Placebo for Tux: testing antiviruses for Linux. Let's try a test virus. Kaspersky ultrasonic scanner for Linux. percent of web servers run on Linux. Friendly or hostile detection Supported operating systems

For servers and workstations

So far, much less malware has been created for Linux than for other platforms, but the number of such threats is growing inexorably: more than 100,000 such malicious files are registered in Kaspersky Lab databases.

Kaspersky Endpoint Security for Linux provides multi-level protection for servers and workstations managed by Linux-based operating systems. Despite the high level of security, the application has virtually no impact on performance.

Kaspersky Endpoint Security for Linux is available in a range of products, including the Kaspersky Security for Business line of products. This application provides reliable protection for mixed, multi-platform IT environments.

Advanced technologies included in Kaspersky Endpoint Security for Linux allow you to:

• Avoid redundant verification and protect valuable data and business applications
• Detect and block new, as yet unknown threats
• Achieve optimal security with minimal impact on other applications and overall system performance

FUNCTIONS AND BENEFITS

• Convenience and efficiency through centralized management

  Installation and administration of Kaspersky Endpoint Security for Linux is carried out using a single console, Kaspersky Security Center, which saves you time and resources. You can set up group or individual tasks and policies for Linux desktops, adjust system scan settings and perform other actions from the same console that manages Kaspersky Lab products for various platforms, including Windows, Mac OS and Android.

  • Easy installation and upgrade of kernel components

    The application installation process on x86 and x64 platforms takes several minutes and requires the use of only one package. No additional compatibility packs are required for workstations and servers on x64 platforms. There is also no need to reinstall or reconfigure the solution when updating kernel components - reliable protection against malware operates without the need for any action on the part of the administrator.

  • Flexible scan settings

    You can effectively configure Linux protection in your company using the universal Kaspersky Security Center console to create group tasks and policies. Import/export capabilities allow you to replicate settings and policies across different environments without using Kaspersky Security Center.

  • Quick response to alerts

    If something unusual happens on a workstation or server, the protection status in the Kaspersky Security Center application and console changes, and an email alert is sent to the administrator.

    You can track your operation history by viewing event logs in Kaspersky Security Center and using flexible tools and filters to search large volumes of data.

    Kaspersky Endpoint Security for Linux is integrated with syslog, which allows you to transfer incident data to an event correlation SIEM system or other solution.

  • Control network access from a single console

    With Kaspersky Endpoint Security for Linux, you can manage the settings of the built-in firewall of the Linux OS: create rules for the firewall, network activity logs, and security incident reports in a single management console, Kaspersky Security Center. It also allows you to apply network policy to all nodes on the corporate network.

  High performance of physical and virtual machines

  Kaspersky Endpoint Security for Linux has minimal impact on the operation of other programs and overall system performance. The graphical user interface is optimized for Linux, which, together with improved command line management capabilities, makes task execution and daily reporting easier.

  • Load balancing at the kernel level

    Reallocation of system resources (in case of low or very high load) and optimized scanning technology with the ability to exclude trusted processes from it can improve overall performance and reduce system requirements. High performance of Kaspersky Endpoint Security for Linux is ensured by using fanotify technology (an internal kernel object) to scan files upon access.

    The check can be performed in the background when the server software is updated, which helps reduce server downtime.

  • Avoiding unnecessary resource consumption

    Kaspersky Endpoint Security for Linux optimizes the use of resources when scanning (on demand and on a schedule) local hard drives, media media, file sharing systems and distributed file systems.

    A wide range of settings allows you to provide a high level of protection without sacrificing performance. In particular, you can:

    • Set file scanning on a schedule - for unprivileged users
    • Configure anti-malware protection level
    • Specify exceptions to check

    Kaspersky Endpoint Security for Linux monitors the security of network shared folders and automatically scans files as they change, optimizing the use of resources.

  Reliable protection against modern cyber threats

  Kaspersky Endpoint Security for Linux delivers world-class protection that regularly wins independent benchmarking tests and leverages extensive expertise, big threat intelligence, and machine learning technologies. Multi-level protection allows you to detect known and complex threats, including in memory and the boot sector of the disk.

