Re: Anti-malware for my personal Debian workstation?

[Ben Lavender <ben@airnet.org.uk>]

I agree with this deeply. It's surprising the amount of machines I see 
that have some fancy subscription-based and expensive AV but have the 
firewalls, SELinux, UAC disabled along with weak filesystem and sharing 
ACLs.

It's fine to get a good AV running on the system but they don't detect 
all malware, and I've always run with that being something like 50% of 
malware being detected.

Good security practices is the best first line of defence, believe me 
I've seen the evidence when it's not.

On 23/02/2020 12:02, mlnl wrote:
> Hi l0f4r0@tuta.io,
>
> l0f4r0@tuta.io wrote:
>
> > Considering the fact I am human so not perfect at all + other notions
> > like defense in depth / layered defense... would you recommend having
> > a Linux anti-malware?
> I have used clamav, linux malware detect with 3rd party repos like
> sanesecurity just for fun and for some time to see, what you can do
> beside commercial products. I had only a few postive, Windows related
> matches and a lot of false positives - and think about the 0-day
> problem with all anti-malware or the capabilities of state
> sponsored cracker groups or CNA/CNE groups inside military/civil
> state organizations ;)
>
> I think, it is more important & usefull to audit & harden/secure your
> system, kernels (KSPP), services and applications with IDS/IPS (e. g.
> Samhain), MACs like AppArmor, systemd-analyze security unit, secured
> sudoers file, use of additional 2FA tokens and so on...