Why not Home Protection for Linux?

I made an account just now just to say that I think this is really dumb. Bitdefender protects Linux by way of the business endpoint solutions (i.e., GravityZone). Honestly considering changing to using that since the prices are fairly similar depending on your license needs.

What kills me is that Bitdefender makes the solution, but then can't be bothered to sell/offer it for home users because it's "too much work for the market share". All they have to do is offer options for the major distros (Ubuntu/Debian, Fedora/RHEL, anything else that has a server and desktop version). I've used Bitdefender for years on my Windows and Android devices, but now that I'm starting to get into using Linux devices Bitdefender is becoming less appealing because it no longer meets my needs.

Please Bitdefender Home User team, Please re-issue a Bitdefender AV for Linux home user.

I have been working with several people this past year (12/2023), installing and fine tuning Linux (Ubuntu, Mint, Zorin). And the only AV product for home user, which is still alive, and is NOT a Command line terminal product, is ClamAV & Clam-TK.

I would love to have a Bitdefender for Linux home user. It does not even have to be free, just reasonably priced for the home user (not a business end-point product).

(I will also post this to the referred link for 'product features and ideation.)

I would advise anyone looking for a desktop Linux antivirus solution to check out Dr. Web or eScan. These are the only two companies that seem to care about supporting the Linux desktop community. I have used both of them on Linux and both are excellent. (They are both certainly much better than clam.)

Dr. Web has the convenience of a web portal where a user can add or suspend licenses at any time without having to pay for a whole year up front. It's very convenient. You just keep funds in your Dr. Web online account, and they deduct a certain amount each day depending on the number of licenses that you have active. Of course, they also have products for Windows, Mac, Android that can be managed through the same web portal. The web site is a bit confusing as they also have a standalone product that can be purchased with the more traditional one or two-year license. Just look for the tab or option that says 'Subscriptions' and that should put you on the right track. The only thing that might give someone pause about Dr. Web at the current time is that it's a Russian product, and the government may decide to ban it like they recently did with Kaspersky. drweb dot com is the web site.

eScan is also good value for Linux. The price is usually $20 per year for Linux desktop protection, and the software has quite a few options. There is no web management portal like Dr. Web, so you have to purchase a separate license for each machine directly from the web site. eScan is produced by an Indian company named Microworld, but they do have offices in the U.S. They also have products for Windows, Mac, and Android as well, and they are a Microsoft Partner company. The Android version didn't seem to be as polished as the Linux and Window versions, but it was certainly functional. escanav dot com is the web site.

I have tested both products on Linux machines and the real-time components of both have actually alerted me to actual threats on Linux, although they have all been relatively minor risks. Dr. Web seems to be the better value in terms of cost because they give free mobile protection for one device for each desktop device license. So basically, Android protection is free for an equal number of devices as the number of desktops.

I have really gotten tired of the same old answer from the major antivirus companies about not wanting to support Linux on the desktop, especially when Linux desktop systems continue to grow. I certainly hope that since Bitdefender does not want to be bothered with Linux customers that they will allow this message to remain for customers that are genuinely searching for Linux malware solutions.

As a follow up to the comments on my previous post regarding Dr. Web and eScan:

The eScan package engine is indeed based on the Bitdefender engine and databases, so that could certainly be a selling point if you're looking for something with similar performance.

Dr. Web does not participate in the industry-recognized AV tests. They stopped participating several years ago, long before the current geo-political events. They stated that they don't believe the tests reflect real-world scenarios and that the tests are misleading. Take that for what you will. I can only say that I've had good results with Dr. Web on both Linux and Windows, and the protection appears to be at least on par with the lesser-used major antivirus products (e.g. McAfee, Trend Micro).

I can't really comment on the ransomware effectiveness because of I've never been a victim of ransomware. It may well not be as effective as other products, but it's certainly better than using clam or nothing at all when it comes to Linux systems. On Windows, there's always Windows Defender as a default.

I've been using Dr. Web on all of my devices for about three years with no problems. This includes two Linux desktops, one Windows desktop, and three Android devices. Still, I can understand people's apprehension with it being a Russian product during the current geo-political situation.

In terms of Dr. Web's Android product, I feel it is second to none, having more features than any of the Android products that I have previously used, including BitDefender. The anti-theft component is especially powerful, and I've even used it to recover my lost phone on one occasion. Something else that's worth mentioning is that Dr. Web actually detected and blocked an app on my phone that was automatically downloaded from the Google Play Store during an update. Apparently, the update for my home alarm system app was infected with spyware, and Dr. Web quarantined it. The following day Google released a second update for the same app that Dr. Web then reported to be okay.

Here is an article that was posted about that time documenting Dr. Web's detection of malware on Google Play:

https://techhq.com/2022/07/play-store-malware-adware-virus-data-privacy-scare-apps-android/

I feel that eScan is a certainly a comparable, or possibly even better, choice for the Windows and Linux desktop. But their Android version seems to be lacking and not nearly as effective as Dr. Web. This is one of the reasons that I continue to use Dr. Web. The convenience of having one source for all platforms that I can manage from the same web portal, without it costing an arm and a leg, makes it a simple choice for me.