  The global cloud-based threat intelligence system Kaspersky Security Network (KSN) provides real-time detection and rapid response to known, unknown and advanced threats to Linux and other operating systems with minimal false positives and workflow disruption.

  • Real-time protection against zero-day threats

    Millions of Kaspersky Lab customers around the world voluntarily provide anonymized threat information from their devices, which is then processed by Kaspersky Security Network (KSN). This cloud-based reputation database collects and stores massive amounts of metadata from suspicious files, allowing it to quickly and accurately determine the safety of objects without detailed content analysis. This mechanism makes it possible to protect against unknown threats.

    Thus, even in the event of a zero-day attack, when information about the threat on the protected machine is not yet available, Kaspersky Endpoint Security for Linux interacts with KSN to stop the threat. Thanks to the use of the cloud, the response time is approximately 0.02 seconds, which provides an additional level of security for *nix systems.

    Although all information processed by KSN is completely anonymized and is not tied to the data source in any way, Kaspersky Lab understands that due to compliance requirements or corporate security policies, some organizations prefer to keep their data within the corporate network perimeter. Kaspersky Private Security Network allows such companies to comply with this condition and at the same time take advantage of all the benefits of KSN. KPSN can be placed both on the organization’s own network and on the network of its provider.

  • Ransomware Protection

    In 2017, we discovered 38 new families and more than 96,000 modifications of ransomware. Kaspersky Lab was one of the first to include specialized protection of end devices against such threats in its applications. While servers are rarely directly attacked by ransomware, they regularly suffer from remotely launched encryption of data on shared folders.

    Kaspersky Endpoint Security for Linux includes a unique anti-encryption mechanism that can block attempts to encrypt files in shared folders from another host on the same network that is infected with malware. This system constantly monitors the status of files in shared folders. When an encryption attempt is detected, it blocks access to the server for the machine acting as the source of the attack, stopping the encryption process and preventing the loss of corporate data.

  • Regulatory Compliance

    For any company, the safety of confidential data is important. Kaspersky Endpoint Security for Linux protects them and helps organizations comply with regulations such as PCI DSS and SWIFT. File Integrity Monitoring helps ensure the security of system files, logs, and critical applications by tracking any unauthorized changes to critical files and directories.

    • 1 GB of free hard disk space for installation, storage of temporary files and log files.
    • Internet connection to activate the application and update databases and program modules
    • Intel Core 2 Duo processor 1.86 GHz or higher
    • RAM: 1 GB for 32-bit OS (2 GB for 64-bit OS)
    • Swap file at least 1 GB

  • Supported Operating Systems

    • CentOS-6.9 x86/x64
    • Debian GNU/Linux 8.9 x86 / x64 and higher
    • Red Hat® Enterprise Linux® 7.4 x64 and higher
    • Ubuntu Server 16.04 LTS x64 and higher
    • openSUSE® 42.3 and higher

  • Software Requirements

    • Perl interpreter version 5.10 and higher (see www.perl.org)
    • Installed Which utility
    • Installed packages for compiling programs (gcc, binutils, glibc, glibc-devel, make, ld), as well as installed operating system kernel source code for compiling Kaspersky Endpoint Security 10 for Linux modules on operating systems that do not support the fanotify kernel module.
    • Kaspersky Endpoint Security for Linux is compatible with Kaspersky Security Center. For the Kaspersky Endpoint Security for Linux administration plugin to work correctly, you must install the Microsoft Visual C++ 2015 Redistributable Update 3 RC redistributable component (see https://www.microsoft.com/ru-ru/download/details.aspx?id=52685).

• Tutorial

In recent months I have been plagued by problems with viruses on my file servers. Either Nod32 blocks subdomains, or Kaspersky blacklists the site. This does not make me happy and I decided to set up some kind of antivirus.

Clam AntiVirus is already installed and configured on all servers. I used it several years ago, but unfortunately it does not always find viruses of the Trojan-SMS.J2ME class.

After examining the Google results, I really couldn’t find anything.

Once again contacting Kaspersky support with a request to remove the site from the list of suspicious ones, I came across a fad kaspersky for linux file server. So I decided to test it.

A trip to Google for help in installing and configuring this antivirus also did not yield results. All results lead to the Kaspersky support site.

Has no one installed their distribution on their file servers? Maybe there are some other solutions?

