'Microsoft Defender ATP' Antivirus is Coming to Linux (zdnet.com) 100
Microsoft is planning to bring its Defender antivirus to Linux systems next year, reports ZDNet:
Microsoft announced the brand change from Windows Defender to Microsoft Defender in March after giving security analysts the tools to inspect enterprise Mac computers for malware via the Microsoft Defender console.
Rob Lefferts, corporate vice president for Microsoft's M365 Security, told ZDNet that Microsoft Defender for Linux systems will be available for customers in 2020.
In October TechSpot reported that Defender placed in the top 10 among all major antivirus programs, narrowly beating established software like Bitdefender, Kaspersky, and Mcafee with an online protection rate of 99.96%, according to testing by independent lab AV-Comparative.
Rob Lefferts, corporate vice president for Microsoft's M365 Security, told ZDNet that Microsoft Defender for Linux systems will be available for customers in 2020.
In October TechSpot reported that Defender placed in the top 10 among all major antivirus programs, narrowly beating established software like Bitdefender, Kaspersky, and Mcafee with an online protection rate of 99.96%, according to testing by independent lab AV-Comparative.
Microsoft Defender...for Ma. lololol (Score:1)
Re:Microsoft Defender...for Ma. lololol (Score:5, Insightful)
More to the point, it is putting telemetry onto Macs and Linux boxes to radio information back to MS for all the bad reasons.
ENTERPRISE (Score:2)
LOL. ... What more is there to say. (Score:3, Insightful)
Defender ... the fallacious *blacklist* "solution" for misdesigned OSes, that repeadetly has the lowest detection rates, and is therefore merely the most dangerous security theater.
Sorry, MS, you seem to be assuming everyone is retarded. Well, we're not your usual customers.
Re: (Score:1)
Re: (Score:3)
that repeadetly has the lowest detection rates, and is therefore merely the most dangerous security theater.
I greatly prefer dangerous by security theater than the "better" antivirus solutions which hook so deep into the core OS that they themselves are actively just dangerous.
Defender, for it's problems is one of the few anti-malware programs where the cure is isn't worse than the disease.
Re: (Score:2)
The blacklist is only a small part of what it does. It's actually very good at protecting systems from infection.
Re: (Score:1)
An independent security firm found that the online protection rate was 99.96%. Sheesh! MS could build a warp drive and all those misguided morons would criticize the MS drive by saying it is not as good as the Star Trek warp drives. MS is a corporation and like any corporation it does some good and some not so good. Those who automatically dismiss any thing MS does have obviously not taking a look at MS's recent activities. They are the number one contributor of open source software. They employee over 1000
That's almost amusing (Score:4, Funny)
Installing a Microsoft Antivirus on Linux is like The Rock hiring Stephen Hawking as a bodyguard: sure The Rock may not be able to defend himself against all attacks, but Stephen Hawking sure ain't bringing no added value neither.
Also, after decades of not moving much and being really easy to abuse physically, Stephen Hawking ain't exactly convincing as a personal defense specialist. So The Hulk would be totally stupid to hire him in the first place...
Re: Stephen Hawking (Score:1)
Re: That's almost amusing (Score:4, Insightful)
Re: (Score:3)
Overall security to what? Linux has no core security against malware executed by the user. Currently Linux's great reputation on user initiated (let's face it) attacks is due to a) the low amount of malware targetting Linux, and b) the considerably higher expertise of the vast majority of its user base.
Re: (Score:1)
> Stephen Hawking ain't exactly convincing
He died last year.
I feel SAFE now... (Score:1)
Re: (Score:2)
After reading this in the article: "Defending democracy is a big point for us because we're making sure we take all the capabilities we're building here and use it to help organizations and governments around the world," he said.
Common guys we could see this coming for freaking years. Ma and Pa using Linux or Ubuntu on outdated Intel hardware like Lenovo Model: 10A8S00200 CPU: i5-457O 3.2 GHZ RAM: 4 GB being sold dirt cheap here [bcauction.ca] Dangerous Windows viruses coming from Linux users is the main reason why Windows needs to not have software competition on the desktop.
