Do you need an antivirus on FreeBSD today ?

No. Not for a FreeBSD desktop system. Not for a server either. But you might want to add a virusscanner inline with your mailserver though. Or add one on a fileserver. Those are primarily intended to catch virusses for other systems like your Windows clients that use those services. Windows is still the primary target for 99% of the malware going around. De facto standard virusscanner in this case is security/clamav.

You do need to watch out for web applications though. These could get infected through bad or incorrectly handled code. FreeBSD servers can just as easily be infected that way as any other Linux or Windows server that runs that broken web application. Then your server may be prone to become part of a botnet. But a virusscanner isn't going to protect you here, most virusscanners aren't able to detect those attacks, so they add nothing and will only give you a false sense of security.
 
On a somewhat wider perspective: You never really "need" antivirus software. Such software can only reliably detect viruses that are already known. Detecting unknown viruses can't be reliable, this can be proven by deducing it from the halting problem. But still, these products add more code getting fed lots of potentially untrusted input, so they can even add security holes (and yes, this actually happened in practice).

The much better malware protection is the combination of an informed admin configuring the system in a sane way and keeping it up to date, and an informed user who doesn't fall for phishing etc... (might be the same person of course on your private systems).

Antivirus software is actually a workaround that can somewhat improve security when you can't rely e.g. on the informed users. On a system that's targeted as much as Windows, you could say you "need" such software.

BTW as for scanning mails, I have clamav in the incoming pipeline of my mail system as well. For me, it's more a convenience thing, it just helps filtering out crap I don't want to see :cool:
 
Thanks.
Unfortunately I should use my machine as a Server and as a Desktop.
I work in very small company, and my machine is our server too.
As a Desktop user I use a browser...
(for many years I use antivirus on Linux...and I believed that it protects me in the browser (at least))
 
hardworkingnewbie said:
An anti virus scanner can only protect you against what it knows, so has signatures for it. For the time frame from release in the wild until first virus signature creation you are unprotected.
Click to expand...
Yes, I understand this. I would like to know FreeBSD's practice related to antivirus.
 
Andrey Lanin said:
I would like to know FreeBSD's practice related to antivirus.
Click to expand...
There is no "official policy". Largely because viruses like big numbers of dumb people or one specific well known OS.

As Linux gets more popular, expect the same there. Think twice before enabling LINUX_COMPAT in FreeBSD.

Antivirus software, some name it snakeoil, is big business.

I personally do not like it because it can be too invasive to a system and may increase the attack surface. Search the Internet for security advisories on antivirus software.

Also think about such stories:
www.reuters.com

Germany issues hacking warning for users of Russian anti-virus software Kaspersky

Germany's cyber security agency on Tuesday warned users of an anti-virus software developed by Moscow-based Kaspersky Lab that it poses a serious risk of a successful hacking attack.
www.reuters.com www.reuters.com

Kaspersky statement regarding the BSI warning

Kaspersky releases an official statement in response to the warning issued by the German Federal Office for Information Security agency (BSI) on March 15, 2022
www.kaspersky.com www.kaspersky.com
 
SirDice said:
There's a special place in hell for the developer that came up with the brilliant plan to embed active content in an otherwise benign format. PDFs used to be safe.
Click to expand...
The implication of that (at least to me) is a knob in the PDF rendering application/library that would "play" the active content. If the knob is off by default, that is a good start, but the user can always turn it on or off as desired.
If the rendering has no mechanism to play the content, it doesn't matter if the content is there.
 
In addition to all the above: always remember that computer security is an ever ongoing process, not a product which you can turn on or off.

For example: no virus scanner is going to protect you from someone trying to trick you into running their home-made ransomware. But a process where you always run strange software in a sandbox environment first would protect you (or maybe applying some common sense?).

I know it sounds awfully cliche, but that's also exactly the issue at hand: this is more than often completely overlooked.
 
ShelLuser your second paragraph. Very true. I've been having discussions/"lessons" with my wife about being safe, how to recognize potentially bad emails. Even just the simple "don't ever blindly click on a link in an email". She has actually listened, especially after hearing of friends/customers getting hacked, to the point where she's seen odd emails from someone, doesn't open it and will phone call/text the person "Hey you may want to check your systems/info".
 
Andrey Lanin said:
oh...no comment.

I tried to use Kaspersky only once - in late 90s. On Windows. It broke my MS Word. After that I never used it anymore.
In Linux I used DrWeb.
Click to expand...
Uhhhh... It was researchers at Kaspersky who uncovered the Stuxnet virus back in 2010's. To build an effective defense against a virus or a DDoS - it does take a bit of knowledge of how it even works, and what's targeted.

It's unfortunate, but things did get to the point that you just gotta be aware of the dangers and not allow yourself to get careless. Otherwise, your device gets fried, and important personal information gets so messed up, you can't even get paid at work. This is a bit of a doomsday scenario, but mindlessly clicking on links and buttons can be like stepping on a mine - and we're still cleaning up actual mines from WWII!

Phishfry said:
Flip side. Why would anybody embed a script inside a portable document file if not malicious.
Click to expand...
To make the "P" part of "PDF" irrelevant, incorrect, and obsolete.
 
Phishfry said:
I am not a hacker but here it goes. PDF has the payload and when you visit a website browser javacript runs the embedded code.
Click to expand...
That goes directly to my point about what is actually doing rendering of the document. Most browsers have a knob that lets you disable automatic execution of javascript, of course doing that can break a lot of websites.

I've always preferred downloading and using my own application to open or explicitly set my application as the one to use in the browser.

Kaspersky: I've used for a while in the past and always had reasonably good luck. There have been times where an update caused too much cpu to be used, but it was fixed quickly.
 
SirDice said:
No. Not for a FreeBSD desktop system. Not for a server either. But you might want to add a virusscanner inline with your mailserver though. Or add one on a fileserver. Those are primarily intended to catch virusses for other systems like your Windows clients that use those services. Windows is still the primary target for 99% of the malware going around. De facto standard virusscanner in this case is security/clamav.

You do need to watch out for web applications though. These could get infected through bad or incorrectly handled code. FreeBSD servers can just as easily be infected that way as any other Linux or Windows server that runs that broken web application. Then your server may be prone to become part of a botnet. But a virusscanner isn't going to protect you here, most virusscanners aren't able to detect those attacks, so they add nothing and will only give you a false sense of security.
Click to expand...
Agreed. On the flip side of virus scanning is ensuring none of your critical O/S (and app) files have not been altered. This is where tripwire and aide can help out. Of course tripwire and aide are not a silver bullet. You simply can't install and forget them. Each needs a comprehensive change management strategy to work properly. Otherwise it's just noise.

Many companies want that silver bullet to solve this problem. They fail to realize that tripwire and aide are only 15% of the solution. The other 85% is organizational to track change and communicate that to the security officer who maintains the baseline signatures in tripwire and aide. Otherwise every alert is a "compromise" where in fact it's probably a patch or legitimate software install. The time spent doing this after the fact will quickly result in missing an unauthorized change to a critical file.
 
You must log in or register to reply here.
Back
Top