Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
What's the AV situation like with Linux (particularly Mint)? I'm not a super hacker and due to my proclivity for pirated games I'd appreciate something to check for malware with. AFAICT Mint doesn't come with one, although I could be missing something.
@gattsuru you've been quite helpful so far, so I figure I'll ping you in particular. Sorry about all these questions.
Late to the party, but as others have said, ClamAV is usually the go-to for Linux antivirus. It's got its limits -- a lot of its use case is for blocking viruses for windows from passing through Linux servers, especially email servers -- but it's pretty reasonable.
rkhunter can be useful in a forensic context or for particularly suspicious situations, but it's not really meant as a day-to-day antivirus. Uploading to VirusTotal for scanning can rarely be useful, though probably not relevant for yarhar'd video games if only due to file size concerns.
Mint does not natively come with a virus scanner, though it should have ClamAV in the app library and from apt-get. I've got mixed feelings about that: a lot of people do run without any and are fine, but the sort of person that needs it most is going to be least likely to install it.
More options
Context Copy link
It’s a joke. You don’t need AV for Linux. However, an RMM tool or an EDR agent might be worthwhile but those have a minimum license count and aren’t individually sold. Wazuh/OSSEC “EDR” has some function.
I can accept that for normal use. Pirated software is a specifically-risky case, because you're running binaries with elevated permissions that have come from less-than-trustworthy sources (and sure, I avoid third-party installers because that's the obvious trap, but faking a trusted signature on an installer isn't TTBOMK impossible).
Any way you can get hashes for the legit versions of the binaries to compare? Sometimes they’re even signed.
Unfortunately, in many cases the 'legit' version of pirated software will have executables that are modified from their original legal version, either to bypass DRM or for other varying reasons... and this happens at the same stage that it's easiest to inject malicious software.
I mean, in a lot of pirated games the installer is the official, signed one and then you just replace files in the runtime, and those are substantially less dangerous because unless they've faked the signature then you're not running untrusted executables with elevated permissions.
A lot of others don't modify the executables at all; they just have stuff to fake the DRM checks, whether that be CD keys, disc images, or occasional actual utilities like YASU. Specific keygens are the same threat as above (unless they ask for admin access, which is a big red flag); mere listed keys or disc images are less dangerous again, and general-purpose utilities like YASU are typically too big a deal to be malware.
Third-party installers typically get a "hahaha, nice try" from me, because yeah, you're handing over admin permissions to a file that might just be ransomware for all you know. I think I've actually run like one of these (after a virus scan came back clean, and after great effort to find a less-sketchy pirate version), and while nothing bad happened AFAIK I still think it was a dumb decision. If a pirate site offers one of these (or a third-party "downloader" executable), just keep looking; there's little reason to do it if the pirate's legit and lots of reason if he's a black-hat.
Hm. If a particular pirate website has been active for a decade or more and consistent with their methods, do you think they're still untrustworthy?
A lot of pirate websites are more like warehouses than brands; people upload stuff (or link to stuff uploaded elsewhere, in the cyberlocker model) but it's not always the same people. There are specific pirate circles with reputations, but there are so many of them that it's tricky to keep track, and unless they use cryptographic signatures (and you have the tools to check them; not like the usual trust authorities are going to help) somebody could just be impersonating them.
Also, "SEO piracy and then use malware on noob pirates" doesn't strike me as the sort of business model that ages all that badly. Sure, you only get noobs, but there's an endless supply of those because piracy isn't exactly the sort of thing that everyone gets taught how to do by Trusted Sources*, and you're not really fighting the search engines (not to the extent that most scammers are, at least) because they typically try to hide both real and scam pirates. Obviously, you're running a criminal enterprise, but there are a bunch of countries where the government quietly tolerates that sort as long as they're mostly hitting foreigners (where do you think all the "your computer is infected with 50 viruses!" scam phone calls come from?).
*I'm reminded of this quote from an article on LW:
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
ClamAV is quite good, I've been using the Windows frontend ClamWin for over a decade now. I believe Trellix also has an AV product for Linux, though it may be more along the lines of enterprise endpoint protection than no-frills AV. There's also libredefender, though it seems like it's basically a frontend for ClamAV and I have some concerns about their ChatGPT/Copilot usage.
What is libredefender's ChatGPT/Copilot usage? I saw a ChatGPT conversation as a joke on their front page, but I can't find any articles about it.
Call me a Luddite but the ChatGPT joke in their readme is a red flag that they use it at all, and my limited experience with Rust is that it's a very verbose and dense language when written by humans. I can't satisfactorily convince myself that their code isn't LLM generated. That's all.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link