Do antivirus programs still suck donkey dick?

[Erika Furudo]

GNU/Linux (or any Unix/Unix-like systems) users won't get infected because the malware doesn't have enough privileges to do system damage (if you're running as a regular user, the least it can do is fuck up your home directory), unless the malware does root exploit or you're retarded enough to run it as root

Also Windoez is not designed for security in mind obviously

Is that user/root stuff much different to windows regular account vs admin?

 

[PetrifiedTom]

Is that user/root stuff much different to windows regular account vs admin?

Its same for Windows user. If you create two accounts. One for Administrator and second for a regular user the latter won't have so much power to install most of the software. Still he can create and open files from Web which creates vulnerability for whole system because viruses/malware can spread freely across system accounts.

 

[ItsTheShitt]

Is that user/root stuff much different to windows regular account vs admin?

Yes

1. chad root is really powerful and dangerous user, unlike virgin adminstrator
2. all users are required to have a password, or else it will be impossible to login to them
3. if you wanna run something as root, you're gonna type the root password or be in some group or whatever your sudoers file says. unlike windows, where all you do is click a button and there goes your OS

 

[Some JERK]

Is that user/root stuff much different to windows regular account vs admin?

The root user can brick the entire hard drive without so much as a "Are you SURE you want to do that?" prompt.

 

[Dysnomia]

Avast did this with any legal copy of a Falcom game on PC. Also used to do this with Steam.

Legend of Heroes is not a virus, you Czech bylats.

I've heard of people having issues with some Ys games too. It's really irritating when some stupid anti-virus won't let you vidya.

 

[Erika Furudo]

Its same for Windows user. If you create two accounts. One for Administrator and second for a regular user the latter won't have so much power to install most of the software. Still he can create and open files from Web which creates vulnerability for whole system because viruses/malware can spread freely across system accounts.

Isn't this the same for linux?

Yes

1. chad root is really powerful and dangerous user, unlike virgin adminstrator
2. all users are required to have a password, or else it will be impossible to login to them
3. if you wanna run something as root, you're gonna type the root password or be in some group or whatever your sudoers file says. unlike windows, where all you do is click a button and there goes your OS

But couldn't a linux user fuck up things with malware without root access?

 

[PetrifiedTom]

Isn't this the same for linux?

Its slightly different.
Linux due to open source and thousands of people writing the code is less vulnerable for attacks because any flaws or holes in system can be fixed in no time. Unlike Windows which have holes reaching way back to Windows XP. You can still write a line of code for Windows XP and it will run perfectly on Windows 10. On the other hand, Linux have so many distros and package managers that is much more demanding to create something that will affect every distro out there.

Back to your question.
There are "viruses" which uses root privelages like there is a script for Linux terminal which proof-reads your inputs and if you make any typo in code before hitting Enter it will erase your installation. However it is much more difficult to run virus on Linux because you need to run a script from bash unlike Windows which most of the viruses are executables just with double click. It is less likely that no-root user will run some fishy script from Web because that requires some proficiency in computer related stuff.

 

[ItsTheShitt]

Isn't this the same for linux?

But couldn't a linux user fuck up things with malware without root access?

No but they could use some root exploit if its an ancient kernel

 

[AmpleApricots]

That doesn't really matter though. Your user account is going to have write access to all the data you actually care about. A virus on Linux would still be disastrous for you.

Depends how it's set up. My browser is running under a separate user account from my main user account with very limited permissions. Even if the browser process was hijacked somehow, as long as there was no way to also somehow bypass basic user permissions, it wouldn't have access to anything important or able to do much damage. Linux also has different MAC (mandatory access control) schemes supported by the kernel where you can decide in a fine-grained way what a process is exactly allowed to access and do. For example, you can allow the browser process to access ~/downloads but not ~/important_documents, and also with most of the schemes you could only allow the browser to write files to ~/downloads but not read already existing files. I don't know if Windows has something similar. Different user accounts for different processes and MAC is basically Androids entire security scheme. I don't really know why at least different user accounts aren't heavier utilized to make distros at least somewhat safer by default. It's pretty straightforward to setup, doesn't require much overhead (MAC does cause some overhead) and Linux and a lot of software running on Linux was literally made to support it.

If you setup a security scheme, it makes no sense to try to protect against an attacker with unlimited resources and unlimited time. Think about what's most likely to hit you. If you aren't uncovering corruption in your government and are just your average slob, it's probably malicious websites or that game you pirated.

The big problem nowadays are attacks bypassing everything and directly targeting hardware bugs, these are really rare in practice though.

Linux due to open source and thousands of people writing the code is less vulnerable for attacks because any flaws or holes in system can be fixed in no time.

You'd think so, but people find random safety-critical bugs in open source software all the time. Bugs that often have been there for years because nobody noticed. Like that sudo thing that would just give anyone root. Oops! There's way too much code and way too few people vetting it. Software complexity these days doesn't help. Open Source is not inherently safer because it's open source.

