I’m about to install bazzite on my wife’s older (2017) Windows 10 machine, and I’ve been going over how to recreate everything she currently has. Most programs (even proprietary ones) are not an issue, but I’m not finding much in the antivirus department.

I never even thought to install one on my Linux machine (also on bazzite, but I have used other distros in the past). So although I am no stranger to Linux, this issue blindsided me.

I know clamav exists, and I’m educating myself on how to use it, but a GUI would be nice for the wife. She’s not afraid of the terminal, but she likes the convenience of GUI programs.

Any suggestions? What do you use? Or is it just generally accepted that one should be careful and keep things up-to-date and that’s enough?

  • Samueru_sama@programming.devEnglish
    1·
    14 hours ago

    i was talking about the risk of a Flatpak which has access to user home and therefore could for example access $HOME/.firefox and steal session cookies.

    Okay that makes sense.

    Also I based my assessment of use FUSE2 for normal AppImages on the security hardening used by Secureblue, mentioned here under the section “Filling known security holes”

    Remove the unmaintained and suid-root fuse2 by default.

    kek they got it wrong. Also:

    Mitigate LD_PRELOAD attacks via ujust toggle-bash-environment-lockdown.

    Interesting, I wonder if they prevent executing the ld-linux.so as well.

    There is two ways to preload libraries without having to modify the binary, the first is using LD_PRELOAD, the second is less well known but you can run binaries by calling the dynamic linker first (internally this is actually how all dynamic binaries you execute work btw) and then use the --preload flag to load a library.

    That is instead of:

    LD_PRELOAD=./kek.so /path/to/bin

    you do:

    /lib64/ld-linux-x86-64.so.2 --preload ./kek.so /path/to/bin

    I’m going to take a wild guess and assume the second is still possible in secureblue 👀