Good Sam Community

I run Bitdefender when I am on Windows. I often run Ubuntu when I need a quick start up and am not going to use some of the programs I have that will not run on Ubuntu like MS Streets and Trips and a few others. Was just wondering what a good AV program would be for it.
Barney

If you want to go industrial on Linux, there are things like Snort and OSSEC, which are pretty powerful intrusion detection systems. You can also try Rootkit Hunter, but for a desktop, a lot of this stuff is way overkill. A server, on the other hand, must be open to outside access.

If anyone thinks protection against viruses is the reason to have an AV package installed, then I suggest you look into the technologies used in the software. Security suite may be a better term. No system is immune from malware.

The latest, or should say, ongoing hijack for several years through a backdoor trojan effecting 25,000 Linux/Unix web servers wasn't the result of a virus, but stolen credentials. But why didn't the affected Linux/Unix web server operators know they were infected with malware? Which were used in a botnet to serve Spam and drive-by malware targeting primarily Windows systems-still representing over 90% of the OS installed base.

If an AV package only focused on protecting against virus infections, then I'd agree that it's just a waste.

You don't need one.
If you have pity for your Windows friends, use ClamAV.
If you follow development of The Hand of Thief trojan, it failed miserably on Ubuntu.

What is a good AV program for Ubuntu?
Barney

A lot of these vulnerabilities rely on "social engineering"- plus the Linux hacked article points out that

“The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,” continued Léveillé. “Instead it is manually installed by a malicious attacker. The fact that they have managed to do this on tens of thousands of different servers is chilling. While anti-virus and two factor authentication is common on the desktop, it is rarely used to protect servers, making them vulnerable to credential stealing and easy malware deployment.”

Bad passwords are a huge problem (I don't use passwords on my server- I use an private key).

On any OS, if you can install a program without having to type a password, you are vulnerable. If you have a router, NAS, Set top TV box, or any networked "appliance" that you can log in to (like a webcam, etc), you *must* change the default login name and password.
Virtually all of the Linux hacks are due to poor password practices, not a vulnerability in Linux itself- not to say there are no vulnerabilities (I get updates regularly), but most Linux "virus scanners" simply scan for Windows viruses on mail passing through.

Security is a process, not something you do once.

1492 wrote:

All my PC, MAC, Linux, and Android systems have AV installed. Will be adding one to my iOS shortly.

1- I don't use Windows for surfing.
2- I use only these for my Linux Mint
a- Noscript in Firefox (or Scriptsafe in Chrome)
b- Hosts
Six years without a single incident.
I cannot keep me from laughing when some rogue sites try to run EXE on my computer (mostly free downloading sites).
I make a rule, if I need a driver, for example a Brother printer, I will go to Brother.com to look for it, nothing else.

Full time (Pro version) of Malwarebytes is a pretty good solution and they update the signature files at least once a day!

The one thing I see over and over again and again when anti-virus discussions come up is that Malwarebytes is an anti virus. It's not! It's a very concerted malware scanner.

WoodGlue

Having worked with computers for over 35 years, the thing I see most often contributing to people getting their computers infected is a lack of knowledge. People should learn how to avoid being infected because none of the products are fool proof. Just clicking on links blindly is usually the biggest reason for infections. Like everything in life, knowledge is everything.

mlts22 wrote:
That seems to happen with MS... they put out an AV product (MS OneCare for example), it stagnates... then they get back on the ball and update it, and the cycle begins again.

So true and of all the free stuff. Remember, free means the developer is not getting paid (at least directly) for maintaining free. That is why I think there is a constant change to the best "free" version. I also believe some of the paid ones take a similar maintenance approach. Pocket money until many figure out it is no longer good enough.

Moral: Ya just gotta stay informed.

All the different opinions on AV security remind me of what a fellow said who worked in the Louisiana DOT's asphalt materials research lab. Engineers and technicians would go 'round and 'round for years arguing about the proper mix proportions to get the best asphalt pavement (and I am sure they are still at it). He said "it's just like a bunch of guys sitting around arguing whose jambalaya recipe tastes best - there is no single answer."

I will trust that MS is savvy enough to maintain reasonable AV control via MSE and MSRT, and every few weeks I can also do a Malwarebytes full scan. I use FF w/ a few handy add-ons to see it better and block ads and trackers. I feel comfortable w/ this. My nearly 10 y/o single core AMD Athlon XP 3200+ will start bogging w/ any browser VMing or NoScript add-ons.

I'm XaPpy, and maybe just clueless enough not to be worried! Will let all know if anything blows up XP-wise.
I've started leaving PC on fulltime since the fan sounds smoother than w/ daily wake-ups from hibernation. Ole Nellie may have another year in her.

That seems to happen with MS... they put out an AV product (MS OneCare for example), it stagnates... then they get back on the ball and update it, and the cycle begins again.

Of course, here is one fact from personal experience: Most exploits these days are via security holes served up from ad servers or web pages. They attack the browser and its add-ons. Usually no AV program will intercept this since a compromised instance of the Web browser in memory doesn't "look" to different from a regular instance unless the AV program constantly looks at other program's process space (very slow.) Since there are no executables or Trojan horses sitting on the hard disk (the code is loaded into the Web browser itself), there is nothing for a scanner to find until the rootkit gets downloaded/installed.

So, the first line of protection is isolating the Web browser from everything else. I prefer to run my Web browser in a sandbox, and that running in a VM, but just running the Web browser in a sandbox will go far to stop unknown attacks from compromising the entire machine. It also is wise to do security sensitive stuff in one browser while general browsing is done in another browser/sandbox/VM.

Keep the AV program, as it can't hurt, although unless it actively blocks IP addresses of malware sites, it will likely be bypassed by a "0-day" exploit (which come out quite often.)

Bobbo wrote:

Yes, but what is? The recommended program changes quite often.

Bitdefender Antivirus Free Edition has been rated top among key independent security testing organizations. It's also lighter than MSE on resources, and the most unobtrusive I've seen.

AV security suites don't tend to change drastically over time. However, MSE has been rated among the bottom for protection for a few years now.