Debian User Forums

Can anyone suggest a battle-tested, either paid or open source, GUI-based application or suite that protects against and removes viruses, malware and ransomware.

It should not be bloated and be something known to run on Debian Bookworm. I don't need real-time protection as I only run trusted code.

I'm not even sure such an application exists. Sophos used to have something, but they seem to be focusing on other platforms these days.

I have ClamAV and ClamTK. ClamAV but I get a lot of false positives with PUA enabled.

As an aside, it is pretty hard to continue with the line of someone like DistroTube that says Linux is not affected, when even sharing an infected FAT32 or EXFAT USB key can easily get a worm on Linux that was designed to target Windows users. Would that worm be active on Debian? Would a Ransomware email still do it's work on Linux? Since Linux is slowly growing in adoption, there must be a point where the ramsomware scripters decide to move their attentions to Linux.

Any advice is gratefully accepted.

Because the of Unix philosophy of "do one thing and do it well", you're going to be hard pressed to find any monolithic program that aggregates all of these functions into one place. The good news is the individual atomized security programs that do exist for Linux are mostly set-and-forget, only notifying when something needs attention.

I don't need real-time protection as I only run trusted code.

Do you disallow the execution of javascript in your browser? If you're using something like uBlock Origin, NoScript or uMatrix, it is possible to do while only making exceptions for certain javascript.

it is pretty hard to continue with the line of someone like DistroTube that says Linux is not affected ... Since Linux is slowly growing in adoption, there must be a point where the ramsomware scripters decide to move their attentions to Linux.

Linux is a target and has been for many years, but rather in the server role. But a more attractive target these days is the web browser, since it doesn't matter so much whether the target is running Linux or Windows or Mac. If the browser can be exploited, it is likelier to affect all platforms. This alone makes me consider it worthwhile to have a robust firewall and active malware scanning ( + web blockers like mentioned above), at the very least.

even sharing an infected FAT32 or EXFAT USB key can easily get a worm on Linux that was designed to target Windows users. Would that worm be active on Debian?

That depends on a number of factors. Is the target Linux environment equipped with something like WINE to execute Windows binaries? Is said worm written to attack USB controllers at the firmware level, rather than the OS? Is USB autorun enabled in the desktop environment?

Can anyone suggest a battle-tested, either paid or open source, GUI-based application or suite that protects against and removes viruses, malware and ransomware.

(Strikethrough mine) There are many awesome security tools packaged for Debian, but you may need to warm up to the idea of terminal programs to get the most out of them. Just have a look through the security tag category in your package manager. Here are some of my recommendations:

• rkhunter - In addition to checking for known rootkits, it also takes a state of your installed packages to compare for suspicious changes.
• opensnitch - An outbound application-aware intercepting firewall that denies network traffic from any application unless you authorize it.
• apparmor - Enabled by default since Debian Stretch, although additional application profiles are available through apparmore-profiles. It is also possible to create your own confinement profiles.
• tripwire - File integrity system that alerts you to changes in your file system. Check and update the tripwire database after each apt upgrade, if you decide to use this.
• dnsmasq - Can take blocklist files much like how adblockers do, and is also a cleaner and more efficient way of blocking domains than using the hosts file.

Welcome to the Achilles heel of Desktop Linux especially for retail users. Lack of a capable security suite. In this case Windows and Mac OSX are truly superior.

DebianFox wrote: 2024-11-11 09:14 Welcome to the Achilles heel of Desktop Linux especially for retail users. Lack of a capable security suite.

Enterprise/server antivirus is available from various companies.

DebianFox wrote: 2024-11-11 09:14 In this case Windows and Mac OSX are truly superior.

That's why we spend so much time on this forum dealing with malware, Trojans, viruses, ransomware and worms. </sarcasm>

DebianFox wrote: 2024-11-11 09:14 Welcome to the Achilles heel of Desktop Linux especially for retail users. Lack of a capable security suite. In this case Windows and Mac OSX are truly superior.

This made my day :)
(but some may not appreciate the sarcasm!)

This topic comes up occasionally when certain posters wear their tinfoil hats too tightly. I don't recall ever seeing anyone post "OMG I have a Linux virus on my system"!
I've been using Linux on home desktop and laptop for over 20 years without panicking about security, or any "security suite" on default install. No malware ever. For servers it's a bit more important, particularly an email server with Windows clients.

distro-nix wrote: 2024-11-10 03:18 Can anyone suggest a battle-tested, either paid or open source, GUI-based application or suite that protects against and removes viruses, malware and ransomware.
*snip*
Would a Ransomware email still do it's work on Linux? Since Linux is slowly growing in adoption, there must be a point where the ramsomware scripters decide to move their attentions to Linux.

Any advice is gratefully accepted.

The index finger of your right hand.
Learn to control it instead of focusing on what to do after it gets jiggy.

Seriously.

Great advice!

You don't need that kind of bullshit/snake oil on any Linux system. That's why it does not exist.

rolf3945 wrote: 2025-01-05 22:48 You don't need that kind of bullshit/snake oil on any Linux system. That's why it does not exist.

This post should be supplemented with links about fine-tuning Debian, in a concise manner.

There's a wide variety of efforts to exploit people using technology that Gnu/Linux users have no defense against in 2025 actually.

It's one of the contemporary focal points of modern efforts to secure our systems.

There is an intersection for example, with the insecurity of other operating systems, when it comes to web service providers, and our interactions with web service providers, who use their systems to exploit people, irrespective to their choice of operating system, or local security software.