The bullshit coming out of Microsoft is starting to really stink as they push another forced upgrade cycle on all the sucker who believe in Windows computer viruses. I jus
Re: I feel SAFE now... (Score:1)
But why? (Score:2)
Tell me again why would I need this?
Surely I am not aware of every vulnerability Linux has, but isn't the community faster in patching the bugs than writing some dongle thing to protect you from them?
Or are there known unpatchable vulnerabilities in unices that I am not aware of?
Re:But why? (Score:4, Insightful)
Re: (Score:2)
Ever want to filer mail before it gets to Windows machines?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Part of my job is maintaining SMTP servers. One of the tasks is blocking infected emails that pass through the mail server from reaching the Windows machines that connect via POP3 or IMAP.
Re: (Score:2)
Re: (Score:2)
Well first: Why on earth would I want to do that in Windows? Just picture the complexity of having a Linux mail server send the mail to a windows machine for processing and then return it to the mail queue after. I don't want to do it on the endpoint because I'm trying to protect the endpoints from ever seeing the infections, especially since I can't even trust that the Windows machines are fully up to date. (not part of my job function)
There are other Linux packages but some really suck (clamav) or are e
Re:But why? (Score:4, Insightful)
You don't.
This is the dream of some old-fashioned marketing manager at Microsoft -- still trying to prove that Linux isn't a more secure alternative. After all, if Linux needs anti-virus, how secure can it be?
Re: (Score:2)
You don't.
Fundamentally, if you're on Slashdot and you run Linux, the chances are you don't need anti-malware. Not on Linux, not on Windows. The vast majority of malware enters computers through the same vector: dumb users.
You don't need this. I don't need this. Other people most likely do. Though I would like it if dumb users stick to Windows and honeypot all the malware over there while the rest of us go unnoticed.
Re: (Score:2)
Re:But why? (Score:4, Funny)
Tell me again why would I need this?
If it is any good it will remove the Windows partition from your dual-booting hard drive and then delete itself. Job done without that hard-to-learn dd if=/dev/zero of=partition stuff. We shall see.
City of Troy (Score:5, Interesting)
Re: (Score:2)
That already exists for RHEL Workstation. At work we use RHEL Workstations (or windows, guess which one I chose). I have been using it at work since 5x and as we apply patches more and more often we are forced to reboot. Now it is to the point reboots are forced with just a patch to the timezone database. Why?... The TZ I am in has not changed in dozens of years.
With binary logs, a kind of registry editor (gconf-editor) and systemd, many distros are on their way to be a Windows Clone. So I guess why n
Re: (Score:2)
You can use any log system you want so if you want text logs do that. Nobody is stopping you. gconf has been discontinued and replaced by dconf, however it is a Gnome Desktop specific app so again, you can choose KDE or any other Window Manager. Reboots are not forced and never have been. I just googled 'RHEL forced reboot' to make sure things haven't changed with RHEL and Google con
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
OK, here's one.
https://linux.slashdot.org/com... [slashdot.org]
Re: (Score:2)
Malware (Score:3)
>"Microsoft Defender ATP' Antivirus is Coming to Linux"
As far as I am aware, there has never been a "virus" for Linux. Like ALL platforms, there is malware that affects Linux, but not in the form of a virus.
In any case, this is probably more a case like with other "anti-malware" programs/software for Linux, that really are more about filtering out MS-Windows-targeting malware that lives on or travels THROUGH Linux machines (especially Email and file servers). Otherwise, I suspect it is about Microsoft trying to stay relevant and collect information about what is happening on Linux machines.
Oh, I have had clueless auditors insist that we should install "antivirus" software on our Linux machines in an environment that is, essentially, 100% Linux (servers and clients).
Re:Malware (Score:5, Interesting)
Let me guess: You postdate the Morris worm?
There have been many, many viruses that target common Linux applications. Mostly these target LAMP or YARN or similar web server/web-app stacks. They usually are less infectious than comparable viruses targeting Windows; this is partly because there are fewer Linux machines on any given network, and partly because a smaller fraction of them run the targeted software, compared to Windows machines.