That being said, if the other major antivirus companies cannot deign to cater to us Linux users, then they certainly have no room complain about the shortcomings of other Linux providers.

Cheers!

@Alexandru_BD I use Linux pretty much the same way I use(d) Windows: browse internet, access networked files, play games, do some programming.

I currently use ClamAV to do scheduled scans and it seems to do an okay job, but it does create some false positives. For example, I tried to install Camtasia using Bottles (didn't work) but Clam is identifying part of the official installation package as malware.

I'm of the opinion that with Linux being open source the need for some real-time scanning exists. Some popular packages had major security vulnerabilities recently. Also, with Android being susceptible to (and is infected with) malware (which is Linux based) there's a non-zero chance of malware existing for regular Linux distros.

Hi @Jovonne

Don't worry about it. Yes, there's a flood control setup on the forum to protect us from spammers/bots who may have the ability to post subsequently within a very short period of time. For example, the new threads/discussions allow a gap of 240 seconds between them. If one user posts multiple discussions within this timeframe, this is cosidered abnormal behavior and triggers a temporary spamblock, after which the user can resume posting.

Regarding comments on a thread, you can post maximum 3 comments within 90 seconds. If this threshold is exceeded, a spamblock of 3 minutes is enabled. This also supports our moderating efforts as we can better monitor the content that's being posted here, so our members don't get to see unwanted ads and irrelevant content.

Essentially, this setup together with other anti-spam layers prevents spam on the forum by limiting the number of discussions & comments that users can post within a given period of time. I'm sorry if this posed an inconvenience to you.

You are more than welcome to become a regular contributor here if you wish, we would be happy to have you. 😉

Regards

@Alexandru_BD : Thanks again for the explanation regarding the posting parameters.

Although I wasn't planning on posting again, I saw your last message about Linux systems and have some criticism that is hopefully constructive. While I don't necessarily disagree with anything you've stated, I also feel that your attitude, which seems to be common with many people, is overly dismissive of Linux threats at the desktop level.

The permission model of Linux certainly does limit the damage that malware can cause to the Linux system as a whole, but this does nothing to protect a non-root user from having their individual files corrupted, wiped out, or encrypted, as malware inadvertently downloaded by the user would presumably have the same permissions as the user.

Many desktop Linux users also have Windows compatibility layers installed, such as WINE or Crossover, which makes these users vulnerable to Windows malware as well as Linux-specific malware as illustrated in this short video made by The PC Security Channel:

Additionally, there is indeed native Linux ransomware, and malware that is designed to be cross-platform as illustrated by this other video, also produced by The PC Security Channel:

On a more practical side, it can be argued that Ubuntu's move towards using all snap packages has undermined security in the same manner as the Google Play store because now users are putting their trust in a semi-proprietary single source supplier rather than the repositories that were used traditionally. The same could be said regarding the now widespread use of flatpaks or appimages because these packages are downloaded independently of a repository.

The rise of snaps, flatpaks, appimages, and proprietary Linux software all present additional vectors for the introduction of malware that didn't exist in the Linux distributions of the past, and it would seem that the people who purport that there are 'no viruses on Linux' seem to be stuck in an obsolete Linux mindset. Even if Linux malware only affects an individual non-root user, the effects can still be disastrous, but there are also many snaps, flatpaks, appimages, or Linux proprietary software that are installed with root privileges, which makes them just as potentially dangerous as any similar Windows program.

The suggestion that there are 'specialized' Linux malware solutions available that focus on Windows clients scanning for cross-platform threats is, likewise, an obsolete mindset, in my opinion. There are several native Linux malware threats nowadays, the very first of which was discovered by Dr. Web. And not to be-labor the point, but I feel that Dr. Web is the only antivirus vendor who has taken Linux malware seriously. With the current geo-political situation, I realize Dr. Web is not an ideal solution, which is why other providers need to step up, seize the opportunity, and discard their obsolete viewpoints. Insecure Linux desktops are a cybersecurity disaster waiting to happen. There are many more Linux desktops, devices, and embedded systems than people realize.

Additionally, the suggestion that Clam AV is any kind of a solution is an excuse at best. Clam AV's performance and functionality leave a lot to be desired. First, Clam AV does not have real-time scanning in its default installation state. While it's true that Clam AV can be configured to do real-time scanning on a Linux system by those who are knowledgeable, it is either very slow or will significantly impact system performance on a lower-tier system, which encompasses a large percentage of Linux desktop systems. Clam AV's only practical use is for system scans during periods when the system is not being actively used or for brief manual scans of a limited number of individual files.

