Virus guards for Linux? Is it necessary

Sudo It

Active Member
Joined
May 21, 2021
Messages
172
Reaction score
123
Credits
1,328
First I should apoligize if this is a dumb question:).
As I know Linux is the safest OS , but I saw few articles that Linux isn't completely safe bcz it is becoming an increasingly attractive target for malwares and viruses. Windows has hundreds of anvirus softwares like Avast, Kaspersky etc. But however, I couldn't find any reliable (free)antivirus program for Linux which is quite a surprise bcz millions of developers and normal users use Linux distros everyday.
Are there any reliable free antivirus softwares for Linux? Or do we really have to install one if there isn't any major threats for Linux distros?
Thanks for your answers
 


I have used Linux for approx 7 years.

I do not have an antivirus installed

I simply use the Firewall which comes with Linux.

The time may come when an antivirus will be a good idea.

That time is not now.

Make your Browser Secure

Don't open unknown emails

Practise safe browsing.

-------------------------------------------------------------------------------------------------------------------------


From your post above "I couldn't find any reliable (free)antivirus program for Linux"

Note the accent on the word 'Reliable'

There are a few around, and their reliability is highly questionable..

For that reason alone I will not touch them.....they are more bother than they are worth
 
You don't need AV.
That said if you are paranoid you can use clamav.
You would be better off using programs like lynis, aide, chkrootkit, etc.
Not really much of a reason to use any of those unless you are running a server that is open to the web.
 
Alright, lets create a question and answer post to better explain the question of Linux and security.

Okay, here goes.

A: Yes, Linux is more secure than Windows.

Q: Why you ask?

A: Not because Linux is some super duper operating system. It's an operating system like all others and don't let anyone lie to you and say otherwise. Nothing, and I mean nothing is absolutely secure!

Q: So if that's the case, why is it more secure than Windows?

A: Ah yes. Here is where we discuss a multitude of whys.
  1. First you must understand there are two different *ROOT* attack vectors at play. You can attack servers and you can attack end-users. Consider this, while there are millions of servers, there are *BILLIONS* of end-users.
  2. There is a numbers game at play. If you wanted to compromise a system. Any system, the smart play it to play the numbers. Do you attack servers or do you attack end users? Yes, you attack end users. Windows accounts for over 40% of all operating systems in use today. Therefore attackers will undoubtedly focus there attacks on Windows because MacOS holds about a 6.3% share and Linux is *less than 1%* share. Therefore, most end-user attacks come against Windows. Don't let Apple tell you they are more secure, they are the same. They just have less people attacking them!
Q: So that's the only thing at play making Linux *seem* more secure?

A: Nope! There is more!
Back in the day, Microsoft made some ENORMOUS mistakes! Not just around security, but around many things! You can look back at quotes and many other areas and see how many mistakes Microsoft made. (BG saying "640k memory is enough", saying the Internet is just a fad leading to Microsoft's late entry into the Browser wars, etc... But there are their security related mistakes and that's what we are here to discuss!​
Back in the 1990s, Microsoft wanted to dominate the PC industry and "by-golly, they did!". They did so by doing what today is considered a cardinal sin! They ignored security and pumped all resources into usability and feature sets! By doing so, not only did they create the dominate end-user operating system, but they also dominated the productivity suites with Microsoft Office which basically killed off their competition in sector. (Apple Lisa, WordPerfect, IBM Lotus, Borland Office / Quattro Pro, Corel Office, etc)​
In the process of doing this, they were adding immense complexity to both Windows and to their Office suite and doing so without regard to security.​
Microsoft was unable to undo the damage without reverting everything they had built. They had no choice but to restart and rebuild while maintaining the operating system that users come to expect. That took DECADES to get to where we are and why you ended up seeing dramatic changes in the Windows architecture while the Linux kernel did not start over, but only evolved over time.​
Linux also followed the core values I still hold today that Windows continues to fail at. Keep It Simple Stupid (K.I.S.S) While the Linux kernel has become HUGE, the kernel is the brain and it only holds what is necessary to support the core system. The normal features you're used to seeing as a user, are bolted on. (X, CLI utilities, etc) That cannot be said about Windows even though they are trying to move that direction. Even their PowerShell ties everything at the core of Windows together making is complex to the extreme. Linux has complexity issues too, but not even remotely on the level of Windows.​
Window's complexity creates a tangled web if structures within Windows. This complexity creates a enormously large attack surface for hackers to attack. For instance, lets look at Windows Mail Server, Exchange. If you've ever setup a mail server before and worked with MS Exchange. You already know Exchange is a BEAST! It's not just a mail server, its so much more! Linux mail servers normally store email in text files, but not Exchange. It has it's own database to store emails!​
That was an enormous mistake and they've looked at fixing it by storing attachments outside the database. Yeah, lets add more complexity! lol. Enter Microsoft Sharepoint Servers! Google "Sharepoint nightmare" and here we go again in massive complex mistakes that open up ungodly amount of attack surfaces and not to mention system management nightmares!​
Anyhow, while I made it clear MS has major self-created issues. They have actually done a really good job of trying to secure their complex environment. Of course, they've spent enormous amounts of money (more than most companies can afford) doing so by hiring some of the best engineers in the industry. (I'm an enormous fan of Mark Russinovich, CTO of Microsoft Azure and Windows Internals / Sysinternal utilities)

Q: Do I need AV on Linux?

