Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: What antivirus for Linux protects against ransomware and infected web sites?

  1. #11
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    The Linux servers infected were all running php webapps. They are not normal desktops. The files targeted were .html, js, and php files.

    Windows and Unix have completely different security models. Hence, the solutions to potential problems are also different. Trying to make Linux like Windows will only lead to frustration. They aren't the same OS and work very differently.

    My 80 yr old mother never had any issues with malware or viruses on Linux. She was hit with both on Windows, before she realized that changing to Linux was necessary.

    Do a little research, please.
    If you want to prevent any malware/virus/whatever harming your Linux system coming in over a web browser, then use the normal tools which prevent that, like firejail or a Linux container. Linux containers have been around almost 15 yrs. Light sandboxes have been around almost a decade making use of Linux namespaces. These are used to limit access by processes not specifically allowed to certain kernel services and parts of the file system. Canonical snaps are mini-containers for programs.

    I would never use google-chrome on any of my systems. Their goals and my goals in a browser do not align.

    Nothing can protect every user from every possible threat. Not visiting untrustworthy websites is my primary way to avoid issues. To me, untrustworthy sites have more than 1 tracker included. I don't allow javascript on most websites. For email, only 7-bit ASCII is accepted.

    Any AV/anti-malware is too late. Be proactive.

    And nothing can replace having daily, automatic, versioned, backups. When you get hit with a problem, those backups will let you go back to before the attack happened and compare all the files, figure out what happened, before restoring. As long as the backup storage isn't connected to the system while the malware is active, recovery is possible. If it takes more than 45 minutes to restore a system to the way it was before the malware hit, then the backups aren't good enough.


    Anyone running an Internet-facing server that still supports plain-text FTP is an idiot.
    +1000!
    "While it may not be currently clear how the B0r0nt0K ransomware was able to establish a foothold on the affected Linux servers in question, typically it comes back to server misconfigurations or from running out-of-date versions of software with known remote code execution vulnerabilities,"
    Stay patched. Have versioned backups. If you run internet services, be paranoid. Desktop users are not impacted.

    Linux isn't Windows. Think differently.
    Last edited by TheFu; September 12th, 2019 at 03:12 PM.

  2. #12
    Join Date
    Sep 2019
    Beans
    29

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    i would not pay any heed to that article, a) it is outdated b) the article seems like a promotional article for a certain company & even suggests a free demo from the company (check the links in blue).

    Quote Originally Posted by uRock View Post
    As for the anti-virus saying you're on an insecure website, there are browser plugins for that. What browser are you using?
    i tried quite a few on firefox but they all seem useless. all they seem to do is block trackers. even sites known for doling out malicious jewels are given a green by these so called security add-ons.

    Quote Originally Posted by TheFu View Post
    If you want to prevent any malware/virus/whatever harming your Linux system coming in over a web browser, then use the normal tools which prevent that, like firejail or a Linux container.
    nice. kinda like default-deny. thank you for the firejail tip.

    Quote Originally Posted by TheFu View Post
    I would never use google-chrome on any of my systems. Their goals and my goals in a browser do not align.
    ditto that.

  3. #13
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Quote Originally Posted by u-n View Post
    <snip>
    i tried quite a few on firefox but they all seem useless. all they seem to do is block trackers. even sites known for doling out malicious jewels are given a green by these so called security add-ons.
    <snip>.
    Yup. Like AV for Windows, they only make people feel more protected. I use Firefox. The only add-on I have enabled is Facebook Container, which has changed a lot about how FB offers ads. I don't see all of the ads for products I look at on other sites anymore. I ran ClamAV after you posted about the malware in your cache and it found nothing on my system. I attribute that to my running Bleachbit to clear cache and temp stuff several times a day and my not going to many websites aside from FB, local news, Amazon, UF, and gmail. Aside from those pages, I only visit pages that come up when doing research.

    @TheFu
    I had never taken a look at FireJail. I am going to start messing around with it. I wonder if the person in this Wordpress had to pay Metallica for royalties for his video. https://firejail.wordpress.com/

  4. #14
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    There are about 10 other firejail-like tools. "firejail vs" is a good search term to find some other options.

    Some aliases that might be handy:
    Code:
    alias firechrome='firejail chromium-browser --mute-replay-warnings '
    alias fireff='firejail firefox '
    alias firepchrome='firejail --private chromium-browser --mute-replay-warnings '
    alias firepff='firejail --private firefox '
    --private means nothing will be written to disk/storage. NOTHING. Without that option, only the ~/Download/ and browser config directories can be written and specific parts of the file system support read.

    For fun, do a firejail --private bash and see what you can see/do. Try to sudo. Put files in your HOME or ~/Downloads. Knock yourself out. Firejail has profiles for different programs - /etc/firejail/ ... most of the settings aren't hard to figure out.

  5. #15
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Canonical needs to fix that!
    Just a note here dora5:

    Canonical is just one of many distributors of a Linux-based OS. Canonical produces Ubuntu, one of many Linux distributions. Microsoft is entirely responsible for and in control of Windows. Windows is Microsoft's product. Canonical is not "in charge" of Linux. Linux is not Canonical's product. Canonical controls a small subset of the Linux world, a part called Ubuntu.
    Last edited by QIII; September 12th, 2019 at 06:54 PM.
    Please read The Forum Rules and The Forum Posting Guidelines
    My Blog
    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  6. #16
    Join Date
    Aug 2006
    Location
    S.F. Bay Area
    Beans
    265
    Distro
    Ubuntu

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Quote Originally Posted by u-n View Post
    i tried quite a few on firefox but they all seem useless. all they seem to do is block trackers. even sites known for doling out malicious jewels are given a green by these so called security add-ons.
    Which ones have you tried? I'm currently in the process of evaluating some browser add-ons and so far, the two I'm using (Ad Blocker Ultimate and Malwarebytes browser extension) are working very well.

    Thanks!

    Peace...

  7. #17
    Join Date
    Sep 2019
    Beans
    7

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    What about brave browser? Don't they claim to do that stuff out of the box?

  8. #18
    Join Date
    Sep 2019
    Beans
    29

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Quote Originally Posted by tomdkat View Post
    Which ones have you tried?
    avast online security, avg online security, avira browser safety, bitdefender traffic light & norton safe web

    Quote Originally Posted by tomdkat View Post
    I'm using (Ad Blocker Ultimate and Malwarebytes browser extension) are working very well.
    i learnt of malwarebytes browser guard thanks to you. it did actually block access to some shady web sites but just a couple.

    to be honest i think i am better of without the snake oil.

  9. #19
    Join Date
    Oct 2014
    Location
    Sydney
    Beans
    Hidden!
    Distro
    Ubuntu Gnome

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Ransomware needs a way in, usually by exploiting the user's misconfiguration or vulnerability. No need to install AV on Linux workstation really. All of this ransomware hype in the media refers to compromised Servers, not user (Linux) workstations. I often find these servers left with no updates and poorly configured. Usually this happens because of organisations HR problems (despite them running 6 step job interviews ). As to securing your web browser, there was a good post on this topic https://www.linux.com/news/4-best-pr...x-workstation/
    Last edited by sisco311; 2 Weeks Ago at 07:42 AM. Reason: font
    Computer Forensic Professional
    Scientists search for truth. Philosophers search for logic.
    I apply logic to find truth.




Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •