Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is that wrong? Malware does exist for Linux, and that way you can also detect malware designed for other systems if it ends up on the machine.


It depends on the AV.

Either the AV ties into the kernel with a module, in which case it can also be an avenue for an increased permissions exploit, or it doesn't have any special kernel level capabilities, in which case it will never find rootkits that include kernel modules to hide themselves.

Personally, I would be happy with an open source community based disk scanner looking for weirdly named files and folders (there are common variants used in hacks) and a locked down selinux config. Bonus points if you compile a kernel that doesn't allow modules (but IIRC that doesn't preclude kernel level shenanigans).

Interestingly, it looks like since the PCI requirement for AV is for "all systems commonly affected by malicious software" they don't actually require it of all Linux systems in all cases.[1]

1: https://security.stackexchange.com/questions/58345/how-to-pa...


Antivirus software is not particularly effective, and also a significant attack vector. You can find several interesting stories just by searching antivirus on HN: https://hn.algolia.com/?query=antivirus&sort=byPopularity&pr....


Depending on scale, its usually easier to spin a new server than prevent malware.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: