Friday, June 10, 2011

Do I need an Anti-virus program on Linux?

This is a question often asked by new users of Linux. (See here.) The short answer often given is no, but that answer often stirs controversy. (See here.)
I haven't used an anti-virus program in Linux for years (although I've tried all the free ones). My answer to the question, as a home user of Linux only computers who doesn't share files with Windows users is also no. Obviously I've caveated that answer, and there are plenty more caveats, so here are some points to beware.
  • Saying that you don't need an anti-virus doesn't mean that Linux malware doesn't exist. It does.
  • Saying that you don't need an anti-virus doesn't mean that you don't need to be careful about security in Linux. You do.
  • For new users of Linux, that attention to security means getting software from the distributions digitally signed software repository, or trusted sources. (For example, I have installed software from Opera and HP in addition to software from the Debian repository.) This guide is not intended for or likely to be useful to more advanced users of Linux.
  • Linux malware exists, but Linux users are very unlikely to encounter it. Don't go downloading packages form the internet and you won't. (Obviously, with so much free software available in distribution repositories, Linux users won't be on crack sites or peer-to-peer networks downloading dodgy executables that claim to unlock Windows programs.)
  • Most Linux anti-virus programs don't do the background scanning of files that Windows anti-virus programs do. If you want to scan a file, you have to do it manually.
  • Why use one installed scanner to scan a file when you could send it to Virustotal and have 30 or so scanner check it? (And please see the point above about not downloading packages from untrusted sources in the first place.)
  • Linux users are simply not affected by the web-borne exploits that install software willy-nilly on Windows systems.
  • Most Linux anti-viruses are primarily intended for file servers, not desktop environments. Yes, an anti-virus is recommended in that situation- beyond the scope of this simple guide. But if you have a dual partition with Windows, or share files with Windows users, yes, an anti-virus is useful- but you'll be looking for Windows viruses.
  • There is no certainty that anti-virus programs will detect a malicious file, as I demonstrated here and here.
  • Linux anti-virus programs are meant as file scanners, not system scanners- scanning the /root (system) directory is likely to result in a lot of frightening warnings (for the new user) which actually don't indicate any sort of infection. See here and here.
  • Institutional network users running Linux may well be asked to use an anti-virus program- I'm not here to contradict your system administrator. Mostly the concern is that Linux users will pass Windows malware around. But there is also the possibility that these users will have valuable information and may be targeted by criminals- and receive a Linux Trojan in their email inbox, for example.
  • Where untrusted and possibly malicious people have physical access to a computer, there is the possibility that they may try to run malicious software. This area is outside my experience. Untrusted people don't use my computer. In institutional situations like this, the answer may be yes, an anti-virus might be a good idea. Listen to your system administrator or consult a more advanced guide.
  • Most of the people advising that home users of Linux need an anti-virus program are Microsoft shills spreading FUD. The idea that you can run a computer connected to the internet without anti-virus protection or risk of infection tempts users away from Windows, and Microsoft has never been above a little black propaganda. More importantly, these people don't actually look at the evidence when they tell you it's not safe to run Linux without an anti-virus.

No comments:

Post a Comment