Well, this is interesting. Kaspersky have released KVRT (Kaspersky Virus Removal Tool), which is free to use to scan your systems for issues.
This is not an active virus scanner, it doesn't constantly run on your system. Only when you load it and tell it to scan. It also doesn't auto-update, you need to go and download it fresh from their website each time. Still, it's interesting to see such a big name jump into something like this for Linux don't you think? They say it can "detect both malware and adware, as well as legitimate programs that can be used for attacks".
It may look like a Windows application but that really is on Linux.
As they said in their blog post announcement:
Modern-day cybercriminals aren’t ignoring Linux-based operating systems. Recently, we published a series of posts about malicious code in the open source set of utilities XZ Utils, which managed to find its way into several popular Linux builds; wrote about a Linux implant for the DinodasRAT malware — also known as XDealer; and warned about a backdoor in the Trojanized version of Free Download Manager. Despite all this, the myth that Linux is mostly immune to cyberthreats persists: companies rarely devote funds to protecting machines running this operating system. Therefore, we’ve released a dedicated free product that allows you to check Linux computers for modern threats — Kaspersky Virus Removal Tool (KVRT) for Linux.
What are your thoughts on this, and what do you use on your Linux desktop to keep it secure? Maybe it's time to give over some suggestions in the comments on that.
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
The comments on this article are closed.
Kind of expected that the only apology of Kaspersky in the comments is literally "USA bad".
Kaspersky (the man) himself is a KGB-school graduate and for YEARS held the most idiotic positions publicly. Such as destroying any vestages of anonymity on the internet, for example. He argued that everyone should be represented by their formal government-issued identification on the web. So, nicknames and silly avatars should be banned, essentially. In Soviet Russia, the internet connects to YOU!
He loved to applaud any soviet-style initiatives of the current government and jumped through multiple hoops to signal how he loves the Party and the president.
Then they had some switcheroo with his ex-wife in the CEO seat, tried some damage control, smoke and mirrors tactics, but I won't believe anything. This company is rotten and was that way from the start.
Kaspersky (the man) himself is a KGB-school graduate and for YEARS held the most idiotic positions publicly. Such as destroying any vestages of anonymity on the internet, for example. He argued that everyone should be represented by their formal government-issued identification on the web. So, nicknames and silly avatars should be banned, essentially. In Soviet Russia, the internet connects to YOU!
He loved to applaud any soviet-style initiatives of the current government and jumped through multiple hoops to signal how he loves the Party and the president.
Then they had some switcheroo with his ex-wife in the CEO seat, tried some damage control, smoke and mirrors tactics, but I won't believe anything. This company is rotten and was that way from the start.
8 Likes, Who?
It's interesting and promising to see a mainstream company releasing their mainstream closed-source software on Linux. This may also have to do with sanction on Russia and Russian companies helping people and companies move towards Linux there? Sadly I don't have any data on this.
However, as visible even in their press release, the biggest threats come from closed-source software. The xz vulnerability was identified in part thanks to its open source nature (part of the backdoor was never present in source code repositories, only in release tarballs). I would personally only trust FOSS antiviruses.
Be careful before handing the keys to your kingdom (root access) to any kind of software.
And I don't need to mention kaspersky's shady track record here, others have done so already.
I don't want to start a flame war or highly (geo)political arguments here, but you should 1. look up the definition of genocide 2. Have a look at https://icj-cij.org/case/182 (hint: forced assimilation, killings, indoctrination and deportation of children fit the bill, collateral victims are a tragedy but not genocide). I'm quite sensitive about this topic.
Last edited by MayeulC on 3 June 2024 at 1:52 pm UTC
However, as visible even in their press release, the biggest threats come from closed-source software. The xz vulnerability was identified in part thanks to its open source nature (part of the backdoor was never present in source code repositories, only in release tarballs). I would personally only trust FOSS antiviruses.
Be careful before handing the keys to your kingdom (root access) to any kind of software.
