After reading the wikipedia article on Linux malware, it says that Avast! Antivirus "do not look for Linux-specific threats", and that for Linux-specific malware, I need rkhunter, I would like to know if that's true. Thank you.
After reading the wikipedia article on Linux malware, it says that Avast! Antivirus "do not look for Linux-specific threats", and that for Linux-specific malware, I need rkhunter, I would like to know if that's true. Thank you.
What are you trying to accomplish overall? Do you want to secure your Ubuntu installation or do you only specifically want to scan for linux malware?
There is little linux malware that you will encounter on the internet. Therefore no anti-virus software will scan for linux malware. They all scan for windows and maybe mac malware.
Rk hunter searches for root kits, which is reasonable as long as you take the time to learn how it works. It throws lots of false positives and imo confuses more people than it helps.
if your goal is to increase security then refer to the basic security wiki for measures that will be far more effective in actually securing Ubuntu desktop installations.
https://wiki.ubuntu.com/BasicSecurity
Last edited by Ms. Daisy; March 2nd, 2013 at 07:16 PM. Reason: Grammar nazi'd myself
rkHunter and chkrootkit will detect Linux malware, Most other antiviruses will not.
User:To friend or not to friend--that is the question:
Whether 'tis nobler to take an arrow to the knee or to suffer
the slights and add's of outrageous fortune
Or to take arms against a sea of trolls And by opposing feed them. www.evicsis.com
is there anything out in the wild that we haven't heard of yet this year for linux?
I have rkhunter, but I installed it more out of curiosity and the program gives one warning which turned to be false and the developer knows about it. I think it would be more relevant to a server environment. I am confident of my software sources and practice safe suffering but use antivirus on my Windows partition.
"Our intention creates our reality. "
Ubuntu Documentation Search: Popular Pages
Ubuntu: Security Basics
Ubuntu: Flavors
Here is an instance where many AVs seem to have detected some Linux Rootkit Malware. I am not in a position to verify this though, and don't know what, if any significance it has.
https://www.virustotal.com/file/854d...f2e1/analysis/
Some of those products making detections do not, I believe, offer Linux specific versions.
There seem to be precious few other examples on virustotal - presumably reflecting the point often made on these forums that there is precious little Linux specific malware in circulation.
Last edited by maglinu; March 3rd, 2013 at 12:46 PM.
I should be a bit more pedantic with myself.
As far as we know Linux virusus are not present in the wild (which does not mean that linux viruses are impossible).
Linux rootkits have been around on the interwebz for a long time, though not ubiquitous.
Rootkits and viruses are both classified as malware. Of the total amount of malware in the wild, a very small fraction is designed for Linux.
This excludes cross-platform vectors such as Java and Adobe.
I am doubt that if this exploit software is a malware or not? Please classified!
If this exploit software is classified as malware, how about these (only some examples)? They are some of them. Trust me, there are a lot of malwares in the wild for Linux.
Samiux
In a broad sense of the term anything that does something bad or against user consent could be considered malware. I would argue that an exploit is not the same as malware unless packaged and stored on a target computer. (lots of exploit code is never written to the harddisk of the target)
An exploit is code or a process that can be used to gain elevated access on a system. After preforming an exploit a payload would be sent, generally a reverse shell of some sort (depending on the privileges a cracker has managed to gain). The reverse shell would be malware. If they sent exploit code to be stored and run on the computer it too would malware. Since most exploits that exist for Linux do not propagate in the wild (Android seems intent on changing that), it does not matter how many exploits exists unless they are used. When the bad guys start taking existing exploits and placing it in self propagating code (worms), Then you have to worry about it (for anti virus at least).
That means individuals using Linux need to worry about Spear Phishing attacks more than drive by downloads.
User:To friend or not to friend--that is the question:
Whether 'tis nobler to take an arrow to the knee or to suffer
the slights and add's of outrageous fortune
Or to take arms against a sea of trolls And by opposing feed them. www.evicsis.com
LOL the exploit database does indeed contain linux exploits, including numerous ones for Firefox 1.x. Oh God we're doomed
But I failed to account for the abundance of android malware in the wild.
The important point to make in any Linux anti-virus software debate is that there are multiple other, far more effective security controls one can use than anti-virus software.
Bookmarks