ClamAV has a bit of a learning curve...

@f33dm3bits :-

I make occasional donations to our Admin, rockedge.....toward the costs of keeping the current "new" Puppy forum alive & kicking. It's not set-up as a regular monthly thing, but I make maybe 2 or 3 over the course of the year as one-off PayPal transactions.

rockedge seems embarrassed at taking our money! A bunch of us got together, and almost had to blackmail him into adding a PayPal 'Donate' button to the 'front page'. I think he's glad he did now, though.

(It might not seem much, I know, but so many folks have next to no interest in what makes their favourite websites tick.....and even less idea of just how much it costs to keep 'em going.)

In the words of a popular UK TV supermarket advert....."Every little helps".


Mike. :)
You all need to dump the PayPay and you would get more donations imo.

A lot of folks despise and loath PayPal for reasons I'm not allowed to post due to forum rules.

Places should at least take money orders if they are going to use PayPal.
 


I don't / won't use PayPal.
Same here, I had a PayPal account from the day they started, up to a few years ago when then changed the system and insisted you had a mobile as part of their terms, so I told them where to poke their phone and closed the account, ok it restricts the number of sites I can buy from but that is not a problem
 
Do any of you donate to some of the opensource projects you use


I bought the paid version of OpenCPN on Android once, even though I had the free versions on Windows and Android already.. I did it to support the devs and the paid version was full of bugs so I never used it. Now I wish I could get the flatpak working on Xubuntu.. it just crashes on start after loading charts...

That is the only software I ever remember spending money on. If I had money to throw around I wouldn't mind donating but I don't so I compromise with free opensource software that is sometimes buggy, sometimes limited in functionality, and most of the time requires going through a steep learning curve with many hours reading the docs...

I'm also an aspiring software developer so I appreciate the concept of compensation. Maybe I can't contribute financially but I plan to contribute by offering my own opensource projects for free one day.
 
That is the only software I ever remember spending money on. If I had money to throw around I wouldn't mind donating but I don't so I compromise with free opensource software that is sometimes buggy, sometimes limited in functionality, and most of the time requires going through a steep learning curve with many hours reading the docs...

I'm also an aspiring software developer so I appreciate the concept of compensation. Maybe I can't contribute financially but I plan to contribute by offering my own opensource projects for free one day.
That's not my general experience. I was talking more about software you daily use on your Linux distribution, such the distribution you use as your daily driver or other software you use daily: ie: Linux MInt, LibreOffice, VLC, etc. Proprietary software can be buggy too and people still have to pay for that. Besides that donating to an opensource project also helps the developer to be able to have resources(ie: hardware, hosting, etc.) to make better software even if it is still currently buggy. Contributing code is another way to contribute, or helping test the software and reporting bugs. I do donate from time to time and I do report bugs when I come across them if they bug me enough.
 
That's not my general experience. I was talking more about software you daily use on your Linux distribution, such the distribution you use as your daily driver or other software you use daily: ie: Linux MInt, LibreOffice, VLC, etc. Proprietary software can be buggy too and people still have to pay for that. Besides that donating to an opensource project also helps the developer to be able to have resources(ie: hardware, hosting, etc.) to make better software even if it is still currently buggy. Contributing code is another way to contribute, or helping test the software and reporting bugs. I do donate from time to time and I do report bugs when I come across them if they bug me enough.
I used OpenCPN as my primary navigation when crossing oceans and commuting from island to island. On anchor I used it full time for an anchor alarm.. I used it almost as much as my OS
 
AVs are no longer best practice. You want an EDR solution. They are far better than standard AV.

HIPS is a huge part of what makes the difference.
 
AVs are no longer best practice. You want an EDR solution. They are far better than standard AV.

HIPS is a huge part of what makes the difference.
This suits my paranoid brain just fine. Seems like it even protects against 0 day attacks...

I'll be uninstalling ClamAV and setting up OSSEC tonight.

Thank you
 
You want an EDR solution. They are far better than standard AV.
It's the first time I hearing of that. Can you give a few examples of good ones that run on Linux?
 
It's the first time I hearing of that. Can you give a few examples of good ones that run on Linux?
Just from my few minutes of research I found these options:

Here's an updated list that includes both commercial and open-source EDR (Endpoint Detection and Response) solutions with HIPS (Host Intrusion Prevention System) capabilities for Linux:

1. CrowdStrike Falcon
Cloud-native endpoint protection platform with EDR, antivirus, threat intelligence, and HIPS. Uses machine learning, behavioral analysis, and real-time indicators of attack (IOAs) to detect threats.
- Support: Offers 24/7 support with various service tiers.
- Price: Subscription-based pricing; costs vary based on features and number of endpoints.
- License: Commercial.