And I don't need to mention kaspersky's shady track record here, others have done so already.
Quoting: StalePopcornMaybe comments should be disabled since a pattern is already present, but Kaspersky are not doing operating from a country directly or indirectly involved in mass genocide, if we're going to be throwing rocks, remember that we're in a glass house.
I don't want to start a flame war or highly (geo)political arguments here, but you should 1. look up the definition of genocide 2. Have a look at https://icj-cij.org/case/182 (hint: forced assimilation, killings, indoctrination and deportation of children fit the bill, collateral victims are a tragedy but not genocide). I'm quite sensitive about this topic.
Last edited by MayeulC on 3 June 2024 at 1:52 pm UTC
5 Likes, Who?
I used ClamAV, but it can be finicky with time outs on large files, etc.
Considering how wide open user space can be, I've always been kinda surprised how lacking Linux security has always been with protecting the user. I always chalked it up to the mentality of "The user is on their own" and "We're too smart to download junk or visit a bad website".
Considering how wide open user space can be, I've always been kinda surprised how lacking Linux security has always been with protecting the user. I always chalked it up to the mentality of "The user is on their own" and "We're too smart to download junk or visit a bad website".
1 Likes, Who?
Nateman1000 Jun 3
Probably will flag the Ukrainian language as a virus considering the company /hj
1 Likes, Who?
I have never needed an anti virus tool on Windows.
I will never need an anti virus tool on Linux to run constant scans, either.
Just be aware of what you install and where you install it from. Served me well so far and I don't think that'll ever change.
The biggest threat to cybersecurity is not the OS or the hardware or the software. It sits in front of the computer.
That said, considering the recent reveals of how vulnerable FOSS is to malicious intent combined with long-term preparation, it might make sense - especially for companies - to have some kind of virus detection running on Linux machines at least somewhat regularly.
That nobody should trust Kaspersky these days is quite obvious, but that's not really the primary issue.
Last edited by TheSHEEEP on 3 June 2024 at 1:53 pm UTC
I will never need an anti virus tool on Linux to run constant scans, either.
Just be aware of what you install and where you install it from. Served me well so far and I don't think that'll ever change.
The biggest threat to cybersecurity is not the OS or the hardware or the software. It sits in front of the computer.
That said, considering the recent reveals of how vulnerable FOSS is to malicious intent combined with long-term preparation, it might make sense - especially for companies - to have some kind of virus detection running on Linux machines at least somewhat regularly.
That nobody should trust Kaspersky these days is quite obvious, but that's not really the primary issue.
Last edited by TheSHEEEP on 3 June 2024 at 1:53 pm UTC
6 Likes, Who?
Not mutch for virus programs now adays not even in windows.
But back in the days I used virus scan software kaspersky was the virus software to use in my opinion. Then it got a bit too expensive after they bumped up the price. But I will for sure try this out just for the fun. I hope they go cheaper and this is a way to test the water in Linux.
But back in the days I used virus scan software kaspersky was the virus software to use in my opinion. Then it got a bit too expensive after they bumped up the price. But I will for sure try this out just for the fun. I hope they go cheaper and this is a way to test the water in Linux.
1 Likes, Who?
Quoting: denyasisI used ClamAV, but it can be finicky with time outs on large files, etc.
Considering how wide open user space can be, I've always been kinda surprised how lacking Linux security has always been with protecting the user. I always chalked it up to the mentality of "The user is on their own" and "We're too smart to download junk or visit a bad website".
Linux is developed by and for enterprise users and you see that really strong in the security space.
Everything exists, but it requires a degree in computer science to be useful.
SE-Linux(permission system used by phones(IOs and android)), ClamAV, special security fork of the kernel, security flags when compiling your own kernel, IPtables, etc.
Some security features actually do leak to us idiots though.
Strict division of user and root.
Password by default.
Executable flagging.
Clear file identification(both the UI and the system use the same bits for file type indication).