The answers to these questions will remain a mystery to me. I settled on the above product and decided to test it.

We request a test license file on the technical support website. The answer comes in a few hours.

Let's start installation

# dpkg -i kav4fs_8.0.1-145_i386.deb dpkg: error processing kav4fs_8.0.1-145_i386.deb (--install): package architecture (i386) does not match system (amd64) Errors were encountered while processing: kav4fs_8.0.1- 145_i386.deb

Oops. We have amd64. But Kaspersky doesn’t have any other distributions. Google doesn't respond either.

#dpkg -i --force-architecture kav4fs_8.0.1-145_i386.deb (Reading database ... 38907 files and directories currently installed.) Unpacking kav4fs (from kav4fs_8.0.1-145_i386.deb) ... Setting up kav4fs (8.0 .1-145) ... Starting Kaspersky Lab Framework Supervisor: kav4fs-supervisor. Kaspersky Anti-Virus for Linux File Server has been installed successfully, but it must be properly configured before using. Please run /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl script manually to configure it.

It's a blast :). Let's try to configure it.

# /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl Kaspersky Anti-Virus for Linux File Server version 8.0.1.145/RELEASE Installing the license The key file (a file with the .key extension) contains information about your license. You need to install it to use the application. To install it now, enter the path to your key file (or enter an empty string to continue without installing the key file): /xxx/xxx.key The license from /xxx/xxx.key has been installed. Configuring the proxy settings to connect to the updates source If you use an HTTP proxy server to access the Internet, you need to specify its address to allow the application to connect to the updates source. Please enter the address of your HTTP proxy server in one of the following formats: proxyIP:port or user: :port. If you don"t have or need a proxy server to access the Internet, enter "no" here, or enter "skip" to use current settings without changes. : Downloading the latest application databases The latest databases are an essential part of your server protection. Would you like to download the latest databases now? (If you answer "yes", make sure you are connected to the Internet): : nabling scheduled updates of the application databases Would you like to enable scheduled updates [N]: Setting up the kernel-level real-time protection Would you like to compile the kernel-level real-time protection module? : no Would you like to disable the real-time protection? : yes Warning: The real-time protection is DISABLED. Error: The kernel-level real-time protection module is not compiled. To manually recompile the kernel-level real-time protection module, start /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --build[=PATH] . Setting up the Samba server real-time protection Error: The installer couldn't find a Samba server on your computer. Either it is not installed, or is installed to an unknown location. If the Samba server is installed, specify the server installation details and enter "yes". Otherwise, enter "no" (the Samba server configuration step will be interrupted): : You can configure Samba server protection later by running the initial configuration script again by executing /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl -- samba The real-time protection of Samba server was not setup. You can run the initial configuration script again by executing /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --samba Setting up the Web Management Console Warning: Password file not found, Kaspersky Web Management Console will not be started until correct password is set! Would you like to set password for Kaspersky Web Management Console? : Starting Kaspersky Web Management Console: kav4fs-wmconsole: password file not found! failed! You can change password for Kaspersky Web Management Console by executing /opt/kaspersky/kav4fs/bin/kav4fs-wmconsole-passwd Starting the real-time protection task The task has been started, runtime ID: 1341314367.

Real-time protection doesn't seem to interest me at all. I only need to check the specified file and get the result of the check.

• Anti-virus engine version 8.0
  The new anti-virus engine provides effective protection against malware and other computer threats. The application prevents virus outbreaks and effectively protects information without preventing users from accessing it.
• Real-time verification
  Files are scanned in real time as they are opened, copied, executed, and saved. The application ensures that IT threats are detected and neutralized every time the file system is accessed.
• On-demand scan
  Kaspersky Endpoint Security for Linux allows you to perform anti-virus scanning of specified areas of the system on demand and on a schedule. Other scanning methods include an enhanced heuristic analyzer that improves malware detection rates by proactively detecting previously unknown threats.
• Frequent updates of anti-virus databases
  Both regular and emergency updates of anti-virus databases are carried out automatically. This allows you to maintain a high level of malware detection and provide high-quality protection not only for workstations, but also for the corporate IT infrastructure as a whole.

