Do you have any antivirus recomendations for Linux.

  • zwekihoyy@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    do not use browsers from flatpak. browsers have their own built in sandbox that is crippled or sometimes fully disabled in order to make flatpaks sandboxing work, which are often less restrictive than the browser’s.

    flatpak is better than nothing for the average user but most packages completely ignore the sandboxing it is supposed to use and require manual changes on flatseal.

    • cizra@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Interesting, could you please elaborate?

      1. What exactly is this “built in sandbox”, and what does it protect against? How does it compare with Flatpak disallowing access to filesystem?
      2. Could we get a source for the claim of sandbox being crippled? Or more details? Documentation? Build scripts?

      I had a look at flatpaks I have installed:

      • Firefox (org.mozilla.firefox): no access to ~

      • Thunderbird (org.mozilla.Thunderbird): no access to ~

      • Element (im.riot.Riot): no access to ~

      • Beyond All Reason (info.beyondallreason.bar) - no access to ~

      • Steam (com.valvesoftware.Steam) - no access to ~, and (best of all) Steam runs a ton of untrusted code in games, which will inherit this restriction.

      • Wolfenstein: Blade of Agony (com.realm667.Wolfenstein_Blade_of_Agony) - no access to ~

      • Chromium (com.github.Eloston.UngoogledChromium): allows access to ~ by default. It’s one click to disable, or I could shop around for another one, like org.chromium.Chromium.

      • OpenTTD (org.openttd.OpenTTD) - allows access to ~

      Thus, yeah, some apps neglect to restrrict ~, thankfully it’s easy to fix. It’s not a disadvantage, though, it’s a lack of advantage.