Antivirus in Ubuntu? [duplicate]

There are viruses for most all platforms (the first worm was for DEC VAX) , they are just more common on Windows. Different platforms are more secure than others, but a virus can typically gain user level security, which is often good enough, on most platforms. You can actually run Windows without a virus scanner if you keep it patched and are really careful.

Differences from Windows to Linux for viruses: On Linux it is harder for the virus to get root (or system) level access. But it could probably still access your address book or saved passwords in Firefox (user level access).

Strategy: If you are really careful and know what you are doing you can get away without a scanner. A good strategy is to have your scanner just scan downloads or if you are bringing a file from another computer on a USB drive or floppy disk (assuming you have one). If you want you can have it do regular full system scans too. It is all about how paranoid you are, and how likely you are to get a virus.

For your laptop I would suggest only having the scanner scan downloads and when you are brining files from another computer. Having it do full system scans can be a battery drain.

A very important element of a virus scanner is having it updated with new signatures, so pick the package that has the best signature updates, and that works best for how you want to use it.

Both klamav and clamtk are front-ends for the clamAV software. They do check for linux viruses, but they are most useful for making sure your linux computer isn't sharing infected files with windows machines. Most of the virus scanners for linux are actually for servers, and are meant to scan email or uploaded files as they are sent.

Wikipedia has a list of Linux malware, which should help inform about the risks: Linux malware - Wikipedia, the free encyclopedia. They list 30 viruses and various other possible threats.

You may not need a virus scanner per se, but you sure do need to keep your system up to date and secure (good passwords and system practices - permissions etc)

Personal Anecdote: I had a debian server running, It had an uptime of 400 days and I wanted to get to 500 before restarting it to update the kernel, I was being silly, and too cocky about it being a linux system . Since it was a server that served a research group, I gave all of my coworkers an ssh account. Turns out that some hacker exploited a bad password by one of my users and loaded on automated script that ran through 5 or 6 exploits before finding one that worked (an exploit that was patched, had I updated the kernel). It rooted the server and then proceeded to set up a bot (Campus IT caught the hack before I did, they noticed suspicious IRC traffic and contacted me).

Funny story, is that I used those same scripts to take back control of the machine to backup some raw data before nuking the system.

Long story short, keep your system up to date, keep your passwords secure, maintain good administrative practices. And unless you literally go and do sudo rm -rf /* because someone online told you to, it's unlikely you will ever have any trouble with your linux computer.

It's not needed since (contrary to popular lies), linux is rather secure, and you are unlikely to get a virus for linux. Your risk is higher that you might pick up a windows virus while running wine, or that you may get hacked by a remote user (a rare occurrence on the desktop).

My suggestion: install gufw from software center, enable your firewall, along with some optional rules if you like, and optionally install clamav as well (along with fresh-clam).

Overall, your best defense, is to be armed with knowledge. A good way to do that is to get a feed reader like liferea, and follow popular linux sites like omgubuntu or sites like /. (slashdot) for news related to linux security. Don't run software from people you don't trust (that means, be careful with shady ppa's, use software that's in the standard repos where possible, and don't run strange plugins on websites, even if it is kinda funny when they fail to infect your linux system =P)

Hope that answers your question =)

edit: viruses are the same on every system in the sense that they all try to use a vulnerability or a user's ignorance to propagate themselves or access something they should not. It's no different on linux, but linux is more secure, way more secure. The antivirus software you saw is actually mainly there to protect windows users; for example if a friend sends you an infected file, you might pass it on to a windows user without being affected yourself.

No, you do not need an Antivirus (AV) on Ubuntu to keep it secure.

You need to employ other "good hygiene" precautions, but contrary to some of the misleading answers and comments posted here, Anti-virus is not among them.

