Security Tools

I've been told several times that the reason Linux doesn't need an AV or a Firewall is because the user base is much smaller than Windows so it's not worth a hackers trouble. That may be true now but that is soon going to change, in fact it's already started.

Most Win 10 users will come to Linux I suspect cause what else is there? When they do they are no going to be happy about their AV, actually lack of AV, until someone points them to the Software app. Then they see this:

Screenshot from 2025-07-12 12-28-59857×368 22.1 KB

No longer maintained. Not a good look.
Firewall? If you even have one you likely have to turn it on. Windows users coming to Zorin OS will likely take those things for granted, as I did. I'm not dissing Zorin or Linux. I hope Zorin OS keeps getting those new users and growing and this is just my 2 cents to try and help make that happen.

While I don't necessarily disagree with your general view of Linux needing some more user-friendly security tools, Ive gotta push back a fair bit on this statement. When you say what else is there, the vast majority will just continue on and use windows 11.

I'd love for more to transition, and I would welcome more users with open arms. But the vast majority will be told to buy a new computer, and buy a new computer they will do.

The main thing I hope for is that, the select few that run Linux daily and have some family members about to throw out a perfectly good computer. Just maybe show them a distro that they could use (Zorin, Mint, whatever) and MAYBE we can get a few users here and there that way.

Oh and I do believe that the firewall should be enabled by default. Yes it causes issues here and there, but for Zorins specific use case, id say it'd do more good than harm.

I haven't personally tried it, but I've heard good things about Portmaster if you want a configurable, not especially difficult firewall. .deb and RPM available. Safing Portmaster - Free Download

ClamAV is the usually recommended antivirus for Linux. Virustotal is not an antivrus, unless some small time antivirus had the same name--Virustotal is a service for security developers primarily, for submitting suspicious files and sharing hashes to make finding them easier. (VirusTotal)

Personally, I firewall at the router rather than the PC, have no inbound port forwarding set up, and use VLANs to separate my main computers from devices most likely to get dodgy, like IoT. This largely obviates the need for a firewall on my main computers and saves hassles. That said, it requires network devices capable of supporting VLANs, which tend to be more expensive and VLANs can be confusing to implement. For many people, firewalls at the PC level are the right choice.

That is not the only reason. While Linux is not impenetrable, it has a few security mechanisms like file system-level permissions that work right out of the box. This alone goes a long way in protecting the overall system.

Package management has also been a better way of installing software that Linux has been using since at least the 90's. Windows now does this as well, but until not too long ago, people just got their software from wherever they could find it: sketchy sites that embedded all sorts of junk in the binaries; random seeders on eMule; even open air markets on the street that offered cracked software and games...

Most Linux users also tend to be more tech savvy, making them more wary of all these little gotchas. And when downloading stuff online, there are usually ways to verify the integrity of what you downloaded. This alone goes a very long way to verify that you're getting what you want.

Managing expectations is an important part of any product's success.

The #1 reason that I see people getting frustated when stepping out of Windows... is that things are not exactly like they are used to. But that should be no surprise: Linux is not Windows, and Windows is not Linux. One has to have an open mind and realize that there's going to be a bit of a learning curve.

When I first used MacOS after all my life using only Windows, I hated it. Despite having so many awards and being praised for their UX/UI design and whatnot. I wasn't comfortable with it... because it was not the Windows that I knew and loved.
The same thing happened when I first used Linux. I hated it. I absolutely despised it. I couldn't even get Chrome installed. "What a piece of junk, why can't it be like Windows?", I thought.

You see, the problem was never MacOS, Linux or Windows. It was me. I was locked-in in how things were supposed to work and couldn't accept a different way of doing them. Over time, however, I started having those "aha!" moments. The more I understood, the more productive I became.

And, guess what? A couple of years ago a friend of mine asked me for help to set up something in her Windows 11 machine (which I had barely used)... and I hated it! The interface looked nice and pretty, but I didn't understand it anymore. Everything has changed so much, that I struggled doing things that I took me seconds with Windows 7... or now in Linux.

So, back to firewalls and anti-viruses... I understand what you mean, but you can't have it both ways.

