Microsoft releases Defender ATP for Linux:
On June 23, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for general use.
But before you get excited while you could use this on a Linux desktop, this version of ATP is not meant for the desktop. It's to protect Linux servers from server and network threats. If you want protection for your standalone desktop, you're better off with a such as ClamAV or Sophos Antivirus for Linux.
For sysadmins and security pros, Microsoft Defender Security Center is now available for monitoring and managing security across the full spectrum of enterprise desktop and server platforms -- Android, Windows, Windows Server, macOS, and Linux.
This discussion has been archived.
No new comments can be posted.
Microsoft Releases Defender ATP for Linux
|
Log In/Create an Account
| Top
| 26 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 2) by ikanreed on Monday June 29 2020, @03:25PM (3 children)
there's no money in malware for linux desktop. It's not that it doesn't exist, it's that it's too much effort to have a second version of your attack page to deliver it. Gotta keep those development costs down in your ukranian sweatshop
(Score: 0) by Anonymous Coward on Monday June 29 2020, @04:18PM (2 children)
But... It makes you feel all warm and fuzzy inside (https://soylentnews.org/article.pl?sid=20/06/27/024251) knowing MS is there to protect you.
(Score: 1) by RandomFactor on Monday June 29 2020, @04:22PM (1 child)
That fuzzy feeling may not be what you think it is.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 3, Funny) by Runaway1956 on Monday June 29 2020, @04:53PM
I suspect it's the fever accompanying COVID19.
(Score: 4, Informative) by Anonymous Coward on Monday June 29 2020, @03:39PM (5 children)
> before you get excited
Pretty sure that is the opposite response most folks had.
This is so sites with moronic rules like all hosts must be protected by antivirus, and we have standardized on windows defender can now use non-windows hosts. For the rest of the world, who cares?
The only worry I have is that MS has an endgame that nobody has figured out yet. And, that it will be typical MS where they try to destroy everything they do not control.
(Score: 3, Funny) by c0lo on Monday June 29 2020, @03:49PM
Yeah, that's a typo. I'm sure TF Author meant "hysterical" not "excited" (grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by RandomFactor on Monday June 29 2020, @04:32PM
Valid.
It may bring some centralized management and control which is a big plus in those environments (Yes management, all corporate systems have pattern xxyyzzz.abc which mitigates vulnerability qqqqqq.)
Sounds like they don't fully agree on the audience however:
В «Правде» нет известий, в «Известиях» нет правды
(Score: 4, Insightful) by Runaway1956 on Monday June 29 2020, @04:57PM (2 children)
There are corporate networks to which you cannot login, unless you are running an "approved" antivirus, and other "security" software. In the past, that basically meant, you don't login unless you're running Windows. This may mean that you can log in, but that doesn't mean that your computer is any safer.
I'm expecting this to turn into some kind of Trojan, anyway. Any software that can scan your hard drive is a liability, IMHO.
(Score: 2) by Joe Desertrat on Monday June 29 2020, @09:15PM
My thoughts as well. How long before it is found out to be collecting the same sort of data on its users as does Windows 10?
(Score: 3, Insightful) by fido_dogstoyevsky on Tuesday June 30 2020, @12:12AM
Absolutely.
Fuck microsoft.
It's NOT a conspiracy... it's a plot.
(Score: 4, Insightful) by Rosco P. Coltrane on Monday June 29 2020, @04:11PM (1 child)
it's software from one of the two biggest vendors of surveillance OS.
(Score: 0) by Anonymous Coward on Monday June 29 2020, @06:28PM
no shit! the summary cracked me up.
(Score: 0) by Anonymous Coward on Monday June 29 2020, @05:13PM (2 children)
Why an acronym that's one transposition away from APT - Advanced Peresistent Threat?
(Score: 1, Insightful) by Anonymous Coward on Monday June 29 2020, @09:43PM
No, the acronym is apt. This is just the vehicle, not the threat itself. So this is just the Advanced Threat Persister, able to facilitate other Advanced Persistent Threats.
I mean, in order to target lots of hosts simultaneously, the hosts must run common vulnerable code. That's what this tool is for.
(Score: 2) by maxwell demon on Tuesday June 30 2020, @01:21PM
Yeah, that's why Linux is so safe: It has apt remove so you can easily get rid of any advanced persistent threat. ;-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Runaway1956 on Monday June 29 2020, @05:30PM
TFA is a can of worms, really. Most links are rejected by my browser, because something is blocked by noscript and/or other security measures.
The one link that works without permissions problems, lands me on a Microsoft page - where I must sign in. Hell, I don't want to sign in on a Microsoft page!! That's why I run Linux!
But, the license. It's the "Microsoft Tax" again.