Performance optimization

• High performance with minimal impact on system operation
  The new anti-virus engine allows not only to increase the level of threat detection, but also to significantly increase the speed of scanning and optimize resource consumption. As a result, the application has minimal impact on the operation of other programs and overall system performance.
• New application architecture
  Kaspersky Endpoint Security for Linux uses a completely new component architecture that ensures application stability and high performance.
• Optimizing CPU Resource Usage
  The latest version of the application has significantly reduced the consumption of system resources (processor power and disk space), and also reduced the frequency of access to the hard drive.

Centralized management

• Remote Deployment
  The centralized management tool Kaspersky Administration Kit allows you to install applications to protect network nodes and manage their operation both locally and remotely.
• Workstation protection management
  Different policies and tasks can be applied to any group of workstations. This allows system administrators to flexibly configure the operation of Kaspersky Endpoint Security for Linux at the level of groups of computers or individual machines.
• Automatic update
  Anti-virus databases and software modules can be updated on demand or automatically according to a schedule. The application has a new feature that allows you to use the Administration Server as a source of updates, and the Network Agent as a means of distributing them.
• Support for centralized quarantine and backup storage
  Kaspersky Endpoint Security for Linux not only places infected and suspicious files in quarantine and backup storage, but also provides information about this to the Administration Server. This allows the security system administrator to use Kaspersky Administration Kit to take the necessary measures in the event of incidents.

Linux computers are increasingly being connected to Windows computers, so they too must have antivirus protection. The German independent laboratory AV-Test tested 16 antiviruses on the Ubuntu platform, where they resisted threats to Windows and Linux. The results for some products were dismal: Some solutions missed 85 percent of Windows malware and failed to detect up to 75 percent of Linux threats.

The Linux world is largely considered a safe fortress from malware, including various types of Trojans. However, many Linux machines share the same network with Windows computers. More than half of the world's web servers run on Linux, and they serve billions of Internet users. This is why web servers are an attractive target for cybercriminals, who can use the platform as a springboard to launch malicious attacks on Windows.

50 percent of web servers run on Linux

16 antiviruses for Linux were tested: The distribution of Linux protection is very small, but for half of the web servers in the world, protection is vital

A successful attack usually does not affect the system or kernel. Instead, it focuses on applications running on Linux computers or web servers. These platforms are easier to hack and use as a means of replication. The main hacking attacks are carried out on web servers using SQL injections or cross-site scripting. However, Linux computers are also an attractive target because they also run applications with vulnerabilities, such as the Firefox browser or Adobe Reader.

Once successfully infiltrated into a system, malware rarely causes damage to a Linux system, but only waits to connect to a Windows system. To initiate an attack, it is usually sufficient to copy files from the Linux environment to WIndows.

Recently, there has been an increase in the number of Trojans targeting Linux environments. They are generally not of high quality because attackers are aware of the good defense mechanisms that Linux offers. Threats rather rely on the “ambivalence” of the user, who unwittingly encourages malware through operational errors. The most common case is installing software or updates using third-party packages. During installation, the user is typically prompted for temporary access to full rights. If the user allows access, important system components are replaced with modified versions. All this allows a cybercriminal to create a backdoor in the system and use it for botnet attacks.

Clear detection level deficiencies identified

Antivirus detection rate for Linux: Serious detection level deficiencies have been identified in desktop and web server solutions

The AV-TEST laboratory tested 16 antivirus solutions for Linux. Most of the products were designed to protect computers, while the rest offered protection for web servers. The Ubuntu distribution was used as a test environment, as the most common Linux package. The tests used the 64-bit version 12.04 LTS. The testing program included Linux protection from Avast, AVG, Bitdefender, ClamAV, Comodo, Dr. Web, eScan, ESET, F-Prot, F-Secure, G Data, Kaspersky Lab (two versions), McAfee, Sophos and Symantec. The test was divided into three parts: Windows threat detection, Linux threat detection, and false positive testing.

ESET NOD32 Antivirus for Linux computers: The PC version demonstrated the best malware detection performance for Windows and Linux

Kaspersky Antivirus for Linux file servers: This server solution reliably protects Windows and Linux data

Sophos for Linux: this solution for computers has shown high efficiency in detecting threats and can be used for free in the basic version

Windows malware detection

Just 8 of the 16 products tested were able to detect between 99.7 and 99.9 percent of threats out of 12,000 test samples. Among them: Avast, F-Secure, Bitdefender, ESET, eScan, G Data, Kaspersky Lab (server version) and Sophos. Only Symantec's antivirus solution was able to demonstrate a 100 percent detection rate.

