Does Linux Mint require antivirus?

Topic

New Reply

I would be interested in the views of Linux Mint users here.  Investigating online, I find some saying that a compatible program should be installed, and others saying that adding AV program actually increases the risk.

1 user thanked author for this post.

Microfix

Reply | Quote

Replies

I am not a Linux Mint user but have used other Linuxes. From my experience, Linuxes needs an antivirus as a precaution.  Linux is more secure by a factor of X than Windows but there are very rare viruses if you live in the dark net or get a phishing scam email or a target campaign from a leak database.

If you are just a regular user with some basic Internet Safety knowledge and do not use dark net, you might be fine without but this is a call that you have to make base on your usage and risk level.

2 users thanked author for this post.

KB6OJS, wdburt1

Reply | Quote

Already discussed, less than a year ago…HERE
Have used Linux distro’s for years and found no need for a magnetic malware vector..YMMV

Windows - commercial by definition and now function...

2 users thanked author for this post.

rc primak, wdburt1

Reply | Quote

Linux distro’s have a lower risk of malware and virus attacks due to a more secure hierarchical file system structure than Windows, where the system files are kept separate from user files.
This operating system architecture makes it more difficult for malware to access system files and execute malicious code.

Windows - commercial by definition and now function...

2 users thanked author for this post.

wdburt1, Mothy

Reply | Quote

I have used several Linux distros, including Mint, all without an AV.

But YMMV, depending on what you do or how you use the computer. The bottom line is that if you allow malware into your computer and execute it, then all bets are off.

But by default, malware is much less likely to find its way onto your Linux system without your help, than with a Windows system.

One of the reasons that it’s less likely is the way Linux is setup by default to run your account at a lower user account level than Admin. So anything that runs at your account level is never supposed to have system admin privileges.

Another distinction is that most traditional computer viruses are aimed at Windows, and those cannot infect the Linux system. But that’s a different story than a malicious executable designed for Linux. That part is knowing how to keep malware off the system to begin with.

However if you are in an environment that shares files between Windows and Linux systems, you may want to run an AV/malware scan on any files that you share with Windows users.  Just because a Windows malware file doesn’t affect your Linux system, it can still be passed along to a vulnerable Windows user.

Edit: Advise reading the related thread linked above by Microfix.

Windows 10 Pro 22H2

4 users thanked author for this post.

Charlie, rc primak, Still Anonymous, Microfix

Reply | Quote

This analysis that was linked by Alex5723 a couple of weeks ago might be of interest. Nearly 2 million new Linux malware samples in 2022? Yes, malware on Linux is harder to install, but it’s not impossible and it’s certainly a targeted system.

That and being able to catch Windows malware before it is shared with Windows systems is of value.

My personal opinion is that security software has so little performance impact on computer nowadays that there’s no reason not to run it, regardless of OS.

Reply | Quote

According to Linux malware stats at that AV ATLAS site –  trojans, followed by backdoors, are the most common categories of Linux malware:

https://portal.av-atlas.org/malware/statistics

Windows still has the highest distribution by far for any operating system…

https://portal.av-atlas.org/malware

Windows 10 Pro 22H2

1 user thanked author for this post.

Alex5723

Reply | Quote

https://www.askwoody.com/forums/topic/av-test-2022-new-malware-windows-vs-macos-vs-linux-vs-android/

Reply | Quote

It has been said that rootkits are the most serious threat to Linux, though this may have changed over the years.

Why? Because you don’t run programs in Linux as Root. And YOU don’t run Linux as Root User. Thus, the first thing malware would have to do to infect your Linux OS is to gain Root privileges, which is not easy in Linux without actually sitting at your keyboard or other input device.

That said, there is no specifically Linux antivirus, except for rootkit scanners and ClamAV, all of which scan after the fact. Prevention is not the job of antimalware apps in Linux. It’s the job of ALL software. That’s why there are nearly daily security patches for most distros.

You can harden the OS and the web browsers in Mint, but it isn’t easy, and I won’t attempt to outline how to do this. Sandboxing or virtualizing is also possible in Linux, but for most home users it just is not worth the effort. Linux can also be run from stand-alone USB environments without endangering the host OS (much).

By far the majority of successful Linux attacks have happened on servers, mostly in large company or organization settings.

This is not to say individuals can’t get infected in Linux.  But if you don’t sideload from PPAs, stick with curated repos (both of which are encouraged in Mint) and use Flatpaks or Snaps from the main repos for those packaging formats, you should be safer without antivirus in Linux than you would be with antivirus in Windows.

