Why You Don’t Need Anti-Virus Software For Linux
I was just browsing Ubuntu Forums recently and someone wanted to get a second opinion to see if it were indeed true that Linux doesn’t need anti-virus software. I humbly obliged them with my own answer on the matter:
You don’t need anti-virus for Linux. Others in here will do a better job at explaining why this is, but in short, the OS has a big advantage here due to it being open source. The operating system is a product of crowd-sourcing, much in the same way as Wikipedia has been since it first showed up several years ago. And much like the highly-moderated articles of Wikipedia that require membership and an approval process for changes made to locked articles, so to is a strict moderation that goes on with the source code for Linux before it’s allowed to become part of the official distribution. Everybody is out to identify possible flaws or weaknesses or bugs in the source code and it’s much easier for any single person to make a contribution because the OS and much of the software that runs on it is open-source.
In Windows, the users don’t have the luxury of being able to dig through the source code to look for flaws. All they can do is report symptoms of problems to Microsoft, and the limited number of paid programmers that do have access to the source code then have to decide what flaws are the most important and which ones don’t merit their attention. So with Windows, a bug that affects only 500 people won’t be as important as a bug that affects 500,000 and probably won’t be fixed at all. But if it were Linux and if just one or two of those 500 people were a programmer who had access to the source code and figured out how to fix the problem on their own, the other 498 would actually stand to benefit from a patch that ends up being released thanks to the work of that one developer who had some spare time on his hands and decided to do something about a bug simply because he could.
So throughout the long life of Linux there has been this much more diversified, seasoned, multi-cultured source for development feedback that has helped to make it a much stronger, more “mature” operating system, especially in terms of the way security was designed. If there was ever a person out there who found a way to circumvent that security, there is at least one other who knows exactly how to repair the flaw. The reason viruses are able to best Windows is because their developers can only patch so many holes, and the ones they don’t have time to get around to end up being exploited the most. Third-party software developers that make Anti-Virus software make a killing because Microsoft is unable to handle this responsibility all by themselves, and even still, the best anti-virus software isn’t perfect.
The reason anti-virus software isn’t necessary in Linux is simply because the OS and its updates that patch vulnerabilities do the exact job anti-virus software in Windows is meant for: Prevent unwanted, malicious software or network activity from compromising the system. If there were a flaw in Linux found that allowed something like that, it wouldn’t be the job of some third-party software to safeguard the user against but the job of the OS itself. The reason anti-virus software even exists is simply because Microsoft is unable to handle the immense work load of patching their own source code as well as a crowd of Linux geeks can.
Am I saying Linux is perfect and invincible to viruses? Might it become more susceptible to viruses in the future if it were to ever become as popular as Windows is today? I would think that with an increase in the number of users would also come a complimentary increase in the number of clever developers that would only help to increase the number of eyes available to find flaws and fix them. Saying that Linux would get a lot of viruses down the road because more people are going to use it is like saying Wikipedia will become rife with widespread, uncontrollable vandalism because more people visit it. It hasn’t happened yet, and very likely never will happen because of the way it is designed, moderated and improved upon by the hive mind.
EDIT to add: As mentioned in the first comments below, I failed to acknowledge that while Linux is more robust in the area of security, nothing can compensate for the weakest link in this arrangement: The User. A novice user could easily be enticed by a sinister website that tells them to download a deb file which might contain malicious code and absentmindedly install it or execute a destructive command from the terminal window because they didn’t know any better (like rm -rf ~/*). Fortunately for novice users there is little if any need to actually venture out into uncharted territory like a terminal window or strange websites to get software, thanks to the official repositories that contain a HUGE collection of software which continues to grow. I’ve even heard you will soon be able to purchase proprietary Linux-based software through it. Unfortunately, little can really be done to compensate for user negligence, and trying to compensate for all possibilities would likely result in too many annoying alerts and prompts for the average user (like when Windows Vista sprang the UAC on its users).
There are only a couple of circumstances that I believe anti-virus software on a Linux platform would might be worth having which involve helping to protect other Windows systems. Say you got an email from someone that contained a virus but you never knew it was there and forwarded it onto someone else who uses Windows, resulting in their day being ruined and you being blamed. So that’s one scenario. You might also have a Linux server administrating a network of Windows based workstations which you have read/write access to and use the server to conduct scans of these machines over the network, but at the expense of finite network bandwidth and CPU cycles on the server.
