Not sure if this is a dumb question or not - just wondering if there is any Debian-based threat detection software that the Purism devs could recommend?
In the Software app I only see one called ‘ClamTK’ which doesn’t have good reviews. I understand that threats are less likely on an OS that comprises maybe 1% or less of the global computing environment, however I would like some software that assures me everything is running as it should (like Windows Defender for MS)
clamav is opensource AV Signature scanner. It’s not a full-blown endpoint protection solution. It also lacks advanced heuristics for an obvious reason (this is one of the few areas where security-by-obscurity does make sense). So of course it is limited within the scope of its application.
As you properly noted it does not have such a demand for implementation therefore the supply is also limited.
For a generic user it should suffice to apply SMAC/TE hardening (eg. SELinux or AppArmor) and use clamav for incoming content scanning. However since SMAC/TE hardening is very limiting what advanced user can do - it’s not very popular outside of enterprise world.
Nowdays package update feeds are targeting to mitigate known attack vectors, rather than third-party solutions (like end-point-protection). Eg. prevention/protection by removing the hole rather than putting a blanket on top of it.
Thanks very much Ruff, always explaining clearly and concisely, appreciate it. Good thing that PureOS just updated with AppArmor then.