Last edited by LoudTechie on 3 June 2024 at 2:12 pm UTC
2 Likes, Who?
Nateman1000, It's a can of worms you're opening. The most popular answer on any such question is that this is all a fabrication, fake news, no such thing, you are lying, it's staged, never in a million years, it's impossible. Also: USA bad.
Why are you trying to argue with someone, who suggests disabling comments when there's "a pattern" in a discussion about some particular company. There's no good faith here from the start.
Why are you trying to argue with someone, who suggests disabling comments when there's "a pattern" in a discussion about some particular company. There's no good faith here from the start.
0 Likes
Hi all, please keep it on topic to the subject and try to leave any personal attacks and the wider political situation at the door. If people go overboard, comments will be removed and users warned. Keep it as chill as you can.
I don't like to close comments, or force comments into a moderation queue, but we will do what we must to keep the peace.
Last edited by Liam Dawe on 3 June 2024 at 2:33 pm UTC
I don't like to close comments, or force comments into a moderation queue, but we will do what we must to keep the peace.
Last edited by Liam Dawe on 3 June 2024 at 2:33 pm UTC
14 Likes, Who?
StalePopcorn Jun 3
Quoting: MayeulCI don't want to start a flame war or highly (geo)political arguments here, but you should 1. look up the definition of genocide 2. Have a look at https://icj-cij.org/case/182 (hint: forced assimilation, killings, indoctrination and deportation of children fit the bill, collateral victims are a tragedy but not genocide). I'm quite sensitive about this topic.
That's the thing about facts, they don't care about feelings. They're calling out Israel on committing genocide so maybe you're the one with the faulty dictionary… or heart.
Last edited by StalePopcorn on 3 June 2024 at 2:34 pm UTC
0 Likes
slaapliedje Jun 3
Quoting: MalThat linux isn't immure to malware and virus is knonwn. That kaspesky is the solution... it's questionable to say the least.I tend to think think there are a few reasons that anti-cheat don't support Linux. You'd have to integrate dkms and keep updating the anti-cheat when the kernel ABI breaks it. At least that would be one of the key reasons. After using Linux for as long as I have, and the many times an external kernel module won't compile on a new kernel is a pain point. It doesn't happen often, but it's often enough.
The general advice is to modify your kernel with anything that is not trusted and OSS. Know which repo you add to your apt. That already shuts down the most nasty risks. And we know it well enough... it's the reason why anti cheats refuse to support linux. They cannot spy without some kind of user approval... and they don't want to disclose what kind of spying they do.
Then for the rest (all kind of malicious activities outside kernel that is) it's the same as Windows. Educate your users to not do anything stupid on the web. And to not download snaps and the likes from untrusted sources. Which is easier said that done I suppose. Some antivirus support can definitely help here. But the antivirus itself needs to come from a trusted entity :)
Of course, the other reason they don't, because most users of Linux are far more conscious about security / privacy than your average Windows user, and know that anti-cheat methods are problematic in these cases. I'm glad that Proton supports certain ones, but it being left up to the devs whether they want to ban Linux users or not is annoying. My vote is to just not support these developers because they refuse to support us.
0 Likes
CyborgZeta Jun 3
I have no objection to this. I have no comment on Kaspersky as a company, but I've told in the past that their anti-virus is very good. I did briefly use it back on Windows 10 shortly before I switched to Linux, and it appeared to do a good job of finding things.
Would I use this? No, because I don't like downloading things from the Internet and running them as executable (and giving them sudo access, in this case). I am, perhaps naively, not concerned about viruses or malware on my PC. I use Linux, all my software comes from Flathub or the Ubuntu repos, and the stuff I do download from the Internet (images, music, ROMs, etc.) do not have root access.
Would I use this? No, because I don't like downloading things from the Internet and running them as executable (and giving them sudo access, in this case). I am, perhaps naively, not concerned about viruses or malware on my PC. I use Linux, all my software comes from Flathub or the Ubuntu repos, and the stuff I do download from the Internet (images, music, ROMs, etc.) do not have root access.
