Is there any software to guard against spyware, adware and/or any type of malware that could affect Unbuntu - any version?

I read via google that they claim there are many (some mainstream) websites that have been hacked and they can hijack your web page request and then deposit the stuff on your computer.

And second is this type of software necessary.

And third if it is not necessary and it does exist can there be much harm in using it.

There's a very nice thread that's been stickied on this part of the forum.

Personally I don't think its necessary since most virus and spyware won't run on LInux.

There is avg, avast and antivir linux versions available but afaik these are for detecting Windows viri.

As far as browser hijacking I recommend no script plugin for firefox.

There's a very nice thread that's been stickied on this part of the forum.

+1

Here is a good explanation:
http://www.gnu.org/fun/jokes/evilmalware.html

Here is a good explanation:
http://www.gnu.org/fun/jokes/evilmalware.html

This just means there are some Linux applications out there that require explicit permissions to run.

However, there is no accounting for the rogue developer who develops a useful looking application packaged for ubuntu that is trusted by the average user. Sure, the linux community eventually will discover this, but until then, you may have a nice trojan horse sending out valuable info to the malicious coder all the while providing probably some useful function for the user who installed the application with all necessary permissions because it looks like a valid application.

The "Linux has no spyware/virus" myth only makes the problem worse. If you have an application that can send information via the Internet, you can get your data stolen, regardless of the platform because the novice user can grant that information without knowing it's a bad application. And who has the time to read all of the code for all of the application he runs on his computer?

Anyhow, I do think Linux has better safeguards and is currently safer than Windows, but spyware is such that you can have it running on your computer and just never know it.

So who knows if those who are claiming they have a safe linux box has some IRC trojan zombies doing some work for some guy in Russia, but because permission had been given to use the application, the user just doesn't know it.

Thats why you download from trusted repositories, with GPG keys.

Thats why you download from trusted repositories, with GPG keys.

+1 I was also thinking about this. There shouldn't be much trouble if you install software via apt from official or secure repositories.

The "Linux has no spyware/virus" myth only makes the problem worse. If you have an application that can send information via the Internet, you can get your data stolen, regardless of the platform because the novice user can grant that information without knowing it's a bad application. And who has the time to read all of the code for all of the application he runs on his computer? But the scenario you're talking about relies on social engineering. If you can be tricked into installing a rogue application, then anti-malware applications are not going to help.

Social engineering has been at the heart of many windows virii outbreaks. I have never been subject to any security problem, I have however downloaded torrents with upward of 30,000 files in them and my AV has detected a possible threat in 1 file (before the file has completed) suspended the download and awaited my command. It turned out that it was just a corrupted jpeg that triggered a false alert but I am always glad to have the back up of an AV running. For the minimal memory and cycles that it uses, and the fact that its free, I think its a great thing. I'm not restricted to downloading from 'safe' sources only, I can download from wherever I want and feel secure in what I'm doing.


I'm no computing expert, but can security keys be forged?

But the scenario you're talking about relies on social engineering. If you can be tricked into installing a rogue application, then anti-malware applications are not going to help.

You are correct. And exactly for that reason, social engineering tricks are OS independent. Linux may be safer, but it's still not foolproof. For that reason, there are sensible people asking around for some additional protection, and all they get is the same line about how linux is so safe that anti-spyware protection is just not necessary.

Additionally, good anti-malware applications may eventually update their database to remove these rogue applications.

So without these "after-the-fact" applications cleaning up, the average user is left unprotected.

This proves my point that just telling novice users that Linux is safe so there is little or no need for anti-spyware and anti-malware doesn't help. When anybody asks for more info on these types of applications, there's always somebody talks about how it's so unnecessary, but that's not the best answer either.

Again, I've been using Ubuntu for month, and I've really warmed up to it. However, I'm also not so married to it that I buy the lines that die-hard linux fans feed people.

This proves my point that just telling novice users that Linux is safe so there is little or no need for anti-spyware and anti-malware doesn't help. When anybody asks for more info on these types of applications, there's always somebody talks about how it's so unnecessary, but that's not the best answer either. Well, I've never said that Linux is eternally safe, but it is true that it's safe right now, and it's also true that anti-spyware and anti-malware do not help make your Linux installation more secure. Good security practices include not messing with default networking implementations unless you know what you're doing, not logging in as root, using strong passwords, and not installing software outside the Ubuntu repositories.

Anti-malware applications are retroactive, not proactive. Proactive security will keep your desktop Linux installation secure, not the illusion of security through some program scanning for Windows viruses. If you're running an email server or file server for Windows computers, then it makes sense to run anti-virus.

Social engineering has been at the heart of many windows virii outbreaks. I have never been subject to any security problem, I have however downloaded torrents with upward of 30,000 files in them and my AV has detected a possible threat in 1 file (before the file has completed) suspended the download and awaited my command. It turned out that it was just a corrupted jpeg that triggered a false alert but I am always glad to have the back up of an AV running. For the minimal memory and cycles that it uses, and the fact that its free, I think its a great thing. I'm not restricted to downloading from 'safe' sources only, I can download from wherever I want and feel secure in what I'm doing.


I'm no computing expert, but can security keys be forged?

Having an AV often gives users a false sense of security. Running one would not protect you from zero day malware simply because the AV has no signatures to detect them yet. Instead of barricading your computer with security programs, get used to secure practices first.
http://ubuntuforums.org/showthread.php?t=694198
Downloading and installing things 'from wherever [you] want will get you infected sooner or later.

Having and AV often gives users a false sense of security. Running one would not protect you from zero day malware simply because the AV has no signatures to detect them yet. Instead of barricading your computer with security programs, get used to secure practices first.
http://ubuntuforums.org/showthread.php?t=694198
Downloading and installing things 'from wherever [you] want will get you infected sooner or later.


A sense of security should always come from common sense and learning how to use a system properly. I feel that security programs are not a barricade but more of a safety net, there to help users if they do falter from secure computing practices. As you rightly say, 100% protection from zero day malware is not yet possible but heuristic analysis is better than nothing at all. The footprint of modern lightweight AV applications is a small price to pay for what they offer.

If a colleague at work gave an infected disk and it was run on a machine without any AV there would be trouble, having AV prevents that. A user can only be secure in their own computing practices, AV protects them against other users bad habits.

As far as windows goes, if all i ever used was software signed, tested and approved by microsoft my machine would need larger pants. However, I don't, I use free third party software from all over the place, always have and always will, I have never been infected and doubt very much I ever will.

:KS

A sense of security should always come from common sense and learning how to use a system properly. I feel that security programs are not a barricade but more of a safety net, there to help users if they do falter from secure computing practices. As you rightly say, 100% protection from zero day malware is not yet possible but heuristic analysis is better than nothing at all. The footprint of modern lightweight AV applications is a small price to pay for what they offer.

If a colleague at work gave an infected disk and it was run on a machine without any AV there would be trouble, having AV prevents that. A user can only be secure in their own computing practices, AV protects them against other users bad habits.

As far as windows goes, if all i ever used was software signed, tested and approved by microsoft my machine would need larger pants. However, I don't, I use free third party software from all over the place, always have and always will, I have never been infected and doubt very much I ever will.

:KS

So, were you already infected on Linux? It seems you are contradicting yourself...