I’m about to install bazzite on my wife’s older (2017) Windows 10 machine, and I’ve been going over how to recreate everything she currently has. Most programs (even proprietary ones) are not an issue, but I’m not finding much in the antivirus department.
I never even thought to install one on my Linux machine (also on bazzite, but I have used other distros in the past). So although I am no stranger to Linux, this issue blindsided me.
I know clamav exists, and I’m educating myself on how to use it, but a GUI would be nice for the wife. She’s not afraid of the terminal, but she likes the convenience of GUI programs.
Any suggestions? What do you use? Or is it just generally accepted that one should be careful and keep things up-to-date and that’s enough?
Linux viruses for desktop computers are so rare, they’re pretty much unheard of in practice. And that’s why virus scanners aren’t really a thing on regular computers. What we do is protect servers against malware and rootkits. And the Linux mailserver or fileserver will run a virus scan before forwarding the mails to the employee’s Windows computers. That’s why ClamAV doesn’t come with a GUI because it’s supposed to run in the background on your mailserver or NAS, not on your computer…
I’d recommend a virus scanner if you run Windows games and software (via Wine/Proton/Steam). Especially if they’re not from Steam but (pirated from) random places of the internet. If you run Linux software, ideally from the package repository, there’s little to no benefit in installing antivirus due to the lack of viruses.
Pay attention to security though. There’s a lot of other nefarious stuff out there. Password brute forcing, phishing, regular fraud, attacks if you don’t do updates, a harddisk might fail…
An antivirus is mostly unnecessary when care is taken to not install or use untrusted software. If you install everything as a Flatpak (and modify some of the default permissions), you can avoid allowing software to gain much access to her computer.
While I think people suggesting Linux is immune to malware is stupid, for reasons such as it is “too secure” or “too niche” to be effected by malware, anti malware is like a bandaid to a gaping wound. If you have malware, it is already too late and you should first unplug the device from the network and any connected devices, backup any important data, and fresh reinstall by overwriting the infected install.
If you still think you need some way to defend against malware, use the VirusTotal website, or a native Flatpak called Lenspect, to upload and scan files (such as an executable binary). Lenspect requires no permissions other than network access, so it is safe and the only risk is if you input a file containing personal data it will be uploaded to VirusTotal.
Though to stress again, antivirus is a bandaid! The real solution is to be smart about what you install and only take stuff from trusted sources. Try to make sure everything is a Flatpak and avoid apps with excessive permissions, which weaken the security of the sandbox.
The “too niche” part is really weird to me. There’s an estimated 2 billion PCs in use right now. ~3% of that are running some form of Desktop Linux OS, so roughly 60 million.
Incidentally, that’s exactly the same number as the total number of Win95 licenses sold, and I can’t recall Win95 being “too niche” for malware. Quite the opposite.
Incidentally, that’s exactly the same number as the total number of Win95 licenses sold, and I can’t recall Win95 being “too niche” for malware. Quite the opposite.
In Win95 days, “always online” was simply not a thing for the average household. Getting on the Internet - if you even had a connection at all - was equivalent to making a phone call, in that you “called in” to do the thing you wanted to do, then “hung up” when you were done (yes, I know dial-up did almost exactly that in practice, but it’s still a good analogy).
Being “always online” is relatively recent, and anything online is going to be vulnerable to malware at some point in its life. Security patches need to keep up with that.
Exactly, and still the 60 million copies sold (of which maybe a quarter or so actually ever went online) was more than enough to make Win95 comically malware-infested.
I’d venture to say that close to every one of the 60 million copies of Desktop Linux OSes running goes online frequently, so there’s much more potential Linux targets than there ever were Win95 targets. That’s why I’m saying the “Linux is to niche to get malware” argument doesn’t really work.
To be more clear, antivirus in general are mostly scams because they are advertised to do much more than they are actually capable (especially proprietary ones that act as spyware such as Norton or Avast, which have been caught selling user data). Hash based antivirus solutions (such as ClamAV) aren’t effective either because they rely on “badness enumeration”, in which you try to determine all the bad samples (through a sample list(s)) and alert or delete them when detected. This isn’t a good solution because a threat actor only has to add for example a single whitespace character into the code and it will produce a wildly different hash (which has not been sampled before). Badness enumeration is shit way to deal with real problems, much better is an allowlist approach, such as a permission system where to minimize the access given and soften the security until the app runs.
TLDR: Antivirus bad at job of stopping malware, and sandboxed apps good for security of your device.
The best Linux antivirus is a healthy dose of
dontclickshit.bin.She’s not afraid of the terminal, but she likes the convenience of GUI programs.
Your wife appears to have the same preferences as I do. I don’t mind using the terminal (I usually have one open any time I’m using my laptop or PC), but some things are far simpler in a GUI.
You don’t need an antivirus. Use common sense, as that is your best antivirus, period.
