Kaspersky Making it's Anti-Virus Solution Free for all .

[Denis Rakhmanov]

22 minutes ago, LAwLz said:

They are very rarely found in the Linux kernel or the standard GNU libraries.

But when they are found community make sure to fix them as fast as possible.

[tom_w141]

23 minutes ago, LAwLz said:

Your argument: Linux doesn't get attacked because it is not widely used in desktops (you know the thread topic being home users/desktop protection)

 

23 minutes ago, LAwLz said:

GNU/Linux is probably used more than Windows by servers and businesses that are not worth attacking because they have people employed to work on security. The average user is less of a bounty but far more likely to result in a successful attack.

corrections are in bold

[tom_w141]

21 minutes ago, LAwLz said:

but it is by no means the sole purpose

FYI I never said this ^

 

21 minutes ago, LAwLz said:

The problem is that your point is extremely oversimplified and wrong.

My point is accurate and correct within the realm of the thread topic (home user desktop protection). Thanks for discussing servers and businesses with people paid to ensure their security though. Sooooooooo relevant to the thread /s

 

[Denis Rakhmanov]

2 minutes ago, FriendlyNonMurderingSort said:

I was about to do a clean Windows 10 install.

Try Gentoo instead.

[VerticalDiscussions]

Windows Defender + Malwarebytes = Good enough + minimal loss in performance.

 

Bitdefender has a free version on Android while Kaspersky has one in Windows. People cant complain anymore about the lack of trust worthy brands antivirus on both platforms it would seem .

[LAwLz]

29 minutes ago, tom_w141 said:

Your argument: Linux doesn't get attacked because it is not widely used in desktops*

That is still incorrect though. You're correct in that it is not widely used for desktops, but my point was that it is irrelevant what it is and isn't widely used on.

If you find an exploit in the kernel then it will work on desktops, servers and embedded systems, not just the type of device you found it on.

 

 

29 minutes ago, tom_w141 said:

GNU/Linux is probably used more than Windows by servers and businesses that are not worth attacking because they have people employed to work on security. The average user is less of a bounty but far more likely to result in a successful attack.

This is also false. Businesses often run outdated software and have sloppy security practices. Just look at WannCry if you want an example.

Even if businesses had people employed to make sure everything was secure at all times and tried to stay ahead of the game, what magic do you think companies use to stay safe?

For example web servers are MORE exposed than a home computer. It has less security because at home your router will block incoming connections by default. Since the web server usually also needs a very high up-time it is less likely to be updated as often as for example someone who got automatic updates enabled on their home PC.

 

 

27 minutes ago, tom_w141 said:

FYI I never said this ^

You basically did when you said this:

1 hour ago, tom_w141 said:

Yes but it'd on a grander scale and all the "windows virus" memes would suddenly all be about Linux if that's where the install base was, but that isn't the case because Linux across all distros has like 5% market share  

In that post you said that if GNU/Linux had the same market share as Windows then it would have as much malware attacks.

Even if you were to backpedal and claim that you never said it was the only reasons, I think everyone will agree that your posts were at the very least presented in a way that indicates that's your belief. That belief is wrong.

 

 

27 minutes ago, tom_w141 said:

My point is accurate and correct within the realm of the thread topic (home user desktop protection). Thanks for discussing servers and businesses with people paid to ensure their security though. Sooooooooo relevant to the thread /s

Can you please state your point again because I must have misunderstood you.

It seems like the readers of this thread, me included, interpret your posts as saying that GNU/Linux has less malware because it is not as widely used on desktops. My response to that has been:

1) It being popular on desktops or not is irrelevant because there are more machines running GNU/Linux than Windows in total, and a large portion of those have a higher reward for being compromised than Windows. So the number of machines is larger, and the reward for compromising a single machine is larger too. That makes the fact that Windows runs on more desktops kind of irrelevant.

2) There are big differences in how Windows and GNU/Linux works and those play a major role in how secure a system is too. You can't just dismiss that.

 

 

By the way, I would appreciate it if you could stop with the smileys and poor use of sarcasm. It makes it feel like I'm talking to a child.

 

 

By the way, I noticed that you said that my previous post was long despite only being like 100 words.

I think this quote will explain the evergrowing length of my posts in this conversation:

Quote

The amount of energy necessary to refute bullshit is an order of magnitude bigger than to produce it.

