Although there have been cases like EvilGnome, a piece of malware that made headlines last year for infecting Linux desktops, they are ultra-rare. The short answer is that thanks to being more securely designed, better maintained, and, truth be told, less popular, Linux ends up being safer than Windows. There’s no simple yes or no answer to the question of our title, though, as it depends on the user and their needs.
The Official Stance
When checking Ubuntu’s official documentation, we arrive at this page. What this explains is:
A synopsis of how antivirus programs function on Windows and Mac OS.A reminder that antivirus software exists for Linux.An explanation of why you probably don’t need it. The reasons?Viruses for Linux are still very rare.Some state it’s because Linux is not as popular as an alternative.Others suggest it’s because Linux is more secure.
The clue on why antivirus software can be useful on Linux comes at the very end. We extracted the interesting part. “If you want to be extra-safe, or if to check for viruses in files you are sharing with people using Windows and Mac OS, you can still install antivirus software.” The takeaway: even if you don’t feel the effects of an infection, your PC can be a carrier.
How viruses attack computers
To understand why Linux is deemed safe, we have to consider the most common types of malicious attacks that can target a computer.
Viruses and trojans propagate mostly through tainted executable files. In most cases, the user himself downloads and runs those files, infecting his system without realizing it. Usually the downloaded files are from ambiguous sources.Worms can infect a machine without the user’s intervention by exploiting bugs in software and devices’ embedded firmware.We can find web scripts on sites where malicious users managed to plant them among existing content. They can redirect the user to malicious web pages, send anything they enter in forms to a third party, and exploit security holes in the browser or its add-ons to infect a PC with an extra payload.
How do antivirus tools work?
Antivirus tools started as simple “file scanners” that scanned a PC’s storage to locate malicious files and remove them, then viruses got wiser and started renaming their files. Antivirus tools caught on to that and started checking file fingerprints instead – basically hashes, comparing them to online databases of known malware. Viruses upped the ante by learning how to hide, obfuscate and mutate their files to avoid detection. And they could pop up and infect systems more quickly than an antivirus maker could detect them, update their database and send it to each antivirus client. That’s when Heuristics became a thing. “Heuristics” define methods that instead of checking a file for signs that show it’s a virus, monitor its behavior. Is it trying to rapidly open, tweak and close dozens of files in succession? Is it trying to load differently named payloads in memory and keep them resident? Is it suspicious? If yes, it’s quarantined, moved to a sandboxed vault and restricted from direct access to the rest of the files in the system, unable to run and affect RAM’s contents. At the same time, the antivirus creates signatures for it and compares them with an online database. If the file ends up malicious and there wasn’t a match on the online database, it gets registered there so other users can avoid it in the future before it infects their computers.
Why Linux is safe by design
The reason we explain how viruses and antiviruses work is that it makes it simpler to understand why Linux is considered safe.
Most people using Linux don’t use pirated programs and games that could come packaged with malicious software. They use their distribution’s official software center and maybe some trusted repositories on top.Most people don’t log in to their Linux desktop with an account with root access. Thus, everything running under their account is subject to the same restrictions. This includes malicious software that, thanks to those restrictions, can’t infect other files or the OS itself. There’s no need for an antivirus vault here.Almost all Linux distributions, the Linux kernel, and the most prominent software are updated regularly. With their code in the open, vulnerabilities are found and fixed more quickly than in the closed-source world of Windows and Mac OS.
The popularity factor
Linux (for desktop use) might not be the most popular OS on the desktop, but that’s not a negative. First, because the popularity of an OS is not a measure of its quality. Secondly, because that makes it safer. The creators of malicious software usually do what they do for either fame or money. Fame in that perverse way where someone craves recognition, even as “that person who’s destroyed dozens of computers.” Money because their malicious software could provide them with stolen data they could then exploit or sell to third parties. Thus, from their perspective, it’s better if they target the most popular platforms: why spend their time focusing on Linux, when Windows or Android would be easier to exploit and produce better results?
So, do I need an antivirus on Linux?
We’ll echo the sentiment that, in most cases, you don’t need an antivirus on Linux for regular daily use. But you need to be cautious to keep your computer safe and employ other measures of protection against current threats.
Update all your software regularly.Use safety add-ons/extensions in your browsers.Don’t install or run “stuff” you don’t trust. Even if someone online vouches for them.
There are several antivirus software for Linux if you are truly concerned. Install an antivirus like Clam TK if you’re running a server in contact with other OSes. Even if your OS of choice is safer than Windows and Mac OS, you don’t want it becoming a “carrier” for an infection that could bring your contacts’ PCs down. Image credit: Microsoft Anti-Virus