98
Antivirus recomendations
(programming.dev)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Sure, anti-virus won't prevent the zero day from being exploited, but it can prevent any malware packaged with it from executing/causing damage. The same goes for other strategies, like sandboxing, access control, etc, the more layers you have, the less likely an attack is to be successful.
On the other side, the less valuable your platform is to exploit, the less attention it'll have from malware authors. Most malware is looking to make a quick buck, and getting grandma to call a fake support line to fix a manufactured problem is the lion's share of malware. Some attempt to create a botnet (i.e. worms and Trojans), and others try to steal banking and other credentials (so cookie scraping, no need for privilege escalation, just code execution).
I'm just pointing out that zero days and privilege escalation has existed to show that macOS isn't immune. I'm sure there are plenty more, they just probably aren't used as much because the potential benefit isn't large enough yet. Why risk revealing your zero day when the profit potential is low? Sometimes it's more valuable to wait and sell to a more sophisticated attacker who will go after higher value targets like sitting politicians than to sell it on the open market to a scammer who goes after grandma.
The same goes for Linux. Zero day privilege escalation attacks certainly exist, if you follow the CVEs, you can see some of them getting discovered before they're explored. As the market expands, we'll see more exploits actually being used, which means there are probably even more that potential attackers are sitting on.