Do you really need an anti-virus on Linux? I ask because I am curious about your opinions and experiences.
I don’t use one currently, but I’ve heard arguments for and against it.
One argument for it is that, obviously, it can catch known viruses.
One argument against is that the antivirus would need deep access into how your system works, and if the antivirus itself is exploited, that becomes a big problem for you.
I can’t really make heads or tails of it, so for now I don’t unless I hear the Linux community start changing their mind in a big way. I would need to see an actual option be provided as well because I don’t know which antiviruses are trusted.
Would also love to hear other thoughts because I am not technical!
Peronally I believe decent firewall rules and hygiene re accounts and logins is often enough.
Hot take but I agree with the Late Mcafee (John McAfee: about blockchain, bitcoins and cyber security - YouTube). Antivirus is currently useless as it stands. Most exploits that are serious issues aren’t recognized by the antivirus in question most of the time one gets false positives. If your system is infected already then maybe antivirus can detect what has infected your system.
But what’s important is to not get infected in the first place if malware has root access to your machine it is not your machine anymore.
Using linux requires a bit of a shift in your mindset regarding security. Keep backups most importantly if your computer is ever compromised you can wipe your system clean and start from where you left off. I recommend Deja backups and timeshift, timeshift for the root partition and Deja for the home partition. Backing up the home and root separately is essential, why? Because if you can’t boot you restore via timeshift fixing system/root files. If you lose a video folder due to negligent deleting you can use Deja. Remember any backup is better than nothing use whatever you feel is best this mindset is what matters more than these applications.
Now how do hackers usually get in? That is honestly left up to debate but here is my 2 cents. For most people it’s going to be a remote attack so ironically encrypting your drives don’t help in this situation. Securing accounts are more important, with a password manager like 1password, bitwarden, or keepass. Use TOTP 2FA on all or the most important accounts. Decide if passwordless logins fit in your threat model as well currently they look like a decent option and are using FIDO technology however this could change. Simple Login could be used to hurt attackers even more so they need to know what email you’re using and what password and 2FA as well if you have that. This should cover data breaches.
Phishing is very common so be sure to practice good OpSec when looking at an email, calling someone, or getting a text ask yourself. Does this look real? Would bank of america really ask me for a password over the phone? Does this thing look fake in any way? Always check the URL of the website your logging into and make sure it has the lock icon in the url bar to prevent MITM.
Drive by downloads happen when a user clicks a link and is given malware in the form of a download it happens very fast and is unavoidable. Similar to phishing you need to have practices in place before this happens once it happens it might be too late. Don’t click random download links, don’t run any untrusted file, verify linux distro ISO or any file for that matter with checksums and gpgs. Ublock Origin is a helpful extension and can block ads as well as malware sites I suggest you use it.
This seems like the most common ways hackers infect systems. I’ll stop here as to not overload you with information but be sure to research this on your own security is always changing.
All of this is good and can be summed up in what you said which is that you should have good opsec.
My main argument against this is that if you don’t have antivirus, how can you tell whether your system is compromised? Hopefully something stops working correctly and you feel that there are glitches and bugs where there shouldn’t be. However, those aren’t clear indicators. With an antivirus if it’s something they would catch I could get a prompt telling me there’s a problem.
When I had a Windows machine, I used Defender and one day it told me it found a trojan. Was that too little too late? Perhaps, but without that I wouldn’t have known it was there and would have kept on using the computer for everything.
The counterpoint to this is that if you’re infected with an exploit that the antivirus doesn’t know about then you’re no better off. In that case, at least you can be notified of some of the viruses you might get if it’s used by a script kiddie or something like that rather than having no way of knowing whether you’re infected.
If you have a modern system that doesn’t get hit hard on performance, getting an antivirus it’s not useless. However, I believe that the best antivirus is and always be the common sense.
Like, not downloading from shady sites, using ad blocker, avoiding pirate content. All the stuff that can have malicious things.
Without being conscious of what you are downloading/installing it’s just none antivirus that can fully protect you.
i just upload none personal documents to virustotal.com and i’ve been pretty good
Honestly, I would say you don’t since most antiviruses I used on Linux didn’t work well. I do think scanning your system every now and then with antivirus is fine but like others here said the best thing is having common sense. One thing you can do is download canary tokens to your system and they will notify you if someone is on your machine and trying to download files. They are like tripwires. I put them on all my machines and just rename the files to look like something important and like simple files as well.
I use ClamTk but, not as anti-virus for Linux but as anti-virus for Windows. I think this short video segment is a nice synopsis.
I’m late to the party, but can you manually detect or prevent this? Shikitega - New stealthy malware targeting Linux | AT&T Alien Labs
If the answer is no, an anti-virus is something to consider. They of course have their own problems, but the need of an anti-virus on Linux exists.
Typically no, just because the way you install most packages is over the package manager, which removes shady .exes from the equation. You can run ClamAV, but I personally dont
when ppl use linux they more than likely don’t check their activity logs. activity logs provide information about the system and what has changed during daily usage. even still, one would have to know what they are reading to determine if their system has been compromised.
You’re adding to my argument that an anti-virus can help non-technical people be protected. I don’t know how to check activity logs for problems, so this would help me a lot.
On the flip side, thanks for mentioning a new way to diagnose if something is wrong with my computer. For me personally this is something I’ll add to my long list of things I should learn. Checking logs seems way more reliable than just “feeling if something is different.”
Short answer: no.
Long answer: still no. And that’s all I can be bothered to write, other replies have gone more in depth
No. You don’t need it on Windows, or your phone for that matter, either, but it depends on who you are and what your use-case is.
Antivirus and similar software can serve a purpose for certain audiences. If you’re prone to opening binaries from unknown sources, don’t know how to use checksums, don’t bother reading build templates, or don’t mind the invasion of privacy in exchange for a small amount of added security, antivirus and firewalls can serve as decent tools.
Grandparents, friends who don’t work in the industry, children who do not yet comprehend how the internet works, etc, could perhaps all see some benefit in this type of software. With that said, most of these people tend to use Windows or MacOS, which both come with decent protection out-of-the-box.
If you’re new to Linux, something like UFW and perhaps some antivirus wouldn’t be a bad idea. At least until you understand how your OS works and what xyz operation does.
Regardless, make sure you thoroughly trust whatever piece of ‘protective’ software you install, since these often do not run in a sandbox and require scanning your entire fs.