That’s the app OP is talking about ‘selling out’ to advertisers.

“A decade”?! Try 2

If you think ClamAV on your mom’s laptop on Starbucks WiFi is doing anything useful, but you think fail2ban isn’t - you’re naive.

On phishing - you’ve got another great example. ublock origin or any other decent adblocker will do WAAAAY more to help than ClamAV.

Ideally you keep your configs in a git repo (like github). You know what’s modified because you’re the one who modified them. If you modify them - put that config file in the git repo.

As for “put down” I just meant copied to the system (from github) by your automation (like ansible)

https://docs.ansible.com/ansible/latest/getting_started/index.html

Sounds like you’ve got a better solution, but I think you forgot to mention what it was.

That, and:

• put down config files that were modified
• enable/start services that were installed
• modify the firewall to open necessary ports

Basically: put everything back as it was right before the ransomware encrypted your system on you.

Then of course - fix what you did wrong that got you compromised. ;-)

No, most desktops behind a NAT probably dont need fail2ban (though it wouldn’t hurt).

Everyone’s security profile/needs are different.

The point is that list does a hell of a lot more useful than ClamAV

You’d be better served learning how to setup and use:

• backups (and test them)
• automate your reinstall (see ansible)
• firewalld (RHEL/Fedora) or ufw (Ubuntu)
• fail2ban
• SELinux (RHEL/Fedora) or AppArmor (Ubuntu)
• disable SSH via password, use keys only
• adblocker (like ublock origin) - credit to whale@lemm.ee for the idea below