Ask HN: Which tools and methods do you use to check for malware on your machine?

18 points by mikemajzoub 7 years ago | 12 comments

See title :)

rococode 7 years ago |

I have all the Windows security features off usually (defender, firewall) b/c it's a huge pain when they interfere with something I'm working on.

When I think something's already wrong, I use Malwarebytes (free version) to scan my computer. If I suspect something I've downloaded, I use VirusTotal to check it out.

https://www.malwarebytes.com/pricing/

https://www.virustotal.com/

snazz 7 years ago |

No malware-checking system is going to be anywhere near 100% effective. Although you should use antimalware on Windows, your strongest defense is preventative. Aside from being careful with what you download, using a modern (sandboxed) web browser, and using the full set of mandatory access control features built into Windows, I’d recommend using an adblocker to prevent malvertising and better control the code that your web browser executes.

On Linux, there’s no good way to scan for malware because that’s not the focus of most work done on Linux security. Use SELinux (or AppArmor, if that’s your thing), a firewall, and only get software from trusted repositories. Verify the checksums of ISOs for live USBs and use the same sort of common-sense that you would on Windows. Furthermore, you might want to consider moving from Xorg to Wayland since any process running as your user on your display in Xorg can act as a keylogger[0].

[0]: https://security.stackexchange.com/questions/170596/is-it-po...

SamReidHughes 7 years ago |

Nice try, FBI. I use none. I am paranoid about what software I download, and I generally don't feel like I'm exposing an attack surface. To be fair, I think Windows Defender is running and Edge has incoming stuff scanned for malware, because I never turned that off.

And, um, on Ubuntu, apt packages are signed, right?

CuriousCosmic 7 years ago | |

Well unless you or any software you use pulls packages from secondary sources like unverified git repos, npm, or pypi.

Cypher 7 years ago | |

Your OS pwns you.

cypherg 7 years ago |

Terrible security advice in this thread, not surprising. What OS are you using? If you're using a Mac, try out Patrick Wardle's suite of free security software https://objective-see.com/products.html

oyebenny 7 years ago |

I stick with the default Windows Defender feature because it's actually pretty comprehensive. If you have Avast or McAfee on your computer, I'm going to judge you.

If I know I have something, usually it's because I permit it through Windows Defender and experimenting with problematic file types, then I use Malwarebytes. I also take a good hard look at my programs lists and remove ones I don't need, review my start up programs, and etc.

antoineMoPa 7 years ago |

Debian with no malware tool, except ad blocking extensions for firefox. For windows friends, I recommend tools included in Windows + ad blockers + basic education about .exe files that are not the same as mp3s. I think that most problems come from ads and from trying to download movies/songs but downloading viruses instead.

Down_n_Out 7 years ago |

I use Qubes OS [0] and keep things strictly separated to minimize damage as much as possible. Besides that be careful what I download or visit online and use the standard tools if by chance I would think the system is compromised.

[0] https://www.qubes-os.org/

juangacovas 7 years ago |

On windows I've had nice results cleaning other people PCs (mine too) using those three:

- Malwarebytes - Superantispyware - Spybot Search & Destroy

gpm 7 years ago |

ps -ef.

I'm more concerned about something like chrome/steam deciding that it's appropriate to start itself on startup and look for updates than malware that labels itself malware and tries to avoid things like ps. If the sort of malware that avoids ps gets on your system you've already lost.

extremum134 7 years ago |

Common Sense and Open Source software.