This argument is 30years out of date. I haven't installed antivirus software since WindowsXP. And I don't think it was necessary for an experienced user then.
this post was submitted on 20 Apr 2025
621 points (92.4% liked)
linuxmemes
24540 readers
2914 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
Clamav?
Please stop oretending Linux was imune to viruses. A virus can do many things, perhaps even more on Linux than it could on Windows.
Not running an AV only borks because viruses nowerdays are much less common, especially if you follow some best practices (Adblock, no piracy sites, recognize sketchy stuff).
Definitely more, it's not 2001 anymore.
I recently learnt you can fully delete your root account. Can that fully deter viruses? (Assuming viruses need root access to cause damage)
Can't run a Linux virus if your Linux doesn't run
Well no viruses don't need root. But if they have root they can cause much more damage
Honestly, I use Linux and I need VirusTotal scans for side-loading .deb packages. It's because I'm not a coding expert, auditing every code of the packages before installing it. So, I think it's myth that Linux do not need antivirus or anti-malware. We have other different approaches too such as using anti-malware DNS servers.
Does this work? I would think scanning a *.package would only assess that content. Wouldn't something malicious likely be in the code or dependency it could call via some form of get request? That .deb package itself could be completely "safe" until it calls a git clone to then run something malicious.
I think this would be more likely to work for appimage or flatpak, though the same approach could compromise the validity of the scan. Am I thinking too hard, or did I just miss the point?
A single .sh file with exec permission that asks for sudo will easily download appimage keyloggers and then set a cron job to run it every X time to keep it alive and sends it all to whatever remote location. Or whatever else you let the appimage do.
95% of regular users will double click that, and then write their pass in the popup without blinking twice and that will work in most Linux systems.
Most viruses don't target Linux, sure, but that's wishful thinking. Always be creful with what you run.
Linux users are always one bad app from being completely scammed
Wayland and Flatpak actually somewhat protects you though, as long as you know to NOT give it the permissions to read all of /home
As long as you know the foot guns and know why flatpak is important....isnt a good starting point.
Linux has viruses. Always protect yourself..
Just have backups and know what you're downloading.
I mean, that logic also applies to Windows and Mac. This meme is just stroking the Linux ego.
Yes, that also works in Windows and Mac. When I still dual booted Windows, I gave up on anti-viruses and just didn't download suspicious things and used Firefox with all the regular blockers. Never had a problem.
What if I know I'm downloading a virus?
ClamAV in the corner, visibly annoyed
Its powerful but sadly not realtime
Oh, not true anymore:
https://docs.clamav.net/manual/Usage/Scanning.html#on-access-scanning
That's great news thanks for telling
Everyone should think about threats to their data. Cloud backup and laptops better be encrypted, services with open ports be shielded. Linux viruses do exist, especially for android and routers. But also whatever system has an outdated dokuwiki open in the wild is a welcome addition to a botnet. The value of a botnet is in number of infected systems and you don't need root access to mine monero or take part in a ddos on a machine. Linux security is sincerely undervalued. Selinux, the grsec kernel patches, chrootjail, tripwire... do exist, but are a hassle to setup and maintain. The new container options are nice (docker or flatpack) having your webbrowser contained is not a bad idea.
Update your router, your desktop is spoiled for updates. I stop my 1 am ramblings here.
A few years ago I found a text (probably as image) where somebody βtriedβ to run a virus on linux. It went something like this:
Wanted to install a virus on Ubuntu, but it was only available as an aur package. Tried converting. Didnβt work β¦ Tried
make virus, but didnβt work. Upgraded cmake, tried again, but some libraries were missing.Tried installing libraries, but they were very outdated and I couldnβt find proper versions.
Checked the source to see what the libs were doing and replaced them.
and so on.
Does someone know what Iβm talking about and possibly has the source?
Not sure how to actually post an image, but this I think is one.
Gripping the bitcoin wallet and paying $5 out of pity is my favorite part :)
load more comments
(1 replies)
load more comments
(2 replies)
An antivirus is mostly just a blacklist of known malware. Sometimes heuristics are used such as 'this piece of software isn't installed on many PCs, and it appears to be doing shady stuff like, monitoring keystrokes or listening to your microphone'. But unless your antivirus is actually sentient there's no way for it to really distinguish between a chat application that listens to your microphone so you can talk to your friends / monitor your keystrokes to know when you've hit the push-to-talk key, and a piece of actual malware that intends to spy on you and blackmail you.
What you have with a package manager is a whitelist of programs that have been selected by your distro maintainers. Is it completely impossible for someone to sneak malware into a distro's repository? No, but its a lot easier to maintain a list of known good software than it is to maintain a list of known bad software. And in that situation your antivirus isn't going to help you anyway, since the people maintaining its malware list aren't going to magically know that something is malware before the distro maintainers do.
So, generally, just using your package manager instead of running random shit you find online is going to be a lot better than any antivirus. With things like Wayland and Flatseal becoming more common we're heading towards a situation where fine-grained per-package permissions will become the standard way distros do things, making antivirus even more unnecessary.
We should have done that a long time ago, as the security model of 'any program you run can do anything you can by default', then blacklist the ones that inevitability abuse that privilege, is completely backwards.
load more comments
(4 replies)
As someone who may obtain games and shows/movies through less than rights holder approved methods, ClamAV is a necessity.
Not just for the pirate though. If you share any files between nix and win OS's. I wouldn't want to share any computer std with those I care for, friend, family or business.
There are also cool tools like chkrootkit and rkhunter that might come in handy.
Not having inter-distro binary compatibility is a blessing in disguise.
I just switched to linux and totally forgot about this. Do I really not need one? 99% of what I do is steam gaming anyway so I'm not too worried, worst case I just format and reinstall, but still...
Most malware is not Linux compatible. However the stuff that is will fuck you over very hard. Get clamav set a cron
load more comments
(6 replies)
'The best anti-virus is common sense [current year]' - was a meme more than decade ago and is still true. Linux is not safer than any other OS.
The reason why people think otherwise is because statistically, when bad actors release malware it's made for the OS with the largest market share. Which for computers, is still Windows by a landslide.
Linux is not safer than any other OS.
Apache web servers were, are, and will continue to be common thanks to their cheapness and ease of configuration. And malware (particularly and most recently coinminers) have been a plague on Apache for at least the last few years.
"Nobody's come after my bespoke Linux kernel" is just preaching security-through-obscurity. Which - hey - if you're running a Mint box to host videos on Jellyfin, sure. The absolute worst case scenario is being forced to re-download 1000 hours of tv/movies/music you forgot you even had. But if you're doing any kind of business application or - god forbid - enterprise level application development, you might as well post a "Kick Me" sign on your admin's back as tell your team that Linux is virus-proof.
If you are a Halo fan or have ever played Halo reach. The only thing I can imagine is the slip space rupture detected scene except for every time instead of slip space. It's Yara heuristic detected. https://youtu.be/Q_4i-yOUmXY
load more comments
(1 replies)
view more: next βΊ