Looking for antivirus software - preferably free

[justamel]

I have tried searching on this forum site and can't find any results. I know the "skuttlebutt" used to be that Linux systems were "immune" to these problems, but that is not the case in this day. So, can someone give me some accurate info.?? Lots of info. from plain web search but I certainly don't know which of this info. is trustworthy.

[mikewalsh]

Hallo, justamel. to the "kennels".

I appreciate where you're coming from. There has been a lot of stuff in the media about Linux 'malware' recently.

The fact remains, however, that the best protection for Linux still boils down to 3 things:-

• Robust permissions.

• Ensuring your firewall is set-up correctly, and is activated.

• Not doing stupid shit online.....and exercising a modicum of common sense.

Unfortunately, many of the recently reported exploits are aimed directly at the kernel itself.....and no amount of AV/anti-malware software can help you here, since it cannot, by its very nature, touch "kernel-space". It's not allowed to.

The best protection for that is to keep your kernel up-to-date.....and the Linux kernel team are very much on-the-ball with all that stuff. Patches are usually released within 24 hrs, sometimes sooner.

-------------------------------

Running Puppy, you have additional protections, due to Pup's unique method of operation. Running in RAM as it does for the duration of the session confers some unique abilities.

"Mainstream" distros all save stuff back to your hard-drive immediately. Puppy saves configuration changes & newly-installed stuff back to what is known as a 'save-file;, which is 'layered into' Puppy's union aufs file-system at boot. You can set this to save at regular intervals.....or you can set this up so it only saves when you manually tell it to.

The upshot being that, if you think you've been compromised during a session, for whatever reason, you can choose NOT to save.....and at power-off, the session just disappears into cyberspace. At next boot, you start-off again with a squeaky-clean, brand-new Puppy, loaded-in from read-only files.

You cannot get much more fool-proof than that.

As you can see, for Puppy at least, Linux AV is, at best, completely pointless. At worst, it's a waste of time & resources.....

Mike.

[bigpup]

What specific Puppy version you using???
Is it a 32bit or 64bit version???
How is it installed???
Yes it matters!!!

To really give you a good answer. The answer to the following questions will always help:
viewtopic.php?f=2&t=218

[mikeslr]

As MIke Walsh has indicated, there's not much Puppy can do about exploits which may exist in a kernel. But it's very easy to swap a Puppy's kernel once an exploit has been identified and patched. Keep an eye on those Sections of the Forum dealing with newly published kernels and with security.
Beyond that, it is possible to run an "almost invulnerable Puppy", viewtopic.php?f=151&t=444.
Keep your web-browser up to date. Both Google-Chrome and Mozilla constantly strive/compete to prevent their products from being vectors of malware. If you're not concerned about privacy, don't hesitate to use them. But do keep an eye out for advice regarding addons/extensions which curtain 3rd parties' intrusions into your online activity.
Although these threads are primarily concerned with obtaining web-browsers hardened against such 3rd parties for reasons of privacy, the settings discussed enhance security as a bi-product. viewtopic.php?f=90&t=1491; viewtopic.php?f=90&t=2335. The same principle applies when you choose such privacy oriented web-browsers as Ungoogled-Chromium, dissenter-browser, or even Iron. Examine the various threads under viewforum.php?f=90 for particulars.

[mikeslr]

Separate post because:
(1) The following is so alien to my normal way of thinking that it took awhile to realize that your actual question had not been answered by anyone; and
(2) to remember scanning over answers.

There are antivirus software that work under Linux. They come in two forms. One form is extensions/addons. These are available for any Chromium or mozilla based web-browser. I recognize the names of some publishers, e.g. Kaspersky; avast.
The second form is a standalone application named ClamAV. Perhaps there are others standalone anti-virus applications. I know even less about them than about ClamAV. About which I know only the following: It's free and available under Bionicpup64: Menu>Setup>Puppy Package Manager, type clamav in the search box. It's been around a long time; so without regard to what Puppy you may be running, its likely also available under your Puppy.
Having typed clamav in the Search box, PPM responded with a display of about a dozen files. Among them were the application, itself: with the notation "command-line interface"; a scanner daemon; a graphical front-end; an email plug in; and an update facility.
I don't know what to select in order to obtain a fully functional application. So if you're interested I would suggest that you search for some documentation. Perhaps this, https://www.clamav.net/documents/clam-a ... ser-manual. I would guess that selecting the graphical front-end and setting PPM to "Download all (packages and dependencies)" might be sufficient. But, as I said, that's a guess.
Using Ubuntu's search facility, https://packages.ubuntu.com/ eventually turns up a webpage, https://packages.ubuntu.com/bionic/clamav of all the packages Ubuntu considers either necessary or recommended. Starting with https://pkgs.org/ will ultimately lead to similar pages for other distros.

