Blog‎ > ‎

Linux Malware

posted 18 Nov 2013, 12:22 by Alistair Hamilton   [ updated 29 Nov 2013, 03:12 ]
If you care to venture to any of the more common Linux forums you'll quickly find one of the most frequent questions from new Linux users is, "Does Linux need anti-virus software?". You'll also see that the majority of Linux devotees answer with a resounding, "No".

Personally, I do not think the answer is quite so black and white. While it is true that there are very few Linux viruses out there - certainly compared to the staggering amount that target the Windows platform - what there are, are quickly made ineffectual by the rapid release of updates within the Linux ecosystem. That does not mean to say that Linux is immune to malware attack.

I have to say up front that I've been using Linux since 2006 and I do not use anti-virus software and I have never been compromised. That is not to say that there aren't reasons for doing so.
  • If you share files with others who use Windows. While your Linux box may be resilient to Windows viruses you could unknowingly be spreading infected files.
  • If your Linux box connects to Windows computers or Linux servers running Samba - the Windows compatible file sharing server.
  • If your computer is configured to dual boot between Windows and Linux.

Such arguments can be used to justify the use of anti-virus software on a Linux box. Indeed, new Linux users coming from a long history of Windows use have it ingrained in their minds that anti-virus is a must. For those that insist on installing an anti-virus scanner on their Linux box there are a number of products available - some free, others not. Most are not as sophisticated as their Windows cousins. Many simply check for the presence of Windows based viruses on your system as opposed to checking specifically for Linux threats.

I've listed below three products that I have used in the past for testing purposes. Indeed, when called upon to clean a client's computer I frequently boot into Linux and use one of these programs as the first part of the clean up process.

  • Comodo - This is freeware and is unusual in the field of Linux ant-virus software packages in that is provides real time protection. Virtually all the others have to be initiated manually.
  • BitDefender - Freeware and proprietary. Works well assuming you can find the download from their site - it seems to change location every time I look. Requires registration and the input of a security code.
  • ClamAV - This will be available in your Linux distributions repositories. Note that this is a command line tool. If you want a GUI, you should also install the ClamTK package.

However, before you go rushing off to install one of these, can I point you in the direction of two excellent articles available on the Internet. These will give you further information regarding Linux based malware and security issues relating to your Linux box.

  • Linux Malware - This Wikipedia article gives an excellent run down on Linux based malware and contains many references to other articles you may find useful. It also has links to many more anti-virus software developers over and above the three mentioned elsewhere in this article.
  • Linux Basic Security - Taken from the Ubuntu wiki pages, this is a very worthwhile read for the new Linux user. Although Ubuntu centric, given that many distributions are based on Ubuntu the information applies equally well to them.

As you'll see, there are a number of anti-virus solutions for Linux. Do you need them? I wouldn't go as far as saying "no", but unlike Windows systems, on a Linux box they are far from a necessity. If however you'd feel a little more reassured by their presence, then by all means install one.

Be careful that installing anti-virus software doesn't lead you into a false sense of security. The first line of defense against malware is you, the user. Always exercise due diligence when visiting websites and exchanging files. That rule of thumb applies no matter what your preferred computing platform is.