I agree with this deeply. It's surprising the amount of machines I see
that have some fancy subscription-based and expensive AV but have the
firewalls, SELinux, UAC disabled along with weak filesystem and sharing
ACLs.
It's fine to get a good AV running on the system but they don't detect
all malware, and I've always run with that being something like 50% of
malware being detected.
Good security practices is the best first line of defence, believe me
I've seen the evidence when it's not.
On 23/02/2020 12:02, mlnl wrote:
Hi l0f...@tuta.io,
l0f...@tuta.io wrote:
Considering the fact I am human so not perfect at all + other notions
like defense in depth / layered defense... would you recommend having
a Linux anti-malware?
I have used clamav, linux malware detect with 3rd party repos like
sanesecurity just for fun and for some time to see, what you can do
beside commercial products. I had only a few postive, Windows related
matches and a lot of false positives - and think about the 0-day
problem with all anti-malware or the capabilities of state
sponsored cracker groups or CNA/CNE groups inside military/civil
state organizations ;)
I think, it is more important & usefull to audit & harden/secure your
system, kernels (KSPP), services and applications with IDS/IPS (e. g.
Samhain), MACs like AppArmor, systemd-analyze security unit, secured
sudoers file, use of additional 2FA tokens and so on...