[justamel]

First I'll say thank you for the replies and then to the items mentioned by "bigpup"

My system is: Presario CQ61 laptop, AMD cpu 2100MHz, 4 GB RAM, 250 GB HD

I have done a Frugal install of Slacko Puppy 6.3.2 (32bit) to a extended partition which has a full install of Xubuntu 10.04 on it. File system: ext4. This is all on the internal HD which has WIN 7 on it as the original system on the primary partition.
-----------------------------------------------

I have been using Windows because it was on the laptop when I bought it used 4 years ago (not into spending big $ ). Haven't had many complaints until recently. I use FireFox browser and installed the Free Avast antivirus. These both are continually "updating" and with the most recent updates my whole system started Freezing Up! Have to pull the power plug and then reconnect to function again.

I did a Windows System Restore (restore points are apparently saved automatically by Windows, although nothing saved since Fall 2019??). So the Restore took my system back to the way it was at that point in time. Things were back to normal and no freezing up, until I made the mistake of allowing the Updates again I did another restore to the same point and as of now the system runs without freezing but FireFox and Avast keep pestering to be updated.

I have never been a Microsoft Windows fan and my first computer was an Atari ST1024 (so long ago I'm not sure that name is exactly right). When Atari basically disappeared I discovered Linux and started putting it onto old salvaged computers. I learned a lot but I have since forgotten most of what I knew, especially about working in command line mode.

I guess the other main item to mention is that my Internet connection is via "tethering" to my cellphone which is Definitely older and most would consider it obsolete because it has very small screen and Android 2.2.2 as the OS - which I can't upgrade. Upshot of this is that my connection is NOT a fast one. (this is to the best of my understanding of this situation where videos are uselessly slow and fragmented).

I would guess this is "just about enough said" at this point and I will have to read over and try to digest the advice/suggestions already given.

[bigpup]

Now that we have some useful information.
I hope you can see, that the complete issue, has totally changed.

you are already trying to use one of the programs that we may have recommended.

Your updates causing freezing.
Not sure about Free Avast antivirus causing this.
Firefox could be updating to the point, it is wanting, newer or different dependency files/programs, than are in Slacko 6.3.2
Slacko 6.3.2 is using a lot of 5 or more years old stuff.
Browsers, are constantly pushing up, their requirements to run.

With the specs of that computer.
It should be able to use the very latest version of Puppy Linux.
Fossapup64 9.5
viewtopic.php?f=146&t=820
Using that version of Puppy, will eliminate having too old versions of support files/programs.
Fossapup64 9.5 is 64bit, but it can run 32bit programs, if you load the fossapup 32bit compatibility sfs (provides needed stuff to run 32bit programs)
If you install Fossapup.
On the desktop is Quickpet icon.
Quickpet provides a lot of programs, most people want, and these are specifically compiled to work in Fossapup64.

[mikewalsh]

@justamel :-

Christ, you're using some out-of-date stuff there.

As bigpup says, 6.3.2 is the best part of 5 years old. Your Xubuntu is even worse; 10.04 came out in April 2010, and went end-of-life (no support after that point) 3 years later, in March 2013. So it's been getting no support for almost 8 years....

I, too, would recommend something a bit newer. If Fossapup will run on it, I'd go for it. However, looking a bit more closely at that M120 Sempron's specs.... Bigpup, that is very close in performance to the original Athlon64 single-core I had when I first moved to Puppy. Yes, it's 64-bit architecture, but it's early 64-bit technology. The only extras it's got over the Athlon is virtualization tech & SSE4a's.....I dunno. Might be OK, but performance won't be sparkling. Even the later dual-core Athlon I swapped to struggled with Bionicpup, and to some extent Xenialpup too....

Xenialpup64 might be the best recommendation for this laptop, I think. I won't recommend further back than that; Tahr64 is struggling with a lot of things now. Xenialpup64 is still a good daily driver, and will run most things OOTB.

If you want to stick with 32-bit, go for 32-bit Xenialpup 7.5. I'm posting from it right now, and everything I need runs fine.

(The above are direct ISO links, BTW).

If you really MUST have AV, I put together packages for Comodo's AV for Linux, a while back. It's still current; Comodo don't regularly update the Linux AV itself, just the signatures (several times a day.....)

Your choice.

Mike.

[bigpup]

You never really know till you try.

[mikeslr]

Just a thought. Because of the way I run Puppyes, I don't worry about malware. But, consider this when transferring something you downloaded under Linux to a Windows system. First transfer them to a USB-Stick. Then let windows run a virus scan when you plug in the USB-Stick.

[mikeslr]

Hi again, justamel.
Edit: Mike Walsh corrected by misunderstanding on the other thread. He has upgraded the chrooted OS from tahrpup to xenialpup.