Your only point that I feel is entirely valid is that there is a limited market share for the Linux desktop (however, probably more than you think). Which is to say that a Linux version is not currently a profitable undertaking in the present environment. This I cannot argue with. Any commercial enterprise has to see a return on their investment, and of course, it's always easiest to go after the opportunities that are most likely to succeed. On the other hand, a company that can see an opportunity that others don't may have the chance to dominate an untapped market at a future time.

Best regards.

Hi,

This is very insightful information and posts like these help us better understand what Linux users want and how they use this operating system. So thank you for this. The more we get such testimonials, we can paint a more complete picture of the requirements and I hope that the Linux community will continue to express their needs and security concerns when using this operating system, and this will give it more visibility in the security vendor industry, and hopefully encourage researchers to explore this topic more deeply. By all means, if anyone here is aware of any related discussions on other forums, or growing interest around this operating system, you may spread the word that we are also gathering insights and discussing Linux here.

@Jovonne don't get me wrong, I'm not dismissive of Linux threats, like I said above, Linux is NOT immune to threats, however its design, usage patterns, and the current threat landscape make it less susceptible to the types of malware that typically affect Windows and macOS systems. This was just a comparison. I think that this, combined with a smaller home user base, reduces the demand for Linux antivirus solutions from major vendors, like you've noticed, Bitdefender is not the only security vendor who doesn't offer a home version in their product lineup.

Strictly from my point of view, of a Windows user with limited knowledge about Linux, I think it is a path worth exploring and I have always made the users' voice heard in the research and development teams, as such I also support the idea, even if I don't use this operating system. 😉

@themet4lgod I think AI is expected to become increasingly integrated into operating systems in the future. There are chances that we cannot avoid this evolution that has been set in motion in the era of artificial intelligence, (regardless of the operating system we use), which has become more and more present in our lives.

Thanks again.

OMG @Flexx you could at least attach a word document for this, now I'm dizzy from all the scrolling. 😂

Hi folks,

Here are my 2 cents and sorry in advance as the post might become quite large (splitting it as I cannot post in one post).

In regards to having a Bitedefender (or in fact for any other anti-malware vendor) home version - there are several reason why it make sense.

1. Unified device protection.
   Currently, the anti-malware options for home Linux users are quite limited. As a result, there is not a suitable way to cover all home devices with products from the same vendor. In some cases - this might be beneficial if a layered approach can be implemented, however in practice - this is not the case in home environments.
2. Telemetry (probably the biggest benefit for the software vendor).
   The current state for security solutions for Linux (including Enterprise solutions) is not that great. In fact - many of the security vendors try to apply the same approach they use for Windows to protect Linux systems. And as the Linux systems works quite differently - such approach is often not applicable. The result is that the behavior detection mechanisms are way too noisy and not suitable unless there is a dedicated SOC or and MDR team to review them. Signature detection is generally reactive and with lack of robust behavior detection - signatures cannot be created that easily via automatic means.
   One of the things which greatly can improve the behavior analysis capabilities is the amount of telemetry available. Having a large base of known good binaries, of binary usage patterns and process relations can show help focusing on the outliners. The software will "know" what is typical and will be able to focus on suspicious events and analyze them in detail (either on the system or in the cloud/sandbox).
   Having a home userbase greatly increases the amount of telemetry and in fact provides telemetry for newer binary versions compared to the version used on servers (e.g. usually home users use rolling distributions or more newer version; enterprise customers upgrade less frequently and use older software versions). In such way - the anti-malware vendor will be able to cover new versions before they are deployed in corporate environments (which is where the profit really comes).
   And of course - such approach is not only applicable for binaries, it can also be used for process relations, dns queries, accessed URLs, command-line arguments, scanning network storage devices, IoT devices, etc.
3. Promoting security solution vendor to tech savvy people. In many cases, the people who use Linux on their personal systems are actually working on some kind of technical job. Having these people familiar (and satisfied) with a product is one of the things which might make them consider a product for enterprise use.

In regards to the AV test comparison (especially for Linux):
At least for me, such tests do not provide much value. They are great to have a vendor noticeable, but they do not provide any real evaluation on "how good" a product is. There are many reasons for that one being the fact that every client seeks for different things (easy central software management, file scanning detection, behavior detection, minimal false positives, different additional features etc.).
From my experience - having "the best security solution" greatly depends on the environment and its usage and rarely can be covered by a single product or even a single vendor.

@azzz thanks for sharing your comprehensive feedback on this topic 👍️

I disagree with most of this. Linux is only "more secure" because it has lower market share and hackers can't be bothered to write malware for it. That said, Android phones are Linux-based and there is constantly malware for them, and recent articles for the past year or two are showing that Windows malware is being upgraded to also target Linux.

Internal tools like firewalls, iptables and all that doesn't matter if the user installs a corrupted binary. This is the same issue with Windows. Arguably, for Windows, you can just use the built-in AV if you're not doing anything with sensitive information and aren't downloading random executables/binaries.

My last thought is that if third-party protection tools are unnecessary for Linux then why is it offered to enterprise/business users? It's literally the same OS, but maybe more restrictive in that every user isn't part of the sudo/wheel group.