-- rc primak

2 users thanked author for this post.

JohnW, wdburt1

Reply | Quote

rc primak wrote:

This is not to say individuals can’t get infected in Linux.  But if you don’t sideload from PPAs, stick with curated repos (both of which are encouraged in Mint) and use Flatpaks or Snaps from the main repos for those packaging formats, you should be safer without antivirus in Linux than you would be with antivirus in Windows.

Sounds like S Mode for Linux. S Mode for Windows is safer too.

Reply | Quote

Not really. The repos are open to software contributed from users of several independent distros, and they are curated independently from individual distros. No one developer team has the authority to declare that software can be added or deleted from the repos. They are not wide open, but they are not as tightly curated as S-Mode or the Android or Apple ecosystems.

No device, and very few distros, will be locked into using just one repo exclusively. Nearly all Linux distros by default allow sideloading by adding new PPAs or other sources to the Software Sources List.

And you do not have to pay anyone money or obtain a license to jailbreak your device and sideload from anywhere you please, if you know how.

So no, this is not S-Mode for Linux.

Just a safety guideline for those who want to have safer, more secure Linux devices.

-- rc primak

1 user thanked author for this post.

wdburt1

Reply | Quote

rc primak wrote:

They are not wide open, but they are not as tightly curated as S-Mode or the Android or Apple ecosystems.

Not as safe then, especially without antivirus?

rc primak wrote:

And you do not have to pay anyone money or obtain a license to jailbreak your device and sideload from anywhere you please, if you know how.

So no, this is not S-Mode for Linux.

Exiting S Mode for Windows doesn’t involve money or license either.

Reply | Quote

Not as safe then, especially without antivirus?

There are lots of independent eyes on Linux Repos. So, safer than a wide-open uncurated collection. As for less safe than S-Mode or various App Stores — you can have one or the other — absolute safety or greater functionality. Not both. It’s the old security vs. liberty argument.

-- rc primak

1 user thanked author for this post.

wdburt1

Reply | Quote

I dual boot with Windows 10 and Linux Mint. For Windows I use Windows Defender and run Malwarebytes scans ocassionally. For Mint I use Clamav. Its a small progam that acts like Malwarebytes. It can scan on demand or on a schedule and can quarantine items if it finds problems. It has thrown warnings to me twice about Firefox issues (not a serious threat) and I was able to correct it quickly. Being paranoid, coming from Windows environment to Linux, I was used to all kinds of AV options (good and very bad ones). There aren’t many for Linux (most folks see no need) but the one I did see repeatedly recommended if you are going to use one, is Clamav.

Reply | Quote

Yes, in my online reading I see Clamav mentioned, and not many other options.

Thanks to all who responded above.  The situation is as I suspected.  People say Linux does not need AV mainly because its market share is so small that it does not attract malware.  But of course that will gradually change as its market share increases.

Reply | Quote

Bear in mind that although the desktop/laptop market shares of Linux are relatively small, the vast majority of servers run on Linux, which is why there are millions of new pieces of malware targeting Linux each year. Linux definitely attracts malware nowadays.

4 users thanked author for this post.

rc primak, wavy, windbg, wdburt1

Reply | Quote

The malware that is directed at servers would most probably attack through different means than desktop-oriented malware. I don’t know if there is much threat from malware meant to attack servers for people running desktop Linux. We can use NAT and firewalls to drop unsolicited packets from the internet, and that is the usual setup of a desktop right out of the box, but servers can’t do that. They have to have ports open to be able to do their job.

 

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

wdburt1, rc primak

Reply | Quote

Linux does have firewalls, but they are a real pain to configure, especially when software needs exceptions to your rules.

-- rc primak

Reply | Quote

ClamAV does not act like Malwarebytes. It is entirely passive, and throws up a LOT of false-positives. But it can alert you to changes in your Linux system which you did not initiate, so you can look online or in multi-engine databases (like the one for ClamTK) to see if the suspicious items are truly threatening.  Similar caveats apply to the rootkit scanners for Linux. They are NOT the full-fledged antimalware suites found for Windows or MacOS.  By default, they do not quarantine or remove anything.

-- rc primak

1 user thanked author for this post.

wdburt1

Reply | Quote

In the past I had Sophos for Linux on my Linux Mint computer. It was a free product. However, they must have changed their policy, because I can’t find the free download anymore.

However, if you have a spare computer laying around, you can download and install Sophos Firewall Home Edition on it for free.

https://www.sophos.com/en-us/free-tools/sophos-xg-firewall-home-edition

When you install the software, it wipes the drive on the computer and makes the computer a Linux-based complete firewall system, including AV protection. So you would probably gain AV and firewall protection for your entire home network.