A: It doesn't hurt, because it can happen. As a matter a fact, if you were to get an Anti-Virus system for Linux. I don't recommend a free one. I recommend you buy a paid one that also supports HIPS. (HIPS = Host Intrusion Protection System). HIPS doesn't just look for virus signatures like a normal anti-virus does. It watches command executions on the kernel level and when it sees something doing something that isn't' normal or appears nefarious. It will stop it or even sandbox the application!

Have you ever heard the term, "Better Safe Than Sorry"?

Anyhow, if there are any upstart Linux or infrastructure guys reading this. Here is some some core rules I teach guys that work for me.

IT and Security rules to Live by:
There are some core rules that I always teach new IT and Infrastructure engineers. Those are:​
  • All mistakes start with an assumption. Never assume anything, or you're likely to end up correcting a mistake. Sometimes a very bad mistake! One that could cost you (or more people) your/their job!
  • Follow the Principal of KISS. (K)eep (I)t (S)imple (S)tupid. Complex systems create complex problems. Simple systems create simple problems. Only get as complex as is absolutely necessary!
  • Before accepting a course of action, take the horse blinders off and ask yourself. What collateral damage could this cause? What I mean by that is don't just look at A->D of what you're doing. Look at how these changes or this system could negatively impact other operations. Don't find that out after it goes live and you're running around with your hair on fire!
  • Follow the Principal of Lease Privilege: Only give someone or something only the privileges they need to do their job. While it does create more work and even more complexity in privilege management. It can be the difference between having a job and not having one. In some cases, all your co-workers having a job and them not having one. Security, especially today can be that difference. A ransomware infection can kill a company and all the jobs of those employed by the company.
  • Follow the Principal of Zero-Trust: This is more complex to explain, so just Google Zero Trust Architecture. While it's a complex subject. The high level overview of this subject matter can and should be applied to life in general.
  • Finally, Understand that backups, snapshots, resiliency, RAID, high availability, and a multitude of other terms and/or facilities are not the same! Business continuity is a wide ranging requirement and most of the terms you hear about are only a piece of them. Not the single requirement.
 
Last edited:
I noticed I did not explain the numbers of operating systems, but it's not super important except the for the fact that Windows far out numbers machines running anything other than Windows due to the sheer popularity of Windows to a majority of end-users.
 
I have used Linux for approx 7 years.

I do not have an antivirus installed

I simply use the Firewall which comes with Linux.

The time may come when an antivirus will be a good idea.

That time is not now.

Make your Browser Secure

Don't open unknown emails

Practise safe browsing.

-------------------------------------------------------------------------------------------------------------------------


From your post above "I couldn't find any reliable (free)antivirus program for Linux"

Note the accent on the word 'Reliable'

There are a few around, and their reliability is highly questionable..

For that reason alone I will not touch them.....they are more bother than they are worth
Thanks for da reply. Decided not to install any AV.
 
You don't need AV.
That said if you are paranoid you can use clamav.
You would be better off using programs like lynis, aide, chkrootkit, etc.
Not really much of a reason to use any of those unless you are running a server that is open to the web.
Noted. I am not an expert, so I guess I better stay away from those programs:D. Thank you very much for the reply.
 
Alright, lets create a question and answer post to better explain the question of Linux and security.

Okay, here goes.

A: Yes, Linux is more secure than Windows.

Q: Why you ask?

A: Not because Linux is some super duper operating system. It's an operating system like all others and don't let anyone lie to you and say otherwise. Nothing, and I mean nothing is absolutely secure!

Q: So if that's the case, why is it more secure than Windows?

A: Ah yes. Here is where we discuss a multitude of whys.
  1. First you must understand there are two different *ROOT* attack vectors at play. You can attack servers and you can attack end-users. Consider this, while there are millions of servers, there are *BILLIONS* of end-users.
  2. There is a numbers game at play. If you wanted to compromise a system. Any system, the smart play it to play the numbers. Do you attack servers or do you attack end users? Yes, you attack end users. Windows accounts for over 40% of all operating systems in use today. Therefore attackers will undoubtedly focus there attacks on Windows because MacOS holds about a 6.3% share and Linux is *less than 1%* share. Therefore, most end-user attacks come against Windows. Don't let Apple tell you they are more secure, they are the same. They just have less people attacking them!
Q: So that's the only thing at play making Linux *seem* more secure?