The detection levels of McAfee and Comodo turned out to be noticeably weaker - 85.1 and 83 percent, respectively. The results of Dr. are alarming. Web - 67.8%, F-Prot - 22.1% and ClamAV - only 15.3%!

Linux Malware Detection

An increasing number of insidious malware programs are being developed for Linux or are already in circulation. The laboratory deployed 900 known malicious threats for Linux on a test system. The test results differ significantly from detection levels on Windows. Only Kaspersky Endpoint was able to achieve a 100% detection rate for Linux. ESET and AVG were very close behind - 99.7 and 99 percent, respectively. The server versions of Kaspersky Lab and Avast were actually able to detect more than 98 percent of the malware. Symantec, which showed the best result in detecting Windows threats, blocked only 97.2 percent of Linux malware. And then the serious decline begins.

At the very bottom of the list are ClamAV, McAfee, Comodo and F-Prot. Their detection rates vary widely, from 66.1 to 23 percent. This means that in the worst case, 77 out of 100 malware could remain undetected on a Linux system, despite active protection.

Friendly or enemy detection?

As an additional test segment, the lab tested antivirus responses to 210,000 trusted, secure Linux files. Thus, all tested products were checked for false positives. The result was stellar: only Comodo generated one false positive per file, all other solutions avoided errors.

Linux is generally secure, isn't it?

Most Linux users believe that they are using one of the most secure operating systems. This statement is really true if you use only system capabilities and ignore everything else. Unsafe third-party applications or user errors can turn Linux computers into a breeding ground for threats. This is also confirmed by the latest research from Kaspersky Lab. in the first quarter of 2015: more than 12,700 attacks were launched using botnets based on Linux systems. In comparison, 10,300 botnet attacks were deployed on Windows. Moreover, the life cycle of Linux-based botnets is longer than those on the Windows platform. This is due to the difficulties of detecting and neutralizing malicious networks, because... Linux servers are rarely equipped with special security solutions, unlike Windows devices and servers.

Many Linux forums recommend free products from Comodo, ClamAV and F-Prot for private users. As we can see, this is not very good advice. The test shows that private users will be better protected when choosing the free versions of Sophos for Linux or Bitdefender Antivirus Scanner for *nix. For server systems, there is an effective free solution in the form of AVG Server Edition for Linux.

In this AV-Test, the best threat detection levels for Linux and Windows were shown by ESET, as well as Symantec and Kaspersky Endpoint for workstations. To protect servers, Kaspersky Anti-Virus for Linux File Servers, AVG Server Edition for Linux and Avast File Server Security are recommended.

Does Linux need an antivirus? This question worries many new users and causes discussions among experienced ones. I recently wrote an article, from which we learned that Linux is not afraid of viruses as Windows users know them. Here, undesirable consequences can be caused mainly by inattention and incorrect actions of the user. For example, phishing sites, running dangerous commands with root rights, as well as external hacker attacks.

Linux has completely different security measures. These are firewalls, setting the correct access rights, anonymization, timely system updates and, as a last resort, container virtualization of processes. But regular antiviruses for Linux may be needed when you often deal with Windows machines. All antiviruses for Linux are designed primarily to detect Windows viruses, so you can scan flash drives from Windows, as well as the Windows file system if two operating systems are installed on your computer.

Whether or not to install an antivirus depends on your needs. In this article we will look at the best antiviruses for Linux, for those who still decide to install it.

According to testing by the German laboratory AV-Test, finally 2015, this is the best antivirus for Linux. It detected 99.8% of Windows threats and 99.7% of Linux viruses. I’ll say right away that the program is paid. But if I decided to do not just the top antiviruses for Linux, but a review of the best products, then commercial solutions cannot be ruled out.