It may be that once you have installed it, you could use that computer as a Linux computer, along with it being a firewall system. I’d love to try that out, if I had an extra computer laying around.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

wdburt1

Reply | Quote

wdburt1 wrote:

The situation is as I suspected. People say Linux does not need AV mainly because its market share is so small that it does not attract malware. But of course that will gradually change as its market share increases.

Not the case. There are viruses target for Linux but it targets more servers than home users. Linux servers are used more than Windows Servers.

These are the 3 reason why Linux does not need AV.

1. Linux is more secure by design than Windows which does not have design to be secure like others users mentioned above.
2. Linux uses code that is open source and people find and fix issues quicker than Windows. Windows on other hand is still reusing code back from Windows 1.0 in 1985 and all the way up to Windows Xp. Windows  Vista to Windows 11 after that mostly use GUI changes and adding useless features rather than redesign the code to make it more secure. MS claims that they start code from scratch but this is not case from the leaked source codes that are online. This is one of the reason Windows is starting to put Linux into Windows
3. Linux takes people with brain power to use. Windows is made for non-tech savvy by mostly non-tech savvy people at Microsoft. Microsoft has closed it’s testing development department several years ago and uses home users as beta testers for free to give business users more better experience.  This is mostly my own opinion on this.

2 users thanked author for this post.

rc primak, wdburt1

Reply | Quote

User Annon wrote:

Linux uses code that is open source and people find and fix issues quicker than Windows.

In theory only, not in practice:

Kernel Bug Lay Undiscovered for Eight Years

Linux security vulnerability went unnoticed for over nine years

Linux Root Vulnerability Undetected for 12 Years Affects All Major Distros

Outstanding Linux bug still not fixed after 13 years

Uncovering a 24-year-old bug in the Linux Kernel

4 users thanked author for this post.

rc primak, Bill C., wdburt1, Alex5723

Reply | Quote

Security bugs that took years to discover do not prove in any way that the benefit of open source bug finding only exists in theory. It merely demonstrates that there are no guarantees that it will result in all bugs being discovered quickly.

Microsoft’s method does not guarantee the good guys will find vulnerabilities quickly either, or before the bad guys find them. Some of the issues in Windows have been exploited before Microsoft was aware of them… if they had not been, who knows how long it would have been before they were discovered? Would they still be unknown now? There is simply no way to know.

There could be any number of undiscovered bugs in Linux or Windows… but we do know that all the ones cited above were in the “discovered” category, and that’s good. Had they not been discovered at all, it would seem better to not be able to point to any issues that took years to discover, but it wouldn’t be.

It may have been true “back in the day” that Microsoft’s professional Windows QA department (which does have access to the source code) could discover bugs more quickly than the open-source community could discover bugs in Linux with all of those extra eyes on the code, but now that MS has eliminated its QA department…

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

rc primak, cyberSAR

Reply | Quote

Ascaris wrote:

Security bugs that took years to discover do not prove in any way that the benefit of open source bug finding only exists in theory. It merely demonstrates that there are no guarantees that it will result in all bugs being discovered quickly.

What’s the perceived “benefit” of open source bug finding then, if serious security flaws go unnoticed for 25 years?:

With so many people looking at open source code, its security flaws should be stopped dead — but it doesn’t work that way
…
Last but not least, there’s neither proof that open source software has fewer bugs, nor that the finding of more bugs by more people results in less security risk (compared to closed source). The total number of individual publicly known exploits in all software continues to rise. The number of people exploited worldwide continues to increase.

If “many eyes” worked, you’d expect to see a decrease in the number of bugs found over time, especially in software that has been out a while. You would expect open source software to be less exploitable than closed source software. But more to the point, from a scientific viewpoint, no independent study has proven that open source software has led to fewer exploits or fewer exploited customers.

The Shellshock vulnerability in Bash is the latest counterexample. Let it serve as a reminder that, logically, the “many eyes” theory was never on firm ground, and recent events have made its flaws more glaring than ever.

Shellshock proves open source’s ‘many eyes’ can’t see straight

 

Ascaris wrote:

Microsoft’s method does not guarantee the good guys will find vulnerabilities quickly either, or before the bad guys find them. Some of the issues in Windows have been exploited before Microsoft was aware of them… if they had not been, who knows how long it would have been before they were discovered? Would they still be unknown now? There is simply no way to know.