1 Likes, Who?
I use SentinelOne which is enterprise-grade AV, but I also have access to it because I sell it. It has impressed me a lot but sadly there are no equivalent products on the consumer side of the market that are similar. Really makes you wonder why...
Anyways, I'd normally say just be smart about what you download and click on but I feel like attacks are only getting more sophisticated. The future is all about behavioral detection and has always been about layering your security (Modern AV, firewall, good security hygiene etc.).
Anyways, I'd normally say just be smart about what you download and click on but I feel like attacks are only getting more sophisticated. The future is all about behavioral detection and has always been about layering your security (Modern AV, firewall, good security hygiene etc.).
0 Likes
legluondunet Jun 3
Anti-Virus for what use? I never saw a virus on my Linux computers in more than 25 years.
To collect information on our Linux hard drives and sell them to companies for their statistics?
To collect information on our Linux hard drives and sell them to companies for their statistics?
2 Likes, Who?
Quoting: legluondunetAnti-Virus for what use? I never saw a virus on my Linux computers in more than 25 years.
To collect information on our Linux hard drives and sell them to companies for their statistics?
Well there was the _one_ incident with xz, so...
Funny how no one realizes that antiviruses are fundamentally the wrong way to solve the problem. They are _reactive_, meaning they defend against old attacks, but old attacks rely on old bugs and old bugs get fixed. They don't defend against new attacks obviously because they don't know what they are.
The fact that they are needed on windows is not because antivirus is necessary, but rather because windows is garbage. It's a system where apps run with root access and the system is no help in updating them. So you have buggy old software running as root for years, _of course_ the system gets riddled with viruses.
Last edited by ShabbyX on 4 June 2024 at 11:44 am UTC
3 Likes, Who?
Quoting: amataiIt was bound to happen with the recent extension of surface attack on Linux. When software was only installed from the repo, the security was manageable, but with the growing availability of software outside the repo system (from AUR to snap, steam, flatpack, curl foo.sh | sudo, ...), there start to be a market for antivirus. It feels like the end of an era.
repos were never enough, we didnt had good game engines there for example, there are tons of softwares that we still need and repos simply cant deal with the imensive suply chain that end users might need, so people will soon or later "shop" for softwares elsewhere like on github.
0 Likes
Quoting: legluondunetI never saw a virus on my Linux computers in more than 25 years.Most of us don't look though, I'm certainly interested in checking out this tool and seeing if it finds anything.
1 Likes, Who?
TheRiddick Jun 4
if it was all open-source then I think they'd find a audience to sell to.
3 Likes, Who?
So it requires an internet connection and asks you to agree to your data being handled and transmitted... somewhere. OK, two reasons to pass on it.
Still curious about it so I've sent the file to VirusTotal to analyze it. It shows some interesting details about what files it writes, copy or modify on your system, what IPs it tries to connect to and what commands it executes.
It also displays a warning: The sandbox CAPE Linux flags this file as: MALWARE, which looks worrisome, but truth be told, I'm a total noob about security, so maybe some one else could took a look and give some insights?
Is enough to send the file or url to VirusTotal ( https://en.wikipedia.org/wiki/VirusTotal ) or a similar site. I used this one since it accepts big file uploads.
Still curious about it so I've sent the file to VirusTotal to analyze it. It shows some interesting details about what files it writes, copy or modify on your system, what IPs it tries to connect to and what commands it executes.
It also displays a warning: The sandbox CAPE Linux flags this file as: MALWARE, which looks worrisome, but truth be told, I'm a total noob about security, so maybe some one else could took a look and give some insights?
Is enough to send the file or url to VirusTotal ( https://en.wikipedia.org/wiki/VirusTotal ) or a similar site. I used this one since it accepts big file uploads.
1 Likes, Who?
Patreon
PayPal
See more from me