A: Nope! There is more!
Back in the day, Microsoft made some ENORMOUS mistakes! Not just around security, but around many things! You can look back at quotes and many other areas and see how many mistakes Microsoft made. (BG saying "640k memory is enough", saying the Internet is just a fad leading to Microsoft's late entry into the Browser wars, etc... But there are their security related mistakes and that's what we are here to discuss!​
Back in the 1990s, Microsoft wanted to dominate the PC industry and "by-golly, they did!". They did so by doing what today is considered a cardinal sin! They ignored security and pumped all resources into usability and feature sets! By doing so, not only did they create the dominate end-user operating system, but they also dominated the productivity suites with Microsoft Office which basically killed off their competition in sector. (Apple Lisa, WordPerfect, IBM Lotus, Borland Office / Quattro Pro, Corel Office, etc)​
In the process of doing this, they were adding immense complexity to both Windows and to their Office suite and doing so without regard to security.​
Microsoft was unable to undo the damage without reverting everything they had built. They had no choice but to restart and rebuild while maintaining the operating system that users come to expect. That took DECADES to get to where we are and why you ended up seeing dramatic changes in the Windows architecture while the Linux kernel did not start over, but only evolved over time.​
Linux also followed the core values I still hold today that Windows continues to fail at. Keep It Simple Stupid (K.I.S.S) While the Linux kernel has become HUGE, the kernel is the brain and it only holds what is necessary to support the core system. The normal features you're used to seeing as a user, are bolted on. (X, CLI utilities, etc) That cannot be said about Windows even though they are trying to move that direction. Even their PowerShell ties everything at the core of Windows together making is complex to the extreme. Linux has complexity issues too, but not even remotely on the level of Windows.​
Window's complexity creates a tangled web if structures within Windows. This complexity creates a enormously large attack surface for hackers to attack. For instance, lets look at Windows Mail Server, Exchange. If you've ever setup a mail server before and worked with MS Exchange. You already know Exchange is a BEAST! It's not just a mail server, its so much more! Linux mail servers normally store email in text files, but not Exchange. It has it's own database to store emails!​
That was an enormous mistake and they've looked at fixing it by storing attachments outside the database. Yeah, lets add more complexity! lol. Enter Microsoft Sharepoint Servers! Google "Sharepoint nightmare" and here we go again in massive complex mistakes that open up ungodly amount of attack surfaces and not to mention system management nightmares!​
Anyhow, while I made it clear MS has major self-created issues. They have actually done a really good job of trying to secure their complex environment. Of course, they've spent enormous amounts of money (more than most companies can afford) doing so by hiring some of the best engineers in the industry. (I'm an enormous fan of Mark Russinovich, CTO of Microsoft Azure and Windows Internals / Sysinternal utilities)

Q: Do I need AV on Linux?

A: It doesn't hurt, because it can happen. As a matter a fact, if you were to get an Anti-Virus system for Linux. I don't recommend a free one. I recommend you buy a paid one that also supports HIPS. (HIPS = Host Intrusion Protection System). HIPS doesn't just look for virus signatures like a normal anti-virus does. It watches command executions on the kernel level and when it sees something doing something that isn't' normal or appears nefarious. It will stop it or even sandbox the application!

Have you ever heard the term, "Better Safe Than Sorry"?

Anyhow, if there are any upstart Linux or infrastructure guys reading this. Here is some some core rules I teach guys that work for me.

IT and Security rules to Live by:
There are some core rules that I always teach new IT and Infrastructure engineers. Those are:​
  • All mistakes start with an assumption. Never assume anything, or you're likely to end up correcting a mistake. Sometimes a very bad mistake! One that could cost you (or more people) your/their job!
  • Follow the Principal of KISS. (K)eep (I)t (S)imple (S)tupid. Complex systems create complex problems. Simple systems create simple problems. Only get as complex as is absolutely necessary!
  • Before accepting a course of action, take the horse blinders off and ask yourself. What collateral damage could this cause? What I mean by that is don't just look at A->D of what you're doing. Look at how these changes or this system could negatively impact other operations. Don't find that out after it goes live and you're running around with your hair on fire!
  • Follow the Principal of Lease Privilege: Only give someone or something only the privileges they need to do their job. While it does create more work and even more complexity in privilege management. It can be the difference between having a job and not having one. In some cases, all your co-workers having a job and them not having one. Security, especially today can be that difference. A ransomware infection can kill a company and all the jobs of those employed by the company.
  • Follow the Principal of Zero-Trust: This is more complex to explain, so just Google Zero Trust Architecture. While it's a complex subject. The high level overview of this subject matter can and should be applied to life in general.
  • Finally, Understand that backups, snapshots, resiliency, RAID, high availability, and a multitude of other terms and/or facilities are not the same! Business continuity is a wide ranging requirement and most of the terms you hear about are only a piece of them. Not the single requirement.
Wow thanks for taking time to explain everything. Learned tons of things
 
I have heard that if you use wine to run Windows programs then undesirable results can happen such as........
Thank you for replying. Is it okay to use a virtual machine instead of using wine?
 