Your question coming in close proximity to Mike Walsh publication of a new Iron web-browser running in a chroot environment, got me wondering. My exploration is reported here, viewtopic.php?p=19808#p19808.
Frankly, I lack a great deal of knowledge about the chroot device. But my layman's take on that post is that the Iron web-browser is essentially running in tahrpup under the control of Xenialpup.
Tahrpup' is created in RAM by copying files from the READ-ONLY SFS into RAM. Although the Iron web-browser functions normally, nothing it can do can escape from 'tahrpup'. Those things you download, and any malware which might be downloaded without your knowledge, are in 'tahrpup'. You can use your file-manager under xenialpup to access specific files in 'tahrpup' and move them. When you shut-down/reboot whatever remains in RAM will evaporate. And the next time you SFS-Load (on the fly or automatically at bootup) only the READ-ONLY files in the SFS will exist to be copied into RAM.

[justamel]

Again thank you for the replies and suggestions, and again I will have to consider these.

Regarding the outdated versions of Linux, I got Xubuntu and Puppy Linux 5.0.1 plus some other light weight distros. Slax 6.1.2, Crunchbang 9.04, and DSL 4.4.10 all from OSDisc.com. This was way back in 2010 and was the most convenient way to get some distros to explore.
Later on when I had a moderately fast connection I downloaded the ISO for Slacko Puppy 6.3.2, and had it plus Crunchbang on another older C. Presario laptop.

When I recently decided to see about getting away from Windows I tried to download newer version of Xubuntu and it was going to take 7hrs. to do this. As I mentioned my present connection is Slow and that is why I have been using Slacko Puppy 6.3.2 for now.

Last thing, I have played around with Linux a fair amount as mentioned above but I am NOT very well informed on some of the things mentioned so will have to re-learn a bit.

Just one more item maybe of interest to you guys. When I first started into Linux it was with 3.5" floppy disks and "Tom's Rootboot" and other distros. of the day.

[user1111]

Running Puppy, you have additional protections, due to Pup's unique method of operation. Running in RAM as it does for the duration of the session confers some unique abilities.

"Mainstream" distros all save stuff back to your hard-drive immediately. Puppy saves configuration changes & newly-installed stuff back to what is known as a 'save-file;, which is 'layered into' Puppy's union aufs file-system at boot. You can set this to save at regular intervals.....or you can set this up so it only saves when you manually tell it to.

The upshot being that, if you think you've been compromised during a session, for whatever reason, you can choose NOT to save.....and at power-off, the session just disappears into cyberspace. At next boot, you start-off again with a squeaky-clean, brand-new Puppy, loaded-in from read-only files.

You cannot get much more fool-proof than that.

Excepting of course that whilst compromised all sorts of things might have occurred : Other LAN systems penetrated, userids and passwords recorded (such as ssh keys that then provides open access into other systems), router access id/password recorded or router configuration changed, boot sector modified - perhaps such that the next boot has puppy being loaded as a sub-system by a invisible control system ...etc. etc.

Think of a security bug as potentially being a simple initial process achieved via a program/software bug (of which there are likely very many) that sends a 'hello, I'm in, what should I run/do' message to a hackers server. Being local originated that (and any 'response') traverses through firewall freely. When automated that looping program may quickly focus in on weaknesses, and perhaps in seconds identified and achieved much, especially if already running a root. Even if not initially running a root it can be very quick/easy to elevate to root, especially within Puppy systems such as when otherwise running as userid spot, as for instance that's still sharing the same X server and might see/run commands/actions via that in order to gain a root level cli/permissions.

Better to restrict things. Keep data separate or at least incremental backups. Run internet facing activities in a manner that assumes that has been compromised and consider what damage that may have done/achieved. Personally I run puppy (Fatdog in my case) within a very contained sub-system where root is root in name only, just a highly restricted userid, such that even gaining access to root ... isn't. And where that runs under a different X server and has no access to disks/data or other devices such as the router. Like with booting/using and shutting down without saving - that works the same, a clean/same start each time, but without the boot delays i.e. its just a container shutdown and start action which takes just a second or so.

[Grey]

rufwoof, your advice is generally correct. But tell us honestly, how many percent of Puppy users do you think care about security, and how many percent of users use Puppy as is and don't care? Is this a terrible ratio or is it not so bad?

[mikewalsh]

@Grey :-

I know Ruffers has reason enough for his actions, even though some may consider those actions extreme. I won't be crass enough to mention those reasons in open forum, but trust me; they're good ones.

Mike.

[Grey]

even though some may consider those actions extreme

No no. I respect extreme people. Everyone has their own motives or is forced to respond to the actions of the environment. I just wanted to know the opinion.