(i) This article applies to all Ubuntu versions

Why do I need anti-virus software?

Isn't Linux virus-free?

For the most part, Linux is engineered in a fashion that makes it hard for viruses to run (click here for more info). However, there are many reasons you might want a virus scanner on your Linux PC:

  • you are required to have a virus scanner installed by the terms of use of the company you work for or are doing business with
  • to scan a Windows drive in your PC
  • to scan a Windows-based network attached server or hard drive
  • to scan Windows machines over a network
  • to protect a Windows virtual machine from within the virtual machine
  • to scan files you are going to send to other people
  • to scan e-mail you are going to forward to other people

  • some Windows viruses can run with Wine.

  • Linux virus infections are theoretically possible.

Other Security Issues

A Firewall is more important as it should prevent infections and prevent other types of attacks. SSH is also an important issue so it's worth having a look at the main page on Security.

Open Source Antivirus

Free (gratis) version of proprietary Antivirus

Possible reasons linux is less prone to malware

  • Programs are run as normal user, not Root User
  • More eyeballs on the code, nowhere for malware to hide
  • Vast diversity makes it difficult to reproduce flaws in a system
  • All software and drivers are frequently updated by Package Managers
  • Software is generally installed from vast Repositories not from unfamiliar websites
  • Developers/programmers are recognised as Rock Gods rather than treated with contempt
  • Elegant, secure code is admired & aspired to. Hasty kludges are an embarrassment

"A computer virus, like a biological virus, must have a reproduction rate that exceeds its death (eradication) rate in order to spread. Each of the above obstacles significantly reduces the reproduction rate of the Linux virus. If the reproduction rate falls below the threshold necessary to replace the existing population, the virus is doomed from the beginning -- even before news reports start to raise the awareness level of potential victims." by Ray of http://librenix.com

Root User vs normal usage

"For a Linux binary virus to infect executables, those executables must be writeable by the user activating the virus. That is not likely to be the case. Chances are, the programs are owned by root and the user is running from a non-privileged account. Further, the less experienced the user, the lower the likelihood that he actually owns any executable programs. Therefore, the users who are the least savvy about such hazards are also the ones with the least fertile home directories for viruses." by Ray of http://librenix.com

Market Share Myth

Some people say that linux suffers less from malware because it has less than 1% of the desktop market compared to Windows 90% & suggest that if linux ever increases in popularity then it will suffer just as badly. This argument is deeply flawed & not just by the spurious statistics. Linux dominates server markets(NB: this link dead). Why struggle to write a virus that might knock out a few thousand desktops when knocking out a few thousand servers could knock out a continent? Yet it is the desktop machines that are commonly exploited.

Package Managers

With Windows when you want to try a new program you usually have to either pay a lot for it or else use a pirated version, a "cracked copy". With pirated programs you can never be sure of what extra stuff has been added and may often end up getting malware or viruses. Even if you do get a legit copy then you will be often be expected to search around the internet to download it from a site you have probably never seen before. It is quite common for malware agencies to imitate such sites to get malware onto wide-eyed-end-users machines. Users get the blame for going to the wrong sites but how are they supposed to know which are the legit sites without prior experience of that particular site?

With linux we use package managers such as Synaptic or Software Centre that share the same lists of already installed programs and also share lists of approved sites (=repositories) to download programs/packages from. Programs generally have to go through some sort of approval process before being allowed to sit in the repositories (=repos) & generally go through alpha & beta testing before being approved. Theoretically complaints about a package could lead to it getting removed from the repos although generally they just get bug-fixed.

In Windows there is no built-in way of updating programs, drivers, codecs & other packages. Their update process is only about updates to the OS itself (and notice they are almost always called "security updates" although it is often about MS's security not the users or the machine's security). So, often when you open a program such as Adobe Reader a pop-up appears saying there is a new version or updates are available (again notice how often they are "security updates").

In linux the package managers update all the programs, kernel modules (these contain the drivers amongst other things), shared libraries, codecs, add-ons and other packages. You can set how often & when (even down to the time-of-day) that this update process happens. Although it defaults to asking your permission to download & install updates you can make it just go-ahead automatically. No constant pop-ups demanding you update NOW. No demands to make the updates automatic. Most of the linux updates are about increasing functionality because writing packages with vulnerabilities is unacceptable and so packages would be held back rather than included in releases or added to the repos. Even with the timetabled 6 monthly release cycle of Ubuntu there are no major deadline requiring that badly written code gets rushed through.

So, once you update a linux system that means everything about the system is up-to-date. After a Windows update you are likely to still have programs and drivers that have known existing exploited vulnerabilities even though "security patches" have been released.

Other Links


CategorySecurity

Antivirus (last edited 2014-04-05 14:44:08 by lcreid)