A single .sh file with exec permission that asks for sudo will easily download appimage keyloggers and then set a cron job to run it every X time to keep it alive and sends it all to whatever remote location. Or whatever else you let the appimage do.
95% of regular users will double click that, and then write their pass in the popup without blinking twice and that will work in most Linux systems.
Most viruses don’t target Linux, sure, but that’s wishful thinking. Always be creful with what you run.
Please stop oretending Linux was imune to viruses. A virus can do many things, perhaps even more on Linux than it could on Windows.
Not running an AV only borks because viruses nowerdays are much less common, especially if you follow some best practices (Adblock, no piracy sites, recognize sketchy stuff).
Definitely more, it’s not 2001 anymore.
Linux has viruses. Always protect yourself…
Just have backups and know what you’re downloading.
I mean, that logic also applies to Windows and Mac. This meme is just stroking the Linux ego.
Yes, that also works in Windows and Mac. When I still dual booted Windows, I gave up on anti-viruses and just didn’t download suspicious things and used Firefox with all the regular blockers. Never had a problem.
What if I know I’m downloading a virus?
Linux users are always one bad app from being completely scammed
Wayland and Flatpak actually somewhat protects you though, as long as you know to NOT give it the permissions to read all of /home
As long as you know the foot guns and know why flatpak is important…isnt a good starting point.
Honestly, I use Linux and I need VirusTotal scans for side-loading .deb packages. It’s because I’m not a coding expert, auditing every code of the packages before installing it. So, I think it’s myth that Linux do not need antivirus or anti-malware. We have other different approaches too such as using anti-malware DNS servers.
Does this work? I would think scanning a *.package would only assess that content. Wouldn’t something malicious likely be in the code or dependency it could call via some form of get request? That .deb package itself could be completely “safe” until it calls a git clone <URL> to then run something malicious.
I think this would be more likely to work for appimage or flatpak, though the same approach could compromise the validity of the scan. Am I thinking too hard, or did I just miss the point?
Everyone should think about threats to their data. Cloud backup and laptops better be encrypted, services with open ports be shielded. Linux viruses do exist, especially for android and routers. But also whatever system has an outdated dokuwiki open in the wild is a welcome addition to a botnet. The value of a botnet is in number of infected systems and you don’t need root access to mine monero or take part in a ddos on a machine. Linux security is sincerely undervalued. Selinux, the grsec kernel patches, chrootjail, tripwire… do exist, but are a hassle to setup and maintain. The new container options are nice (docker or flatpack) having your webbrowser contained is not a bad idea.
Update your router, your desktop is spoiled for updates. I stop my 1 am ramblings here.
Clamav?
I recently learnt you can fully delete your root account. Can that fully deter viruses? (Assuming viruses need root access to cause damage)
Can’t run a Linux virus if your Linux doesn’t run
Well no viruses don’t need root. But if they have root they can cause much more damage
This argument is 30years out of date. I haven’t installed antivirus software since WindowsXP. And I don’t think it was necessary for an experienced user then.
if you’re not at least running clamav you’re gonna regret it!
ClamAV in the corner, visibly annoyed
Its powerful but sadly not realtime
Oh, not true anymore:
https://docs.clamav.net/manual/Usage/Scanning.html#on-access-scanning
That’s great news thanks for telling
A few years ago I found a text (probably as image) where somebody ‘tried’ to run a virus on linux. It went something like this:
Wanted to install a virus on Ubuntu, but it was only available as an aur package. Tried converting. Didn’t work … Tried
make virus, but didn’t work. Upgraded cmake, tried again, but some libraries were missing.Tried installing libraries, but they were very outdated and I couldn’t find proper versions.
Checked the source to see what the libs were doing and replaced them.
and so on.
Does someone know what I’m talking about and possibly has the source?
This!
Not sure how to actually post an image, but this I think is one.
Gripping the bitcoin wallet and paying $5 out of pity is my favorite part :)
Image in post or comment:
You can add alt text in the square brackets, but many apps won’t show it.
This then renders as
Yes. No.
I think I also remember somebody ran Wannacry under Wine with completely expected results.
As someone who may obtain games and shows/movies through less than rights holder approved methods, ClamAV is a necessity.
Not just for the pirate though. If you share any files between nix and win OS’s. I wouldn’t want to share any computer std with those I care for, friend, family or business.
There are also cool tools like
chkrootkitandrkhunterthat might come in handy.
