10 considerations why you should/should not use a virus scanner in linux
Many people think you don't need a virus scanner in Linux. Here are some considerations to make.
1. There are no linux viruses
This is a myth, there are linux viruses. Not many, not as harmful but they do exist.
2. A virus scanner uses to much resources.
You don't need to run a virus scanner all the time, if this is what bothers you.
Having one at hand couldn't hurt.
3. Viruses in Linux are harmless, as they can't access root.
There are many ways of circumventing Linux security, I won't say it's easy, but it is possible.
Don't think so? It's called privilege escalation, and it's used by human hackers all the time, much more difficult for a program, but possible.
4. You only install from source, or from repositories.
This can be a viable reason. I run a lot of systems without virus scanners, but I do have very tight control over what is installed. If you get everything from a reliable source and use checksums for everything there can be situations where you don't need any virus/malware scanner. It could even impose a security threat, as it is a extra piece of software.
5. There are other things a virus scanner detects
While there are not many real viruses(as in the self replicating executable infecting kind) in linux, there are trojan horses and worms. I know there are hacker groups using a php shell backdoor, these things you can easily detect with clam av. So if you run a website, just scanning it once in a while won't harm you.
If you ever notice you have been hacked, do take the time to scan for malware.
6. You never use a network
If you have a stand alone system, where you install everything from CD, which comes from a trusted source.
And it's never connected to any other system, it probably won't be harmed by malware.
7. You don't care about security
This is a very good reason for not using a virus scanner in Linux. This could even be a very good reason for not using linux at all. This could also be a very good reason for not closing the door of your house.
It's also probably because you are not aware of the implications. Not caring will stop at the moment you now it's too late.
8. You have a firewall
If you have a firewall you are probably protected against most worm viruses. If it is configured to block all incoming and outgoing traffic by default, it provides a reasonable level of protection from network threats. The protection of a firewall depends on it's configuration. A firewall is in no means a replacement for a virus scanner, and there are other threats than network threats alone.
9. You don't have anything to protect.
If you have nothing to protect, I feel sorry for you. No seriously, the things you do to protect against security threats should be balanced against the assets you need to protect. The problem is most people don't know or don't think about the real risks. There are not many people who take to much security measures, there are many, many millions who take to little security measures.
If you know what it feels like to know something is not right with your system, you won't think like this anymore.
10. You have a windows system in your network.
If you have any windows system in your network, it is probably a good idea to run a virus scanner on your Linux systems too. You don't want your Linux system to infect the windows systems, which are much more vulnerable for viruses. This is especially important if you use samba or if you run a mailserver.
conclusion
There are a lot of things to consider for or against virus scanners in Linux. I have to honestly say I don't always use one myself. They are for sure not nearly as important as firewalls, good habits and common sense. They are also not nearly as important in Linux as in windows. I put a windows machine on the internet one time and it was infected within 10 minutes, the change of something like this happening in linux is almost nil. There are also many cases where it does give a benefit, if you run a webserver, it could prevent some things. I use it on some systems where I think it's most important. I do think it's a good policy to have one at hand, I use it often as a tool for checking untrusted systems or files.
I do think it is important to think about these things and not just push them aside. I certainly don't think people should go around telling people they don't need a virus scanner in Linux, unless they know everything about the other persons system which should be considered.
If you have other ideas, more things to consider or just have something to say leave a comment.
I'm not English so: If you are bothered by spelling mistakes, please leave a comment and I'll correct it.
want to read more by J00p34? The Blog root is here
or follow me at twitter
- j00p34's blog
- Login to post comments
-
Add this site to google
site feed
Popular content
Recent blog posts
- Dynamically creating gui objects on demand in Perl
- Easy and cheap web developement in Java with the google App Engine
- Differences in Linux hosting options
- Drawing and animating directly to the Desktop with Perl
- 5 resources for learning Perl Graphical Programming
- Quick and dirty linux GUI programming
- Open Source rocks! Learning from code by debugging
- Installing Eclipse, the Epic Perl plugin and my first Perl GUI program
- Starting perl GUI programming
- More ways to gain access to systems you have physical access to
don't forget to vote if you find something useful!!
