I thought that there was no need to scan for viruses either in Ubuntu or any Linux distros until I found virus scanner packages clamtk and klamav in Ubuntu software center yesterday.
This leads to the following questions:
There are viruses for most all platforms (the first worm was for DEC VAX) , they are just more common on Windows. Different platforms are more secure than others, but a virus can typically gain user level security, which is often good enough, on most platforms. You can actually run Windows without a virus scanner if you keep it patched and are really careful.
Differences from Windows to Linux for viruses: On Linux it is harder for the virus to get root (or system) level access. But it could probably still access your address book or saved passwords in Firefox (user level access).
Strategy: If you are really careful and know what you are doing you can get away without a scanner. A good strategy is to have your scanner just scan downloads or if you are bringing a file from another computer on a USB drive or floppy disk (assuming you have one). If you want you can have it do regular full system scans too. It is all about how paranoid you are, and how likely you are to get a virus.
For your laptop I would suggest only having the scanner scan downloads and when you are brining files from another computer. Having it do full system scans can be a battery drain.
A very important element of a virus scanner is having it updated with new signatures, so pick the package that has the best signature updates, and that works best for how you want to use it.
rm -rf $HOME?
–
Oct 30 '10 at 06:54
exec flag set (so every file on those is treated as executable). Moreover, what of executables in /home? E.g. untarring an executable in your home directory will also set its executable flag; something which happens all the time.
– Piskvor left the building
May 23 '13 at 13:45
$HOME without having a virus. No one can protect you against your own free will to destroy your system, certainly not an AV. The only relevant question is do you willfully download and run untrusted code from untrusted sources. On Ubuntu you can't do this unwillfully.
– arielf
Sep 06 '14 at 18:17
http://www.howtogeek.com/125157/8-deadly-commands-you-should-never-run-on-linux/
https://en.wikipedia.org/wiki/Linux_malware
--Just saying
– Tarun Maganti Jan 11 '17 at 16:28Both klamav and clamtk are front-ends for the clamAV software. They do check for linux viruses, but they are most useful for making sure your linux computer isn't sharing infected files with windows machines. Most of the virus scanners for linux are actually for servers, and are meant to scan email or uploaded files as they are sent.
Wikipedia has a list of Linux malware, which should help inform about the risks: Linux malware - Wikipedia, the free encyclopedia. They list 30 viruses and various other possible threats.
You may not need a virus scanner per se, but you sure do need to keep your system up to date and secure (good passwords and system practices - permissions etc)
Personal Anecdote: I had a debian server running, It had an uptime of 400 days and I wanted to get to 500 before restarting it to update the kernel, I was being silly, and too cocky about it being a linux system . Since it was a server that served a research group, I gave all of my coworkers an ssh account. Turns out that some hacker exploited a bad password by one of my users and loaded on automated script that ran through 5 or 6 exploits before finding one that worked (an exploit that was patched, had I updated the kernel). It rooted the server and then proceeded to set up a bot (Campus IT caught the hack before I did, they noticed suspicious IRC traffic and contacted me).
Funny story, is that I used those same scripts to take back control of the machine to backup some raw data before nuking the system.
Long story short, keep your system up to date, keep your passwords secure, maintain good administrative practices. And unless you literally go and do sudo rm -rf /* because someone online told you to, it's unlikely you will ever have any trouble with your linux computer.
It's not needed since (contrary to popular lies), linux is rather secure, and you are unlikely to get a virus for linux. Your risk is higher that you might pick up a windows virus while running wine, or that you may get hacked by a remote user (a rare occurrence on the desktop).
My suggestion: install gufw from software center, enable your firewall, along with some optional rules if you like, and optionally install clamav as well (along with fresh-clam).
Overall, your best defense, is to be armed with knowledge. A good way to do that is to get a feed reader like liferea, and follow popular linux sites like omgubuntu or sites like /. (slashdot) for news related to linux security. Don't run software from people you don't trust (that means, be careful with shady ppa's, use software that's in the standard repos where possible, and don't run strange plugins on websites, even if it is kinda funny when they fail to infect your linux system =P)
Hope that answers your question =)
edit: viruses are the same on every system in the sense that they all try to use a vulnerability or a user's ignorance to propagate themselves or access something they should not. It's no different on linux, but linux is more secure, way more secure. The antivirus software you saw is actually mainly there to protect windows users; for example if a friend sends you an infected file, you might pass it on to a windows user without being affected yourself.
