This article applies to all Ubuntu versions
Why do I need anti-virus software?
Isn't Linux virus-free?
For the most part, Linux is engineered in a fashion that makes it hard for viruses to run (click here for more info). However, there are many reasons you might want a virus scanner on your Linux PC:
- to scan a Windows drive in your PC
- to scan a Windows-based network attached server or hard drive
- to scan Windows machines over a network
- to protect a Windows virtual machine from within the virtual machine
- to scan files you are going to send to other people
some Windows viruses can run with Wine.
Linux virus infections are theoretically possible.
Other Security Issues
Open Source Antivirus
Free (gratis) version of proprietary Antivirus
Comodo Anti-Virus for Linux. 32 and 64-bit releases for 12.04 available.
AVG Antivirus. AVG is popular in Windows. Like most antivirus programs it detects infected files but doesn't remove the infections. Unusually though, it also doesn't move infected files to a quarantine folder. There is a more detailed page about Avg in Ubuntu.
Avira Antivirus. Requires Java to use the GUI. No new licenses are being granted after July 2013, and the Avira Linux product will be terminated in June of 2016 for prior existing users.
BitDefender Antivirus. Limited time trial version for immediate download, but free personal-use license available by filling in a form. BitDefender checks for Windows viruses. There is a community documentation page about it here.
Panda Antivirus. I didn't check this one but it appears to be old and no longer maintained. It used to have some unique & awesome features (check here for the updated Panda Cloud Cleaner that is still very useful.)
Possible reasons Linux is less prone to malware
- Programs are run as normal user, not root user
- Open source - more eyes on the system source code
- Diverse end-user configurations
- System software frequently updated
- Software generally installed from trusted repositories
"A computer virus, like a biological virus, must have a reproduction rate that exceeds its death (eradication) rate in order to spread. Each of the above obstacles significantly reduces the reproduction rate of the Linux virus. If the reproduction rate falls below the threshold necessary to replace the existing population, the virus is doomed from the beginning -- even before news reports start to raise the awareness level of potential victims." by Ray of http://librenix.com
Root User vs normal usage
"For a Linux binary virus to infect executables, those executables must be writeable by the user activating the virus. That is not likely to be the case. Chances are, the programs are owned by root and the user is running from a non-privileged account. Further, the less experienced the user, the lower the likelihood that he actually owns any executable programs. Therefore, the users who are the least savvy about such hazards are also the ones with the least fertile home directories for viruses." by Ray of http://librenix.com
Market Share Myth
Some people say that linux suffers less from malware because it has less than 1% of the desktop market compared to Windows 90% & suggest that if linux ever increases in popularity then it will suffer just as badly. This argument is deeply flawed & not just by the spurious statistics. Linux dominates server markets(NB: this link dead). Why struggle to write a virus that might knock out a few thousand desktops when knocking out a few thousand servers could knock out a continent? Yet it is the desktop machines that are commonly exploited.
With Windows when you want to try a new program you usually have to either pay a lot for it or else use a pirated version, a "cracked copy". With pirated programs (especially cracked versions) you can never be sure of what extra stuff has been added and may often end up getting malware or viruses. Even if you do get a legit copy then you will be often be expected to search around the internet to download it from a site you have probably never seen before. It is quite common for malware agencies to imitate such sites to get malware onto wide-eyed-end-users machines. Users get the blame for going to the wrong sites but how are they supposed to know which are the legit sites without prior experience of that particular site?
With linux we use package managers such as Synaptic or Software Centre that share the same lists of already installed programs and also share lists of approved sites (=repositories) to download programs/packages from. Programs generally have to go through some sort of approval process before being allowed to sit in the repositories (=repos) & generally go through alpha & beta testing before being approved. Theoretically complaints about a package could lead to it getting removed from the repos although generally they just get bug-fixed.
In Windows there is no built-in way of updating programs, drivers, codecs & other packages. Their update process is only about updates to the OS itself (and notice they are almost always called "security updates" although it is often about Microsoft's security, not the users or the machine's security). So, often when you open a program such as Adobe Reader a pop-up appears saying there is a new version or updates are available (again notice how often they are "security updates").
In linux the package managers update all the programs, kernel modules (these contain the drivers amongst other things), shared libraries, codecs, add-ons and other packages. You can set how often & when (even down to the time-of-day) that this update process happens. Although it defaults to asking your permission to download & install updates you can make it just go-ahead automatically. No constant pop-ups demanding you update NOW. No demands to make the updates automatic. Most of the linux updates are about increasing functionality because writing packages with vulnerabilities is unacceptable and so packages would be held back rather than included in releases or added to the repos. Even with the timetabled 6 monthly release cycle of Ubuntu there are no major deadline requiring that badly written code gets rushed through.
So, once you update a linux system that means everything about the system is up-to-date. After a Windows update you are likely to still have programs and drivers that have known existing exploited vulnerabilities even though "security patches" have been released.
https://help.ubuntu.com/community/Antivirus/Avg - Community page for AVG
https://help.ubuntu.com/community/Antivirus/Avira - Community page for Avira