There could be any number of undiscovered bugs in Linux or Windows… but we do know that all the ones cited above were in the “discovered” category, and that’s good. Had they not been discovered at all, it would seem better to not be able to point to any issues that took years to discover, but it wouldn’t be.

So it’s good that Microsoft patches so many security flaws each month, the vast majority of which have not been exploited.

 

Ascaris wrote:

It may have been true “back in the day” that Microsoft’s professional Windows QA department (which does have access to the source code) could discover bugs more quickly than the open-source community could discover bugs in Linux with all of those extra eyes on the code, but now that MS has eliminated its QA department…

Microsoft has a thriving Bug Bounty Program which encourages researchers to discover and report vulnerabilities:

Over the past 12 months, Microsoft awarded $13.7M in bug bounties to more than 330 security researchers across 46 countries. In the last year, the largest award was $200,000 under the Hyper-V Bounty Program, and the average award was more than $12,000 across all our programs, demonstrating the high impact research from one of the largest and most diverse global security research communities.
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

Each month their contributions to security updates are acknowledged:
https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments

What incentives are there to spend time examining Linux for vulnerabilities?

Reply | Quote

b wrote:

What’s the perceived “benefit” of open source bug finding then, if serious security flaws go unnoticed for 25 years?:

It’s a bug that never got exploited in the wild, and was still discovered before it was able to be exploited. It was caught before it became a problem. Is that worse, in your estimation, than the various Windows bugs that were discovered sooner because some crook exploited them? If not for that, you have no way of knowing how long it would have taken to be discovered. Could be 25 years… or it could be that it would never be discovered. It is impossible to know.

The real question is one of how many security bugs get exploited before they get fixed. I don’t know how Windows fares compared to Linux in that department. The point I was trying to make is that the presence of bugs that only get fixed after long periods of time does not suggest that the “many eyes” theory of Linux bug discovery is false.

b wrote:

So it’s good that Microsoft patches so many security flaws each month, the vast majority of which have not been exploited.

Of course. If bugs are discovered, they should be fixed, whether they are security bugs or other bugs. More issues fixed is better than fewer. As long as they \ are fixed without introducing other bugs, security or otherwise, it’s an improvement.

That said, though, I have also said that there would be a lot less issues to fix if feature updates didn’t keep rolling on down (which apparently MS now at least partially agrees with). Code with a lot of churn will always have new bugs introduced. It’s always good to fix them, but not everyone wants the cutting edge stuff, which always comes at the cost of more new bugs. Many would rather have a relatively feature-static code base that gets more stable over time as fewer bugs are introduced than are fixed per unit of time.

In Linux, you can go for the most stable distros (RHEL or its community versions, Debian) or the most bleeding edge (Arch, Tumbleweed, Rawhide), or anything in between… and on all of them, you can install the updates whenever you want, without any restrictions. If Windows allowed consumers to use LTSC and to have full control over updates as they used to have prior to the Nadella era, I’d consider that a huge improvement.

b wrote:

What incentives are there to spend time examining Linux for vulnerabilities?

There’s a lot of money in Linux– including MS money. More of Azure’s VMs run Linux than Windows, and those Linux users are MS customers.

The incentive for the corporate interests in Linux are the same as with Windows… money. For FOSS enthusiasts, it’s the desire to improve the product. There’s a community around FOSS projects that wants to improve things for the good of others, a large part of which is about limiting the amount of control that megacorporations like Google, Amazon, Apple, or Microsoft can exert over the web and the IT industry as a whole. Much of the work done in the FOSS world is done for that reason, but that’s not the only one.

There are multiple layers of bug testing in Linux… as an example, you have the kernel team testing the kernel initially, then when they release that kernel, some of the distros will pick up that kernel and do their own testing. Others will wait and see how things shake out for a while before moving to a new kernel version.

Some bleeding-edge distros like OpenSUSE Tumbleweed update to newer packages sooner than other distros, and their users know this going in. By the time they get a given update, it’s already gone through several layers of testing, but the more cutting edge distros will still see more new bugs that make it through. The users of these distros will often find the bugs in those new packages before the more conservative distros roll them out.

If any one of the many distros testing or using a given kernel or other package finds an issue, they will often fix it themselves… and it gets reported upstream, along with a pull request, so that the fix gets distributed to all the various distros if the kernel team accepts it. Sometimes they just report the bug and let the kernel team (which is very particular with the pull requests it will accept) decide how to go about fixing the issue. Once the issue is fixed, that fix is pushed out as a kernel update, and those distros that are not using bleeding-edge packages will usually backport these fixes to their older versions of the package in question. In this way, any fix for any given issue is distributed to all the various distros.

