this post was submitted on 24 Nov 2025
96 points (90.7% liked)

Linux

14065 readers
116 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
96
Linux Antivirus? (lemmy.wtf)
submitted 3 days ago by UNY0N@lemmy.wtf to c/linux@lemmy.world
77 comments fedilink hide all child comments
 

I'm about to install bazzite on my wife's older (2017) Windows 10 machine, and I've been going over how to recreate everything she currently has. Most programs (even proprietary ones) are not an issue, but I'm not finding much in the antivirus department.

I never even thought to install one on my Linux machine (also on bazzite, but I have used other distros in the past). So although I am no stranger to Linux, this issue blindsided me.

I know clamav exists, and I'm educating myself on how to use it, but a GUI would be nice for the wife. She's not afraid of the terminal, but she likes the convenience of GUI programs.

Any suggestions? What do you use? Or is it just generally accepted that one should be careful and keep things up-to-date and that's enough?

top 50 comments
sorted by: hot top controversial new old
[–] msokiovt@lemmy.today 1 points 1 day ago

You don't need an antivirus. Use common sense, as that is your best antivirus, period.

[–] aarch0x40@piefed.social 60 points 3 days ago (1 children)

ClamAV is probably the way to go. While there are UIs available in various states of maintenance, it's not really necessary. The way ClamAV works is that runs a scan on daemon (re)start then continually monitors the system from there. One of it's best features is that you don't really need to worry about it.

[–] UNY0N@lemmy.wtf 3 points 3 days ago

Thanks! I wasn't aware that it was such a fire-and - forget software.

[–] Neptr@lemmy.blahaj.zone 37 points 3 days ago* (last edited 3 days ago) (8 children)

An antivirus is mostly unnecessary when care is taken to not install or use untrusted software. If you install everything as a Flatpak (and modify some of the default permissions), you can avoid allowing software to gain much access to her computer.

While I think people suggesting Linux is immune to malware is stupid, for reasons such as it is "too secure" or "too niche" to be effected by malware, anti malware is like a bandaid to a gaping wound. If you have malware, it is already too late and you should first unplug the device from the network and any connected devices, backup any important data, and fresh reinstall by overwriting the infected install.

If you still think you need some way to defend against malware, use the VirusTotal website, or a native Flatpak called Lenspect, to upload and scan files (such as an executable binary). Lenspect requires no permissions other than network access, so it is safe and the only risk is if you input a file containing personal data it will be uploaded to VirusTotal.

Though to stress again, antivirus is a bandaid! The real solution is to be smart about what you install and only take stuff from trusted sources. Try to make sure everything is a Flatpak and avoid apps with excessive permissions, which weaken the security of the sandbox.

[–] Neptr@lemmy.blahaj.zone 21 points 3 days ago* (last edited 3 days ago) (4 children)

To be more clear, antivirus in general are mostly scams because they are advertised to do much more than they are actually capable (especially proprietary ones that act as spyware such as Norton or Avast, which have been caught selling user data). Hash based antivirus solutions (such as ClamAV) aren't effective either because they rely on "badness enumeration", in which you try to determine all the bad samples (through a sample list(s)) and alert or delete them when detected. This isn't a good solution because a threat actor only has to add for example a single whitespace character into the code and it will produce a wildly different hash (which has not been sampled before). Badness enumeration is shit way to deal with real problems, much better is an allowlist approach, such as a permission system where to minimize the access given and soften the security until the app runs.

TLDR: Antivirus bad at job of stopping malware, and sandboxed apps good for security of your device.

[–] unknownuserunknownlocation@kbin.earth 9 points 3 days ago

I'm not sure where you get the idea that antivirus is mostly a scam. Yes, there are some questionable vendors out there, but it doesn't mean it's a scam. I know antivirus has saved my ass a couple of times, at least when I was younger. Was I doing something stupid? Yes. Do we all do something stupid every once in a while? Also yes.

[–] menas@lemmy.wtf 3 points 3 days ago

I agree with your demonstration, but not the conclusion. The main threat in OP case is random attack made by massive and standardize attack. So hashed signature are better than nothing. Of course it is not enough for all kind of attack, like a focus one

load more comments (2 replies)
[–] r00ty@kbin.life 14 points 3 days ago (2 children)

I think there's a few aspects to this whole subject.

First of all for a long time people have thought Linux not to be the target of malware. I would say that it has been a target and it has been for decades. I recall in the late 90s a Linux server at work was attacked, had a rootkit, IRC trojan and attack kit installed by script kiddies in Brazil. I think the nearest you can say is that desktop users aren't usually a target, which is mostly true. But with the share of desktop installs hitting a high recently we should expect that to change.

