Ask HN: What do you use to protect your Linux box from malware?
3 comments
First, you have to understand that once infected, a system can never be fully cleaned. So you if you are not sure how your past usage has been and might have installed random software, you need to reinstall your system after backing up your non-system files. This is the only sure way. AV software claim to solve what-they-can in the best possible way for a person who doesn't have any other option. The very fact that you are using Linux, I assume you are step above the average AV customer base.
Once you have clean system, you have to follow a discipline - do not work as root, restrict ssh access to specific users, don't run unnecessary services. Far too many to list here. Unfortunately, that is how the world is. Be paranoid. May be even use a VM to run software you don't trust. Always install software using package managers or at least do basic sanity checks like checksums on anything you download.
There is no software that will run a scan and give you a green check. If there is one like that, I wouldn't trust it either.
Once you have clean system, you have to follow a discipline - do not work as root, restrict ssh access to specific users, don't run unnecessary services. Far too many to list here. Unfortunately, that is how the world is. Be paranoid. May be even use a VM to run software you don't trust. Always install software using package managers or at least do basic sanity checks like checksums on anything you download.
There is no software that will run a scan and give you a green check. If there is one like that, I wouldn't trust it either.
Thank you for the info. I generally work according to the best-practices you outline.
> There is no software that will run a scan and give you a green check. If there is one like that, I wouldn't trust it either.
Are you advising against running ClamAV, chkrootkit and rkhunter? I know they won't give 100% guarantee, but something better than nothing, I thought.
I am most worried about my developer machine, as I have testdrived numerous OSS projects, with different stacks, package managers, etc. Fetched billions of npm packages, and browsed gazillion sites for tech advice (using FF, Privacy Badger, uBlock, but still).
A clean reinstall may be in order, but it'll cost so much time getting all config I now have in place again.
> There is no software that will run a scan and give you a green check. If there is one like that, I wouldn't trust it either.
Are you advising against running ClamAV, chkrootkit and rkhunter? I know they won't give 100% guarantee, but something better than nothing, I thought.
I am most worried about my developer machine, as I have testdrived numerous OSS projects, with different stacks, package managers, etc. Fetched billions of npm packages, and browsed gazillion sites for tech advice (using FF, Privacy Badger, uBlock, but still).
A clean reinstall may be in order, but it'll cost so much time getting all config I now have in place again.
ClamAV on Linux is mostly for checking for Windows malware in files that might end up on Windows.
Question is: What tools are best to use here to ensure I can sleep safely knowing no viruses, trojans, rootkits and other filth have nestled in my systems?
Also curious what are best, reliable websites to keep up-to-date on security best-practices related to this.
PS. I intend to start my scan with ClamAV, followed by chkrootkit and rkhunter as outlined here [2].
[0] https://youtube.com/watch?v=BGsw_l0tT10
[1] https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-linux-windows-with-new-dacls-malware/
[2] https://www.linux.com/tutorials/security-tools-check-viruses-and-malware-linux/