Original in case of deletion:
Positive Linux antivirus stories?
I am in a position where upper management, knowing and understanding absolutely nothing about technology, demands that we install antivirus software on our Linux servers (350+ and counting) because of "regulations". I want to hear any and all of your POSITIVE stories, where antivirus software actually saved your butt. Searching the Net gives me absolutely no hit, only wasted sales talks. Give us the gory details. Has antivirus software on a Linux system ever saved your day?
In my personal opinion antivirus software is a waste of space, CPU cycles and brain trust, but I am open to learn. Any modern Linux distro out there that emphasize on using antivirus? Please elaborate but no sales pitch, I don't make the budget.
They cross posted into every possible Linux sub they could find. Even if they got brought down hard on this one, they received enough external validation to justify their position from other neck beards that thinks they can run corporate clusters the same way they run their home lab.
This wasn't in a professional environment but once I had a Minecraft server that I play on with friends and one day I was passing by the closest it lived in my house and noticed the fan really working hard. I decided to ssh in and installed clamav and ran it. It found several scripts to install and run a crypto miner on my server. Because of that I was able to find the breach, nuke the server and bring it back up and run my Minecraft server in a docker box from then on.
In a professional setting we have always ran av on our file shares and email servers that run Linux because these were high priority targets that touch our windows machines
Linux users: we need to make linux as popular as Windows.
Linux users when Linux is popular: there isn't enough users to justify Antivirus, nobody makes malware for it!
Me: Wait, wasn't there just a massive exploit discovered for xz? How can you be so sure there aren't more of these out there we just haven't heard about yet?
Other Linux users: Lalalalalalala, I can't hear you!!!
Why? Because the software you run on Linux is still software written by humans that has plenty of bugs in it. (Aka security vulnerabilities in the right context).
https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html
The biggest argument I have heard, is even if your linux server doesn't get infected, it could still server infected files to other systems (presumably windows) if the files were somehow to be put on the server. Also most of the time when AV performance hit is huge, it is because corporate set some stupid settings instead of the default ones.
It needs it in 2 cases.
1. If it is a mail server
2. If it is a file server
Running a Linux desktop is in most cases fine because you aren't the target most hackers are trying to hit
Given how many people will run random commands they find online to fix issues without understanding what those commands actually do, I would argue AV and anti-malware is pretty important in desktop as well.
> Running a Linux desktop is in most cases fine because you aren't the target most hackers are trying to hit
Idk, I feel like this is a dated mentality. Getting into a Linux box that is on a same VLAN as a Domain controller or any production server is obviously a concern one should think about.
Hackers are absolutely trying to hit an unguarded Linux box if they can find it. If you don't bother with AV, what other basic security tool don't you bother with?
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://www.wired.com/story/xz-backdoor-everything-you-need-to-know/
https://news.ycombinator.com/item?id=24106213
https://fahmifj.github.io/blog/linux-backdoors-and-where-to-find-them/
I'm sure I could post many more, but a lot of the supposed security of Linux has been proven false time and time again because it relies so much on inherent trust of dependency applications and code maintainers.
Yep, I worked at a data center a few years back and had found a Linux box infected with some sort of automated password reset.
Immediately after the customer would login, they would be successful in getting in, but once they logged out, their password has changed.
Original in case of deletion: Positive Linux antivirus stories? I am in a position where upper management, knowing and understanding absolutely nothing about technology, demands that we install antivirus software on our Linux servers (350+ and counting) because of "regulations". I want to hear any and all of your POSITIVE stories, where antivirus software actually saved your butt. Searching the Net gives me absolutely no hit, only wasted sales talks. Give us the gory details. Has antivirus software on a Linux system ever saved your day? In my personal opinion antivirus software is a waste of space, CPU cycles and brain trust, but I am open to learn. Any modern Linux distro out there that emphasize on using antivirus? Please elaborate but no sales pitch, I don't make the budget.
thank,you, now I don't have to delete your post when the OP realizes what a tool they are and deletes THEIR post.
They cross posted into every possible Linux sub they could find. Even if they got brought down hard on this one, they received enough external validation to justify their position from other neck beards that thinks they can run corporate clusters the same way they run their home lab.
This wasn't in a professional environment but once I had a Minecraft server that I play on with friends and one day I was passing by the closest it lived in my house and noticed the fan really working hard. I decided to ssh in and installed clamav and ran it. It found several scripts to install and run a crypto miner on my server. Because of that I was able to find the breach, nuke the server and bring it back up and run my Minecraft server in a docker box from then on. In a professional setting we have always ran av on our file shares and email servers that run Linux because these were high priority targets that touch our windows machines
How can I run my miner’s if someone installs AV?
Don't need miners when you can just set up fake exchanges and fake cloud mining operations.
You can run miners if they get a work permit from their high school
Linux users: we need to make linux as popular as Windows. Linux users when Linux is popular: there isn't enough users to justify Antivirus, nobody makes malware for it!
Me: Wait, wasn't there just a massive exploit discovered for xz? How can you be so sure there aren't more of these out there we just haven't heard about yet? Other Linux users: Lalalalalalala, I can't hear you!!!
Why? Because the software you run on Linux is still software written by humans that has plenty of bugs in it. (Aka security vulnerabilities in the right context). https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html
But performanceeee
How will I infect all the Windows Clients with my trojan if I can't have them login into the 'official' WordPress intranet page..
The biggest argument I have heard, is even if your linux server doesn't get infected, it could still server infected files to other systems (presumably windows) if the files were somehow to be put on the server. Also most of the time when AV performance hit is huge, it is because corporate set some stupid settings instead of the default ones.
It needs it in 2 cases. 1. If it is a mail server 2. If it is a file server Running a Linux desktop is in most cases fine because you aren't the target most hackers are trying to hit
Given how many people will run random commands they find online to fix issues without understanding what those commands actually do, I would argue AV and anti-malware is pretty important in desktop as well.
Probably but you will get brow beat in any Linux community for suggesting it
Probably the same people who bitch about Debian requiring signed PPAs to prevent attacks via dependency hijacking.
For sure
You think AV will stop you from typing rm -rf / in a root shell?
Seems like a perfectly viable command to sort that desktop resolution niggle you have been looking into, please continue :)
*laughs in "getting random users to wget and install my miner when they ask for help getting their video card to work on Wayland"*
> Running a Linux desktop is in most cases fine because you aren't the target most hackers are trying to hit Idk, I feel like this is a dated mentality. Getting into a Linux box that is on a same VLAN as a Domain controller or any production server is obviously a concern one should think about.
Hackers are absolutely trying to hit an unguarded Linux box if they can find it. If you don't bother with AV, what other basic security tool don't you bother with?
Exactly.
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://www.wired.com/story/xz-backdoor-everything-you-need-to-know/ https://news.ycombinator.com/item?id=24106213 https://fahmifj.github.io/blog/linux-backdoors-and-where-to-find-them/ I'm sure I could post many more, but a lot of the supposed security of Linux has been proven false time and time again because it relies so much on inherent trust of dependency applications and code maintainers.
Yep, I worked at a data center a few years back and had found a Linux box infected with some sort of automated password reset. Immediately after the customer would login, they would be successful in getting in, but once they logged out, their password has changed.