A- I use Clam Antivirus on-demand scanner. >Windows malware and anti-virus signatures won't work on Linux. Correct? > Clam scans are probably a waste of time, but I have time to waste so I figure ... "Why not?" >Clam asks which directories to scan. I now have it scan Home directory only. Are there any other directories that I should have it scan? B- Timeshift (TS) uses Rsync. 1-Thus, it must be true that TS does not do differentials or sequentials. Correct? 2-Therefore, when I create my 1st TS copy of my system files on Day 1, & then create a 2nd TS copy of my system files on Day 2, the files would look like this: Day 1 -- TS simply makes a copy of my system files. Correct? Day 2 -- TS uses Rsync to synchronize its copy of my Day 1 system files so that its single copy of my system files becomes the same as my Day 2 system files. Correct? 3- Unlike making an image of my main drive, TS doesn't really offer a full solution to having my files encrypted by ransomware. Correct?
To answer your questions: A1. Correct. B1. Not really. Yes and no. B2D1. Mostly yes. B2D2. Not quite. To reduce size, it will create hard links for unchanged files from the previous time point. B3. Maybe, depends on how you set up your system. Mrk
@Mrkvonic -- I deeply appreciate your answers. BTW, I am a fan of all your reviews & have read your sticky thread a couple of times. As to your answer to B3 -- I don't yet know how to set up my system in such a way as to offer a better defense against hostile encryption. I'm still very much a Linux newbie but -- one day (hopefully) I'll be able to do it.
On A does it not identify malware in Windows files? It wouldn't matter as they would not infect a Linux installation but if you copied them to a Windows machine it could be bad. That said I will concede that @Mrkvonic is FAR more experienced than me with Linux so I could have been mistaken all the while. Still a waste of time in my opinion to run it at all. It will never find anything and will add wear and tear to your system, though minimal. But if it gives peace of mind don't let me stop you.
I understood the first question that the Windows AV tools won't work and run on Linux. Re: B3, there's always a chance you could be hit by something. But it's the question of probability. If you don't download random files and execute them, you significantly reduce the risk. If you randomly grab files from everywhere and run them, then no amount of security software will help. There is no real technical solution to potential ransomware. You can try various workarounds, but there's always a chance someone will develop something better or smarter. The only solution is: offline backups, not running random, untrusted stuff and not pissing off people online Mrk
Yes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @xxJackxx -- I agree that running ClamAV on my Linux computer is probably like watching for sharks in the city park's wading pool. However, I am hoping that, some day soon, the number of Linux users will become much larger than it is now. If it does, Linux will become a MUCH more interesting target for spies and hackers and other evil geniuses. If & when Linux becomes more widely used, it will need security apps for the same reason that Windows needs them. When that day comes, security software will need a data base of Linux-applicable malware. >As far as I know, ClamAV is the ONLY outfit that is systematically maintaining a data base of malware that is targeted at Linux. >AFAIK, ClamAV is a freebie, maintained by volunteers. >I did some volunteer work in the past. The only "pay" we received was knowing the number of folks we had helped. I suppose the same is true for the folks who maintain ClamAV. >IMO, the fact that ClamAV has users is at least one thing that helps to keep it going. So my use of Linux's ONLY antivirus is my vote for ClamAV to keep pace with the growth in Linux usage. >I further believe that Linux folks who do not use Linux's ONLY antivirus are indirectly voting for it to dissolve and disappear. Please vote FOR ClamAV! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ P.S For want of a nail, a horseshoe was lost. For want of a horseshoe, the horse was lost. For want of that horse, the rider was lost. For want of that rider, the battle was lost. And all because of a horseshoe nail.
Using AV on Linux distro in non-entetprise setting is usually some kind of digital Stockholm syndrome
Agreed, if Linux were to ever hit enough user share people would find a lot more holes in it than most expect. The return on exploiting a little used OS that is free is not where the time is best spent. I myself would like to see it evolve to the point where I would use it as a replacement for Windows but as an IT worker it's unfortunately not going to be soon.
@bellgamin, regarding Timeshift: https://www.makeuseof.com/use-timeshift-backup-and-restore-linux-snapshots/ So I guess Timeshift does do Differentials using Rsync, so to speak
FURTHER QUESTIONS & Assumptions RE TIMESHIFT A: GIVEN: 1- I am using Linux Distro named Zorin Pro. I installed it about a month ago. 2- I make back-up "snapshots" using Timeshift (TS). TS is set to back-up Home directory as well as system files. 3- TS saves its snapshots onto an external SSD with huge capacity. I retain 15-20 most recent snapshots. B- ASSUMPTIONS for purposes of this discussion: 1- Zorin booted okay on Day 33 but will NOT boot on Day 34. 2- System drive has NOT failed. 3- Just before shutdown, each day, I make 1 and only 1 TS snapshot C- From what I have read -- hither, thither, & yon -- this is the way to restore my system if there is a MAJOR systemic failure that prevents boot-up of my installed Distro: 1- Insert bootable USB that I used to initially install Zorin. 2- Use that USB to install my initial Zorin into RAM. (Doing so produces a "live," in-RAM Zorin). 2- Mount external SSD whereat I had Timeshift (TS) save its snapshots. 3- Execute TS using in-RAM Zorin. 4- GOAL: I want to change Day 34's unbootable Zorin back to Day 33's bootable Zorin. 5- To achieve GOAL, select Day 33's TS snapshot from the external SSD and Restore it to my in-RAM Zorin. 6- Install the TS-restored, in-memory Zorin to replace the broken Day 33 Zorin that is installed on my main system drive. 7- ASSUMPTONS: The installed Zorin will be identical with the TS-restored in-RAM Zorin. Therefore, installed Zorin will now boot & be okay. Q1: Are the Assumptions at C7 LIKELY TRUE or LIKELY FALSE or ............? Q2: In C5 I selected to restore Day 33's snapshot. Should I have selected a different snapshot? Q3: If answer to Q2 is "Yes" then Why? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Stockholm Syndrome=positive feelings towards one's abuser; a coping mechanism Hmm.. that's a surprisingly derogatory response to my comments, wot? ClamAV isn't a patrolling AV that constantly uses computer resources. It is on-demand, uses just over 1 MB storage, and its "abusive" use of my system resources only lasts for about a minute every week or so.
Sorry if you felt attacked. I sometimes strugle to express my thoughts in concise and clear message. I saw that in the Internets Stockholm syndrome is sometimes used more loosely and decided to use it. I was referring to habits that may not make that much sense in Linux environment in many cases.
No problem @reasonablePrivacy -- over the years, the term "Stockholm Syndrome" has been over-used by news media in a far too jovial way. It is actually a very tragic phenomenon.