2. SentinelOne
Autonomous EDR with AI-powered behavioral-based threat detection, automated response actions, and HIPS. Provides visibility into endpoint activity and can rollback malicious actions.
- Support: Provides support with different service levels depending on the subscription tier.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.

3. Elastic Security (formerly Elastic Endpoint Security)
Combines EDR capabilities with the Elasticsearch platform for real-time visibility, threat hunting, and response. Includes HIPS and integrates with the Elastic Stack for log analysis and SIEM functions.
- Support: Community and commercial support options available.
- Price: Free and open-source core functionality; commercial features and support are available with subscription.
- License: Apache 2.0 for the Elasticsearch platform; Elastic Endpoint Security is commercial.

4. Sophos Intercept X for Linux
Provides advanced threat protection with EDR, HIPS, and anti-ransomware technology. Includes root cause analysis and automated investigation capabilities.
- Support: Offers various support options depending on the subscription level.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.

5. Carbon Black (now part of VMware)
VMware Carbon Black Cloud Endpoint Standard offers continuous behavioral monitoring, EDR, and HIPS. Designed for threat hunting and response with a cloud-native architecture.
- Support: Support options vary by subscription tier.
- Price: Subscription-based pricing; costs are available upon request.
- License: Commercial.

6. Palo Alto Networks Cortex XDR
Integrates endpoint, network, and cloud data to stop sophisticated attacks. Includes EDR, HIPS, and advanced analytics for threat detection and response.
- Support: Offers different levels of support based on the subscription.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.

7. F-Secure Protection for Linux Workstations
Provides antivirus, HIPS, and other security features specifically for Linux workstations. Designed to protect against known and unknown threats.
- Support: Offers support with different service levels.
- Price: Pricing is available upon request.
- License: Commercial.

8. Endgame
An EDR platform that provides advanced threat hunting and response capabilities with HIPS. Designed to detect and stop sophisticated attacks, including fileless malware and zero-day threats.
- Support: Support options are available with the subscription.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.

9. OSSEC
Open-source host-based intrusion detection system (HIDS) that includes some HIPS features. It performs log analysis, file integrity monitoring, policy monitoring, rootkit detection, and active response.
- Support: Community support through forums and documentation; commercial support is available from third-party vendors.
- Price: Free and open-source.
- License: Open Source (BSD License).

10. Wazuh
Open-source security monitoring and threat detection platform that is compatible with OSSEC. It offers EDR capabilities, HIPS, and integrates with Elasticsearch for advanced analytics and visualization.
- Support: Community support through forums, documentation, and paid professional support options.
- Price: Free and open-source.
- License: Open Source (Apache License 2.0).

When considering open-source solutions like OSSEC and Wazuh, it's important to note that while they are free to use, they may require more hands-on configuration and management compared to commercial products...
 
Last edited:
On second thought, this looks like it consumes some resources... especially when configured to manage file integrity and live reaction... maybe I'll stay with clam for now
 
Just from my few minutes of research I found these options:
They seem like enterprise solutions so being overkill for a home desktop?
 
They seem like enterprise solutions so being overkill for a home desktop?
Apparently you can configure OSSEC as you want, maybe you don't need all the functionality but I guess it depends what you use your home desktop for..
 
They seem like enterprise solutions so being overkill for a home desktop?
they are based on enterprise solutions, open EDR says its ok for desktops/work stations, [but i found it slowed down my old lappy too much]
 
they are based on enterprise solutions, open EDR says its ok for desktops/work stations, [but i found it slowed down my old lappy too much]
How does your old laptop compare to Ryzen 3 3200u? I'm curious enough to want to give it a try but not if it will slow my computer down...
 
Not such a big difference after all
Big enough, its not CPU speed that's important but CPU processing power the Ryzen is over double that of my T4500
 
Big enough, its not CPU speed that's important but CPU processing power the Ryzen is over double that of my T4500
I don't like apps running in the background. I like to have all my processing power for tasks as I need them done... I even removed clamd for this purpose.
If I had 32 or even 16GB of RAM maybe... but my 8 gigs are already sharing 2GB with my graphics, leaving me with less than 6 for cpu tasks.
 


Latest posts

Top