Linux is open source and licensed under the GPL, but it’s also a paid product for enterprise customers of Canonical, Red Hat/IBM, and SUSE. They don’t want their customers to switch to another Linux distro, so they have a very big interest in making the experience smooth and reliable.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

rc primak, wdburt1

Reply | Quote

Ascaris wrote:

The malware that is directed at servers would most probably attack through different means than desktop-oriented malware. I don’t know if there is much threat from malware meant to attack servers for people running desktop Linux. W

The stats indicate that trojans are the #1 malware category for Linux.

For the desktop oriented Linux user that is running sufficient firewall protection, that would imply either the attacker would need to have admin access to the local machine to install it, or the user would have to install it themselves using elevated privileges. So be smart, and only install trustworthy software!

Windows 10 Pro 22H2

3 users thanked author for this post.

rc primak, wdburt1, wavy

Reply | Quote

And by default, Linux is not run as Root (Admin.).

And yes, use trustworthy software for Linux. There’s software in the Mint and Synaptic repos for almost any purpose. The main reason I ever go outside the repos is to find needed dependencies.

-- rc primak

1 user thanked author for this post.

JohnW

Reply | Quote

I certainly agree that servers are easier to launch attacks at than desktop machines, but that doesn’t mean that a desktop user can’t come across a piece of malware, in all of the same ways that a Windows desktop user could, and given that desktop Linux and server Linux share most of the same codebase, one would expect that most vulnerabilities are going to get exploited both on servers and desktops.

Is it likely that you download malware that targets desktop Linux? If you’re a smart user then probably not, but it’s not about being smart, it’s about the fact that you’re mitigating a low risk high cost scenario with a low opportunity cost activity (running an antivirus), so from a risk management perspective I still think that it makes sense to install one.

1 user thanked author for this post.

Cybertooth

Reply | Quote

For further info regarding security for homeuse linux distro’s:
https://easylinuxtipsproject.blogspot.com/p/security.html
Well worth taking the time to read and digest..

Windows - commercial by definition and now function...

3 users thanked author for this post.

rc primak, Cybertooth, JohnW

Reply | Quote

This paragraph from that page raised my skepticism antennae:

Because of the growth of desktop Linux, most antivirus companies want to tap this new market. Many new Linux users think that they need an antivirus application in Linux, because of their age-old Windows habits and because of the clever marketing of the antivirus companies.

Actually, and as far as I can tell, AV choices for Linux have been shrinking over the years rather than growing. BitDefender, for example, used to offer a Linux version of their software, but no longer.

Also, the following paragraph discusses a concept that is now outmoded:

Virus scanners mainly work “reactively”, which means that they almost only provide protection against viruses that are already known to the creators of the scanner. Antivirus applications can only protect against a new virus <b><i>after</i></b> that virus has been created, not before. In spite of their misleading “zero day protection” claims.

Modern “AV” software is more than a simple virus scanner. In recognition of the reality that the writer accurately describes, AV vendors have added “behavior blocker” protection to their suites. These work by monitoring computer processes for suspicious actions (such as suddenly starting to encrypt files), thus offering protection against the type of novel, emerging threats that the writer brings up.

The writer also warns against using a Windows emulator such as WINE. Because WINE and its analogues are a way to ease the Linux transition for longtime Windows users, this recommendation serves as a deterrent to making that transition. And the suggestion to keep installing a new Windows VM every 90 days is, frankly, not worth more than a mention. Together, these observations work to weaken the case against using AV in Linux (or, put another way, strengthen the case for using AV in Linux).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

3 users thanked author for this post.

rc primak, Sky, wdburt1

Reply | Quote

Cybertooth wrote:

The writer also warns against using a Windows emulator such as WINE. Because WINE and its analogues are a way to ease the Linux transition for longtime Windows users, this recommendation serves as a deterrent to making that transition.

I would recommend ignoring that recommendation from the writer of that piece. Having a web site doesn’t mean he has any idea what he’s talking about with WINE.

WINE greatly extends the capabilities of Linux, and if you want to run Windows programs, you’re better off doing it on Linux than on the OS the malware was actually written to attack. The writer of that article suggests using a dual boot setup, if you must use Windows programs, as being safer than WINE. Wine is bad because, in his words, it confers partial Windows malware vulnerability… so one solution is to use actual Windows, that has full Windows vulnerability instead?

