Antivirus + Rootkit hunter

[Foobarz]

Are there any good free antivirus for linux that come with a rootkit hunter or am I asking for too much out of one application?

[CharlesA]

Rkhunter is notorious for false positives and you don't really need anti virus on a *nix box unless you are sharing files with windows machines.

Check out the page here:
https://wiki.ubuntu.com/BasicSecurity

[oldsoundguy]

Are there any good free antivirus for linux that come with a rootkit hunter or am I asking for too much out of one application?

AV programs are really NOT needed for any Linux unless you are using it for a server and have Windows machines hung onto the network. Then it is just to protect the Windows machine(s).
You can not install a virus or malware into Linux with just a single click .. it takes steps and it also takes a password.
HOWEVER .. your BROWSER of choice can get popped now and again if you are not careful.

[Foobarz]

I know that viruses are quite ludicrous since everything needs root permission and everything can be displayed and not hidden. However, What about rootkits? Don't those go around undetected?

[3rdalbum]

I know that viruses are quite ludicrous since everything needs root permission and everything can be displayed and not hidden. However, What about rootkits? Don't those go around undetected?

Rootkits don't spread themselves - they require human input to put them into your computer, and there must be some avenue into your computer.

In other words, you need to be running some sort of server service on your computer, that has a security flaw that allows a human attacker to run code on your computer. The code must run as root or the attacker must find another security flaw to gain root access. If you are running a vulnerable server service, it also can't be behind a firewall as then the attacker won't be able to connect to it.

The liklihood of all this happening on your home desktop is pretty slim. If you're running a web server that takes credit card details then you need to worry about rootkits. Otherwise it's probably not going to happen.

[Kaboom3009]

Rootkits don't spread themselves - they require human input to put them into your computer, and there must be some avenue into your computer.

In other words, you need to be running some sort of server service on your computer, that has a security flaw that allows a human attacker to run code on your computer. The code must run as root or the attacker must find another security flaw to gain root access. If you are running a vulnerable server service, it also can't be behind a firewall as then the attacker won't be able to connect to it.

The liklihood of all this happening on your home desktop is pretty slim. If you're running a web server that takes credit card details then you need to worry about rootkits. Otherwise it's probably not going to happen.

OR if you type your root authorization in when youn didnt do anything that really needs root authorization. OR you downloaded some software from a site that is NOT very trustworthy and the installer INCLUDES some form of UNWANTED software incorporated within the software you want.

[Kaboom3009]

Rkhunter is notorious for false positives and you don't really need anti virus on a *nix box unless you are sharing files with windows machines.

Check out the page here:
https://wiki.ubuntu.com/BasicSecurity

I should have posted my reply to here instead of 3rdalbum BUT it does fit there as well .. Just because it is NOT prevalent doesnt mean they dont exist. The sooner Linux learns to Cover It's Butt the safer it will be when it advances in the market share of Operating systems.

If you go by a generic example .. 6billion windows and Mac users .. 10% infection .. LOTS of people actively trying to clean them ... 600k Linux users 10% infection WORSE - THEY assume they dont got anything.

Just because its Linux doesnt mean it cant happen. It just means it's LESS likely.

[CharlesA]

OR if you type your root authorization in when youn didnt do anything that really needs root authorization. OR you downloaded some software from a site that is NOT very trustworthy and the installer INCLUDES some form of UNWANTED software incorporated within the software you want.

Stick to the repos. If you need to install something that isn't in the repos, be sure to check it out before installing it.

I should have posted my reply to here instead of 3rdalbum BUT it does fit there as well .. Just because it is NOT prevalent doesnt mean they dont exist. The sooner Linux learns to Cover It's Butt the safer it will be when it advances in the market share of Operating systems.

If you go by a generic example .. 6billion windows and Mac users .. 10% infection .. LOTS of people actively trying to clean them ... 600k Linux users 10% infection WORSE - THEY assume they dont got anything.

Just because its Linux doesnt mean it cant happen. It just means it's LESS likely.

Right. There are *nix "viruses" out there (proof of concept mostly), but none in the wild. Apparmor/SElinux on Firefox and any other internet aware app would limit the damage if you got something. Keyloggers don't get installed automagically.

EDIT: Check the link I posted, or the monster thread here.

[Dangertux]

Little known (read acknowledged) fact : rootkits are more devestating on Linux than Windows. (Incoming hatemail I'm sure).

Due to the nature of how the Linux kernel and operating system work, a rootkit is much more difficult to detect, even for complex anti-malware solutions on Linux than Windows. The silver lining? Rootkits are a much more targeted attack on Linux than Windows.

Weigh your risks, make your decisions and security policies accordingly.

[cariboo]

Asked and answered to many times to count. Moved to recurring.