Protection for malware? I'm beginner.

Latest response

Hi everyone, it is now known that the threat of malware is also impacting the Linux world so I was wondering if it was necessary to use an antivirus product even on red hat especially for newcomers to the Linux world as I am.
With free products and real-time scanning and good level of detection, I found only Sophos, but apparently still does not support Red Hat 8.
Enabling the scan with TALPA is supported for now up to 7 but from what I understand maybe with fanotify you can also use it with the 8, but I don't know if there is full compatibility and if there could be some problems of functioning.
Since I use the workstation version for personal use and also to start learning linux, do you know how to give me the most objective information possible about it?

Thank you all

Responses

Hey do you know when we get infected by malware. Lets talk about the possiblity: (In general: All OS)

> When you use untrusted software downloaded from torrent sites or any other bad sites
>You don't update your Operating System and have very old software with very critical Vurnalability {to exploit this : your ststem must be accessable through internet directly: What I mean is you machine must have public IP or your firewall must have port forwarding configured or you installed any bad software that is helping attacker to get reverse-TCP connection}
>  You are insurting an external thumb drive with infected execubales and auto-run feature enabled in your Operating System

Lets talk about Why Linux is secure (lets discuss about Red Hat):

All official repos are verified by community and/or Red Hat
Enable RedHat official repos and 3rd party repo {EPEL and RPM fusion}
RHEL 8 won't allow you to install any unsigned package
RedHat shipped Linux kornel and software is havily patched and they are enforcing kornel polity using selinux policy
Red Hat takes security very seriously {Malitary grade Security}
Even if you forcefully installed a malware in your system {you have to write a malware code: you won't find in Internet I guess}. It selinux policy will block it to work properly. Lets assume you gave permission forcefully then also it is very hard to make any back door in any Linux system. RedHat is bugbonty this make it even harder to find any vurnability. You can try you will get reward if you can submit one security vurnalbility.

Lets talk about good pracktices I follow:

Don't enable too many third party it might make your system buggy. If you have any confusion you can ask in this portal.
Stick to official repos, epel and RPM fusion
You can use OpenDNS {free to use} to block malware domain
I use Windscribe VPN add extra layer of security @DNS layer and application layer{I trust them: if you have any question you can post @ https:www.reddit.com/r/windscribe}
If you are using Laptop then consider enabling full disk encryption {Please backup your laptop before doing so}
don't disable you firewall or selinux
make sure you know what a command does specially when you are proving sudo permission to it

Please correct me If I am wrong

Hi, Sayed Anowar

and thanks for your contribution. What you say is certainly correct but I had more than anything else concern about issues related to the execution of malicious code through injection while browsing the Internet, perhaps with web pages developed on purpose. Other concerns concern various exploits up to exploits and 0 day vulnerabilities. I realize that they are probably excessive concerns as they are "difficult" to be realized but, if something of the kind should occur, an antivirus could help at least for what concerns the identification of heuristics in the first instance and subsequently the real identification. Obviously anyone who follows your advice will have a very low percentage of risk.

Thanks again for your contribution.

Actually "Antivirus Software could make your System"; it is like Swiss-Army knife. Just google it. That's why security mechanism of Linux comes in to save you. I already told that it is very hard to make backdoor in Linux system. Hey I am a beginner too. I am trying to help best of my knowledge.

Lets talk about malicious code in a website:
You could use OpenDNS to block out those domains at DNS level or you could use Windscribe (I use OpenDNS when I am not connected to Windscribe VPN)
Even if your browser is compromised by a malicious code, they can only see your browser related activity only [i.e. your browsing history, book-marks or saved password if any {it is recommended to use 2FA when available}{I clear my browser once or twice a month}]. They can't get into your OS as browser is not running as root {it is not recommended to use browser using root account}

Let's talk about zero days exploit:

When someone find zero days exploit. They basically scan the whole internet for vulnerable devices running that particular service. They might use search engine for that OR they can use [Shodan] (https://www.shodan.io/) to be more specific or similar something
So if you are behind a firewall {might be your home router's firewall or your ISP firewall} you are safe from those kind of attacks
Those are finding zero days exploits are elite hackers [believe me most of them are good]
Elite hackers don't hack random systems their attack a particular target {Most of the cases}
If someone found zero days exploit they usually don't scan whole internet as this will increase probability of getting hunted by security researchers.

Please let us know if you know something. Please share your knowledge. I want to learn too. Thank you.

Sayed Anowar,

surely I am too paranoid but it was interesting for me to know the point of view of those who are already moving in the Linux world. As for the VPN, I discovered this site: https://protonvpn.com/. It is free and with unlimited traffic but only for one device.

Thanks again.