When you run an application under WINE, it’s running at a user level, just as a given Linux application would. It does not have the capability of messing with any Linux system files or anything of that sort, which the above author mentions. What he misses is that a given Windows program (including malware) that was written for actual Windows (all of them, it’s safe to say) is not even aware of the underlying Linux OS or file system. It knows exactly where your personal files would be on an actual Windows system, like what you would have in the dual-boot setup he suggests, but Windows malware is not written to target Linux systems running WINE.

If you’re particularly paranoid about Windows applications under WINE attacking your personal files on Linux, you can also flip a switch and have WINE sandbox the simulated Windows, so that there is no access to the Linux file system from within the WINE prefix. That includes your home folder, with all of your personal files.

I use a VM for a lot of things too, but it does not work ideally for everything. Most software will run at native Windows speed, including the graphics, or very close to it, on Linux with WINE. Not so in a VM. You can set up things like a graphics pass-through in some VMs, which should allow use of the GPU acceleration of the hardware in the PC, but there’s overhead there that does not exist in WINE.

Cybertooth wrote:

And the suggestion to keep installing a new Windows VM every 90 days is, frankly, not worth more than a mention.

Agreed. That would be way too much hassle.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

4 users thanked author for this post.

Microfix, rc primak, wdburt1, Cybertooth

Reply | Quote

Microfix wrote:

For further info regarding security for homeuse linux distro’s:
https://easylinuxtipsproject.blogspot.com/p/security.html
Well worth taking the time to read and digest..

Good article!

I like this part best!

Antivirus is useless
A virus or rootkit can’t install itself in Linux unless you let it. In order to install itself on your computer, a virus or rootkit needs your password. And that it doesn’t have.

Or in case it’s malware ( a script) that can execute itself in your home directory without password: you’ll have to make it executable first. Any script that you download, is not executable: you have to set the executable bit of the script yourself, by hand.

Windows 10 Pro 22H2

1 user thanked author for this post.

rc primak

Reply | Quote

JohnW wrote:

Any script that you download, is not executable: you have to set the executable bit of the script yourself, by hand.

Except archive files, according to that article:

Note: There is an important exception: when you extract a script from an archive (for example with the extension .zip or .tar.gz) it does not require to be made executable first. Which means you could execute it accidentally by double-clicking it, after all. So always beware of what you download….

Are those files uncommon in the Linux world?

2 users thanked author for this post.

rc primak, Sky

Reply | Quote

You make a good point about compressed archives in Linux.

-- rc primak

Reply | Quote

I think an important distinction between desktop Linux and server Linux vulnerabilities would be whether there are any documented “remote” access vulnerabilities for the desktop user, running a stock installation of Mint or Ubuntu, with a firewall enabled.

Most of the Linux exploits that make the news seem to exclusively be related to servers being compromised. So are latent unpatched Linux vulnerabilities a real risk to desktop users? That question is assuming that they don’t share their passwords or otherwise make downloaded scripts executable.

 

Windows 10 Pro 22H2

1 user thanked author for this post.

rc primak

Reply | Quote

b wrote:

In theory only, not in practice:

Yes. But Windows has very old issues than those and people pay for it. Windows should fix those faster than Linux. Linux is free:
For some reason can post  links will try to post in next post a few a times

1 user thanked author for this post.

rc primak

Reply | Quote

Windows 10 Is Where 40-Year-Old Bugs Refuse To Die
12-year-old Windows Defender bug gives hackers admin rights

Microsoft Corp issued patches on Tuesday to fix a bug in its Windows operating system that remained undiscovered for 19 years.
IBM Just Found A Bug In Every Version Of Windows Since 1995
Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows.

1 user thanked author for this post.

rc primak

Reply | Quote

Here is the next
PrintNightmare – The Exploit that Almost Took Over the World – Still not fixed from a few sources that are exploit it. MS took several attempts to fix it.
Microsoft confirms another Windows print spooler zero-day bug
Worst Windows flaws of the past decade
Zero-Day Windows 10/11 Hack Left Unfixed For Seven Months And Counting and 0patch fixed when MS refused to fix it.</p>
A new exploit has emerged for an old Windows 10 bug after botched patch
Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago | WIRED

1 user thanked author for this post.

rc primak

Reply | Quote

But these aren’t bugs targeting consumers, rather they are business/enterprise ones.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

rc primak

Reply | Quote

New Linux malware hits record highs in 2022, rising by 50%

Despite Linux’s reputation as the most secure operating system, it is not immune to malware. In fact, Linux malware has become increasingly prevalent in recent years as more and more devices and servers run on Linux operating systems.

According to data analyzed by the Atlas VPN team, new Linux malware threats hit record numbers in 2022, increasing by 50% to 1.9 million.