 

[Ira the Weatherman]

Do people even get viruses anymore? 90% of people online spent 90% of their time on like four to five different 'sites' tops, and usually via the medium of mobile app rather than pc browser. The few that actually do still surf the series of tubes known as the are either techsavvy enough to have ad- and script-blockers enabled (moreso because of overbearing corporate spyware than anything else); or are boomerish enough to be using that same corporate spyware in undiluted form, which means clicking on no-no links isn't even within the realm of possibility.

 

[ItsTheShitt]

Depends how it's set up. My browser is running under a separate user account from my main user account with very limited permissions. Even if the browser process was hijacked somehow, as long as there was no way to also somehow bypass basic user permissions, it wouldn't have access to anything important or able to do much damage. Linux also has different MAC (mandatory access control) schemes supported by the kernel where you can decide in a fine-grained way what a process is exactly allowed to access and do. For example, you can allow the browser process to access ~/downloads but not ~/important_documents, and also with most of the schemes you could only allow the browser to write files to ~/downloads but not read already existing files. I don't know if Windows has something similar. Different user accounts for different processes and MAC is basically Androids entire security scheme. I don't really know why at least different user accounts aren't heavier utilized to make distros at least somewhat safer by default. It's pretty straightforward to setup, doesn't require much overhead (MAC does cause some overhead) and Linux and a lot of software running on Linux was literally made to support it.

If you setup a security scheme, it makes no sense to try to protect against an attacker with unlimited resources and unlimited time. Think about what's most likely to hit you. If you aren't uncovering corruption in your government and are just your average slob, it's probably malicious websites or that game you pirated.

The big problem nowadays are attacks bypassing everything and directly targeting hardware bugs, these are really rare in practice though.


You'd think so, but people find random safety-critical bugs in open source software all the time. Bugs that often have been there for years because nobody noticed. Like that sudo thing that would just give anyone root. Oops! There's way too much code and way too few people vetting it. Software complexity these days doesn't help. Open Source is not inherently safer because it's open source.

Do you use sudo for that?
Anyway Windows doesn't have MAC or anything like MAC because
a) Windows is not designed for security and its rather designed as a moneyfarm and resource intensive OS
b) normies wouldnt figure out how to use it

 

[Pee Cola]

Anti-Virus programs still have their place, especially when sharing a computer with one of more users whose common sense isn't as well developed as yours.

Windows Defender + MalwareBytes + a decent ad blocker will work in many use cases. However, if you're dealing with other users that are especially retarded (or you're especially paranoid), stump up the dough and buy an ESET license. With "free" anti-virus programs, you get what you pay for.

 

[Dark Edea]

i use AVG.

give me the dumb rating.

I have had AVG delete system and bork the OS on two separate occasions. And once AVG went on a tour of my My Documents folder and randomly deleted things.

Wait for Christmas and grab MalwareBytes when they have their lifetime licenses available. Assuming they still do that. But do not use AVG.

 

[PetrifiedTom]

I have bought recently Bitdefender and I am glad I made this move because it has found several trojans on my PC which were slowing him down. Windows Defender didn't find anything.

 

[Overly Serious]

Is that user/root stuff much different to windows regular account vs admin?

Yes. I'll give a couple of differences, one subtle and technical, one a blatant difference in usage.

So for the first, root is a literal single user account in Linux. It has a specific user ID that is always 0 (and in fact that's even hard-coded into the kernel where tests will be if uid == 0 { blah }. You can be any user on the system but if you switch to root you're all indistinguishable. On Windows, Administrator access is a role granted to a user. And it can be more nuanced because Windows has a better ACL system than Linux (that's Access Control List which is basically who can do what to which). Anyway, the upshot of all this is that Linux is filled with hacks like sudo (a hatchet job that lets you run something as root when you're not) to try and let people have the access they need whilst not letting them be actual root user, you can't distinguish one root user from another because it's all just this one magic account, root is required by all sorts of things that wouldn't need it in a more nuanced system. And things like that. It's not going to affect you as a daily user but underneath Windows Administrator access and Linux root are different things. It can really show up in things like remote file systems or access where the Windows account is still a real account (and may not even be local) but root is this "I am user 0!" thing.

What will affect your day to day life in the differences is how often you have to use them. How often do I need to grant administrator access on my Windows 10 box? Maybe a couple of times a month - basically when I'm installing new software for the first time or editing something low level like a Group Policy. When I get a request for Administrator access on Windows - I notice. Now lets bop on over to one of my GNU/Linux boxes, say Ubuntu. Pretty much every day, I have to enter my password to grant privileged access to the package updater so it can run and update everything installed. Pretty much every time after I log in I have to enter my password again to "unlock your security ring". I want to start a VPN, I run sudo to switch to root. My GNU/Linux box has got me granting root permissions so frequently I barely read the pop-up box anymore. Does my Windows box do this less often because it's less secure and doesn't require as strong security? No - it doesn't do it because it has more nuanced permissions. The Windows update process is its own "user" with access just to the things it needs. Ditto other things.

