Do you need an anti-virus even with Linux?
Image via WikipediaMost Linux articles I have read and many Linux users that I have talked to seem to think that with Linux you will never need an Anti-virus. At this time in history that my be true but its only a matter of time, right?. With most any OS we can look back before it had a large market share and see that it did not seem to have to worry about viruses (Perhaps with the exception of windows :<)
Once Linux gets enough market share for it to make sense for hackers to start hitting Linux hard, then viruses attempts will start coming. We must remember that where there’s a will there’s a way and that way will probably be found. Viruses, spy-ware, rootkits, etc are big money and people will do anything for that money.
Personally on my Ubuntu Linux installation I use ClamAV for my Anti-Virus which seems to work great, although it is hard to find what a good Anti-Virus is for Linux. Having ClamAV installed just gives me another reason to feel great about the security of Linux. Now don’t get me wrong and think that I am saying that Linux is not secure because I am not, compared to Windows, Linux is Fort Knox. What I am saying is that eventually perhaps Linux’s time will come to feel the heat just Like Mac OS X’s time has come as of late.
As Linux users do we need to start taking the threat of an eventual virus more seriously before its to late and we start getting infected? Let me know if you think I’m right for being worried or you think I’m just paranoid.
March 26th, 2008 at 9:40 am
Viruses and Worms as you know are programs written specifically to spread through computer systems by exploiting vulnerabilities. I feel the best way to stop Virus and Worms is to fix the flaw that allows them to spread. Anti-virus is a piss poor, money grabbing service that doesn’t make sense. If your machine is compromised you can’t trust what it says. Anti-virus systems *could* be proactive by telling you what viruses you are *vulnerable* too, but they don’t because it’s harder to sell. In the face of security on important systems (or even just home systems) Virus detection software is a lost cause on a machine and isn’t academically the best solution. Monitoring network traffic for virus signatures is a different story but it’s for a different purpose so I won’t digress.
Anyway, Unlike Windows who up to Vista have only been reactive to security problems, Linux is much more proactive. For example, even though there are no Virus for Linux yet, NSA have already added “SELinux” enhancements to the kernel. SELinux enhancements essentially allows you to set security to *extremely* fine grained level, so for example, your Apache user may never be able to listen on any network port but 80 or cannot write into the /tmp directory. These are rights much more finely grained than standard user permissions. The idea is that every system call the Apache software makes is described in a security configuration file assigned to the Apache user account which runs the Apache software. This way if a buffer overflow attack allows a remote hi-jacker to inject code in to the Apache app, which runs as the Apache user, SE Linux will make any new or different system calls fail.
Also, think about how Anti-virus works. Every month you download some definitions. Until you download them you are vulnerable to the attack and afterwards you merely notified of the attack. If you run Apt or Yum update every month you download security fixes. Until that point your vulnerable but afterwards your safe against it. It’s almost the same system but with fixes rather than detection.
March 26th, 2008 at 10:50 am
ClamAv is only for windows viruses. It gives you the liberty to scan a win format file like an exe before sending it to a friend on a windows computer.
Linux viruses exist but you have to specifically install them, give them root permission. The only way I believe you can get virus in future will be through poisoned repositories.
June 6th, 2008 at 4:29 pm
[...] that where there’s a will there’s a way and that way will probably be found. Viruses, spy-ware, roohttp://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/serious virus comingMay 3, 2008 … big virus coming I checked with Norton Anti-Virus, and they are [...]