I’ve never even considered ClamAV.
I have the idea that it’s just a malware signature DB (changing the signature of a binary is almost as simple as recompiling it with a bit different variables)
Am I incorrect? does it have heruistics/active scanning?
It is pretty exclusively a file scanner, but that, combined with Linux’s privilege separation, any decent firewall and not willfully executing untrusted files is enough for most cases, I would say.
what kind of privilege separation? you’re talking about containers/namespaces?
cause as it is linux desktop has 1 unprivileged user and that’s it. from an attackers perspective privilege escalation is irrelevant - you have access to the screen, keyboard, browser, files. there really is nothing left to gain from gaining root
and if you have any reason to gain root, it’s super easy by just replacing sudo with an alias in .bashrc you’ve got the user’s password
We REALLY need sandboxing and soon, that’s why I want to give fedora silverblue a try but my hopes are quite low
btw windows is in a bit of a better place and M1 mac is in much better place
I’ve never even considered ClamAV. I have the idea that it’s just a malware signature DB (changing the signature of a binary is almost as simple as recompiling it with a bit different variables)
Am I incorrect? does it have heruistics/active scanning?
It is pretty exclusively a file scanner, but that, combined with Linux’s privilege separation, any decent firewall and not willfully executing untrusted files is enough for most cases, I would say.
what kind of privilege separation? you’re talking about containers/namespaces?
cause as it is linux desktop has 1 unprivileged user and that’s it. from an attackers perspective privilege escalation is irrelevant - you have access to the screen, keyboard, browser, files. there really is nothing left to gain from gaining root
and if you have any reason to gain root, it’s super easy by just replacing sudo with an alias in .bashrc you’ve got the user’s password
We REALLY need sandboxing and soon, that’s why I want to give fedora silverblue a try but my hopes are quite low
btw windows is in a bit of a better place and M1 mac is in much better place
If you want sandboxing, isn’t firejail pretty exactly what you’re looking for?