections are almost non-existent these days.

Second, even if you downloaded malware from the internet, it won't automatically run except if you told the web browser to open the file immediately after downloading. Which... you really shouldn't do that anyway.

Third, even if you ran the malware, it has to get privilege escalation to basically take over the computer. If you don't grant it this, the damage will be contained to what the user account has access to, which by default isn't a whole lot. Well, assuming you didn't add your account to the sudoers file to basically allow sudo without a password check (in which case, you were kind of asking for problems)

 

[TheFlash1300]

In other words, "drive by" infections are almost non-existent these days.

Alright. Other posts in my other threads created the impression that such infections are very common and likely. So, i got wrong. Thanks for making it clear that such infections are very rare.

And thank you for the rest of your explanations.

 

[ohio_buckeye]

Keep in mind while this may be true today, macs were considered once upon a time to be immune as well. But I’ve seen some of those with issues recently. So as an os becomes popular you may need to do a reassessment.

 

[hotaru.hino]

Keep in mind while this may be true today, macs were considered once upon a time to be immune as well. But I’ve seen some of those with issues recently. So as an os becomes popular you may need to do a reassessment.

Linux is practically the OS for anything not a consumer computer. I'm sure it has plenty of malware floating around for it already. The catch is though, most, if not practically all, malware needs elevated privileges to do substantial harm. It gets this either by social engineering (i.e., tricking the user into inputting them) or through a vulnerability when executed.

A typical desktop Linux user is likely less affected by this because running anything with elevated privileges requires a password (except if you configured your account to not require it, which again, is a stupid idea) and that tends to trigger a lot more thought in "should I really run this" than Windows' UAC "press OK to continue" prompt.

 

[LinuxDevice]

Regarding attacks which gain root privileges, you might consider learning about how to enable and enforce SElinux rules. Without SElinux you are not going to see much in the way of malware, but what malware you do see is often something designed to escalate privileges, e.g., via some sort of active web server page the public has access to (you wouldn't see this on a desktop PC behind a router...@hotaru.hino already explained routers as filtering a lot of unsolicited traffic). What SElinux does is to add "roles" to permissions, so it isn't just whether a user has "permissions" for a file change, it is also about whether that user is accepted in that role.

An SElinux example would be that there is usually a particular web server admin who can change web server content. However, user "root" normally has access to everything, and is called the "super user". If SElinux policy is that it is not expected root is maintaining a web server, then despite the absolute permission privilege for root, root would be denied the ability to change that content. Thus, if someone performs a successful buffer overflow of a web server page and escalates to become root, then the attacker still can't do anything to the web server.

SElinux does take a learning curve. Normally it is installed in a non-enforcing mode. One can look at logs and develop policies for SElinux without the system being stopped by failures, and then as policies are fine tuned for your case, those policies can be set instead to enforcing. I want to emphasize that this is not simple antivirus software you install, it is a process requiring knowledge and learning.

 

[USAFRet]

What is your opinion? Do i need anti-virus programs for Linux Mint or not? if not, explain why.

Linux is not immune to viruses.

The main reason Linux "appears" to be less susceptible to malware is the user base.
They are generally significantly more clueful.

A clueless user that downloads and installs some pirated virus laden piece of junk is no safer in the Linux world than they are in Windows.

 

[ex_bubblehead]

And as an addendum to the above. NEVER EVER UNDER ANY CIRCUMSTANCES EVER run as root or give root privileges to a standard user (same as giving a Windows user Admin rights). This will greatly lessen any damage caused by foolishly running suspect software.