For starters, there seems to be a confusion in some of the top-rated answers here between two issues:

1. Existence of viruses for Linux and
2. Ability to actually infect a system.

These two are not the same. There definitely are 'viruses' that can run on Linux, but in order to make them run, a malicious user needs to get someone with local privilege to actively install them. This requires the owner of the system to trust the malicious user, download the software, and use sudo with a password to install it, (or run it as a regular user to cause some regular-user level damage). Not a trivial set of barriers to overcome.

Unlike on some other systems, a regular user who keeps their Ubuntu system up-to-date on security fixes (very easy to do), cannot normally install something by accident (e.g. by opening an attachment, or clicking on something). The exception is unknown zero-day vulnerabilities, but for those AV will be totally ineffective anyway. An Ubuntu user doesn't work with admin privileges by default, and remote root logins are disabled.

In addition, Ubuntu comes with:

• Random address loading (which foils most drop-to-shell attempts)
• Application restrictions/barriers via apparmor so an application like firefox can only access a very restricted subset of files and actions for example (see /etc/apparmor.d/usr.bin.firefox)
• Built-in firewall (iptables) which can be set-up to be very restrictive

So to be secure, you need to adhere to basic rules of safety such as:

1. Keep your software up to date
2. Only run software downloaded from official repositories (or software you wrote yourself, or can audit the source code of)
3. Only use your standard package-manager for installs. In particular do not install proprietary binary stuff from random sources which you can't audit by looking at the source code using apt-get source).
4. Have a home firewall & do not run unnecessary services
5. Regularly run some log scanning to detect unusual activity -- I recommend logcheck
6. Add a local iptables based firewall for another defense perimeter layer
7. Keep your passwords long and secure (a good password manager is recommended). Use two-factor authentication wherever possible.
8. Use encrypted sessions (use ssh and scp, and not ftp or telnet)
9. Use containers (e.g. docker or systemd-nspawn images) - by running software in isolation from the rest of the system, even the most buggy/vulnerable software, won't be able to cause damage outside its container. Container-technology means basically game-over for compromised software.

If you follow these sensible guidelines, you'd be way safer than you would be by installing a non-opensource 'AntiVirus' (how can you trust such software?) and falling into a false, and highly deluded, sense of security.

Of course, if a malicious user asks you to download badstuff.deb from somewhere and install it by opening a terminal window and typing:

sudo dpkg -i badstuff.deb

and you oblige, all bets are off, and you have only yourself to blame for being infected. An AntiVirus is pretty unlikely to save you in this case. Unless this particular badstuff.deb is among the finite set of blacklisted signatures.

As others have mentioned clamav "for Linux" is designed as a scanning server to other (non-Linux) systems.

Some of the answers and comments here make the following non-sequitur claim: "since user-level damage can be very harmful (e.g. removing $HOME and everything under it), sudo access is irrelevant. You need AV anyway."

This is a red-herring logical fallacy. You can willfully (or accidentally) remove $HOME anyway, with or without a virus. The critical question, is again: do you run random code from untrusted sources or not. If you do, AV (or any other precaution) won't save you from yourself willingly damaging your system.

On Ubuntu, the whole system and software repository ecosystem is designed to prevent running random code from random sources, thus installing an AV to "protect Ubuntu from viruses" is a waste of time and resources.

Some answers here suggest installing a commercial, non-open source, AV software on Linux. Don't do this. AV software runs with elevated privileges, often changes system-call semantics (e.g. change open() to scan a downloaded file and possibly fail), and consumes very significant (memory, CPU, disk, network) resources. Such software cannot be audited so it is impossible to trust. Installing such software on your otherwise pretty secure Linux system, would dramatically increase the surface of attack of your system and make it far less secure.

References:

1. Are signature based antivirus or anti-malware effective?
2. What automated intrusion notification/detection setup is good for home desktop use?
3. Is it easier to write viruses for Windows compared to OS-X and Linux (Quora)
4. Google: Symantec antivirus flaws are "as bad as it gets"
5. Setting up iptables - Ask Ubuntu question
6. systemd-nspawn on Arch wiki