Can I get a virus by using "sudo apt-get install"?
apt
on a default Ubuntu system will be very unlikely to get viruses. However, it doesn't mean it isn't possible:
-
Malicious PPA
One of the features of APT is the ability for admins to add Personal Package Archives (PPAs) or other software sources to the APT cache. These third-party APT sources are not necessarily trusted, and may carry viruses. However, it would take an intentional action of the machine's admin to add one of these infected sources, making it rather hard for one to add itself. -
Hacked Repository
In theory, a software repository may be hacked by a malicious party, causing downloaded.deb
files to potentially carry malicious payloads. However, official software repositories are very carefully watched and security for these repositories is pretty tight. A hacker would be hard-pressed to take down one of the official Ubuntu software sources, but third-party software sources (see above) may be compromised a lot easier. -
Active MITM/Network Attacks
If a network is compromised higher up (by, say, your ISP), it is possible to get a virus from official software sources. However, an attack of this caliber would require an extreme amount of effort and the ability to Man-In-The-Middle many sites, including GPG key distribution servers and the official repos. -
Poorly Written/Malicious Code
Vulnerabilities do exist in open source, peer-reviewed, and maintained code. While these things aren't technically considered "viruses" by definition, certain exploits hidden or never revealed in the code could allow a malicious attacker to place a virus on or pwn your system. One example of this type of issue would be Heartbleed from OpenSSL, or the much-more-recent Dirty CoW. Note that programs from theuniverse
ormultiverse
repos are potential threats of this caliber, as explained here.
apt
(due to its importance on Linux systems) is pretty heavily guarded against almost all of these types of attacks on both the client and server side. While they are possible, an admin who knows what they're doing and knows how to read error logs will be able to prevent any of these attacks from taking place.
Additionally, apt
also enforces signature verification to ensure that the files downloaded are legitimate (and are downloaded correctly), making it even harder to sneak malware through apt
, as these digital signatures cannot be faked.
As for responding to a malware infection incident, the absolute easiest path is to burn the system to the ground and start again from a recent (and known-clean) backup. Due to the nature of Linux, it can be very easy for malware to manifest itself so deep in the system that it can never be found or extracted. However, packages like clamav
and rkhunter
can be used to scan a system for infections.
apt-get
will only install from the official Ubuntu repositories which are checked or from repositories you've added to your sources. If you add every repository you come across, you might end up installing something nasty. Don't do that.