This is a full-fledged antivirus with functionality very similar to the Windows version. The following features are supported:

• Real-time protection
• File system scan
• Checking mail for viruses
• Scanning connected USB and CD devices
• Scanning programs before installation
• Automatic detection of potentially unwanted software
• Low CPU consumption and high performance
• A large number of settings
• Scan Schedule
• Sanitizing files on opening

A pretty good option that protects not only against Windows, but also against a few Linux viruses. You can download the demo version on the official website.

Kaspersky Anti-Virus for Linux Server 8

In second place according to the same test is Kaspersky Anti-Virus for Linux. The Windows version of this program has proven itself very well among users. The test results show that 99.8% of Windows threats and the same number of Linux threats were detected. Antivirus for Linux is also paid and is designed mainly for Linux servers. The following possibilities can be noted:

• New antivirus engine from Kaspersky Lab
• Checking files
• Malware quarantine
• Supports centralized management using Kaspersky Web Management Console
• Notification system
• Flexible scanning settings

AVG Server Edition 2013

AVG antivirus showed such results: 99.3% detection of Windows viruses and 99% Linux. Unlike the two previous options, AVG, in addition to the paid version, has a free version with slightly less functionality. The program does not have a graphical interface. This is a simple file system scanner with the ability to check opened files. Automatic database updates are also supported.

Avast!

This popular antivirus, which is so often recommended to both Windows and Linux users, is in fourth place. AV Test indicators are 99.7 for Windows threats and 98.3 for Linux viruses. It already has a graphical interface and is free. However, after installation you need to enter your data and wait for the key by email.

Possibilities:

• Scanning connected media
• File system scan
• Easy installation
• Database update
• Scanning open files

You can download the installation package for your system on the official website.

Symantec Endpoint

It detected 100% Windows viruses and 97.2 in the test. It is important to note that to install this antivirus you will need to rebuild the kernel with a special module - AutoProtect, it is needed for the program to work correctly. Antivirus for Linux scans the file system for viruses and spyware.

Possibilities:

• Java based GUI
• File System Monitor
• Scanner on demand
• Database updates are performed in a graphical interface
• Scanning must be done from the command line

Sophos Antivirus for Linux

Sophos supports both WEB and console interfaces; in addition to manual scanning, there is an automatic mode, and it is also free. Automatic scanning allows you to scan files when accessed, as well as schedule scans at specific times. According to the AV Test tests, Sophos shows the following indicators: 99.8% for Windows threats and 95% for Linux viruses.

Advantages:

• Free
• Search for unwanted software
• Console interface
• Easy installation
• Supports many distributions

Of the minuses, as you noticed, there is a slightly low percentage of virus detection for Linux, absence in official repositories, and also the lack of a normal graphical interface. Download link .

F-Secure Linux Security

According to test results, this antivirus detected an even lower percentage of Linux viruses - 85%, and 99.9% of Windows threats. The antivirus is also primarily focused on servers, scans the file system for viruses, has a FS monitoring function, and also checks email.

BitDefender Antivirus

This is an antivirus with a beautiful interface from the Romanian company Softwin. The first version was released in 2001. The antivirus includes modules such as antispyware, unwanted software scanner, firewall, vulnerability scanner, privacy control and backup tool. You can scan any file or directory, or update databases with the click of a button. But in the AV Test tests, BitDefender does not show very good results - 85.7% for Linux and 99.8% for Windows viruses.

You can download the trial version at.

Microworld eScan Antivirus

This is also a paid antivirus for Linux. Designed to protect both home computers and servers from viruses and spyware. Test data from eScan Antivirus is exactly the same as from BitDefender.

Program features:

• File system scan
• Heuristic analysis
• Scanning archives
• Scheduled check
• Automatic database updates
• Treatment of infected files
• Quarantine

Officially supported by Debain, Fedora, RedHat, OpenSUSE, Slackware and Ubuntu. You can download the trial version on the official website.

conclusions

Other products also took part in testing, including the free antivirus ClamAV. But we will not consider them in this article. All of them scored less than 80% in virus detection for Linux (Except DrWeb), ClamAV and F-Prot detected only 66 and 23 percent, respectively. Draw your own conclusions.

These were all the best antiviruses for Linux and now you know how to choose an antivirus. In general, whether or not to install an antivirus is only your choice. There are not that many viruses for Linux; if you are worried about infection, you can sometimes check the file system for viruses using some kind of scanner. Well, it is also advisable to do it from time to time