Do you have any antivirus recomendations for Linux.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    As Linux gets more popular, malware will target Linux, it’s just a matter of time. So right now it’s not a big problem, but hopefully Linux gets popular enough that it happens.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        1 year ago

        You could say the same about macOS, but now that gets targeted, and Linux has about the same amount of reported userbase as macOS now. So if Linux continues to gain traction, I expect it to follow macOS in becoming a target for malware. Maybe it’ll take longer because of the fragmentation, but I think we’ll get there.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                1 year ago

                Here’s one example of a privilege escalation

                https://security.berkeley.edu/news/macos-ipados-and-ios-local-privilege-escalation-vulnerability-cve-2021-30807

                And here’s a little more detail about it, complete with links:

                https://www.offsec.com/offsec/macos-preferences-priv-escalation/

                This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).

                every single one requires the user to install something

                Not all. HVNC, for example, doesn’t require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.

                Also XCSSET Updated used a zero day in Safari.

                These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it’s foolhardy to think macOS is immune in some way.

                Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we’ll see more effort in packaging them together.

                  • sugar_in_your_tea@sh.itjust.works
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    1 year ago

                    Sure, anti-virus won’t prevent the zero day from being exploited, but it can prevent any malware packaged with it from executing/causing damage. The same goes for other strategies, like sandboxing, access control, etc, the more layers you have, the less likely an attack is to be successful.

                    On the other side, the less valuable your platform is to exploit, the less attention it’ll have from malware authors. Most malware is looking to make a quick buck, and getting grandma to call a fake support line to fix a manufactured problem is the lion’s share of malware. Some attempt to create a botnet (i.e. worms and Trojans), and others try to steal banking and other credentials (so cookie scraping, no need for privilege escalation, just code execution).

                    I’m just pointing out that zero days and privilege escalation has existed to show that macOS isn’t immune. I’m sure there are plenty more, they just probably aren’t used as much because the potential benefit isn’t large enough yet. Why risk revealing your zero day when the profit potential is low? Sometimes it’s more valuable to wait and sell to a more sophisticated attacker who will go after higher value targets like sitting politicians than to sell it on the open market to a scammer who goes after grandma.

                    The same goes for Linux. Zero day privilege escalation attacks certainly exist, if you follow the CVEs, you can see some of them getting discovered before they’re explored. As the market expands, we’ll see more exploits actually being used, which means there are probably even more that potential attackers are sitting on.