For a highly regulated industry, the cost-benefit analysis may actually justify using antivirus software on Linux or Unix systems.
Re: (Score:2)
Circumstances may justify using some anitvirus software on Linux servers or sensitive personal machines but no circumstances would justify my putting anything with a Microsoft label on my Linux machine. Yes, they may be becoming contributors to the Open Source parts of Linux but at least they can be inspected before being fully integrated. A closed source product, such as a proprietary antivirus scanner/cleaner, strikes me now as a worse threat than the virus we're trying to protect against.
Re: (Score:2)
>"Let me guess: You postdate the Morris worm? There have been many, many viruses that target common Linux applications."
Terminology. A worm is not a virus, although they do share most attributes and can be similar in damage. (And it is hard to postdate me :) )
"Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do
Re: (Score:2)
Re: (Score:2)
Mirris worm did not run on Linux AFAICR.
Re: (Score:2)
The Morris worm predated Linux entirely. I chose it as an example partly because it is so well-known and partly because it shows that people have targeted Unix(-like) systems with malware since before Linux existed.
Windows malware is more prominent mostly because Windows is overwhelmingly the most common desktop OS, which means a bunch of non-nerds (rather than the typical Slashdot reader) use it, and they are less careful about what they click on or what they try to run on their computers. The wider, and
Re: (Score:2)
Let me guess: You postdate the Morris worm?
Well, I was at work, as a system administrator, at the NASA Langley Research Center the day the worm hit and unplugged many Sun workstations and at least one VAX-11/785 from the network that day -- we didn't have access to the main networking gear. Linux was nowhere to be found in 1988
For reference, according to Wikipedia, the Morris Worm [wikipedia.org] was released in Nov 1988 three years before Linux [wikipedia.org] was released in Sept 1991. Furthermore:
The main body of the worm could only infect DEC VAX machines running 4BSD, and Sun-3 systems. A portable C "grappling hook" component of the worm was used to pull over (download) the main body parts, and the grappling hook could run on other systems, loading them down and making them peripheral victims.
There really are no Linux (or Unix) viruses, but your point is valid that th
Re: (Score:2)
As far as I am aware, there has never been a "virus" for Linux.
As far as I am aware the world is only 6000 years old because the only thing I've ever read on that topic is the bible. People talked about science but I've never seen it, so 6000 years it is.
Re: (Score:2)
>> only 6000 years old because the only thing I've ever read on that topic is the bible.
The bible is only 1000 years old, and it does not contain the word "Linux".
Re: (Score:2)
The bible is only 1000 years old, and it does not contain the word "Linux".
Not sure if illiterate, or all around stupid...
You do not get it, do you? (Score:5, Interesting)
In certain industries (say health, financials, defense, etc), every single machine (physical or virtual, desktop, laptop, workstation or server) needs to have an antivirus. It does not matter if you think your machine needs it or not. It does not matter if you are an OCD admin who blocked every single attack vector, and locked your machine in carbonite. It is mandated. End Of Story.
And not just any antivirus, but a " blessed " antivirus (so, clamAV probably will not cut it).
So, MSofts' play is to offer companies a cheap and cheerful " blessed " antivirus for all their different platforms, at a low, low price (probably free in most instances). Easy to manage from a central console. With no extra update system bogging down your machines. That integrates well with Hyper-V and Azure so that your VM's waste less resources on AV. What's not to like? That it comes from Microsoft? Cry me a river. As long as it help the company to achuieve compliance with the less TCO, it is the right choice.
If your company is managing a heterogeneous fleet of machines, it may actually be a good choice of AV. I use it on my Bootcamp partition. Is it the best AV? Probabbly not, but it is enough.
Re: (Score:2)
Re: (Score:2)
"What's not to like? That it comes from Microsoft? Cry me a river."
Turn off the lights, lock the doors, it's over, I'm convinced.
Re: You do not get it, do you? (Score:2)
Re:You do not get it, do you? (Score:5, Insightful)
It is mandated. End Of Story.
