Ask Your Question
2

Fedora 29: is it necessary now to use a malware protection? [closed]

asked 2018-11-27 12:50:34 -0500

heliosstyx gravatar image

After reading this question https://ask.fedoraproject.org/en/ques... I want to know if it is really necessary now to use a malware protection under Fedora 29 or is it enough to use a linux system with "brain" and to operate carefully inside the system? I checked different websites for Linux Anti-Virus solutions, but nothing convinced me. It seems to me that all solutions are a so called "Alibi-action". Please discuss it with me.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by heliosstyx
close date 2018-12-01 10:42:30.577464

Comments

I have exactly the same feeling. Some fantastic exploits are vague and undocumented, with no evidence of a single user case. The others with sound descriptions all begin like "when you add a module to the kernel" or something like that. Nonsense, if you're root you don't need to modify anything at all in order to damage the machine! The best practice is to use common sense, upgrade packages when required, don't use root as user, don't allow ssh for root (why Fedora allows it by default?), don't install things at random.

ed209 gravatar imageed209 ( 2018-11-27 13:54:55 -0500 )edit

3 Answers

Sort by ยป oldest newest most voted
0

answered 2018-12-01 10:41:46 -0500

heliosstyx gravatar image

Thank you to all for the discussion. Now all is clear. The question is closed now

edit flag offensive delete link more
2

answered 2018-11-27 14:11:12 -0500

aeperezt gravatar image

Do not think so, the case reported on that question, was a miss use of his computer, he installed software from unknown source (really bad practice), so he got infected, but even if he got infected that particular Trojan use DirtyCow vulnerability to scale privileges, that particular vulnerability was patched on Fedora 10.

Use best practice, install from official places and keep your system up to date. You will be Ok.

edit flag offensive delete link more
0

answered 2018-11-27 18:18:28 -0500

Panther gravatar image

updated 2018-11-27 18:26:43 -0500

You are in many ways asking for an opinion

In general, no, such tools are not advised for the majority of users because of the way you should be using Fedora

  • Install only from trusted sources (fedora and rpmfusion)
  • selinux and firewall enabled
  • In general patches to known vulnerabilities are rapidly released so keep your system up to date
  • You should have any and all data you value backed up
    • You should be monitoring your servers logs , logins, etc

For example, the known vulnerabilities in that post were patched long ago and selinux offers protection against zero day exploits

In addition most if not all of the antivirus tools available for linux are notorious for false positives. In addition the tools are very generic and really can not differentiate between legitimate and malicious ssh https or other connections or valid vs inalid logins

There are some potentially valid user cases :

  • How valuable is your data?
  • Are you running any servers (fedora is probably not the best distro for servers)
  • Shared files with windows (scan samba shares / shared usb / etc)
  • mail server

You can harden fedora

  • Run your browser in a selinux jail
  • Mount /home noexec,nodev
  • confine users with selinux I confine my users as user_u, they simply do not need more
  • use a non-admin user for daily activities. How often do you need root access and why not use an account with no root or sudo access most of the time?

All such options will go further than antivirus

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2018-11-27 12:50:34 -0500

Seen: 277 times

Last updated: Dec 01 '18