From your screenshot I see that you are using bitdefender. Heard good things about the linux version. Do you use it on demand only ? Why also avast ? (= the one I use for occasional on demand scan in Hardy).
Iron is nothing but someone packaging Chromium for Windows and naming it something different. Chromium is the open-source version of Chrome. Chromium is the base Google uses for Chrome -- they simply take the source code of Chromium, add their logo, their tracking, and that's it. Chromium is updated more frequently and is more bleeding edge. You can read the differences here.
I just installed them to play. None of these AVs works in real time, all are on-demand. Have no idea more than this. I wish to install something that works in real time. And I do wish to have an anti-executable HIPS, even a simple one like PG free.
You do not need AV with Linux. So I suggest scratching "AV" from your vocabulary. It is a waste of resources. Second, you don't need a HIPS for "anti-execution" because the default umask for ubuntu will not allow anything you download to execute unless you give it specific permission to (that is, unless you manually change its permissions). Now, it's true that something could bypass this and execute anyway if there is a flaw in an application -- that is if there is an exploit found. So to mitigate this, you will need to utilize a MAC system: Ubuntu uses AppArmor by default, so I suggest you read up on it. There is even a profile for Firefox that you can enable, which will essentially sandbox it and harden it against attack. Basically, you don't need any "add-on" security software with most Linux distros. Everything you need will come with the distro or will be found in the repos. In fact, there are a number of security mechanisms built into the Linux kernel itself. The main thing a desktop user needs to know to secure their box is to never install any software from any source other than the repositories.
It is only a matter of time before Chrome gets put in the repos. Besides, if one really wants to use Chrome, one can merely install the PPA for Chromium and have the nightly builds installed every day. For Ubuntu 9.10: Code: sudo add-apt-repository ppa:chromium-daily
From a security standpoint: there seems to be little difference between tricking the target to install a binary, from tricking the target to install a repo IMHO.
Yes, that's right. No doubt there will probably be rogue PPA's pop up here and there. The Ubuntu PPA main page even gives a warning not to install PPA's from people you don't trust. In this case, due to its popularity, I doubt the Chromium PPA is compromised. The good news is, there aren't very many software titles that need PPA's in the first place. Most everything can be found in the official repositories. Many of the PPA's are dedicated to bleeding edge versions of software anyway. Also, the fact that all PPA's are digitally signed, will make it impossible for someone to create an imitation PPA and make it look like the legit one. Although not perfect, I think the repository model is much better than the alternative: simply sending everyone out to google to search for software.