For a corporation, maybe that's alright. For me, a private home user, I won't pay Microsoft anything. So, I suppose this software is out of reach, even for research purposes. Ho-hum.
Not that I was really serious about it, of course. I thought I might run it in a VM, to see how resource hungry it was, and how intrusive. I'll never know . . .
(Score: 0) by Anonymous Coward on Monday June 29 2020, @05:32PM
Headline should read: Microsoft Releases Defender *APT* for Linux
(Thanks Wikipedia)
An advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.[1][2] In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.[3]
Such threat actors' motivations are typically political or economic. Every major business sector has recorded instances of attacks by advanced actors with specific goals seeking to steal, spy or disrupt. These sectors include government, defense, financial services, legal services, industrial, telecoms, consumer goods and many more.[4][5][6] Some groups utilize traditional espionage vectors, including social engineering, human intelligence and infiltration to gain access to a physical location to enable network attacks. The purpose of these attacks is to place custom malicious code on one or multiple computers for specific tasks.[7]
The median "dwell-time", the time an APT attack goes undetected, differs widely between regions. FireEye reports the mean dwell-time for 2018 in the Americas is 71 days, EMEA is 177 days and APAC is 204 days.[4] This allows attackers a significant amount of time to go through the attack cycle, propagate and achieve their objective.
(Score: 4, Insightful) by aristarchus on Monday June 29 2020, @07:18PM (3 children)
Let's be very clear. This part of the Fine Article:
is a complete falsehood, and an intentional falsehood with intent to deceive, or a lie. The purpose of this software is to prevent the spread of Windows viruses, not to protect Linus systems. Same as it ever was.
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @07:20AM (2 children)
I'd make a slight correction to their blurb..
'It's to protect Linux servers administered by Windows wonks from server and network threats.'
I've noticed a number of jobs recently where they've been looking for Windows Devops/Agile/Name-Your-Own-Trendy-Buzzword-Fuckshitwankery people to do whatever it is they normally do and look after Linux servers, y'know, as some sort of afterthought.
This is in fucked up Britain, as recently as last week I got an email from an agency for such a post...despite said agency having been told I only do Linux/*BSD/Solaris, not Windows, besides, I've moved on from IT, not feckin interested anymore, not even consultancy (though the pay was nice...I now lack the patience to deal with the braindeath that came with earning it) so please remove my details from your feckin database...like I asked the last feckin time...
I've not bothered looking elsewhere, but assume it's a global problem caused by the Microsoft infestation.
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @07:36AM
My linux server is dedicated to finding, and serving, the very latest in Microsoft vulnerabilities! I put them in all the email that passes through my server. I attach them to all http requests. I hope that Microsoft will die, soon, from all the malware and its own telemetry, since everyone's passwords are not the property of Redmond. And I serve malware, viruses, poop, and Facebook requests, to whoever contacts my servers, and I do not feel the least bad about it. After what they did to me, with the Blue Screams of Death, that killed my family, in their "self-driving" Microsoft car, that went off the cliff, displaying "Retry, Abort, Fail, Die?"
"I don't expect you to talk, Mr. Gates, I expect you to die!" Dude had his reasons.
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @05:15PM
Yeah, it's because they are dumb whores who work with other dumb whores and can't even conceive why someone who "knew linux" wouldn't be interested in working with both Windows and Linux.
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @01:47AM (1 child)
ClamAV throws a hysteria attack for the slightest hint of a MS-built library (mono, etc). Like every single file. There is zero attempt to actually find malware. You cannot therefore see any threat is a sea of noise and screaming. Its a bit like a rock-converted (fossilized) tribolite yelling "dinosaur!" every time you look at it.
Now MS.. I don't like their intrusion into the Linux space one bit. I guess in a way its their "way" of surrendering to the failure of their Windows product. "Linux is superior and so let's just absorb that." - their policy since year dot. But then whatever they touch, they smeg up. Big money is not good. Megacorps should be taxed 96% on gross to keep them in check.
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @08:54AM
Not used it for a couple of years, but ISTR it also disliking a large number of PE files, though to be fair to ClamAV, a number of commercial AV packages used to treat PE files as almost viruses, the devil's spawn, trust ye not this unholy executable...
Haven't checked for a while..haven't run Windows for quite some time.
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @12:05PM (2 children)
https://soylentnews.org/submit.pl?op=viewsub&subid=41751¬e=&title=Microsoft+Defender+ATP+for+Linux+is+now+generally+available!+ [soylentnews.org]
The submission had better formatting, links, etc.
Thanks for overlooking it.
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @01:46PM (1 child)
Looks like someone isn't bitter about it though, hahahaha
(Score: 0) by Anonymous Coward on Tuesday June 30 2020, @11:46PM
No problem, I'll stop contributing articles. BTW, grow up.