When a bureaucrat sets the standards rather than industry experts we get homeopathy instead of medication. This attitude of allowing snake oil salesmen to dictate the standards has resulted in the destruction of many lives to the enrichment of a few. What you called blessed I would call corrupt since it offers no additional guarantee that the software will perform any service of value but it will hold the creator harmless of any damage.
I don't disagree with your statement just wanted to point out that in today's world it's acceptable and encouraged to sell snake oil.
Re: (Score:2)
When a bureaucrat sets the standards rather than industry experts we get homeopathy instead of medication. This attitude of allowing snake oil salesmen to dictate the standards has resulted in the destruction of many lives to the enrichment of a few. What you called blessed I would call corrupt since it offers no additional guarantee that the software will perform any service of value but it will hold the creator harmless of any damage.
I don't disagree with your statement just wanted to point out that in today's world it's acceptable and encouraged to sell snake oil.
I also agree with you. and let me clarify the word Blessed. I am based in Venezuela. Karspeky labs is recognized world wide as a very good security research outfit, and it's antivirus is very well regarded. In my country (and many others) is a very good antivirus, fit for purpose. But in the USoA (and I guess, in the other five-eyes countries) is not blessed. ClamAV in its pure open source incarnation is probably not blessed in many environments either... SO, whith blessed I meant "acceptable under the appl
Re: (Score:2)
Could we get a citation? (Score:2)
Odd, a former employer provided TEMPEST-rated machines to External Affairs for the handling of sensitive information, but there was no requirement for an 'antivirus', even though Windows virii were extremely popular during that period.
Currently, the Communications Security Establishment (our NSA) recommends and open-sourced their linux-based analysis tools https://www.canada.ca/en/commu... [canada.ca] but they're by no means an antivirus
Can you cite some examples? I assume you're discussing US ones, although Mr Go
Re: (Score:2)
Here is one requirement, and is world-wide:
https://en.wikipedia.org/wiki/... [wikipedia.org]
From TFQ:
Protecting all systems against malware and performing regular updates of anti-virus software. Malware can enter a network through numerous ways, including Internet use, employee email, mobile devices or storage devices. Up-to-date anti-virus software or supplemental anti-malware software will reduce the risk of exploitation via malware.
[emphasis mine].
So, even if all your workstations and servers run linux and only linux, if you handle credit cards, and want to comply with PCI, no matter in which country you are, you need antivirus in every single machine.
Other countries and other industries are different. And, for what is worth, I am based in Venezuela.
Re: (Score:2)
The actual wording is "Protecting all systems against malware and performing regular updates of anti-virus software. Malware can enter a network through numerous ways, including Internet use, employee email, mobile devices or storage devices. Up-to-date anti-virus software or supplemental anti-malware software will reduce the risk of exploitation via malware."
I read that as a requirement for (all systems to be protected against malware) and (anti-virus software to be updated), where the paragraph distingu
Re: (Score:2)
if your network is so crappy that it let's smartwatches to conect to the corporate network instead of the visitor's network or the DMZ, then yes, antivirus on smartwatches it is...
Antivirus is mandated, not microsoft's antivirus specificaly, so, you can do an RFP for av software and invite norton, mcaffee, microsoft, avast, karpesky and all the others, and choose the one with the best combination of TCO and technical functionality....
Re: (Score:2)
Ah, but the wording doesn't say anything about different networks, or mitigations like not using Windows, it just says 'all machines".
The company that bought my last startup would have "bought" this, and have asked for an antivirus on the CFO's pacemaker (;-))
Re: (Score:3)
In certain industries (say health, financials, defense, etc), every single machine (physical or virtual, desktop, laptop, workstation or server) needs to have an antivirus. It does not matter if you think your machine needs it or not. It does not matter if you are an OCD admin who blocked every single attack vector, and locked your machine in carbonite. It is mandated. End Of Story.
And not just any antivirus, but a " blessed " antivirus (so, clamAV probably will not cut it).
