10 considerations why you should/should not use a virus scanner in linux
Many people think you don't need a virus scanner in Linux. Here are some considerations to make.
1. There are no linux viruses
This is a myth, there are linux viruses. Not many, not as harmful but they do exist.
2. A virus scanner uses to much resources.
You don't need to run a virus scanner all the time, if this is what bothers you.
Having one at hand couldn't hurt.
3. Viruses in Linux are harmless, as they can't access root.
There are many ways of circumventing Linux security, I won't say it's easy, but it is possible.
Don't think so? It's called privilege escalation, and it's used by human hackers all the time, much more difficult for a program, but possible.
4. You only install from source, or from repositories.
This can be a viable reason. I run a lot of systems without virus scanners, but I do have very tight control over what is installed. If you get everything from a reliable source and use checksums for everything there can be situations where you don't need any virus/malware scanner. It could even impose a security threat, as it is a extra piece of software.
5. There are other things a virus scanner detects
While there are not many real viruses(as in the self replicating executable infecting kind) in linux, there are trojan horses and worms. I know there are hacker groups using a php shell backdoor, these things you can easily detect with clam av. So if you run a website, just scanning it once in a while won't harm you.
If you ever notice you have been hacked, do take the time to scan for malware.
6. You never use a network
If you have a stand alone system, where you install everything from CD, which comes from a trusted source.
And it's never connected to any other system, it probably won't be harmed by malware.
7. You don't care about security
This is a very good reason for not using a virus scanner in Linux. This could even be a very good reason for not using linux at all. This could also be a very good reason for not closing the door of your house.
It's also probably because you are not aware of the implications. Not caring will stop at the moment you now it's too late.
8. You have a firewall
If you have a firewall you are probably protected against most worm viruses. If it is configured to block all incoming and outgoing traffic by default, it provides a reasonable level of protection from network threats. The protection of a firewall depends on it's configuration. A firewall is in no means a replacement for a virus scanner, and there are other threats than network threats alone.
9. You don't have anything to protect.
If you have nothing to protect, I feel sorry for you. No seriously, the things you do to protect against security threats should be balanced against the assets you need to protect. The problem is most people don't know or don't think about the real risks. There are not many people who take too much security measures, there are many, many millions who take too little security measures.
If you know what it feels like to know something is not right with your system, you won't think like this anymore.
10. You have a windows system in your network.
If you have any windows system in your network, it is probably a good idea to run a virus scanner on your Linux systems too. You don't want your Linux system to infect the windows systems, which are much more vulnerable for viruses. This is especially important if you use samba or if you run a mailserver.
conclusion
There are a lot of things to consider for or against virus scanners in Linux. I have to honestly say I don't always use one myself. They are for sure not nearly as important as firewalls, good habits and common sense. They are also not nearly as important in Linux as in windows. I put a windows machine on the internet one time and it was infected within 10 minutes, the change of something like this happening in linux is almost nil. There are also many cases where it does give a benefit, if you run a webserver, it could prevent some things. I use it on some systems where I think it's most important. I do think it's a good policy to have one at hand, I use it often as a tool for checking untrusted systems or files.
I do think it is important to think about these things and not just push them aside. I certainly don't think people should go around telling people they don't need a virus scanner in Linux, unless they know everything about the other persons system which should be considered.
If you have other ideas, more things to consider or just have something to say leave a comment.
I'm not English so: If you are bothered by spelling mistakes, please leave a comment and I'll correct it.
want to read more by J00p34? The Blog root is here
or follow me at twitter
Popular content
add cool to google
Cool's blog feed
site feed
Recent blog posts
- HP linux netbook
- Toshiba Android netbook
- android video terminal
- rugged android phone
- Linux PC Robot < 500$ DIY Linux robot
- Q7 Linux MID nice but missing most important feature
- BD remote for android available soon
- Intelligent Linux based scriptable network camera
- Edge the first foldable dual screen ebook reader/netbook
- iPed chinese for iPad
don't forget to vote if you find something useful!!
