do I need rkhunter for Linux-specific malware, or is Avast! Antivirus already okay?

[haqking]

People are mixing their terms, viruses, malware, rootkits, exploits are all different things.

There are plenty of exploits available for all OS, there are plenty of rootkits too, viruses "tend" to effect Windows more than anything, as of this time there are no reported "viruses" in the wild for Linux and if there was it would get patched pretty quickly, as for malware that is a contraction of malicious and software and encompasses all of it, though exploits dont tend to come under that banner though an exploit might be the result of a virus.

Linux exploits (which are not viruses) number in their hundreds typically and upto the thousands across the board

Just to clear things up

[duke.tim]

People are mixing their terms, viruses, malware, rootkits, exploits are all different things.

There are plenty of exploits available for all OS, there are plenty of rootkits too, viruses "tend" to effect Windows more than anything, as of this time there are no reported "viruses" in the wild for Linux and if there was it would get patched pretty quickly, as for malware that is a contraction of malicious and software and encompasses all of it, though exploits dont tend to come under that banner though an exploit might be the result of a virus.

Linux exploits (which are not viruses) number in their hundreds typically and upto the thousands across the board

Just to clear things up

What he (I assume is a he) eloquently said

[samiux]

In a broad sense of the term anything that does something bad or against user consent could be considered malware. I would argue that an exploit is not the same as malware unless packaged and stored on a target computer. (lots of exploit code is never written to the harddisk of the target)

An exploit is code or a process that can be used to gain elevated access on a system. After preforming an exploit a payload would be sent, generally a reverse shell of some sort (depending on the privileges a cracker has managed to gain). The reverse shell would be malware. If they sent exploit code to be stored and run on the computer it too would malware. Since most exploits that exist for Linux do not propagate in the wild (Android seems intent on changing that), it does not matter how many exploits exists unless they are used. When the bad guys start taking existing exploits and placing it in self propagating code (worms), Then you have to worry about it (for anti virus at least).

That means individuals using Linux need to worry about Spear Phishing attacks more than drive by downloads.

According to your definition to the malware, I am wonder to know that if I believe the definition of this or not? Or, my English is not good to understand the following quoted (English is not my native speaking language) :

Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

Samiux

[samiux]

People are mixing their terms, viruses, malware, rootkits, exploits are all different things.

There are plenty of exploits available for all OS, there are plenty of rootkits too, viruses "tend" to effect Windows more than anything, as of this time there are no reported "viruses" in the wild for Linux and if there was it would get patched pretty quickly, as for malware that is a contraction of malicious and software and encompasses all of it, though exploits dont tend to come under that banner though an exploit might be the result of a virus.

Linux exploits (which are not viruses) number in their hundreds typically and upto the thousands across the board

Just to clear things up

According to your definition to malware, this definition is wrong, I think. Maybe my English is not good to understand the meaning (English is not my native speaking language) :

Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software, and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses.

Samiux

[duke.tim]

That is a correct definition. Malware can be any program or code that is considered bad.

Virus's, Worms, Exploits, Spyware, Adware, Rootkits, are all specific types of Malware.

[haqking]

According to your definition to malware, this definition is wrong, I think. Maybe my English is not good to understand the meaning (English is not my native speaking language) :



Samiux

I think you misread me, that was my point and I agree with that deifnition you posted, malware means all of it. So when people talk about AV they are actually referring to software that deals with viruses specifically and not necessarily all malware

A virus is malware, but not all malware is a virus.

A virus is not an exploit and an exploit is not a virus, though a virus may lead to an exploit.

and so on.

The same applies when talking about vulnerabilities, not all vulnerabilities are exploitable thus are not the same as exploits, and everyday new Linux vulnerabilities are exposed but there is not necessarily an exploit available to leverage it.
Peace

[samiux]

LOL the exploit database does indeed contain linux exploits, including numerous ones for Firefox 1.x. Oh God we're doomed

But I failed to account for the abundance of android malware in the wild.

The important point to make in any Linux anti-virus software debate is that there are multiple other, far more effective security controls one can use than anti-virus software.

Android malwares are available in the wild. You cannot find it does not mean that they are not exist. Please refer to this framework.

Samiux

[samiux]

I think you misread me, that was my point and I agree with that deifnition you posted, malware means all of it. So when people talk about AV they are actually referring to software that deals with viruses.

A virus is malware, but not all malware is a virus.

A virus is not an exploit and an exploit is not a virus, though a virus may lead to an exploit.

and so on.

The same applies when talking about vulnerabilities, not all vulnerabilities are exploitable thus are not the same as exploits, and everyday new Linux vulnerabilities are exposed but there is not necessarily an exploit available to leverage it.
Peace

In my opinion, "Anti-Virus" program is a collective term that are included all kind of malwares nowadays. When someone say AV, he will include all kind of malwares that the said AV can blocked. In real life, the AV are covered all kind of malwares.

Samiux

[samiux]

I think you misread me, that was my point and I agree with that deifnition you posted, malware means all of it. So when people talk about AV they are actually referring to software that deals with viruses specifically and not necessarily all malware

A virus is malware, but not all malware is a virus.

A virus is not an exploit and an exploit is not a virus, though a virus may lead to an exploit.

and so on.

The same applies when talking about vulnerabilities, not all vulnerabilities are exploitable thus are not the same as exploits, and everyday new Linux vulnerabilities are exposed but there is not necessarily an exploit available to leverage it.
Peace

In my opinion, those available exploit codes are released by so-called professionals or the code leaked by the malicious hackers. However, it does not mean that no exploit code available for you to use/download is NO exploit codes that leverage the said vulnerabilities.

How about there will be a case of the malicious hackers found the vulnerabilities but not leak his work to others or only share with his clans? Therefore, you cannot find the said exploit code but this does not mean that the exploit does not exist.

Samiux

[haqking]

In my opinion, "Anti-Virus" program is a collective term that are included all kind of malwares nowadays. When someone say AV, he will include all kind of malwares that the said AV can blocked. In real life, the AV are covered all kind of malwares.

Samiux

But thats the thing, not all AV does do all malware, but some AV are leveraged towards being a anti Malware product.

A AV product will not protect you from a remote exploit such as a reverse shell for example, though in some camps an exploit is considered to be malware.

An AV product wont necessarily detect spyware, adware or worms.

It depends very much on the product, i prefer to deal with specifics, if someone says virus then i take it to mean a program or code that can replicate and "may" cause damage but not always and is not always leveraged towards security exploitation. If they say malware then i will take it to mean pretty much everything.