Thursday, November 29, 2012

Desktop Linux needs anti-virus like a fish needs a bicycle

You don't need an anti-virus program on Linux: I've said it before, but Don't Surf in the Nude started because of an interest in internet security, so I can't resist trying out anti-virus programs in Linux.

I noticed today that Comodo has produced a Linux anti-virus program with real-time scanning. Files are checked as they are accessed or created- for example as they are downloaded from the Internet.

I couldn't resist trying it out. They've created the Windows AV experience on Linux, but like crime in multi-storey car parks, it's wrong on so many levels.

When you install the package, you're faced with a long User License Agreement in the Terminal. If, like me, you're tempted to scroll through the I-agree-to-sell-my-soul-to-the-devil script by pressing enter, you find you've accepted and the installation program is running.

Run the installation script as requested and you see various kernel modules installed. As I found out later, they are not removed by uninstalling the package.

After downloading the 100MB of virus definitions, the Windows AV experience is complete. A lengthy scan of system files (Linux AVs usually only scan user space) found no viruses.

Real-time scanning works: I tried downloading the Eicar test virus only for Comodo to warm me that it was a virus.

This is actually a very well made bicycle, but that doesn't alter the fact that fish don't need bicycles. Why? Because I'm not downloading suspect files form the internet and trying to install them. The thing is to make this switch to being an aquatic craniate rather than buying a bicycle because you think you still have limbs.

Now to try and remove those kernel modules.


  1. One thing I am concerned with in Linux is tracking cookies, which there is no good apps to remove for the user. With internet security products on the Windows side, this stuff gets removed.

  2. Tracking cookies can be easily blocked with plugins like Ghostery.

  3. There is not much viruses in Linux. The reasons are multiple : There is no interest to make one : around the percent of world desktop use, an environment that changes a lot between each distribution, a pro active security auditing led by the open source. Nevertheless Linux is made by humans and they are not perfect. This implies that bugs can be made and those are the foundation for viruses. Just like Apple, the proud of some saying that Linux don't need antivirus is quite dangerous : Remember the troy story ;) Or the Titanic that was impossible to sink ;) By saying that it had and does not happens does not mean that it will not happen.

  4. "...saying that Linux don't need antivirus is quite dangerous..."

    On the contrary, advising that Linux users need an anti-virus is dangerous because it gives a false sense of security (anti-virus programs simply don't detect the threats, so they can't protect you from them) and takes the emphasis away from doing what is really necessary to protect from viruses- learning about security in Linux.

  5. yeah. One thing I usually use on Linux and on Windows is VPN.

    Also - ghostery and adblock. Other than that - no point in av.

    P.S. There is a point for AV on mail servers - I can see that, not for desktops though.

  6. "P.S. There is a point for AV on mail servers - I can see that, not for desktops though."

    Yes, I've acknowledged that previously:

    I was thinking about desktop home users in this post.

  7. Linux doesn't need antivirus.
    Stupid people do, and these can't use Linux.

    My mom used to have a Windows PC, and I had to format and reinstall every now and then.

    Now she's using Ubuntu (with dual-boot to Windows for when she really can't do something on Linux, like using certain government-provided digital-errands tools), and I haven't had to format or install an OS since 3 years already. Her PC is getting rather outdated now, but it has never catched a virus again.

    Even Windows doesn't need an antivirus, if you know how to use it; that is, just don't type the fucking administrator password if you don't know why you're being asked for it!