I'm about to install bazzite on my wife's older (2017) Windows 10 machine, and I've been going over how to recreate everything she currently has. Most programs (even proprietary ones) are not an issue, but I'm not finding much in the antivirus department.
I never even thought to install one on my Linux machine (also on bazzite, but I have used other distros in the past). So although I am no stranger to Linux, this issue blindsided me.
I know clamav exists, and I'm educating myself on how to use it, but a GUI would be nice for the wife. She's not afraid of the terminal, but she likes the convenience of GUI programs.
Any suggestions? What do you use? Or is it just generally accepted that one should be careful and keep things up-to-date and that's enough?
Linux viruses for desktop computers are so rare, they're pretty much unheard of in practice. And that's why virus scanners aren't really a thing on regular computers. What we do is protect servers against malware and rootkits. And the Linux mailserver or fileserver will run a virus scan before forwarding the mails to the employee's Windows computers. That's why ClamAV doesn't come with a GUI because it's supposed to run in the background on your mailserver or NAS, not on your computer...
I'd recommend a virus scanner if you run Windows games and software (via Wine/Proton/Steam). Especially if they're not from Steam but (pirated from) random places of the internet. If you run Linux software, ideally from the package repository, there's little to no benefit in installing antivirus due to the lack of viruses.
Pay attention to security though. There's a lot of other nefarious stuff out there. Password brute forcing, phishing, regular fraud, attacks if you don't do updates, a harddisk might fail...
Can you share more about virus scanner for Windows stuff?
Is there one that can run completely locally? Or do they usually need to upload the file/signature online?
Usually how regular virus scanners work, they download a package with virus signatures every day or so and match the files against that local copy of the database. Unless you decide to use a service like virustotal... Sorry, I'm a bit of the wrong person to answer this question. I've been using Linux for the last 20 years or so. That means last antivirus I installed was about that long ago... I just hope Steam scans their game catalog, seems they do and that is my only source of Windows executables. So I'm fine on my private computers. And for work I'd just use whatever is provided to me.
Yeah, that's out of date. While AV still uses file signatures, the modern stuff is behavioral. If you have a file whose instructions use undocumented or low-level APIs, it can look like an exploit and the AV flags it. Endpoint protection products like Sentinelone also take the role of endpoint firewall, managing access to network resources, not just the OS, disk, etc. So if you start sending encrypted requests through uncommon APIs to a cloud server in China, it's gonna get you blocked.
This.
You install a virus scanner on your smb fileshare or your mail server, for instance, and pipe attachments through it to protect windows boxes. That's the only sensible use.
Yet, idiots make policies like "all servers must have AV installed for safety" and thus some shit app sucks down all the CPU time and scans memory (ohai PCI compliance) just because the CTO doesn't know what 'less' does.