People are going to expect everything to work out of the box: like multi-player games, network printers, or apps like Zorin Connect. But a lot of these things are not going to work with a firewall enabled.
We could argue which is better: firewall on/off by default. Which is to say you either have convenience, or you have security; a very common fork in the road when it comes to security. No matter what you choose, I guarantee someone is going to complain out of lack of understanding.

Personally, I would prefer to have it enabled by default. But the truth is that it won't make a big difference to most casual users at home, who are more likely to turn it off entirely anyway at the first sign of trouble.

As for anti-viruses... I've come to realize that this expectation that a computer has to have an anti-virus is fundamentally flawed, and damaging. For one, these are for-profit companies, that have been caught stealing user data and installing malware on the device they were supposed to protect before.

The best anti-virus? Exercise caution and common sense. For example, you can run ClamAV on downloaded files or check them against VirusTotal as suggested above.

I have, and I'm sure it has improved a lot ever since I did a few years ago, but I did run into a lot of trouble with it. It did work, but it kept messing with my network settings and I'd often boot to a computer with no network access. But like I said, I'm sure it has improved since then.

You would be better off with no AV than to offer one 2 years without even a definition update, or any update of any kind. What's the point? If we don't need an AV I'm happy with that but it's a mixed message including one if it's not needed. But an AV 2 years out of date I just don't understand the point of it.

The package version is not related to the Database of virus checks.
That is checked routinely, via a network connection.

That being said; in this case, the application you point toward is no longer maintained.
This can happen with any application which the maintainer ceases to maintain, for whatever reason.

When I attended the local LUG I was told the real benefit of ClamAV was for scanning emails, in order to prevent you from forwarding one to a friend that contained a virus and they were still running Windows. Viruses are not the only threat, rootkits are aimed at all platforms, and so you need to download rkhunter and chkrootkit apps via Synaptic Package Manager. Just to be clear, both these apps run in the terminal and they first take a snapshot of everything on the system and check for any potential malfeasance. The first snapshot becomes the basis of a clean system. Once you install additional applications you may be presented with a false positive because the newly installed application did not exist in the baseline snapshot. However, there is apparently a new threat on the block named 'curing'. Most rootkits use Sys calls to infect a machine, but 'curing' bypasses the need for using Sys calls so can infect a machine undetected. It will be interesting to see how this development gets addressed.

Additionally you should also implement spam protection tools for your email client. In GNU/Linux these are 'bogofilter' and 'spamassassin'.

I'm not saying that an anti-virus cannot be useful, but I'm saying that you do not need to have one if you take other precautions. By the way, what app is the one from your screenshot? I cannot find it.

@zenzen

image1755×774 96.8 KB

Looking at VirusTotal's website, they don't provide a specific tool for (GNU/)Linux. What made me smile is that they stopped providing a tool for Windows back in 2017!

They state that the MacOSX version can be recompiled as it uses Qt libraries.

There is also a third party version for Linux listed at the bottom of the page:

Firstly: When You want to use Virustotal, simply use their Website. The site is a bit Capcha heavy but besides that, do the Job:

Form Your Screenshot, I guess this is ClamTK. This is a bit ... a Thing. The Developer quitted the Development because of ... personal Circumstances and because he had the Opinion that it was a not well Program. It is sad I think. It might be not the best programmed Software but is was okay and usable in my Opinion.

From the Github Page, You can still download the lasted Version 6.18.

@zenzen
That was on the download page of ClamTk in the software store.

Oh, I see. Just to be clear, the actual antivirus is ClamAV while ClamTk is (or was) a separate project that provided a graphical interface for it.

I'm not aware of any alternative to have that frontend, however, so there goes the user-friendliness. I've only used it on a terminal command myself.

You're saying the Developer quit because he thought it sucked?

I searched for ClamAV but it only offered ClamTk. So I assumed the AV it's self was 2 years out of date. That would have been a good thing to know right away lol.

That is how the developers own words seem to present it. While it may be humbly worded, it kind of sounded... depressed.
It made me feel sad reading it, though the responding comments were very uplifting.
Sometimes, a person may not realize how strongly a little self depreciation comes across as, and how strongly others will react to it.