Do I need to have antivirus software installed? [closed]
I thought that there was no need to scan for viruses either in Ubuntu or any Linux distros until I found virus scanner packages clamtk
and klamav
in Ubuntu software center yesterday.
This leads to the following questions:
- How do viruses differ between Linux and Windows?
- How do the strategies for protection differ between Linux and Windows?
- Should a virus scanner package be installed on my system? If so, which would be a better option?
Solution 1:
There are viruses for most all platforms (the first worm was for DEC VAX) , they are just more common on Windows. Different platforms are more secure than others, but a virus can typically gain user level security, which is often good enough, on most platforms. You can actually run Windows without a virus scanner if you keep it patched and are really careful.
Differences from Windows to Linux for viruses: On Linux it is harder for the virus to get root (or system) level access. But it could probably still access your address book or saved passwords in Firefox (user level access).
Strategy: If you are really careful and know what you are doing you can get away without a scanner. A good strategy is to have your scanner just scan downloads or if you are bringing a file from another computer on a USB drive or floppy disk (assuming you have one). If you want you can have it do regular full system scans too. It is all about how paranoid you are, and how likely you are to get a virus.
For your laptop I would suggest only having the scanner scan downloads and when you are brining files from another computer. Having it do full system scans can be a battery drain.
A very important element of a virus scanner is having it updated with new signatures, so pick the package that has the best signature updates, and that works best for how you want to use it.
Solution 2:
Both klamav and clamtk are front-ends for the clamAV software. They do check for linux viruses, but they are most useful for making sure your linux computer isn't sharing infected files with windows machines. Most of the virus scanners for linux are actually for servers, and are meant to scan email or uploaded files as they are sent.
Wikipedia has a list of Linux malware, which should help inform about the risks: Linux malware - Wikipedia, the free encyclopedia. They list 30 viruses and various other possible threats.
Solution 3:
You may not need a virus scanner per se, but you sure do need to keep your system up to date and secure (good passwords and system practices - permissions etc)
Personal Anecdote: I had a debian server running, It had an uptime of 400 days and I wanted to get to 500 before restarting it to update the kernel, I was being silly, and too cocky about it being a linux system . Since it was a server that served a research group, I gave all of my coworkers an ssh account. Turns out that some hacker exploited a bad password by one of my users and loaded on automated script that ran through 5 or 6 exploits before finding one that worked (an exploit that was patched, had I updated the kernel). It rooted the server and then proceeded to set up a bot (Campus IT caught the hack before I did, they noticed suspicious IRC traffic and contacted me).
Funny story, is that I used those same scripts to take back control of the machine to backup some raw data before nuking the system.
Long story short, keep your system up to date, keep your passwords secure, maintain good administrative practices. And unless you literally go and do sudo rm -rf /*
because someone online told you to, it's unlikely you will ever have any trouble with your linux computer.