So, MSofts' play is to offer companies a cheap and cheerful " blessed " antivirus for all their different platforms, at a low, low price (probably free in most instances). Easy to manage from a central console. With no extra update system bogging down your machines. That integrates well with Hyper-V and Azure so that your VM's waste less resources on AV. What's not to like? That it comes from Microsoft? Cry me a river. As long as it help the company to achuieve compliance with the less TCO, it is the right choice.
If your company is managing a heterogeneous fleet of machines, it may actually be a good choice of AV. I use it on my Bootcamp partition. Is it the best AV? Probabbly not, but it is enough.
I get that Microsoft is just "takin' care of business". HOWEVER if there is no option for this AV to run without needing to be installed to /bin instead of just being a standalone cron on the user desktop and the source code is locked then you can shove the fucking thing in /trash IMO. Don't insult the users of Linux and dumb down the application or lock it down. Sure make available a universal tgz with an script that will install to /usr and other dirs of / BUT give the user the chance to use it from /home
Re: (Score:2)
The thing is, scanning is a meme, dictated by people with little understanding of the technology, as a check box item so that they can list it on their annual stack ranking evaluation. Do you know what's a more dangerous threat? HUMANS.
They're using their web browser to check on the latest celebritard or sportsball news during a coffee break and suddenly "Your computer is unsecure, you need to click on this right now!", and they click on something that installs crap into their computer, then takes over the
Antivirus are useless on UNIX (Linux...) (Score:4, Insightful)
The philosophy of UNIX is different. UNIX is a full featured system. Everything you need is already available and operational. On UNIX, clicking, or anything else, will not execute anything. Antivirus are good only, with known threats, and can't identify unknown vulnerabilities. Updating packages is still the only effective way.
Re:Antivirus are useless on UNIX (Linux...) (Score:5, Interesting)
While it is true that Microsoft is saddled with the baggage of the ecosystem that evolved in an 'everyone is admin' context and to this day by and large users are running as 'admin' contrasted with Linux where almost no one runs as root, it's not that simple.
For one, you *can* nowadays run as non-admin on a Windows system and it does a serviceable job 'tricking' crappy programs into thinking they can write to directories they can't.
For another, it is much safer to run a desktop as 'admin' in windows than as root in linux. This is largely a moot point as linux users don't do it, but it is an interesting set of capabilities for 'admin' to be mostly unprivileged with interesting hooks to become really admin in limited contexts as needed to mitigate risk.
The whole 'executable by default' situation is still worse in Windows, but with surprising mitigation (e.g. execution policies are more strict if the file came from a 'network source'). However malware by and large could just be in an rpm or deb file depending on platform and browser will gladly offer to let the user open the package installer run, and the package in turn is free to execute whatever they like (generally as root, user will gleefully enter the required credentials to get an application to run that they think they want). The same mechanisms whereby a Windows user is tricked into running an exe can be used to the same end in Linux.
Now historically there have been a lot of problems with Outlook/Office having too-privileged, too-capable scripting runtimes letting innocuous 'documents' go to town, but those are more application issues than underlying platform. The web similarly has had a lot of challenge with Javascript, though the more limited scope and more thorough permission model implemented by browsers mitigates this.
On the networking side, for outgoing network traffic, Windows actually offers a more capable firewall architecture that can be applied per process easily. Now in Linux you could work at it and do something similar with network namespaces, but it'll be manual work as no one has been investing in making that easier. Also the same granularity would be possible, though exceptionally difficult (would require a lot of virtual network interfaces and creating an internal network for iptables to apply to).
Of course Linux namespaces are easy and nowadays usable by non-root users so it is possible to make a much more isolated network and filesystem world for applications than under Windows. Of course that is what Windows ATP purports to do with modern Windows container capabilities which if true could match Linux in capability, but be easier to use.
The short answer as to why Linux users are generally safer than Windows users boils down to:
1) Linux market share makes it less interesting to target
2) Linux user base consists almost entirely of more careful and informed users. Those users exist in Windows as well and those users are also relatively safe, but Windows also have people who just need 'a computer' and take the default experience. People who don't care understandably don't bother to understand as much and only people who explicitly care would end up running Linux. Of the Linux users that aren't so informed, they have an 'admin' keeping watch on them (either in business or the family member that moved them to linux).