Second I think most windows antivirus products (including the built in one) are doing some active useful things. Most of these are not relevant on Linux (we generally don't run setup.exe from random websites). However! Here's where things get interesting. The rise of flatpak and other containerised applications. These I would say are very similar to setup.exe, and would make it trivial to embed malware into such a file. A Linux virus scanner could be checking these. Also we've seen direct attacks on distro repositories lately. I don't expect this to slow down. We are most certainly a target now.

Third, the other reason most Linux users don't use virus scanners is because they're usually technical people who would recognise (usually) something wrong and investigate/spot the malware. I would say two things are changing here. Simpler to install distros are bringing in less technical people to Linux and, the number of processes running on a machine doing effectively nothing in a desktop environment is way higher than it used to be. So technical people can be caught off guard. Also, a rootkit can hide all of these clues if done well.

So I would say there's a really good space to have a well made virus scanner/antivirus now. It is probably the right time for it.

[–] MagicShel@lemmy.zip 6 points 3 days ago* (last edited 3 days ago) (1 children)

Guarantee my fifteen year old would run a random curl with sudo if it purported to install Sims mods. And one might say, "then don't give her sudo," but you have no idea how often I'd have to run to the basement to type in a password onto her computer, if it's anything like Windows. (Haven't moved her to Linux yet, but it's coming.)

We definitely cannot rely on the technical savvy of Linux users any more. At least, I can't.

[–] lka1988@lemmy.dbzer0.com 6 points 3 days ago (2 children)

but you have no idea how often I’d have to run to the basement to type in a password onto her computer,

For what it's worth: It's possible to configure sudo in a way that allows users to execute specific commands without having to grant full, unrestricted access. That's what sudo is for.

load more comments (2 replies)
[–] squaresinger@lemmy.world 3 points 3 days ago (12 children)

we generally don’t run setup.exe from random websites

We do run .deb/.rpm files from random websites though. And you mentioned flatpak too. Appimage is quite popular too, and afaik that doesn't have any built-in sandboxing at all.

load more comments (12 replies)
[–] unknownuserunknownlocation@kbin.earth 7 points 3 days ago

I think you're missing the point that antivirus should kick in before the malware executes. It's far from 100%, but if you download something stupid, the antivirus should in most cases flag that before you even have a chance to execute it. In that case, you delete it, and the problem is solved, no need to reinstall or anything of the kind.

Of course the "real" solution is to be smart about what you install, but no one is perfect and we also can't expect the world to be super computer literate (unfortunately).

load more comments (5 replies)
[–] ToxicWaste@lemmy.cafe 13 points 3 days ago

I like to consider myself part of the exclusive and oh so elite club of linux users. everyone here saying that AV is not needed, because the best security is not to be stupid, is right. but is your grandma tech literate enough to not do stupid things on her computer? your teenage son?

as the linux user base grows, the platform becomes more interesting of a target. even for stupid attacks. and lets be honnest: lots of legitimate open source projects still use an install script to curl and pipe into the terminal as a suggested method to install. which is just horrible!

while an anti malware is a patch. it is the last line of defense after a stupid mistake. so it would be great to have an actual desktop AV for linux. eset used to sell one but it is long out of service.

i use clamAV. but i maintain it for the family, so it is not as simple as telling them exactly what to install and run with default configs.

anyway, for those interested: here are two videos of malware attacks against lunux in rather different fashions:

[–] duckCityComplex@lemmy.world 2 points 2 days ago

Long-time Linux user, have never run AV on my Linux machines.

A few years back, I was forced by compliance rules at work to install AV on a Linux server and started looking for solutions. I shopped around a bit and what I found was that even the commercial AV vendors who supported Linux had no more than 4 or 5 actual signatures to detect Linux malware, and they were all 5 or more years old.

Things may have changed since then, but this may be a good way to think about it... how much Linux malware can these tools actually detect?

Yes, Linux rootkits are a thing but if your AV doesn't detect them, there's no point running it.

[–] hendrik@palaver.p3x.de 16 points 3 days ago* (last edited 3 days ago) (2 children)

Linux viruses for desktop computers are so rare, they're pretty much unheard of in practice. And that's why virus scanners aren't really a thing on regular computers. What we do is protect servers against malware and rootkits. And the Linux mailserver or fileserver will run a virus scan before forwarding the mails to the employee's Windows computers. That's why ClamAV doesn't come with a GUI because it's supposed to run in the background on your mailserver or NAS, not on your computer...