-Alberto Brandolini

[Nuluvius]

29 minutes ago, tom_w141 said:

Sooooooooo relevant to the thread /s

That's a lot of O's, like a Cheerios bowl worth of O's.

[ScratchCat]

29 minutes ago, FriendlyNonMurderingSort said:

I was about to do a clean Windows 10 install.

 

So right before I was about to wipe, I gave it a go and installed Kaspersky's free AV package.

 

It immediately prompted Chrome to install its own "secure browsing" extension.

 

  Hide contents

 

Yeah... no. I'm out. Kaspersky might have more impressive numbers than Windows Defender, but the program itself is halfway towards adware with stuff like this.

Almost all antivirus suites do this, Symantec and others. This is nothing new and isn't enabled by default. According to this , you would class Java and JavaScript as adware as they also install extensions. 

The extension is there to extend the functionality and is opt in

edit: most likely for a VPN(?)

[Nuluvius]

1 minute ago, ScratchCat said:

The extension is there to extend the functionality

What was your first clue that extensions extended functionality?

1 minute ago, ScratchCat said:

Java and JavaScript as adware as they also install extensions. 

In what way do Java or JavaScript install extensions? They are programming languages... 

[Droidbot]

13 minutes ago, LAwLz said:

This is also false. Businesses often run outdated software and have sloppy security practices. Just look at WannCry if you want an example.

Even if businesses had people employed to make sure everything was secure at all times and tried to stay ahead of the game, what magic do you think companies use to stay safe?

For example web servers are MORE exposed than a home computer. It has less security because at home your router will block incoming connections by default. Since the web server usually also needs a very high up-time it is less likely to be updated as often as for example someone who got automatic updates enabled on their home PC.

This is true as hell, school web server still runs Ubuntu 10.04 and has more vulnerabilities than anything, really. 

Half of this is probably laziness, other half is uptime requirements.

[XenosTech]

48 minutes ago, FriendlyNonMurderingSort said:

I was about to do a clean Windows 10 install.

 

So right before I was about to wipe, I gave it a go and installed Kaspersky's free AV package.

 

It immediately prompted Chrome to install its own "secure browsing" extension.

 

  Hide contents

-snip-

 

Yeah... no. I'm out. Kaspersky might have more impressive numbers than Windows Defender, but the program itself is halfway towards adware with stuff like this.

 

To Kaspersky's credit, it did not nag me about its premium products until I tried to install greyed out modules that weren't a part of the free AV package, there is an option in the settings to disable all notifications when a fullscreen application is detected and another option to postpone a scan if a high CPU or high disk I/O application is detected.

I didn't get any of that and my windows installation is about 3 days old and greyed out stuff usually isn't a part of the basic stuff. they even have a golden crown there to tell you it's a paid feature lol

[Master Disaster]

UK release in October?

 

[Jito463]

2 hours ago, tom_w141 said:

Yes but it'd on a grander scale and all the "windows virus" memes would suddenly all be about Linux if that's where the install base was, but that isn't the case because Linux across all distros has like 5% market share  

2 hours ago, Denis Rakhmanov said:

I may not compitely agree. Linux/Mac are unix based systems with defferent rights and application management systems. I believe its a bit harder to write a malicious software. Though if Linux had a large installment base human stupidity would negate every hypothetical improvements over Windows, and there will be more people looking for exploits within system and we still would have a lot of "viruses". They will be different though.

The biggest attack vector in any OS is the user.  If you can trick the user into running something they shouldn't, then you can potentially gain full access to the computer.  Ergo, if Linux was on the majority of desktops instead of Windows, then I do agree that it would be far more insecure and virus riddled, because the majority of users would be running it.

2 hours ago, LAwLz said:

Security through obscurity

I think you mean "Security through minority" in this case.

2 hours ago, LAwLz said:

I am willing to bet that most computers in the world runs GNU/Linux.

1 hour ago, LAwLz said:

there are more machines running GNU/Linux than Windows in total

That's twice you've made this claim.  I'd like some evidence to back it up, please.  Unless you're including Android devices into this (which, as mentioned earlier, has their own exploits/attacks to deal with), I don't see how you can possibly prove this.

[tom_w141]

@Jito463

 

You either haven't ran into her before or you love punishing yourself.

 

Fair warning she refuses to see any view point other than her own, is infallible and as you can see from our exchange will manipulate the topic to make herself "correct". Save yourself the energy. Pissing into the wind would be more effective.

