this post was submitted on 20 Apr 2025
578 points (92.5% liked)

linuxmemes

24540 readers
3387 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
  • Don't get baited into back-and-forth insults. We are not animals.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn, no politics, no trolling or ragebaiting.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
    • 5. πŸ‡¬πŸ‡§ Language/язык/Sprache
  • This is primarily an English-speaking community. πŸ‡¬πŸ‡§πŸ‡¦πŸ‡ΊπŸ‡ΊπŸ‡Έ
  • Comments written in other languages are allowed.
  • The substance of a post should be comprehensible for people who only speak English.
  • Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
    • 6. (NEW!) Regarding public figuresWe all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.
  • Keep discussions polite and free of disparagement.
  • We are never in possession of all of the facts. Defamatory comments will not be tolerated.
  • Discussions that get too heated will be locked and offending comments removed.
    • Β 

    Please report posts and comments that break these rules!

    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

    founded 2 years ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    578
    We dont need one (lemm.ee)
    submitted 23 hours ago by azha@lemm.ee to c/linuxmemes@lemmy.world
    89 comments fedilink hide all child comments
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] drosophila@lemmy.blahaj.zone 20 points 19 hours ago (1 children)

    An antivirus is mostly just a blacklist of known malware. Sometimes heuristics are used such as 'this piece of software isn't installed on many PCs, and it appears to be doing shady stuff like, monitoring keystrokes or listening to your microphone'. But unless your antivirus is actually sentient there's no way for it to really distinguish between a chat application that listens to your microphone so you can talk to your friends / monitor your keystrokes to know when you've hit the push-to-talk key, and a piece of actual malware that intends to spy on you and blackmail you.

    What you have with a package manager is a whitelist of programs that have been selected by your distro maintainers. Is it completely impossible for someone to sneak malware into a distro's repository? No, but its a lot easier to maintain a list of known good software than it is to maintain a list of known bad software. And in that situation your antivirus isn't going to help you anyway, since the people maintaining its malware list aren't going to magically know that something is malware before the distro maintainers do.

    So, generally, just using your package manager instead of running random shit you find online is going to be a lot better than any antivirus. With things like Wayland and Flatseal becoming more common we're heading towards a situation where fine-grained per-package permissions will become the standard way distros do things, making antivirus even more unnecessary.

    We should have done that a long time ago, as the security model of 'any program you run can do anything you can by default', then blacklist the ones that inevitability abuse that privilege, is completely backwards.

    [–] logos@sh.itjust.works 4 points 19 hours ago (3 children)

    What's the difference between that and a walled garden like apple?

    [–] drosophila@lemmy.blahaj.zone 19 points 18 hours ago

    In addition to what groet said, I'll add that this is a little bit like asking "what's the difference between a public library and Amazon?".

    Yes, there are other public libraries you could go to if the one you subscribe to didn't have something you wanted or 'went bad' somehow, but the most important difference is you don't have an antagonistic relationship with your public library. Your public library doesn't have a financial incentive to try to trap you or screw you over.

    [–] groet@feddit.org 5 points 18 hours ago

    You can install packages from other places and create your own (and then install them). The distro maintainers have one (or multiple) list of "approved" software but you can add as many lists as you want to your package manager. Often software developers will have their own package list that contains only their own software and if you install it you have to add that list to your package managers trusted software locations. In that sense it isn't really better than going to the developers website and downloading an installer on windows but it is quite rare you have to do that

    [–] trolololol@lemmy.world 1 points 14 hours ago

    I'm not super familiar with Apple as I am with Android so take what I talk about iOS with a grain of salt, and Macos with a shovel of salt.

    Android permission model is a bag of different layers, and some specific permissions have shifted to more strict layers over the years. For example, in the beginning all apps had a private space that other normal apps could never get into, and public space that everyone would be able to read and write provided they made such "request" at download time. For some time after that I think they moved it to next level, so you " requested" that both at download time AND with a pop up to the user. Currently you have to do all that AND not be a normal app and fill some forms and Google has to agree with you.

    Camera, microphone and GPS has been for a long time in the middle tier of requesting at download time and with pop up, for both Android and iOS. But I think not on Mac os, and certainly not on Linux, with the exception of browsers, that have their own security models rolled up on top of whatever their os imposes, since they execute code from total strangers every time you open a page for the first time.

    Some permissions like send and receive Internet data are still in the lightest tier, only asked at download time, for both Android and iOS.

    I recently wanted to put my Linux obsidian without Internet access, and had to learn how to do that with a script that calls bwrap that in its turn calls obsidian. I wasn't comfortable otherwise, because I wanted the freedom to run as many community plugins as I wanted, and this is strangers javascript code running in my machine, and I didn't want it accessing random folders and uploading things.

    If I ran vscode I'd do the same, since I'm not familiar with the vetting process for its plugins. Same for gimp, but I never needed plugins in it.