March 11th, 2010 at 5:35 am
I always install an anti-virus component in everybody’s Linux setups for the simple reason that not everyone has Linux (or Mac) and to forward a contaminated email, file or whatever to a Microsoft machine seems a little unfair as well as irresponsible.
March 11th, 2010 at 5:50 am
I have been an Ubuntu user for almost 3 years. It powers my main desktop, another desktop, our media centre and my phone (N900). I say this only to put across that a) I’m a geek, and b) I’m not writing this comment because I hate Linux.
In short: What you say is mostly true but your conclusion that users don’t need an antivirus is completely wrong.
A distribution is fairly secure because, as you say, it has crowdsourcing to detect things like this. What you’re forgetting that behind every Linux desktop (just as with Windows) is a user… And users are idiots. As users, we’ve all done something stupid at some point.
Security is a skill. Without an active antivirus you can stay safe (even in Windows) by just acknowledging the providence of the things you install and run.
Some people might stick to what you can install from the repos but plenty of people install from PPAs, download little scripts like winetricks, add extensions to their browser… Crowd-sourcing does very little to protect these users.
The standard Linux user relationship with the rest of the system (that is: you run as your user 99% of the time) does help but if you’re in the position where you have a nasty file, it won’t need root permissions to completely ruin your day.
What if you downloaded and ran a script that bottled up your home contents, encrypted them and deleted the originals for a ransom. It wouldn’t need root permissions. This has been done on Windows.
Or a trojan. It only needs to run as the user to have full access to the user’s session and files and do things like SubSeven (BO, BO2K, etc) did for Windows.
Things can even propagate from the user to other computers over network shares, infect the users files…
My point is Linux doesn’t do that much to protect you from yourself. Sure you can’t wipe the whole system without root but installing Linux takes 30 minutes at a push. Years of photos/music/work/documents can’t be replaced as easy.
To stay safe, you either need to recognise the risks of untrusted sources, PPAs, random binary downloads (and put some research in) or, just as within Windows, have something there looking out for you.
You also seem to be under the misapprehension that most Windows users get infected through indirect means (ie through service worms)… Putting aside the fact Linux servers get worms through exploits this exact way, a huge number of infections are contracted through user idiocy: downloading what they think is a screensaver or a video Britney Spears blowing KFed.
If these idiots ever migrate, what do you suppose they’re going to do if they’re offered a screensaver as a .deb package? Yeah download, run, put their password in and hey! It has root access to their system. It could easily be a +x binary inside a zip with the instructions to run it.
The reason we’re not swamped in this crap is there isn’t the market to write it. As soon as it becomes viable our world gets a whole lot less secure.
March 11th, 2010 at 7:04 am
“You don’t need anti-virus for Linux”
I haven’t done this myself, but, it might be good to run an anti-virus on our Linux systems just to discover/stop a virus from being passed on to a Windows friend.
Of course, it is better to gently suggest Linux to that friend, anyway!
God Bless
March 11th, 2010 at 8:09 am
Well written, I do agree. So many people will tell you that ‘if GNU/Linux was as popular as Windows, it would have viruses also! it would be cracked also!’ Well people, GNU/Linux boxes are all over the internet as Web Servers, facing the hostile public internet all day. They don’t have near the infection and crack rates that the Windows servers do.
I really like your header image, but the .htm file extension is for Windows servers that (for historical reasons, aka DOS) were limited to a three-letter extension. Apache and other FLOSS apps aren’t limited with this, so they use .html file extensions.
March 11th, 2010 at 8:33 am
I would add that unlike Windows malicious software cannot be installed in a GNU/Linux system without the explicit permission of user with administrative privileges. A Linux system cannot be compromised by opening an email attachment or some kind of unknown executable.
March 11th, 2010 at 2:48 pm
@ Oil:
I do agree with you; many computer users out there fall victim to little traps and schemes and so on. I didn’t mention that in the post here because it was a quick copy and paste from something I wrote in a forum thread that already had others saying the exact same thing and I didn’t want to sound redundant.
That being said, I would wager that the novice user likely doesn’t feel up to the task of messing around with software outside the official repos. Those that do probably have an understanding that says if you’re going to download a piece of software or some handy-dandy script from an untrusted source on the Internet then they’re kind of inviting trouble. There is rarely if any need for a new user to wander beyond the official repositories for their software needs, and if there ever were a need I can only hope they would venture to use something outside the boundaries based on the knowledgeable recommendations of a friendly expert. I mean, a simple rule of thumb any user should use is that if you’ve never heard of the software and you can’t confirm through others whether or not it’s worth a shit, then you should leave it alone. There is no way to completely safeguard any computer system from user negligence.