I'd recommend a virus scanner if you run Windows games and software (via Wine/Proton/Steam). Especially if they're not from Steam but (pirated from) random places of the internet. If you run Linux software, ideally from the package repository, there's little to no benefit in installing antivirus due to the lack of viruses.

Pay attention to security though. There's a lot of other nefarious stuff out there. Password brute forcing, phishing, regular fraud, attacks if you don't do updates, a harddisk might fail...

[–] JaddedFauceet@lemmy.world 6 points 3 days ago (2 children)

Can you share more about virus scanner for Windows stuff?

Is there one that can run completely locally? Or do they usually need to upload the file/signature online?

load more comments (2 replies)
[–] corsicanguppy@lemmy.ca 2 points 3 days ago

This.

You install a virus scanner on your smb fileshare or your mail server, for instance, and pipe attachments through it to protect windows boxes. That's the only sensible use.

Yet, idiots make policies like "all servers must have AV installed for safety" and thus some shit app sucks down all the CPU time and scans memory (ohai PCI compliance) just because the CTO doesn't know what 'less' does.

[–] lka1988@lemmy.dbzer0.com 12 points 3 days ago* (last edited 3 days ago) (1 children)

The best Linux antivirus is a healthy dose of dontclickshit.bin.

She’s not afraid of the terminal, but she likes the convenience of GUI programs.

Your wife appears to have the same preferences as I do. I don't mind using the terminal (I usually have one open any time I'm using my laptop or PC), but some things are far simpler in a GUI.

[–] Qwel@sopuli.xyz 5 points 3 days ago

You might have issues trying to install clamav on Bazzite as it is an immutable distro

Antiviruses are rarely used, I wouldn't install them on a newish distro for a non-tech user. It sounds like it may cause more issues than it will intercept

[–] ijhoo@lemmy.ml 7 points 3 days ago* (last edited 3 days ago) (3 children)

No av on my machines on Linux.

What I understand, av on Linux is used to protect windows.

Use an ad blocker when surfing (ublock origin), install only via official repos and set up a DNS server with decent blocklist and you should be fine.

[–] stoy@lemmy.zip 13 points 3 days ago (3 children)

Yeah, that arrogance will hit you sooner or later.

As the popularity of Linux increases, so will the malware situation worsen.

[–] possiblylinux127@lemmy.zip 6 points 3 days ago (1 children)

What makes you think that a "antivirus" is going to do anything?

Security is hard

[–] scholar@lemmy.world 9 points 3 days ago* (last edited 3 days ago) (4 children)

Security is hard and as Linux becomes a more lucrative target for malware something will slip through. We've already seen attempted supply chain attacks with xz and we know that Linux ransomware is out there. AV isn't a silver bullet; it's another layer in your defences.

[–] stoy@lemmy.zip 4 points 3 days ago (5 children)

This is exactly my point

load more comments (5 replies)
load more comments (3 replies)
load more comments (2 replies)
load more comments (2 replies)
[–] lambalicious@lemmy.sdf.org 4 points 3 days ago

ClamAV is the thing to use, AV-wise, but it makes no sense to use it and spend resources unless you know in advance you are going to get Windows stuff at risk.

[–] Cyber@feddit.uk 4 points 3 days ago

Kinda mirroring the other points here, if you only install from the distro's repos then you're all good.

But...

Better than AV (blocks known bad), you're better off looking into things that only allow known good, like selinux, etc, which might be part of bazzite anyway? (I don't use it, so unsure)

[–] OnfireNFS@lemmy.world 2 points 3 days ago

I'm not sure you really need an anti virus with Bazzite? Because it is immutable and has rolling releases it's generally pretty up to date and secure

If you were running a more traditional distro it might be more of a requirement

[–] cupcakezealot@piefed.blahaj.zone 2 points 3 days ago

for ease of mind just install clamtk but clamav pretty much runs automagically without intervention.

[–] dandu3@lemmy.world 2 points 3 days ago (1 children)

I believe Kaspersky has just released a commercial solution for desktop Linux. Kaspersky is a whole other can of worms, however seeing as they're russians but that's your call

[–] corsicanguppy@lemmy.ca 3 points 3 days ago

Kaspersky isn't there to protect us; just to fill a niche and create business for itself. Idiot nepo CTOs who don't know better can be coerced to sign a fud-based invoice and then they make bank.

load more comments
view more: next ›