- Diffuse is smaller
21 weeks 6 days ago - Looks like a great tool but
22 weeks 1 day ago - I think that this is a cool
22 weeks 2 days ago - This seems a very nice
22 weeks 3 days ago - Geany too for me...
22 weeks 4 days ago - opesource is always hard to
24 weeks 6 days ago - Thanks
24 weeks 6 days ago - Cairo dock
24 weeks 6 days ago - True
25 weeks 2 days ago - wow. this article sure did
27 weeks 5 days ago
Navigation
Tags
Best karma users
- wolfrickwilmer
- susan
- reet1983
- KarenBecker82
- jack1234
Categories
If you claim linux virus
Anonymous 40 weeks 1 hour 27 min 22 sec ago
If you claim linux virus absence is a myth, it's easy to prove, just give me some examples.
Also, there's plenty of reasons people should protect their computers, not having one acting as a botnet is one of them. Some bloke feeling sorry for them is far worse reason for me...
q.e.d.
admin 39 weeks 6 days 12 hours 42 min ago
the oracle says:
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses#Viruses
USB Sticks
Anonymous 44 weeks 2 days 4 hours 24 min ago
I use clamav + clamtk (gui) to scan usb sticks for windows' viruses for my friends and family, most of them do not use linux and they are vulnerable to this type of infections, they all have firefox and i always teach them how to be protected against viruses/malware etc but... even with all that knowledge it is very easy for someone to be infected via usb stick.
So when somebody suspects that the usb stick has viruses, they ask me to clean it up. I don't use clam for my machine though, it's a waste of time and resources.
I always tell them about the benefits of using linux, but they are too scared to change.
More detail
Anonymous 44 weeks 2 days 6 hours 44 min ago
Not to sound like a Wikipedia-pedant, but you may want to think about providing further technical information like citations and/or examples, especially when making sweeping claims that may require statistics of some sort.
ClamAV
Anonymous 44 weeks 2 days 10 hours 2 min ago
Hi,
In ClamAV what folders should be included tipically in a search? I mean usually ClamAV itself doesn't have access to some folders like /sys, /etc or /root (gets access denied)... Probably I'd need to run ClamAV as root I guess..
TX
If you want to scan system folders, yes
admin 44 weeks 2 days 9 hours 46 min ago
But be careful, running things as root. If you download things from repositories, make sure you have the keys.
Your package manager will warn you, if you download from a untrusted source, be careful not to run anything from a untrusted source as root. It is in general a better policy not to install anything from untrusted sources, but security software is even more important to ONLY EVER download from trusted sources.
clam
admin 44 weeks 2 days 11 hours 37 min ago
I use clam antivirus, on windows and linux. On Linux you can use Klamav as a frontend. It finds most known malware and gives you it's name, so you can search the internet for what it is ;-)
User level damage
Anonymous 44 weeks 2 days 13 hours 40 min ago
I agree with your point of privilege escalation in 3, but I would add that even without getting root permissions, malware can install a keylogger and get your passwords to sites like online banking, as well as getting access to files in your home directory, like mail, all without root permissions.
Many people put too much trust in how much root/user access permissions make them safer.
Also, as well as checking Windows samba servers, you can use Linux virus scanners from a separate partition in a dual boot system, or using some specialised live distributions.
10 considerations why you should/should not use a virus scanner
Anonymous 44 weeks 2 days 16 hours 32 min ago
Hi,
Well, what Linux virus scanner do you suggest? I've been running Linux for about 6 -7 years. And. like you don't run anything Microsoft (M$), have a Firewall, and can run chroot to see what is trying to hack me, but can make no sense of the reports. LOL!