Does this matter that root account in Linux is used so much more than Administrator privileges in Windows? Beyond it simply being irritating? I mean... yes. I could write a bash script in 5 minutes that popped up a request for root access and then trashed your system and if the dialogue had "Software Updater" at the top half the people who saw it would be entering their password before they'd read it. But couldn't I write a script that did the same in Powershell? Actually no - because Windows would say "this script is unsigned" because Windows fucking checks scripts you download for a fucking verified signature! Sorry - getting off topic.

Point is, Windows used to be crappy and lack security because it didn't have the Unix model of requiring root account access for important stuff. Then Windows Vista came along and then Windows was crappy because it DID have that model (kind of) but it asked you about it for every thing all the time because developers and the system hadn't matured to have better role breakdowns yet. Then Windows 7, 8 and 10 have come along and with each iteration it's gone beyond Linux's outdated model and it's horrible bolt-on ACLs.

The problem with Linux is that it got their first and was successful. Windows started crap and ironically that enabled it to evolve further. Here is how permissions work in Linux:

-/rw-/r--/--- That's a file or directory. There's three groups for owner, group and everyone. Within each group you'll see three spaces. The r is read, the w is write and the one I haven't shown is x which sometimes means executable and sometimes means directory access. There's a little bit more to it but that's the gist. In the above, the owner can read and write to the file, the group the owner belongs to (yes, group singular) can read only. And everyone else can neither read nor write to the file. Much nuance, so amaze! To deal with this staggeringly simple model, Linux has a whole load of bolt on stuff including the unfathomable SE Linux extensions. Any Linux sysadmin who hasn't lost at least a morning facing an inexplicable access problem that turned out to be SE Linux is lying or new to the job.

So, read, write and execute. Lets look at the sample list of permissions I see in Windows ACL:

ListDirectory
ReadData
WriteData
CreateFiles
CreateDirectories
AppendData
ReadExtendedAttributes
WriteExtendedAttributes
Traverse
ExecuteFile
DeleteSubdirectoriesAndFiles
ReadAttributes
WriteAttributes
Write
Delete
ReadPermissions
Read
ReadAndExecute
Modify
ChangePermissions
TakeOwnership
Synchronize
FullControl

I mean, Synchronize. Fucking Synchronize. And lets look how they are applied! Keep in mind Linux has its little one owner, one group, everyone else model. Here's a Windows ACL:

Path   : Microsoft.PowerShell.Core\FileSystem::C:\sharestuff
Owner  : BUILTIN\Administrators
Group  : NT AUTHORITY\SYSTEM
Access : Everyone Allow  ReadAndExecute, Synchronize
         CREATOR OWNER Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Users Allow  Write, ReadAndExecute, Synchronize
Audit  :

Looks a little bit more sophisticated than -/rw-/r--/--- doesn't it? Oh, got to love that audit log where you can instruct at the OS level what actions on the file or directory trigger auditing.

I've written far, far more than I intended to just to answer a simple question about whether root and "Administrator" are basically the same thing but once you start looking at how much better the security model is on Windows compared to Linux, it's hard to stop. Linux has some equivalents to this stuff but they're all hack jobs built onto the side of it. The thing with ACLs on Windows is that they are easy. Easy to check, easy to configure. Okay, not easy to know what you should be doing with them but that's something that you are Joe User don't have to worry about - people far more experiences in this stuff are using them on your behalf.

*phew* Can't believe I wrote all that!

Linux due to open source and thousands of people writing the code is less vulnerable for attacks because any flaws or holes in system can be fixed in no time.

"fixed in no time" Ah-ha-ha! The "thousand eyes" theory has been found to be false. Last time I checked (admittedly some years back) outstanding CVEs were about the same on both Windows and most Linux distributions.

Depends how it's set up. My browser is running under a separate user account from my main user account with very limited permissions. Even if the browser process was hijacked somehow, as long as there was no way to also somehow bypass basic user permissions, it wouldn't have access to anything important or able to do much damage. Linux also has different MAC (mandatory access control) schemes supported by the kernel where you can decide in a fine-grained way what a process is exactly allowed to access and do. For example, you can allow the browser process to access ~/downloads but not ~/important_documents, and also with most of the schemes you could only allow the browser to write files to ~/downloads but not read already existing files. I don't know if Windows has something similar. Different user accounts for different processes and MAC is basically Androids entire security scheme. I don't really know why at least different user accounts aren't heavier utilized to make distros at least somewhat safer by default. It's pretty straightforward to setup, doesn't require much overhead (MAC does cause some overhead) and Linux and a lot of software running on Linux was literally made to support it.

