Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: What antivirus for Linux protects against ransomware and infected web sites?

  1. #1
    Join Date
    Jun 2014
    Beans
    65

    What antivirus for Linux protects against ransomware and infected web sites?

    Linux servers are getting infected with ransomware like crazy, so it is not true that Linux machines don't get viruses.

    I find my usual vulnerability to viruses is downloading legitimate files from legitimate sites, such as Blue Mountain greeting cards, visiting legitimate sites taht are infected and in Windows Malwarebytes wouldn't let me at that web site, and, visiting a web page that runs ads, and they all do, ten million ads, only one of the ads will redirect to a malicious web site and download malware even on a Linux machine without my consent. I don't know how they are doing that, but it's a major problem. Here are some articles about it.

    https://invenioit.com/security/linux...-attacks-rise/

    I can't find any antivirus for Linux that even mentions ransomware, and in this day and age, that's fundamental to a minimally competent antivirus. Clamav doesn't say it stops ransomware from installing or running, Comodo doesn't - none of them do.

    It's also critical to me that workstation/ PC antivirus software actually tell me if I'm on an infected web site and not let me on it, or not let infected files download. Generally with Windows I found that if using antimalware like that I didn't get viruses, and if using antimalware that doesn't block bad web sites and doesn't block bad files from downloading, I do get malware. It really doesn't matter what an antivirus does after the fact as the simplest and least threatening virus is a day's work to get off your system and I've never once seen the antivirus remove it for me. I can't find a single Linux antivirus that does that.

    Can people please suggest software that actually blocks viruses on Linux systems including ransomware?

    If there is no such thing, that's a grave issue for expecting anyone to convert from using Windows. Canonical needs to fix that!

  2. #2
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    "While it may not be currently clear how the B0r0nt0K ransomware was able to establish a foothold on the affected Linux servers in question, typically it comes back to server misconfigurations or from running out-of-date versions of software with known remote code execution vulnerabilities," he told LinuxInsider.
    https://www.linuxinsider.com/story/85870.html

    I also took a look at the link you posted which states the system they're talking about had a ten year old kernel on it.

    In short, run updates at least weekly, if not daily, and don't configure servers without following official documentation and doing research.

  3. #3
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    As for the anti-virus saying you're on an insecure website, there are browser plugins for that. What browser are you using?

  4. #4
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    6,774
    Distro
    Xubuntu 19.04 Disco Dingo

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    In general, the Linux kernel receives security patches for newly found vulnerabilities very quickly - probably quicker than any AV product could be updated to recognise any/all the different variants of malware that attack that vulnerability. So you are better off keeping the OS patched than you are trying to keep an AV product up to date. And one OS update/patch will protect against all malware that tries to use that patched vulnerability.

    An AV vendor will happily give a long list of names of malware variants it detects and will add to that list when new variants that attack the same vulnerability are found. Looks good on their web site. I don't think you will find any AV software that protects against un-patched vulnerabilities though. That's just not the order in which things happen. Plugging the hole is so much better than paying to keep the pumps running.

  5. #5
    Join Date
    Jun 2014
    Beans
    65

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    You all seem to misunderstand. I'm not looking for protection from vulnerabilities, I'm looking for protection from viruses. Vulnerabilities are a fact of life and most are not going to be patched and known. Honestly, the ways to deny the problem!

    I specifically want an antivirus that specifically blocks ransomware, and specifically blocks viruses before they download. Like many antivirus products do for Windows.

    Come on, you all, the news media for the past two days is full of Linux servers infected with a specific kind of ransomware, and if it's infecting well secured government and corporate servers you KNOW it's affecting desktop users like me by the millions. Quit denying the problem, if you want actual Linux users!
    Last edited by dora5; September 12th, 2019 at 12:23 PM.

  6. #6
    Join Date
    Jun 2014
    Beans
    65

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Chrome.

    Again, I am concerned about INFECTED web sites, not "insecure" ones. Many Windows antivirus products such as malwarebytes block INFECTED web sites. NOT "insecure" ones.

