What antivirus for Linux protects against ransomware and infected web sites?

[TheFu]

The Linux servers infected were all running php webapps. They are not normal desktops. The files targeted were .html, js, and php files.

Windows and Unix have completely different security models. Hence, the solutions to potential problems are also different. Trying to make Linux like Windows will only lead to frustration. They aren't the same OS and work very differently.

My 80 yr old mother never had any issues with malware or viruses on Linux. She was hit with both on Windows, before she realized that changing to Linux was necessary.

Do a little research, please.
If you want to prevent any malware/virus/whatever harming your Linux system coming in over a web browser, then use the normal tools which prevent that, like firejail or a Linux container. Linux containers have been around almost 15 yrs. Light sandboxes have been around almost a decade making use of Linux namespaces. These are used to limit access by processes not specifically allowed to certain kernel services and parts of the file system. Canonical snaps are mini-containers for programs.

I would never use google-chrome on any of my systems. Their goals and my goals in a browser do not align.

Nothing can protect every user from every possible threat. Not visiting untrustworthy websites is my primary way to avoid issues. To me, untrustworthy sites have more than 1 tracker included. I don't allow javascript on most websites. For email, only 7-bit ASCII is accepted.

Any AV/anti-malware is too late. Be proactive.

And nothing can replace having daily, automatic, versioned, backups. When you get hit with a problem, those backups will let you go back to before the attack happened and compare all the files, figure out what happened, before restoring. As long as the backup storage isn't connected to the system while the malware is active, recovery is possible. If it takes more than 45 minutes to restore a system to the way it was before the malware hit, then the backups aren't good enough.

Anyone running an Internet-facing server that still supports plain-text FTP is an idiot.

+1000!

"While it may not be currently clear how the B0r0nt0K ransomware was able to establish a foothold on the affected Linux servers in question, typically it comes back to server misconfigurations or from running out-of-date versions of software with known remote code execution vulnerabilities,"

Stay patched. Have versioned backups. If you run internet services, be paranoid. Desktop users are not impacted.

Linux isn't Windows. Think differently.

[(kyT%0)]

https://invenioit.com/security/linux...-attacks-rise/

i would not pay any heed to that article, a) it is outdated b) the article seems like a promotional article for a certain company & even suggests a free demo from the company (check the links in blue).

As for the anti-virus saying you're on an insecure website, there are browser plugins for that. What browser are you using?

i tried quite a few on firefox but they all seem useless. all they seem to do is block trackers. even sites known for doling out malicious jewels are given a green by these so called security add-ons.

If you want to prevent any malware/virus/whatever harming your Linux system coming in over a web browser, then use the normal tools which prevent that, like firejail or a Linux container.

nice. kinda like default-deny. thank you for the firejail tip.

I would never use google-chrome on any of my systems. Their goals and my goals in a browser do not align.

ditto that.

[uRock]

<snip>
i tried quite a few on firefox but they all seem useless. all they seem to do is block trackers. even sites known for doling out malicious jewels are given a green by these so called security add-ons.
<snip>.

Yup. Like AV for Windows, they only make people feel more protected. I use Firefox. The only add-on I have enabled is Facebook Container, which has changed a lot about how FB offers ads. I don't see all of the ads for products I look at on other sites anymore. I ran ClamAV after you posted about the malware in your cache and it found nothing on my system. I attribute that to my running Bleachbit to clear cache and temp stuff several times a day and my not going to many websites aside from FB, local news, Amazon, UF, and gmail. Aside from those pages, I only visit pages that come up when doing research.

@TheFu
I had never taken a look at FireJail. I am going to start messing around with it. I wonder if the person in this Wordpress had to pay Metallica for royalties for his video. https://firejail.wordpress.com/

[TheFu]

There are about 10 other firejail-like tools. "firejail vs" is a good search term to find some other options.

Some aliases that might be handy:

Code:

alias firechrome='firejail chromium-browser --mute-replay-warnings '
alias fireff='firejail firefox '
alias firepchrome='firejail --private chromium-browser --mute-replay-warnings '
alias firepff='firejail --private firefox '

--private means nothing will be written to disk/storage. NOTHING. Without that option, only the ~/Download/ and browser config directories can be written and specific parts of the file system support read.

For fun, do a firejail --private bash and see what you can see/do. Try to sudo. Put files in your HOME or ~/Downloads. Knock yourself out. Firejail has profiles for different programs - /etc/firejail/ ... most of the settings aren't hard to figure out.

[QIII]

Canonical needs to fix that!

Just a note here dora5:

Canonical is just one of many distributors of a Linux-based OS. Canonical produces Ubuntu, one of many Linux distributions. Microsoft is entirely responsible for and in control of Windows. Windows is Microsoft's product. Canonical is not "in charge" of Linux. Linux is not Canonical's product. Canonical controls a small subset of the Linux world, a part called Ubuntu.

[tomdkat]

i tried quite a few on firefox but they all seem useless. all they seem to do is block trackers. even sites known for doling out malicious jewels are given a green by these so called security add-ons.

Which ones have you tried? I'm currently in the process of evaluating some browser add-ons and so far, the two I'm using (Ad Blocker Ultimate and Malwarebytes browser extension) are working very well.

Thanks!

Peace...

[ryansenn]

What about brave browser? Don't they claim to do that stuff out of the box?

[(kyT%0)]

Which ones have you tried?

avast online security, avg online security, avira browser safety, bitdefender traffic light & norton safe web

I'm using (Ad Blocker Ultimate and Malwarebytes browser extension) are working very well.

i learnt of malwarebytes browser guard thanks to you. it did actually block access to some shady web sites but just a couple.

to be honest i think i am better of without the snake oil.

[ecophobia]

Ransomware needs a way in, usually by exploiting the user's misconfiguration or vulnerability. No need to install AV on Linux workstation really. All of this ransomware hype in the media refers to compromised Servers, not user (Linux) workstations. I often find these servers left with no updates and poorly configured. Usually this happens because of organisations HR problems (despite them running 6 step job interviews ). As to securing your web browser, there was a good post on this topic https://www.linux.com/news/4-best-pr...x-workstation/