- More things that Linux makes easy
9 weeks 13 hours ago - It looks rather like
10 weeks 2 days ago - Performance will be mediocre...
11 weeks 1 day ago - Off-base & Totally Terrible Review
11 weeks 3 days ago - suicidal robot bomber ?
11 weeks 3 days ago - Not a missing feature dumbass!
11 weeks 3 days ago - Impractical device
11 weeks 6 days ago - posting from my edge...
12 weeks 22 hours ago - Yes, running Android makes it expandable.
12 weeks 1 day ago - I have an edge and it is excellent
12 weeks 1 day ago
Navigation
Linux systeembeheer
Linux server
Smallest Linux PC, smaller
than an apple
Linux home automation
Electrical superbike
powered by Linux
Coolest Linux robot ever
transforming,camera,
remote control
Samsung tv Linux hack
Linux multimedia
dream machine
More cool stuff
like this solid gold macbook
at criticalcold.com
Tags
Best karma users
- kaikokan
- uioloio
- martha23
- jake
- j00p34
Categories
If you claim linux virus
Anonymous 1 year 17 weeks 2 days 1 hour ago
If you claim linux virus absence is a myth, it's easy to prove, just give me some examples.
Also, there's plenty of reasons people should protect their computers, not having one acting as a botnet is one of them. Some bloke feeling sorry for them is far worse reason for me...
q.e.d.
admin 1 year 17 weeks 1 day 12 hours ago
the oracle says:
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses#Viruses
USB Sticks
Anonymous 1 year 21 weeks 4 days 4 hours ago
I use clamav + clamtk (gui) to scan usb sticks for windows' viruses for my friends and family, most of them do not use linux and they are vulnerable to this type of infections, they all have firefox and i always teach them how to be protected against viruses/malware etc but... even with all that knowledge it is very easy for someone to be infected via usb stick.
So when somebody suspects that the usb stick has viruses, they ask me to clean it up. I don't use clam for my machine though, it's a waste of time and resources.
I always tell them about the benefits of using linux, but they are too scared to change.
More detail
Anonymous 1 year 21 weeks 4 days 6 hours ago
Not to sound like a Wikipedia-pedant, but you may want to think about providing further technical information like citations and/or examples, especially when making sweeping claims that may require statistics of some sort.
ClamAV
Anonymous 1 year 21 weeks 4 days 10 hours ago
Hi,
In ClamAV what folders should be included tipically in a search? I mean usually ClamAV itself doesn't have access to some folders like /sys, /etc or /root (gets access denied)... Probably I'd need to run ClamAV as root I guess..
TX
If you want to scan system folders, yes
admin 1 year 21 weeks 4 days 9 hours ago
But be careful, running things as root. If you download things from repositories, make sure you have the keys.
Your package manager will warn you, if you download from a untrusted source, be careful not to run anything from a untrusted source as root. It is in general a better policy not to install anything from untrusted sources, but security software is even more important to ONLY EVER download from trusted sources.
clam
admin 1 year 21 weeks 4 days 11 hours ago
I use clam antivirus, on windows and linux. On Linux you can use Klamav as a frontend. It finds most known malware and gives you it's name, so you can search the internet for what it is ;-)
User level damage
Anonymous 1 year 21 weeks 4 days 13 hours ago
I agree with your point of privilege escalation in 3, but I would add that even without getting root permissions, malware can install a keylogger and get your passwords to sites like online banking, as well as getting access to files in your home directory, like mail, all without root permissions.
Many people put too much trust in how much root/user access permissions make them safer.
Also, as well as checking Windows samba servers, you can use Linux virus scanners from a separate partition in a dual boot system, or using some specialised live distributions.
10 considerations why you should/should not use a virus scanner
Anonymous 1 year 21 weeks 4 days 16 hours ago
Hi,
Well, what Linux virus scanner do you suggest? I've been running Linux for about 6 -7 years. And. like you don't run anything Microsoft (M$), have a Firewall, and can run chroot to see what is trying to hack me, but can make no sense of the reports. LOL!