None, because they typicially open up a larger attack surface than the system would have without them. It's been like that for a while now. For references, I'd recommend this article from Ars Technica, who reference some very knowledgeable people (including Chrome's Security Chief at the time).
There was a time when AV software was useful. We're a decade past that, the world has changed, software has changed, defenses have changed, and AV software did not keep up.
None. I won't install something that checks the whole system, but maybe a tool something that checks installed packages or container images against some known cve database and alerts me if it has findings.
On my debian server, I have trivy to scan containers and I use clamav to scan files now and again but clamav uses up a lot of ram and its not a mailserver so I'm planning on uninstalling it.
On desktops I use virus total to scan PDFs or small files and stick to foss software
What would you run an antivirus for? I trust the software I out on my servers, if I didn't I wouldn't be installing it or at the very least would put it in a VM.
I have real security boundaries in place, no need for useless scareware.
In my competitive industry I often have to install half baked software often written without security in mind and written by folks from all over the world that I've never met
Nothing gives white knuckles like piping a curl output to bash because your boss says to try out a program their friend found and you don't have time to audit anything.
Though your point still holds. If you are careful you can do this with relative safety in Linux. Windows makes it harder tho
I just use disposable VMs or containers for that stuff, with limited network access. I'd always rather have a real security boundary than databases and heuristics.
Shadow
in reply to Numeral3 • • •like this
catloaf likes this.
lefaucet
in reply to Shadow • • •My antivirus for Linux is a policy of not executing things as root and installing things via safe channels when possible.
If I'm setting up a server or other untrusted service, I create a user specifically for it that has very limited permissions.
This makes it so that when something is compromised it is still trapped in a box and can't spread.
algernon
in reply to Numeral3 • • •None, because they typicially open up a larger attack surface than the system would have without them. It's been like that for a while now. For references, I'd recommend this article from Ars Technica, who reference some very knowledgeable people (including Chrome's Security Chief at the time).
There was a time when AV software was useful. We're a decade past that, the world has changed, software has changed, defenses have changed, and AV software did not keep up.
It might be time to stop using antivirus
Sebastian Anthony (Ars Technica)tofuwabohu
in reply to Numeral3 • • •JoeKrogan
in reply to Numeral3 • • •On my debian server, I have trivy to scan containers and I use clamav to scan files now and again but clamav uses up a lot of ram and its not a mailserver so I'm planning on uninstalling it.
On desktops I use virus total to scan PDFs or small files and stick to foss software
Max-P
in reply to Numeral3 • • •What would you run an antivirus for? I trust the software I out on my servers, if I didn't I wouldn't be installing it or at the very least would put it in a VM.
I have real security boundaries in place, no need for useless scareware.
lefaucet
in reply to Max-P • • •In my competitive industry I often have to install half baked software often written without security in mind and written by folks from all over the world that I've never met
Nothing gives white knuckles like piping a curl output to bash because your boss says to try out a program their friend found and you don't have time to audit anything.
Though your point still holds. If you are careful you can do this with relative safety in Linux. Windows makes it harder tho
Max-P
in reply to lefaucet • • •Matt
in reply to Numeral3 • • •slacktoid
in reply to Numeral3 • • •Sorry had to DQ the article cause of that
/s
Ⓜ3️⃣3️⃣ 🌌
in reply to Numeral3 • •homelab reshared this.