  7. #7
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Quote Originally Posted by dora5 View Post
    Chrome.

    Again, I am concerned about INFECTED web sites, not "insecure" ones. Many Windows antivirus products such as malwarebytes block INFECTED web sites. NOT "insecure" ones.
    There are addons for Chrome to block infected sites, though Google Chrome already has you covered. https://support.google.com/chrome/an...sktop&hl=en-GB Those sites, whether blocked by a third party app or the browser, have to be reported and confirmed by the vendor before they start blocking. You're trying to treat Linux as if it were Windows. Linux is not Windows. Please take the time to read the Security sub-forum stickies to learn more about protecting yourself.

    If you read up on anti-virus for Windows, then you'll find that they're usually a day late and dollar short on protection against malware.

  8. #8
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Quote Originally Posted by dora5 View Post
    You all seem to misunderstand. I'm not looking for protection from vulnerabilities, I'm looking for protection from viruses. Vulnerabilities are a fact of life and most are not going to be patched and known. Honestly, the ways to deny the problem!

    I specifically want an antivirus that specifically blocks ransomware, and specifically blocks viruses before they download. Like many antivirus products do for Windows.

    Come on, you all, the news media for the past two days is full of Linux servers infected with a specific kind of ransomware, and if it's infecting well secured government and corporate servers you KNOW it's affecting desktop users like me by the millions. Quit denying the problem, if you want actual Linux users!
    Linux protects against malware by fixing vulnerabilities. Malwares usually require a vulnerability. The Linux SERVERs you are mentioning as being infected are usually outdated and misconfigured, as most of the articles I have read are mentioning. If you're seeing articles hinting that Linux desktop machines are being affected, then do share.

  9. #9
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    Quote Originally Posted by The Cog View Post
    An AV vendor will happily give a long list of names of malware variants it detects and will add to that list when new variants that attack the same vulnerability are found. Looks good on their web site. I don't think you will find any AV software that protects against un-patched vulnerabilities though. That's just not the order in which things happen. Plugging the hole is so much better than paying to keep the pumps running.
    This! Malware vendors are expecting customers to have updated systems. If you were running Windows and hadn't run updates for ten years, like in the article you shared, then even the best anti-malware will likely not protect you.

  10. #10
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    14,433
    Distro
    Kubuntu Development Release

    Re: What antivirus for Linux protects against ransomware and infected web sites?

    From: https://www.linuxinsider.com/story/85870.html

    The most active way to prevent B0r0nt0K from entering your Linux server is to close the SSH (secure shell) and the FTP (file transfer protocol) ports, said Victor Congionti, CEO of Proven Data.
    Anyone running an Internet-facing server that still supports plain-text FTP is an idiot.

    Also SSH to my remote servers only allows connections from a small list of known IPs. Most of my communications between my office and the remote servers happens over OpenVPN connections. Again these are limited to a very small set of IPs.

    It is also possible that these attacks are being sent in through basic CMS (content management system) vulnerabilities.
    I use WordPress and install new updates when they are released. I also limit the permissions on the WP directories so that the web server "user" cannot write anything there except to the upload directory where objects like graphics are stored. I run a simple script that changes the permissions before each update, then run another script that sets the permissions back when the update is finished.

    It's not hard to protect yourself against these kinds of exploits if you invest some time and effort.

    I don't visit random websites, and I certainly wouldn't follow links in email to some site that I don't know. I also run MailScanner on my mail server to scan all my mail for spam and viruses. It will detect and "disarm" hidden links like 1x1 graphics that can be a source of "drive-by" infections.

    Finally, all my servers are virtual machines, and I pay Linode a few bucks extra a month to take daily snapshot backups of each server. If a server were ever to go south, I could replace it from its snapshot image. At worst I'd lose a day or two of new content.
    Last edited by SeijiSensei; September 12th, 2019 at 02:45 PM.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •