52
Antiviruses? (lemmy.world)
submitted 1 week ago by ArchmageAzor@lemmy.world to c/linux@lemmy.ml

I know that Linux is more secure than Windows and normally doesn't need an antivirus, but know myself I'm gonna end up downloading something at some point from somewhere on the internet, and it would be good to be prepared. So, which antivirus would you recommend for Linux (Mint specifically) just to double up on security?

you are viewing a single comment's thread
view the rest of the comments
[-] utopiah@lemmy.ml -2 points 6 days ago* (last edited 5 days ago)

Nothing needs an antivirus if you backup your data properly.

PS: I'm getting downvoted for this so I'll explain a bit more : if you backup properly, you can restore your data. Sure your system is fucked... but who cares? In fact if you care for your OS installation then right away it shows you are NOT in a reliable state. You install another OS and start from there. Maybe it's not even due to a virus, maybe your hardware burns in fire, same situation so IMHO a working backup (and by working I mean rolling, like TODAY it's done without your intervention) then you restore. Also please don't tell me about ransomware because even though it is a real threat, if you do your backups properly (as in not overwritting the old ones with the new ones) then you are still safe. It can be as basic as using rdiff-backup. It's fundamental to understand the difference between what's digital and what is not digital.

[-] ArchmageAzor@lemmy.world 10 points 6 days ago

And you don't need a seat belt if you drive good

[-] utopiah@lemmy.ml 1 points 6 days ago

Funny but that's the entire point of a digital "life" if you want to use analogies : your backup is you.

[-] golden_zealot@lemmy.ml 1 points 6 days ago

There are viruses that are time-bombs. They specifically don't do really do anything until some criteria is met in the future, such as the current date being beyond a specific date, at which point they proc. They do this in order to make sure they are in your backups when you restore them so that they immediately run when recovery is completed and the system is booted.

[-] utopiah@lemmy.ml 2 points 5 days ago

That doesn't make much sense to me, one backup data, not executables or system. Even if they were to be saved in the backup then they wouldn't get executed back.

Anyway, that's still conceptually interesting but it's so very niche I'd be curious to hear where it's being used, any reference to read on where those exist in the wild?

[-] golden_zealot@lemmy.ml 2 points 5 days ago* (last edited 5 days ago)

They usually embed themselves in within the system files and have some scheduled job that basically checks for the criteria - if you are only backing up and restoring user data then it's a non-issue, but if you do a full recovery including the system files/the system scheduler etc, then it can happen, and it is often necessary to backup executable and system files for production environments (true, not so much for individual users and their systems).

When I was working in an IT shop, one of our clients was ransomwared with this method. The saving grace for us in that instance is that our backups were going to a product that allowed you to easily break open and dissect the compressed backups pre-recovery, so we were able to determine where the malicious files were and kill them before pushing the backups. Of course we only noticed that it was in the backups after we had tried to push the backups once already, so it was quite the timely process - I think I worked for something like 18 hours that day.

You can read about such malware if you search for "timebomb malware" or "malware does not execute until date" etc.

The attack is not super common anymore, but still happens.

For example, here is an article discussing time bomb methods on linkedin.

https://www.linkedin.com/pulse/time-bombs-malware-delayed-execution-any-run

Another on the knowbe4 blog:

https://blog.knowbe4.com/ransomware-can-destroy-backups-in-four-ways

[-] utopiah@lemmy.ml 2 points 5 days ago

Thanks, it's quite interesting but again IMHO it relies on bad practices. If you've been compromised and you "restore" (not in an sandboxed environment dedicated to study the threat) then you are asking for trouble. I'll read a bit more in depth but the timeline I see 1987, 1998, 2017 show me this is a very very niche strategy, to the point that it's basically irrelevant. Again it's good to know of it, conceptually, but in practice proper backups (namely of data) remains in my eyes the best way to mitigate most problems, attacks and just back luck (failing hardware, fire, etc) alike.

[-] golden_zealot@lemmy.ml 2 points 5 days ago* (last edited 5 days ago)

Oh for sure - I think that this method has more efficacy in production environments ran by small businesses anyway, since best practices are rarely followed in many of them (until something happens that changes their mind on what they budget for haha), and even at that it is still a rare attack to see.

I am unaware of this type of attack ever occurring on a persons personal network, most likely because so few end users make backups, there is no need to go through the trouble of doing this, making this method useful only in highly targeted attacks.

We are definitely in agreement on proper backups still being the best method to recover from the vast majority of problems - even this one, depending on the backup solution.

this post was submitted on 17 Oct 2025
52 points (98.1% liked)

Linux

57274 readers
349 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago
MODERATORS