The analysis is based on malware threat statistics from AV-ATLAS, a threat intelligence platform from AV-TEST Gmb…

Reply | Quote

They’re clearly selling a VPN through fear (FUD) to make you more secure.

Windows 10 Pro 22H2

3 users thanked author for this post.

rc primak, SueW, Microfix

Reply | Quote

JohnW wrote:

They’re clearly selling a VPN through fear (FUD) to make you more secure.

This has nothing to do with selling VPN

https://www.askwoody.com/forums/topic/av-test-2022-new-malware-windows-vs-macos-vs-linux-vs-android/

You better face the real world.

A sample report of tens of thousand hacked Linux machines in recent days…

1 user thanked author for this post.

rc primak

Reply | Quote

Alex5723 wrote:

You better face the real world.

I prefer the Windows world. 🙂

Windows 10 Pro 22H2

Reply | Quote

I would again like to thank everyone who has contributed to this thread.  It is an interesting discussion.

I’ll take this opportunity to share my pleasure that I have finally successfully installed Linux Mint 21.1 Cinnamon on an unused six-year-old HP desktop computer, in preparation to replace a ten-year-old computer still in use on the Internet.  Mint will run in dual boot (either-or, not simultaneously) with Windows 7, but the latter will not go on the web.  I have set up the included Thunderbird program this afternoon, and tomorrow I’ll work on Firefox.

Practically nothing about this has been without bumps in the road, but I won’t dwell on those today.  The result appears to be what I hoped for: An OS with a dignified, elegant interface and no distractions, no cajoling, no ads, no crapware, no pointless changes to familiar procedures and all the rest of today’s Windows experience.  I’m liking what I see.  And I am glad to have the Win7 EOL monkey off my back.

9 users thanked author for this post.

Microfix, Bill C., rc primak, wavy, Charlie, SueW, Alex5723, DrBonzo, JohnW

Reply | Quote

As they say YMMV, but my first Linux installation (Ubuntu 16.04 LTS) was easier and less frustrating than my first “upgrade” from W8.1 to W10. And now after about 10 installations of Ubuntu and Mint it has become almost a non-event. There will always be a few bumps, I suppose, but the payoff is as you say:
“An OS with a dignified, elegant interface and no distractions, no
cajoling, no ads, no crapware, no pointless changes to familiar
procedures and all the rest of today’s Windows experience.”

I’ll add to that a rock solid OS, full control over updating/patching and no drama. And it runs on almost anything, including a couple of 14 year old laptops, one of which has an Intel Atom processor with 1GB RAM. That last one has had a couple of crashes but the only way I knew was that I was told Mint had reverted to restricted mode (not the correct term but something similar). A reboot and all was well.

4 users thanked author for this post.

Microfix, rc primak, Charlie, wdburt1

Reply | Quote

DrBonzo wrote:

I’ll add to that a rock solid OS, full control over updating/patching and no drama.

I don’t know how things work in Mint (I use Kubuntu), but I had my first “uh-oh” moment with regard to update control in Linux this week when notices started popping up saying that Firefox had been updated and I needed to restart it in 12 days, then 11 days, then 10 days, etc. I think this has to do with something called “Flatpack.”

Anybody know how I can regain FULL control of Firefox updating in Kubuntu? The nagging is precisely one of the reasons I started moving away from Windows.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

rc primak

Reply | Quote

Kubuntu is a flavor of Ubuntu. Firefox for Ubuntu is not a Flatpak, it is a Snap. Mint does not use Snaps. So your issue probably comes from an out of date Kubuntu version, which now has to be upgraded to regain access to current Snaps. Ubuntu (and Mint) versions are only supported for a fixed number of months or years. After that, some things might not be able to update, including some Snaps.

Flatpak’s framework needs periodic updating, as well as its apps. Do so in CLI terminal by typing sudo flatpak update (and your sudoer password), or by going to Ubuntu Software (if you use that repo) and go to the Update Tab. (The Ubuntu Software Centre handles Flatpak updates, but the Software Updater in Ubuntu does not.)  In Mint there is a Tray item for the updater.

-- rc primak

2 users thanked author for this post.

Microfix, Cybertooth

Reply | Quote

I was going to reply that everything was indeed going well ever since upgrading Kubuntu to 22.04 LTS in February, as the annoying Firefox notifications had stopped. I would have spoken too soon, though: just went back to that machine, and there’s a notice about a “Pending update of ‘firefox’ snap, Close the app to avoid disruptions (13 days left)”.

This system was updated just last week. Grrrr!!!

