this post was submitted on 24 Nov 2025
97 points (91.5% liked)

Linux

14484 readers
14 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
97
Linux Antivirus? (lemmy.wtf)
submitted 1 month ago by UNY0N@lemmy.wtf to c/linux@lemmy.world
77 comments fedilink hide all child comments
 

I'm about to install bazzite on my wife's older (2017) Windows 10 machine, and I've been going over how to recreate everything she currently has. Most programs (even proprietary ones) are not an issue, but I'm not finding much in the antivirus department.

I never even thought to install one on my Linux machine (also on bazzite, but I have used other distros in the past). So although I am no stranger to Linux, this issue blindsided me.

I know clamav exists, and I'm educating myself on how to use it, but a GUI would be nice for the wife. She's not afraid of the terminal, but she likes the convenience of GUI programs.

Any suggestions? What do you use? Or is it just generally accepted that one should be careful and keep things up-to-date and that's enough?

you are viewing a single comment's thread
view the rest of the comments
[–] Neptr@lemmy.blahaj.zone 21 points 1 month ago* (last edited 1 month ago) (3 children)

To be more clear, antivirus in general are mostly scams because they are advertised to do much more than they are actually capable (especially proprietary ones that act as spyware such as Norton or Avast, which have been caught selling user data). Hash based antivirus solutions (such as ClamAV) aren't effective either because they rely on "badness enumeration", in which you try to determine all the bad samples (through a sample list(s)) and alert or delete them when detected. This isn't a good solution because a threat actor only has to add for example a single whitespace character into the code and it will produce a wildly different hash (which has not been sampled before). Badness enumeration is shit way to deal with real problems, much better is an allowlist approach, such as a permission system where to minimize the access given and soften the security until the app runs.

TLDR: Antivirus bad at job of stopping malware, and sandboxed apps good for security of your device.

[–] unknownuserunknownlocation@kbin.earth 9 points 1 month ago

I'm not sure where you get the idea that antivirus is mostly a scam. Yes, there are some questionable vendors out there, but it doesn't mean it's a scam. I know antivirus has saved my ass a couple of times, at least when I was younger. Was I doing something stupid? Yes. Do we all do something stupid every once in a while? Also yes.

[–] menas@lemmy.wtf 3 points 4 weeks ago

I agree with your demonstration, but not the conclusion. The main threat in OP case is random attack made by massive and standardize attack. So hashed signature are better than nothing. Of course it is not enough for all kind of attack, like a focus one

[–] Quetzalcutlass@lemmy.world 2 points 1 month ago (1 children)

ClamAV is purely hash-based, not heuristic? I knew it scored incredibly poorly in AV tests, which would make sense if that's still their approach.

[–] ToxicWaste@lemmy.cafe 1 points 4 weeks ago

clamAV has heuristic capabilities. just search through the documentation and see how many switches contain 'heuristic':

https://docs.clamav.net/manual/Development/libclamav.html