SoylentNews is people
SoylentNews
[Ed. note: This is the 40,000th story submission to SoylentNews.org (Thanks everyone!) --martyb]
Microsoft Defender for Linux is coming. This is what you need to know:
Microsoft's security tools extend beyond the company's own platforms. While the ambition for Defender for Linux is broad, the first preview is aimed just at servers and does less than on Windows.
[...] When Defender came to macOS as well as Windows, Microsoft announced that the name of the software was changing, from Windows Defender to Microsoft Defender. Hidden in the presentation was a hint about the future: a Linux laptop with a penguin sticker on. Now Microsoft Defender ATP for Linux in is in public preview for Red Hat Enterprise Linux 7+, CentOS Linux 7+, Ubuntu 16 LTS or higher, SLES 12+, Debian 9+, and Oracle Enterprise Linux 7. But what does it actually protect those OSes from?
Microsoft already has Linux malware detection in the Defender agents on Windows and Mac, because files get moved from one device to another and you want to catch malware wherever it is -- ideally before it gets onto a vulnerable system. If you're using WSL, Defender already protects you against threats like infected npm packages that try to install cryptominers.
[...] For smartphones, Microsoft seems likely to concentrate on phishing, and not just in email but potentially in messaging apps too.
[...] "But then let's move past endpoints -- let's talk about your whole estate, all of your users and all of your data and all of your communication tools inside of one threat protection environment."
Rest assured that this is guaranteed to have the same quality, security and stability that you have come to expect from the Microsoft brand name. Count on it!
(Score: 5, Insightful) by KritonK on Friday March 27 2020, @02:26PM (2 children)
Whatever one's level of sophistication as a Linux user is, running an antivirus program on a mail server is generally a good idea, because the sysadmin's sophistication has nothing to do with the sophistication of the e-mail recipients, most of whom will be reading their e-mail on Windows machines, anyway.
While I do have ClamAV [clamav.net] installed on our company's e-mail server, I have found that, in its default configuration, it is not as effective as I would like, as the official virus signatures are updated very slowly. In fact, I once received a complaint, because someone had received infected messages through our company's server, instead of them being filtered, as would happen with other servers. To make ClamAV effective, I had to install a set of unofficial signatures [github.com]. Although they have proved effective, their name is not very reassuring. Besides, adding the unofficial signatures to ClamAV requires a bit of configuration, especially if ClamAV has been embedded in a complicated system such as Zimbra. If Microsoft Defender provides an easily configurable, drop-in replacement for ClamAV, with frequently updated virus signatures, there may be a place for it in Linux. As for me, having gone through the process of configuring ClamAV, I'll be sticking to it.
(Score: 0) by Anonymous Coward on Friday March 27 2020, @02:54PM
You are correct and I concede my initial point.
(Score: 0, Informative) by Anonymous Coward on Friday March 27 2020, @07:18PM
No. Why would you bastardize your Gnu+Linux server with anti windows virus malware? All that does is perpetuate the current evil status quo. Yet the willing slaves suffer until they get uncomfortable enough to take action to free themselves. You are just whoring yourself and enabling the victimization of your users while claiming you are helping.