Is there a point in installing antivirus on Ubuntu?
I have recently started using Ubuntu. I am wondering about the point of installing antivirus programs on Ubuntu. On SuperUser, I found the opinion that it only detects "windows viruses" and removes them. Is there a point in installing antivirus if I don't have any other OS?
As far as I know, there are no viruses for Linux. What about malware and any other harmful programs? Is it safe not to install any protecting software?
Solution 1:
This is simply not true. There are many types of malicious code which can be run on 'Nix.
The point is (and the misunderstanding), is that there is significantly less when compared to Windows. For whatever reason it's become common place to use AV on Windows.
http://en.wikipedia.org/wiki/Linux_malware
There are a few AV programs for Linux.
There is also more information on super user. The rest of 'my' answer is copied from the answer of that post:
Well, it factually is not... it's just less subject to hackers developing viruses that target Linux systems. Consumer grade computers usually run on Windows and thus, when targeting a wide audience, Windows is the way to go.
Don't misunderstand Linux and viruses, there definitely ARE Linux viruses.
Some distros have additional protection layers such as SELinux in Ubuntu for example. Then there's the default firewall and the fact that alien files don't automatically have permission to be executed. Specific execution permission has to be granted before execution is possible.
Then there are several other factors that make Linux a hard place to be for viruses usually non-root users on Linux systems have no to little executable files at their disposal that would allow for viruses to stay undetected en propagate. Some programs just require you to be logged in as root (or by use of
sudo
) before they run or to access/modify directories other than your home. It's just a lot harder to develop a viable virus that would spread as good as it would in Windows.UPDATE:
As mentioned below, most machines that run Linux are either servers that are run by people who know a thing or two about what they're doing. People that run Linux for desktop use usually choose to and also do know what they're doing. Almost all computer illiterate run Windows and therefore it's much easier to get those computers infected. "Hey, this machine tells me that I have I virus and I have to purchase this Anti-Virus program called 'FAKETrojanHunter' to get rid of it... Okay, let's do it!"
Because no Linux distribution/installation is equal per se, it's harder to develop malware that would infect them all as efficient as possible. Furthermore, almost all software run on Linux is Open Source, making malware much more easily detectable since it's source is open to the public.
Solution 2:
First ask why is Ubuntu-Gnu-Linux more secure.
- As it is MOSTLY (unless you install non-free) Free Software (Software libre): the source code is available (Freedom 1 — the freedom to study how the program works), making it harder to hide malicious code.
- The huge repositories and the installer: make it, mostly, unnecessary to install arbitrary software.
- The system is better architected: designed to be secure. If a virus is written, that exploits a vulnerability, then fix the vulnerability (vs blame the virus and detect when it gets onto the system).
- Files are not executable by default, no matter what there name or extension.
- Diversity: Different distributions, address randomisation in kernel to make bug exploits more difficult, etc.
In addition you should:
- Backup regularly.
- You can use the multi-user feature, even if it is just you using the system:
- Have a sandbox user for testing new software.
- Set up subversion (or mercurial, or if you are good at using stuff that is hard to use git) a revision control system, so when you break something you can role it back. Then have the repository owned by a user svn, with no write permission to any one else. Then use tunnelling (ssh) to connect. That way if your account is compromised, the intruder can break things, but the old state will be in the repository, and can not be deleted.
- Look into configuration management e.g. cfengine, Puppet, Chef (or perhaps the fairly new Ansible).
Note: Gnu/Linux is not perfect, there are many problems. There is currently research into new ways to improve security. But it is still better than the rest (possible exception of some of the BSDs)
Solution 3:
Yes there is. Imagine that you have a file with a windows only virus as part of the payload and it passes through your Linux machine. You have the opportunity to remove it before it is sent with e-mail or on a USB stick to a friend. If this happens the virus is now on his Windows machine.
Solution 4:
It depends on what you do.
The pure power user
A user that sticks to the distribution provided software only, avoids fishy browser plugins such as Flash and Java, and always updates his system does not need an antivirus.
The reason is simple: an antivirus can only detect known viruses. If his system gets security updates on time, this is just as good. Because the security updates usually roll in a fast as the antivirus signatures.
The file server operator
If you are operating a file-server for Windows users, you want an Antivirus to protect the Windows users.
The player
If you like installing third-party software from non-official package repositories "PPA"s, whatever that you cannot trust, if you manually install software that will not receive automatic security updates and just always jump the latest trends, maybe even try running windows sofware on Linux, then you are just as vulnerable as the average Windows user, who is downloading unsigned software over the internet. Get an Antivirus.
The power admin
The power admin writes his own tool that frequently computes checksum for key parts of his system and sends them off-site for comparison. Since most of the files come from official software packages, there exists a known "truth" of correct checksum. Any modification of a system file is quickly detected, but since his checksum service is not off-the-shelf but a custom solution, any attacker misses this hidden trap, and triggers the alert. (There exist off-the-shelf solutions such as tripwire, but they are fairly easy to disable.) If the virus actually gets that far, and isn't earlier stopped by sandboxes and SELinux policies hand-crafted by the admin in minutious fine-tuning. An anti-virus provides virtually no benefit here.