[Nuluvius]

1 minute ago, tom_w141 said:

@Jito463

 

You either haven't ran into her before or you love punishing yourself.

 

Fair warning she refuses to see any view point other than her own, is infallible and as you can see from our exchange will manipulate the topic to make herself correct. Save yourself the energy. Pissing into the wind would be more effective.

[LAwLz]

5 minutes ago, Jito463 said:

The biggest attack vector in any OS is the user.  If you can trick the user into running something they shouldn't, then you can potentially gain full access to the computer.  Ergo, if Linux was on the majority of desktops instead of Windows, then I do agree that it would be far more insecure and virus riddled, because the majority of users would be running it.

Two things.

1) The more rigid and well thought out permission system in GNU/Linux makes it harder for people to mistakenly granting a program permissions it should not have. You have to be far more explicit in granting permissions in GNU/Linux. Not to mention that most people run things with an admin account on Windows. This is a bit of a double-edge sword though because I think a lot of people would find it frustrating since you can't just click next and OK over and over and suddenly you have granted a bunch of permissions to programs.

 

2) It most certainly would be more vulnerable and I completely agree that the users are the biggest attack vector. Being "far more insecure" and "being just as insecure" are two different things though. I agree that the number of attacks would increase if GNU/Linux had more users, but that's not the same as saying the roles would be completely reversed if the market shares were reversed.

I think because of the things I mentioned earlier, the % of attacks would not increase at the same rate as the % of market share. For example a 10% increase in market share for GNU/Linux might only result in a 3% increase in number of successful attacks. That's just an example.

 

 

14 minutes ago, Jito463 said:

That's twice you've made this claim.  I'd like some evidence to back it up, please.  Unless you're including Android devices into this (which, as mentioned earlier, has their own exploits/attacks to deal with), I don't see how you can possibly prove this.

Why wouldn't I include Android devices? They use the Linux kernel so I think it is fair game to include them.

Even if I didn't include those I still think the number of Linux based systems would be larger than the number of Windows computers, although that would be much harder to prove because of the sheer number. Did you know that roughly 98% of all processors made end up in embedded systems (source)? Not all of them runs Linux, but that should give you some idea of how insignificant the number of PC (as in desktops and laptops) are compared to all computer systems in the world.

 

Just look at all the routers and switches people got at home. All the Playstations. Raspberry Pis. Chromecast. The list goes on. 

It really shouldn't come as a surprise to anyone.

[Sauron]

Nice

[Jito463]

9 minutes ago, LAwLz said:

Why wouldn't I include Android devices? They use the Linux kernel so I think it is fair game to include them.

And as I stated above, they have their own share of viruses/exploits to deal with, which kind of proves my point.

 

9 minutes ago, LAwLz said:

Even if I didn't include those I still think the number of Linux based systems would be larger than the number of Windows computers, although that would be much harder to prove because of the sheer number.

So, you don't have any evidence to support your claim.  Thanks for clarifying.

 

9 minutes ago, LAwLz said:

Just look at all the routers and switches people got at home. All the Playstations. Raspberry Pis. Chromecast. The list goes on. 

It really shouldn't come as a surprise to anyone.

Routers can run linux, but can often have a proprietary OS written just for their hardware, while switches don't need an OS unless they're managed.  Playstations don't run Linux, you're thinking of the people who hacked them to install Linux onto it.  As for Pi, it can run Linux, but doesn't have to.  You can run Windows on them, too.

 

*EDIT*
Also, running the Linux kernel =/= running Linux.  We were talking about the desktop here, after all.

[Denis Rakhmanov]

58 minutes ago, Jito463 said:

That's twice you've made this claim.  I'd like some evidence to back it up, please.

I haven't found any proof that linux is more used on the servers either.

[Ryujin2003]

13 hours ago, 8uhbbhu8 said:

Didn't know they were a Russian company but I do know that they are considered very very high end in terms of protection and are very much trusted in terms of security. They tend to come up near the top of antivirus/antimalware lists all the time as well. Good to see they're having a free version come out. I now want to see how they compare to Bitdefender, AVG, and the likes in terms of performance, false positives, etc.

Kaspersky was developed after the fall of Soviet Union. The guy was ex KGB, with no job in sight. Kaspersky in my experience is much more thorough than Norton and any other AV program out there. Great against Trojans and ROOTKITS.

 

This is exciting. Why? Because unlike free versions, I trust Kaspersky can make money to continue to research, develop, and grow without the need to collect and sell advertising data.