Re: (Score:2)
Err. I can see you haven't used Windows in 15 years. Windows doesn't autoexecute or autorun any removable media. It hasn't since Windows Vista where the policy changed to expressly ask the user before executing anything.
The philosophy of UNIX is different. UNIX is a full featured system. ... On UNIX, clicking, or anything else, will not execute anything.
The philosophy of the user is unchanged and nothing stops a user from making something executable and nothing stops a Unix script from asking for elevation so it can show you britney_spears_naked_totally_not_virus.sh
Microsoft has conclusively demonstrated that an additional step in the execu
Re: (Score:2)
If you rely on an OS to defend the user from themselves you may want to install an OS for idiots with a lovely curated safe space like iOS.
Re: Antivirus are useless on UNIX (Linux...) (Score:2)
This post is a gross misrepresentation of reality. It should have never been moderated to +5, and that should embarrass the entire /. community. Everyone in this room is now dumber for having listened to it.
Can you even spell ICAP? Besides that, anti-virus has evolved into something called endpoint protection, and I have my own opinions on running _those_ on Linux servers, but I'm not writing them off, and I'm sure not going taking sides with some childish 90's Linux vs Windows crap. Man I hope this was
Re: (Score:1)
You are absolutly right, what is this free slashvertisment for the Microsoft organization doing on a tech forum
Re: (Score:2)
Re: (Score:2)
That's obvious, Microsoft asked for this. They've realized that there is a huge server market that is being satisfied with Linux machines rather than Windows servers and they want to get a hand in there however they can.
Re: Who asked for this? (Score:1)
Re: (Score:2)
Microsoft demands we buy it.
Adenosine Triphosphate? (Score:2)
Re: Adenosine Triphosphate? (Score:1)
Oh Satya... (Score:2)
How does it compare to ClamAV? (Score:2)
Last I looked, which I won't now because I'm on the tablet, ClamAV was one of the best scanners. It's sometimes worthwhile to run a scanner on Linux, just to protect your windows clients from infection. But is it worth running this software? And what rights to your data has Microsoft given itself in the EULA?
Re: (Score:2)
That's just it. ClamAV is a SCANNER, but not a real-time monitoring solution.
I definitely don't want Microsoft looking at every file I load in realtime, except on a PC where all I do is play games. That's really not a selling point.
Missing the point... (Score:1)
Increasing the attack surface (Score:2)
Linux has bigger problems (Score:2)
Cancel culture taints The Linux Foundation, developer publicly disinvited from event over political opinions [reclaimthenet.org]
If Microsoft Defender can purge SJW's from your OS, I'll be be the first customer!
Solution looking for problem (Score:1)
Red Hat antivirius needed (Score:2)
Windows Defender is better than letting Norton in at the system level... but Microsoft Defender for Mac/Linux seems like letting the wrong team in just as much. Linux antivirus should be an open source project, let's put Red Hat in charge.
Face it: Non-Win antivirus is going to cost money, it requires full time analysts and programmers to maintain against today's threat... the archive of past threats isn't worth much alone. Microsoft is able to give away free Windows Defender because they know the internals
Nice! (Score:2)
Now we can get false positives running on systemd/GNU/Linux/KDE too!
Thrashed Servers and Unusable Workstations (Score:1)
We've had to strip defender out of windows server 2019 boxes because of CPU racing issues caused by it.
We've also had to remove it from our clients on Windows 7 because lately when there is an update for defender, their machines take up to a couple of hours to allow login.
Wouldn't trust Microsofts QA with an egg timer lately.
To slow down Linux as well.. (Score:1)
Microsoft's Linux customers © (Score:1)
No self respecting Linux user would be a Microsoft customer. What your customers should really ask themselves is why Microsoft Windows needs a tacked-on anti-virus solution. Can't you make an Operating System that can't be compromised by opening an email attachment or clicking on a malicous weblink?
Re: (Score:2)
*sigh* (Score:2)
Again another virus scanner on linux that actually scans for windows vulnerabilities to help make that OS more secure.
Re: (Score:1)