As I wrote above, I was moving to Linux in order to (among other things) get rid of the nagging. How to make it stop in Kubuntu?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Web browser updates are among the most frequent in Linux. Just run the Software Centre updates, not simply the main updater, and all that Firefox nonsense will go away for another ten days or so.

I don’t worry about this type of nag in the Ubuntu flavors — I just do the updates when I’m not too busy using the browser or other apps. LibreOffice (which is neither a Flatpak nor a Snap) has similar nags inside the program for both Linux and Windows. The 14-day window to update simply says that it’s standard practice to expire Flatpaks and Snaps every two weeks. For Flatpaks, this would apply to all distros which can use them.

-- rc primak

1 user thanked author for this post.

wdburt1

Reply | Quote

So far the only AV I have been using on my Linux machines is the Malwarebyte Browser Guard. It has warned of a number of risky sites or previously known hacked sights.

2 users thanked author for this post.

rc primak, wdburt1

Reply | Quote

A risky site may be able to exploit YOU, but very unlikely to exploit Linux as long as you are running the browser as a normal “user”, which is the default unless you are using “root”, which is not advised.

Normal users on Linux run with reduced permissions — for example, they can’t install software or write to system directories.

What Is “root” on Linux?

https://www.howtogeek.com/737563/what-is-root-on-linux/

https://askubuntu.com/questions/439813/what-is-the-difference-between-root-user-group

Windows 10 Pro 22H2

1 user thanked author for this post.

Microfix

Reply | Quote

JohnW wrote:

A risky site may be able to exploit YOU, but very unlikely to exploit Linux

agreed!
Mostly the primary injection method is via email disguised as something else although I’ve not used an email client on Linux for years, I prefer webmail using an up-to-date browser which is only as safe as the head behind the mouse clicks.

Windows - commercial by definition and now function...

2 users thanked author for this post.

rc primak, JohnW

Reply | Quote

JohnW wrote:

but very unlikely to exploit Linux

https://www.windowscentral.com/windows-ransomware-lockbit-makes-jump-linux

1 user thanked author for this post.

rc primak

Reply | Quote

Alex5723 wrote:

JohnW wrote:

but very unlikely to exploit Linux

https://www.windowscentral.com/windows-ransomware-lockbit-makes-jump-linux

The Trend Micro article on “Lockbit” that is linked to in that article says:

http://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html

“In the case of LockBit, keeping systems up to date can prevent intrusions. This is because LockBit has been known to use access credentials stolen from vulnerable servers and sold in the cybercriminal underground.”

So an attacker would need to obtain access credentials to the target Linux system before they would be able to log into and run the said ransomware. So clearly that would be a self-inflicted wound, not something that you would casually encounter “in the wild” using the internet on your Linux PC.

It figures that “breathless” Windows Central article was written for a Windows audience. Clearly the author has no real understanding of Linux. More clickbait… SMH.

FYI: One bit of evidence for clickbait that I ran across in that Windows Central article caused my browser’s uBlock Origin filter to block the Trend Micro page from loading, due to an extra url included by Windows Central in the link to Trend Micro. See attached:

 

Windows 10 Pro 22H2

2 users thanked author for this post.

Charlie, wdburt1

Reply | Quote

JohnW wrote:

So an attacker would need to obtain access credentials to the target Linux system before they would be able to log into and run the said ransomware.

Most Ransomware Attacks Start with a Phishing Email

1 user thanked author for this post.

rc primak

Reply | Quote

b wrote:

JohnW wrote:

So an attacker would need to obtain access credentials to the target Linux system before they would be able to log into and run the said ransomware.

Most Ransomware Attacks Start with a Phishing Email

I agree. And that fully applies to all users, especially for Windows users. The spot between the chair and keyboard is the critical link.

But with Linux it’s necessary for a phishing email to trick a user into running compromised software as an elevated user (“root”, sudo, or su) or to give up credentials that can be used by the attacker to directly infiltrate a system. Unlike with Windows, just opening an email in Linux will not infect the system. You also need to let the malware “in the door”, so to speak.

A malware payload in an email cannot execute on Linux at system level without someone running it with “root” privileges. AKA the “human engineering” factor.

That is the main reason why Linux is less likely to be affected by malware, it’s not just that Linux is more “obscure” than Windows. That only applies to Linux on desktop. In fact Linux is the most widely used server OS today, so it’s actually not “obscure” in that context.

Windows 10 Pro 22H2

5 users thanked author for this post.

Mothy, rc primak, wdburt1, Charlie, Cybertooth

Reply | Quote