 

As a paid subscriber, I am happy to see that I will continue to have benefits over the free version.

 

In Mother Russia, you don't get virus. You get Kaspersky AV.

[Sauron]

35 minutes ago, LAwLz said:

Why wouldn't I include Android devices? They use the Linux kernel so I think it is fair game to include them.

Even if I didn't include those I still think the number of Linux based systems would be larger than the number of Windows computers, although that would be much harder to prove because of the sheer number. Did you know that roughly 98% of all processors made end up in embedded systems (source)? Not all of them runs Linux, but that should give you some idea of how insignificant the number of PC (as in desktops and laptops) are compared to all computer systems in the world.

 

Just look at all the routers and switches people got at home. All the Playstations. Raspberry Pis. Chromecast. The list goes on. 

It really shouldn't come as a surprise to anyone.

Technically Android is not GNU/Linux, although it is based on the Linux kernel. Yes, kernel exploits work on it too, but that's about it - without the GNU userland almost any vulnerability that is found in a GNU/Linux distro outside of the kernel cannot be applied to Android and vice-versa. The same probably applies to many embedded devices and stuff like chromecasts (although I do now know for sure which). You seem to be using the terms GNU/Linux and Linux interchangeably but there is a difference, especially when you specify GNU/Linux which generally implies you're not considering Android & co.

27 minutes ago, Jito463 said:

Routers can run linux, but can often have a proprietary OS written just for their hardware, while switches don't need an OS unless they're managed.  Playstations don't run Linux, you're thinking of the people who hacked them to install Linux onto it.  As for Pi, it can run Linux, but doesn't have to.  You can run Windows on them, too.

Very few manufacturers bother writing their own kernel when they can just grab Linux or FreeBSD. Playstations in particular use BSD, that's true.

 

As for raspberry pis, let's be honest here, nobody in their right mind used windows on those. why would you? windows IOT has none of the benefits and all of the flaws of the desktop version. Unless you have some very specific infrastructure needs (in which case heaven have mercy on your soul) then it makes no sense. Still, even assuming they all run linux I don't think their numbers are high enough to buff up linux adoption figures significantly.

 

As for embedded devices in general, I don't think we can assume the majority runs Linux without some data - if only because BSD is a thing and for very minimal projects it is often better (since it is a microkernel). I would be willing to wager most of them DON'T run the GNU userland though.

28 minutes ago, Jito463 said:

*EDIT*
Also, running the Linux kernel =/= running Linux.  We were talking about the desktop here, after all.

As I explained above, this statement is incorrect - what you mean is

Linux kernel != running GNU/Linux

If you run the Linux kernel you're running Linux by definition, but not necessarily the GNU userland.

 

As for  "the point", both @LAwLz and @tom_w141 are wrong - it's not true that adoption is the only reason GNU/Linux is less prone to viruses than windows, but you also can't say that it doesn't play a role at all because of embedded devices and smartphones. Windows is flawed to the core in many ways and is intrinsecally vulnerable in a way unix-based and unix-like systems are not - just the use of software repositories is already a signficant security improvement (and that is why microsoft is pushing the store so hard, even though the implementation is terrible). Of course, no system is completely secure and exploits for linux and mac are found regularly, but even if GNU/Linux has the same marketshare that windows has now it would be less vulnerable than windows is now. Regardless, if it were the most diffused OS you can bet your butt that you'd need an antivirus to be reasonably safe.

[ScratchCat]

2 hours ago, Nuluvius said:

What was your first clue that extensions extended functionality?

In what way do Java or JavaScript install extensions? They are programming languages... 

1)

2) Apologies for being ambiguous, the Oracle Java extension is added to Internet explorer when you install Java. I'm not sure if this still takes place as I haven't used IE or Java for years.

[LAwLz]

4 hours ago, Jito463 said:

So, you don't have any evidence to support your claim.  Thanks for clarifying.

Sure, if you dismiss the entire phone category then no I do not have any evidence. I don't think it is fair to dismiss evidence like that though for arbitrary reasons. Should I dismiss all Windows laptops because "well, I think only custom built machines should count"?

It's very easy to manipulate market shares if you start excluding some categories.

 

 

4 hours ago, Jito463 said:

Routers can run linux, but can often have a proprietary OS written just for their hardware, while switches don't need an OS unless they're managed.  Playstations don't run Linux, you're thinking of the people who hacked them to install Linux onto it.  As for Pi, it can run Linux, but doesn't have to.  You can run Windows on them, too.