No worries.
Quote"First I should apoligize if this is a dumb question:).
As I know Linux is the safest OS"

No question is a dumb question we are here to help and help share knowledge to help everyone grow in their knowledge of Linux.
 
Dammit my Kiwi friend said it, in his last Post, as well as I could say it (I am from Australia).

I am a Linux user since 2010 or so, exclusively (no Windows) since 2014 (Windows 7, which I quite liked, almost as much as XP and Windows 3.1 - go back to 1989 with Windows)

Simple answer is Nope.

Alternative (and you don't have to be paranoid :) ) is

Put one on if you like. Every one will likely return false positives until you train it.

Make alternativeto.net your friend.

Using Google or duckduckgo to search, type in

alternative to McAfee, or Nroton, or Sophos, or whatever

and look for the ones that are flagged Linux or cross-platform

Enjoy your Linux

Chris Turner
wizardfromoz
 
There is a purpose though for having ClamAv on Linux box and that is probably we all use FAT32 usb sticks . Virus's aimed at Windows present on the USB stick will have lets say no effect on your Linux box , but if you use it for downloading something for friends PC using Windows then you may very well be perpetuating viruses.

So i always scan usb sticks before letting any Window user , make use of them .
 
When I said, "Secure your Browser' ....if you use Firefox there are many add ons to make it secure

or
You could install Brave Browser.
It has inbuilt ad blocker and tracker blocker, it automatically upgrades all connections to https, and has fingerprinting blocked.
It takes around half an hour to go through all the settings, but it is time well spent.....and it takes a load off your mind.

I use it, because it is secure and because it is quick.

Set it as default web bowser and a good part of your security worries are taken care of.
 
There was a discussion about this topic that I read on Ubuntu forums a few months ago. https://ubuntuforums.org/showthread.php?t=2464245&p=14045850#post14045850

Here's a quote from the forum thread above:
At work we have anti-virus on the Linux systems too... but not because we fear that Linux could be infected. It's more to stop Windows viruses from spreading. Because Linux systems might pass on infected files to Windows too, even if the Linux systems themselves are usually immune to those viruses. That's not to say that "Linux is 100% safe". It is not. But Linux's security problems are different from Windows' security problems, e.g. they usually revolve around remote exploits, buffer overflows, unpatched systems that are vulnerable to remote attacks on network services that would be impossible if the system had been patched in time, etc. Linux's security problems usually do not revolve around viruses ("virus" in the same sense as a Windows user would understand that term).

The real question here is: What are you trying to achieve?

Are you trying to protect Windows systems from getting in contact with infected files? Then install anti-virus software on Linux systems too.

Are you trying to improve the security of your Linux systems? Then anti-virus software is borderline useless. You'd be better off subscribing to security mailing lists about "CVE" advisories and making sure all your Linux systems always have the latest patches. And make sure none of your Linux systems needlessly have any ports open towards the Internet, don't run any network service that you don't really need or use. And make sure the ones you do need and do use are properly configured and properly secured.
 
Last edited:
Dammit my Kiwi friend said it, in his last Post, as well as I could say it (I am from Australia).

I am a Linux user since 2010 or so, exclusively (no Windows) since 2014 (Windows 7, which I quite liked, almost as much as XP and Windows 3.1 - go back to 1989 with Windows)

Simple answer is Nope.

Alternative (and you don't have to be paranoid :) ) is

Put one on if you like. Every one will likely return false positives until you train it.

Make alternativeto.net your friend.

Using Google or duckduckgo to search, type in

alternative to McAfee, or Nroton, or Sophos, or whatever

and look for the ones that are flagged Linux or cross-platform

Enjoy your Linux

Chris Turner
wizardfromoz
Thank uu, I am really trying to stop using google products,so, duck duck go and ecosia are my primary search engines right now. Some others are suggesting to install clamav, so, i thought I'll give a try. Every little advice is very important to me as I know very little abt Linux. Thank u very much again for taking time to explain everything
 
There is a purpose though for having ClamAv on Linux box and that is probably we all use FAT32 usb sticks . Virus's aimed at Windows present on the USB stick will have lets say no effect on your Linux box , but if you use it for downloading something for friends PC using Windows then you may very well be perpetuating viruses.

So i always scan usb sticks before letting any Window user , make use of them .
Yeah, I have that habbit scanning usb sticks bcz I had to face consequences few times for not scanning drives before opening them. :D
 

Members online


Top