March 12th, 2010 at 4:21 am
I’ve tested sometimes some AV-software but don’t use it frequently coz my opinion is that everybody in this cold hard world must take of themselves. I’m not gonna save windows-users coz Microsoft don’t give a damned about security comparing their will to serve shareholders. It’s not my problem if millions are living insecure Microsoft-ecosystem.
March 12th, 2010 at 10:44 am
Heh heh, I hadn’t noticed that really. Well, I suppose it’s fitting to me because I got my feet wet in DOS when I was young.
March 13th, 2010 at 12:35 am
I think that one reason for viruses not being a threat on linux is file access permissions. A virus would need to know the root password to harm/change a config file.
March 14th, 2010 at 12:18 pm
@Oil was quite extensive, yet quite incorrect.
Even if you do contents control in Windows, the system cannot live without an anti-virus. I think he is not conscious that he’s mixing up virus with spyware, scams and malware. That is what Windows is able to offer at its best, no matter what kind of secure practises you are accustomed to. In the other hand, many Linux based systems *can be made very fool proof.
The only way for isolating a Windows machine is not using it at all (No Internet/Intranet, no data exchange with friends, nor executing/opening anything).
In a final comment, I don’t use Ubuntu because I think it is going the wrong way in the “fool-proof” race. Over-complicating simple things is the worst you can do in any environment (Have you checked out most default system settings carefully?)
June 8th, 2010 at 7:15 am
If Linux doesn’t need an anti-virus software it has a potential to be as popular as windows in future. This a good alternation for those who have infected with viruses and lost their digital valuables.
July 28th, 2010 at 9:09 pm
I have been administrating Linux boxes for years, before that, Unix. I have seen viruses on Linux machines. In fact, over the last four weeks there has been various reports about Linux boxes helping to spread viruses into places that viruses don’t belong.
In one case, Dell had an issue with infected motherboards shipping. Guess how the software got onto the mother boards? Hint: they weren’t using Windows interfaces to provision their system-boards.
So while Linux isn’t as susceptible to viruses as Windows is (Again, Linux can still get sick), there is always the issue of Linux passing a viruses along to other machines.
July 29th, 2010 at 7:09 pm
@xioc1138: I must draw attention to your final sentence for those browsing the comments: “There is always the issue of Linux passing viruses along to other machines.” This is like saying the USPS is responsible for delivering anthrax to a congressman’s office. You can’t blame the messenger in either case, but you can blame the sender and sometimes to a certain extent you can blame the recipient as well. Besides, all of this was mentioned in the last paragraph of my post above, which was precipitated by previous comments posted.
Your statements about Dell’s infected motherboards, again, try to place blame on the Linux without citing explicit sources and ignore the fact that Dell used infected Windows software during hardware testing. If you take a look at these links:
http://www.theregister.co.uk/2010/07/21/dell_server_warning/
http://www.channelinsider.com/c/a/Dell/Dell-Replaces-Server-Parts-Infected-with-Virus-709631/
http://www.digitaltrends.com/computing/dell-accidentally-sent-out-malware-riddled-motherboards/
You’ll find that:
1. The virus is old; as old as 2003. This means any person running even outdated anti-virus software on a Windows system will be protected.
2. The virus was located in Flash memory of the motherboard and it got there as a result of Dell’s use of hardware diagnostic software on a system that had become infected with the virus in question. If Linux had any part to play in this its job would have to have been to function as a middle-man between the infected Windows-based benchmark machine and a new motherboard. This is very much similar to connecting a Windows machine to a motherboard over a network switch or some other dumb device whose sole purpose is to pass traffic/data between two devices. If you got a virus from another computer on a network, would you blame the Ethernet cable and the network you’re attached to, the other computer that got your computer infected, or your own computer for not having proper protection in the first place? Linux has protection in place for itself; it has no obligation to go out of its way to protect Windows machines unless an administrator sets it up to do just that. Besides this scenario seems a little far fetched; to use two computers IN SERIES to run benchmarks on hardware, what would be the point? And again, why blame the messenger/middle-man who’s just passing traffic?
3. They clearly state in the third link that it does not pose any threat to non-Windows systems, meaning it cannot execute itself on a Linux system (because it wasn’t compiled for Linux) and use it as a platform to attempt to infect non-Linux systems. So you cannot say that a Linux system actually had this virus running on it or that it used a Linux system as a platform to stage another attack against a Windows based machine.
I patiently await any rebuttal you have and ask that you source your claims.