Do you have a source on how often routers runs a proprietary OS? I only have anecdotal evidence to go by here but I'd say about 80% of all router models I have looked at runs a GNU/Linux based distro.

 

Whether or not a switch needs an OS or not depends on where you draw the line between OS and firmware. The fact of the matter is that it needs some software to work, and that software is often based on Linux. Again, I sadly don't have any statistics for this since nobody has compiled that, but if you just go to a networking equipment manufacturer website you will find that even a lot of basic products runs Linux.

Here is a powerline kit from TL-Link that runs Linux for example. They have a link for their GPL code on the product page so it is easy to just download and check it out for yourself if you for some reason don't believe me. I don't have the kit so I can't check, but since there are no download links my guess is that the firmware/OS is saved on a ROM just like in unmanaged switches.

 

And yes you're right, Playstation runs BSD, not GNU/Linux. I probably got confused because of people flashing them like you said.

 

 

4 hours ago, Denis Rakhmanov said:

I haven't found any proof that linux is more used on the servers either.

Two major keywords you missed in those graphs.

The first is for on-premise servers (not all servers) and since AD is so popular it is not a surprise that Windows is dominant there.

The second graph is for Azure servers, which is Microsoft's cloud service. It really should not come as a surprise that Microsoft's service which did not even support GNU/Linux until fairly recently has a bigger amount of Windows servers. Especially not when they are also pushing Azure AD very aggressively.

 

It's very hard to measure how many servers runs an OS (same IP can be multiple machines, and several IPs can be one machine) but W3Techs puts GNU/Linux at 35.9% and Windows at 32.3%.

W3Cook however put it at 96.6% GNU/Linux and 1.7% Windows. So things varies a lot depending on what you are looking at. I do however think only looking at on-premise or only at Azure servers is a very bad idea because that ends up excluding the vast majority of servers. For example you end up excluding all data centers except Microsofts, and I shouldn't have to tell you why that will skew the results.

[LAwLz]

36 minutes ago, Sauron said:

Technically Android is not GNU/Linux, although it is based on the Linux kernel. Yes, kernel exploits work on it too, but that's about it - without the GNU userland almost any vulnerability that is found in a GNU/Linux distro outside of the kernel cannot be applied to Android and vice-versa. The same probably applies to many embedded devices and stuff like chromecasts (although I do now know for sure which). You seem to be using the terms GNU/Linux and Linux interchangeably but there is a difference, especially when you specify GNU/Linux which generally implies you're not considering Android & co.

I am not using GNU/Linux and Linux interchangeably. I have been careful to use the right phrase at the right time in this conversation (although I might have slipped up once or twice).

For example I have at several points specifically clarified that I am talking about the kernel only and at those times I have said Linux.

 

36 minutes ago, Sauron said:

As for embedded devices in general, I don't think we can assume the majority runs Linux without some data - if only because BSD is a thing and for very minimal projects it is often better (since it is a microkernel). I would be willing to wager most of them DON'T run the GNU userland though.

I agree, but I think it is pretty safe to say that more of them runs Linux than Windows, which has been my point from the start. That saying that more computers runs Windows than Linux is not correct.

 

36 minutes ago, Sauron said:

As for  "the point", both @LAwLz and @tom_w141 are wrong - it's not true that adoption is the only reason GNU/Linux is less prone to viruses than windows, but you also can't say that it doesn't play a role at all because of embedded devices and smartphones. Windows is flawed to the core in many ways and is intrinsecally vulnerable in a way unix-based and unix-like systems are not - just the use of software repositories is already a signficant security improvement (and that is why microsoft is pushing the store so hard, even though the implementation is terrible). Of course, no system is completely secure and exploits for linux and mac are found regularly, but even if GNU/Linux has the same marketshare that windows has now it would be less vulnerable than windows is now. Regardless, if it were the most diffused OS you can bet your butt that you'd need an antivirus to be reasonably safe.

I don't see how I am wrong. Nothing you said disagrees with anything I have said. In fact, this entire block of text completely agrees with what I have said earlier in the thread. I completely agree with you.

Hell, I even said that if GNU/Linux would gain a bigger market share then the number of successful attacks against it would go up.

I agree with you 100% on everything you said.

[Doobeedoo]

Well cool, even thoug it's not the full suite. 

Common sense definitely, though I have ESET along Mbam too