If you setup a security scheme, it makes no sense to try to protect against an attacker with unlimited resources and unlimited time. Think about what's most likely to hit you. If you aren't uncovering corruption in your government and are just your average slob, it's probably malicious websites or that game you pirated.

The big problem nowadays are attacks bypassing everything and directly targeting hardware bugs, these are really rare in practice though.


You'd think so, but people find random safety-critical bugs in open source software all the time. Bugs that often have been there for years because nobody noticed. Like that sudo thing that would just give anyone root. Oops! There's way too much code and way too few people vetting it. Software complexity these days doesn't help. Open Source is not inherently safer because it's open source.

Excellent post. But I will quibble on one point. Open Source is inherently safer in one way. It is better guarded against deliberate malicious action by the vendor. A version of Windows shipped years ago with debug flags included and there was a whole bunch of ones that looked very, very like they were for code written for the NSA. It's next to impossible to know what deliberate spyware is included in Windows on the behalf of the Five Eyes. So for security against State Actors or if you don't trust the vendor for other reasons, Open Source is more secure. There could still be exploits hidden in there (didn't NSA deliberately introduce weaknesses into an RSA algorithm?) but they're taking a far greater risk of discovery or exploit by their rivals which provides strong disincentives. I think Windows is better, but the revolution will be powered by Linux.

Oh, btw. You can run your browser as a different user in Windows if you want. I've never heard of anyone doing it. Frankly, I'd never heard of anyone doing it on GNU/Linux either until you posted that. My first instinct was to say it wouldn't be practical the first time ou wanted to save a picture but then you followed it up immediately with an example of your "~/downloads" folder permissions so kudos to you. Despite everything I've written above I'm actually not a massive expert on security so if you disagree with me on anything I wrote above, I'd be fascinated to hear it.

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

I have bought recently Bitdefender and I am glad I made this move because it has found several trojans on my PC which were slowing him down. Windows Defender didn't find anything.

On this topic, the excellent Kaspersky has a tool that you can download for free to use for a one-off scan. ESET, which is another great choice, does something similar, though I haven't tried it.

Worth giving these a shot even if you don't run antivirus software all the time.

 

[Pee Cola]

On this topic, the excellent Kaspersky has a tool that you can download for free to use for a one-off scan. ESET, which is another great choice, does something similar, though I haven't tried it.

Worth giving these a shot even if you don't run antivirus software all the time.

Kaspersky would be my second choice after ESET.

I've used the Kaspersky one-off scan tool and agree that it's a good thing. Apparently there's a "free" version of Kaspersky, but I'm wary of any free anti-virus software, even if it's from a reputable vendor such as Kaspersky or BitDefender (probably my third choice after ESET and Kaspersky).

 

[Aidan]

Somewhat related, how do Linux users avoid viruses, given you have various distros and it's not as widely used,

They don't download stuff off of unofficial websites, mostly. The vast majority of software you use on any distro will come from a software repository and it's a lot harder to throw malware in there and keep it there for any amount of time.
The above generally applies to macs as well.

...I doubt you can have Norton, Avast, Kaspersky, etc all running on your PC. Or do they run fine?

I think some of the antivirus companies have Linux versions but I've never met anyone who uses them.

know people say Linux is safer becuase less people use it, therefore less people make viruses for it, but all you need is a few guys who figure linux is a valid target.

Small marketshare, fewer worthwhile targets, the targets that do exist can be nuanced in a lot of ways requiring further considerations of malware dev if you're trying to steal data at rest.
And again people aren't really downloading random stuff. It's rare you have to go online to find actual software to use that isn't in a repo and if that's the case, use an arch-based distro instead of a web browser.

Do linux users just assume they won't get infected?

Yeah.

I'd wager most malware for *nix is corporate or state-sponsored. It's not that Linux is hard to make malware for, it's just for someone trying to steal data it's a lot of work for far less return than Windows which has a larger marketshare and a lot of technically illiterate users who are easy prey and often run anything as admin that asks.

Windows 10 isn't insecure but people are dumb and will ignore all the warnings so that whatever they're doing will "just work".

 

[cecograph]

FWIW @AmpleApricots, I looked into network namespaces following your advice. I'm now set up with one that sees my regular network interface, one that sees the VPN, and a default one that sees nothing but a loopback interface. I assumed this set up would get in the way and piss me off pretty quickly, but I've been happy with it.

Do you or @Overly Serious have any opinions on firejail?

 

[L50LasPak]

Stock Windows Defender has always worked great for me. I never found a free anti-malware program I liked, but then again I also haven't needed an anti-malware program ever since I started using adblockers. Its really amazing just how much shit that tries to fuck with your computer comes out of ads and badly scripted pages.