Newbie to Linux & Purism

Hello All,

I received my librem 14 today and just setting it up. I am a windows user and all of this is new to me.

I want to install brave browser on my machine and I wanted to know if I needed any antivirus software etc?

I also download torrents and wanted to know the best way to protect my machine from malware and viruses.

Thanks in advance.

2 Likes

In general the built-in security measures on Linux are enough protection. Most viruses target Windows or Mac systems because those are what most people use. For the occasional scan of a suspicious file, use ClamAV.

The best way to avoid getting a virus from a torrent is

  1. Don’t download sketchy pirated or cracked copies of software.
  2. Scan everything you’re suspicious of with ClamAV.
  3. Don’t ever run any untrusted programs as root (equivalent to running as Administrator in Windows).
4 Likes

Thanks Jt0.

Generally I use ClamAV to avoid passing viruses and malware to Windows users, but I have never encountered any malware that works in Linux except JavaScript that works in the web browser. More info here: https://source.puri.sm/Librem5/community-wiki/-/wikis/Frequently-Asked-Questions#43-how-secure-is-the-librem-5-compared-to-an-android-phone

1 Like

You can try out firejail or use virtual machines for programs you want to limit / don’t trust too but generally don’t download sketchy programs.

4 Likes

For installing Brave, see: https://brave.com/linux/

If that doesn’t work, see: https://medium.com/@connorrfin10/how-to-install-brave-browser-on-debian-10-buster-f95c9d30556c

2 Likes

Thanks and installed.

1 Like

I mentioned this elsewhere, but you may wish to peruse the SANS Linux security checklist as you become more familiar with Linux. I have not done everything suggested, but it is a good start to verify settings, remember things to disable, etc.

There is other information around, but much of it is also server-oriented. I sometimes found much that did not apply.

2 Likes

I’m not sure if it still works, but I wrote a how-to for Brave on PureOS

3 Likes

About ClamAV, this is a command-line utility. If you want a very configurable graphical version, download ClamTK from the software store included in PureOS instead. You can set it to run automatically on a schedule, or use it on demand to scan a file or an entire directory. It can also scan incoming email. In general, you only need to scan your Home directory. The scan might occasionally find a “potentially unwanted application” (PUA), such as a spreadsheet macro, but I wouldn’t worry about that. You can decide to ignore it or not.

ClamTK/ClamAV automatically checks for new virus signatures, so it’s pretty much on auto-pilot after you adjust the settings to your liking. You may see a message (in the UI) that there is an “update available,” but this is for the graphical interface, not the virus signatures.

Because Linux doesn’t automatically grant admin privileges to the user/owner, and requires that to do anything that affects the operating system, it would be difficult for malware to infect the machine, so long as you’re careful: if you download anything from the internet, make sure you verify the checksum/signature. Don’t install things you’re not sure about. Using ClamTK/ClamAV is an extra step for added confidence, and to make sure you don’t pass on a Windows virus to other people.

3 Likes

Keep in mind that to most users, infecting the OS is way overkill. All malware needs to wreak havoc is access to user’s data. Here Linux as typically configured doesn’t offer a lot of protection. So this advice is extremely important:

If you must, create a separate user account for such things, or a separate container, or a separate virtual machine.

4 Likes

+1 for firejail. I use it for Microsoft Teams because a group of people I work with refuse to use anything else and the web client is unusable.

In other words, for the newbie, stick to the official software repository.

Don’t download and then run random stuff from the internet. (That’s good advice with just about any operating system.)

It depends what you are downloading.

If it’s software then there isn’t really any way of protecting your machine (if you actually run the software that you downloaded). Just don’t do it.

The exception to this is that it is safe to download an ISO via a torrent provided that you
a) download the hash for the ISO from the original distro web site, and then
b) verify the hash before using the ISO (before using it yourself and before torrenting it to anyone else)

If it’s audio files or video files then it is mostly safe. It is possible that an intentionally malformed file has been made available that will exploit a bug in the program that handles the audio or video file. The best defense is to keep your computer up to date with patches as they come through from the official software repository - and to keep your ears and eyes open for news of any high profile exploits.

3 Likes