No, you do not need an Antivirus (AV) on Ubuntu to keep it secure.
You need to employ other "good hygiene" precautions, but contrary to some of the misleading answers and comments posted here, Anti-virus is not among them.
For starters, there seems to be a confusion in some of the top-rated answers here between two issues:
These two are not the same. There definitely are 'viruses' that can run on Linux, but in order to make them run, a malicious user needs to get someone with local privilege to actively install them. This requires the owner of the system to trust the malicious user, download the software, and use sudo with a password to install it, (or run it as a regular user to cause some regular-user level damage). Not a trivial set of barriers to overcome.
Unlike on some other systems, a regular user who keeps their Ubuntu system up-to-date on security fixes (very easy to do), cannot normally install something by accident (e.g. by opening an attachment, or clicking on something). The exception is unknown zero-day vulnerabilities, but for those AV will be totally ineffective anyway. An Ubuntu user doesn't work with admin privileges by default, and remote root logins are disabled.
In addition, Ubuntu comes with:
apparmor so an application like firefox can only access a very restricted subset of files and actions for example (see /etc/apparmor.d/usr.bin.firefox)So to be secure, you need to adhere to basic rules of safety such as:
apt-get source).logcheckiptables based firewall for another defense perimeter layerssh and scp, and not ftp or telnet)docker or systemd-nspawn images) - by running software in isolation from the rest of the system, even the most buggy/vulnerable software, won't be able to cause damage outside its container. Container-technology means basically game-over for compromised software.If you follow these sensible guidelines, you'd be way safer than you would be by installing a non-opensource 'AntiVirus' (how can you trust such software?) and falling into a false, and highly deluded, sense of security.
Of course, if a malicious user asks you to download badstuff.deb from somewhere and install it by opening a terminal window and typing:
sudo dpkg -i badstuff.deb
and you oblige, all bets are off, and you have only yourself to blame for being infected. An AntiVirus is pretty unlikely to save you in this case. Unless this particular badstuff.deb is among the finite set of blacklisted signatures.
As others have mentioned clamav "for Linux" is designed as a scanning server to other (non-Linux) systems.
Some of the answers and comments here make the following non-sequitur claim: "since user-level damage can be very harmful (e.g. removing $HOME and everything under it), sudo access is irrelevant. You need AV anyway."
This is a red-herring logical fallacy. You can willfully (or accidentally) remove $HOME anyway, with or without a virus. The critical question, is again: do you run random code from untrusted sources or not. If you do, AV (or any other precaution) won't save you from yourself willingly damaging your system.
On Ubuntu, the whole system and software repository ecosystem is designed to prevent running random code from random sources, thus installing an AV to "protect Ubuntu from viruses" is a waste of time and resources.
Some answers here suggest installing a commercial, non-open source, AV software on Linux. Don't do this. AV software runs with elevated privileges, often changes system-call semantics (e.g. change open() to scan a downloaded file and possibly fail), and consumes very significant (memory, CPU, disk, network) resources. Such software cannot be audited so it is impossible to trust. Installing such software on your otherwise pretty secure Linux system, would dramatically increase the surface of attack of your system and make it far less secure.
References:
iptables - Ask Ubuntu questionsystemd-nspawn on Arch wiki
rkhunter is ok, can't hurt except for taking minimal resources. I used to run rkhunter for many years, but no longer do because it never found anything meaningful on my systems. rkhunter's main value is not in its rootkit black-list, but mostly in its general heuristic checks: are there any hidden directories? Have executables changed since last check? Is there suspicious stuff in /tmp or /dev? & similar broad checks which have long-lasting value. If you use it, make sure to run rkhunter --propupd periodically, to avoid false-positives on auto-updated executables.
– arielf
Nov 28 '19 at 02:16
Basic ecology, man. Monocultures suffer from parasite plagues more than endemites. Popularity of Windows and the fact that there is just a handful of different configurations make them an easy and profitable target. How many boxes are out there with that precise version of the kernel that you are running? Of the software that you are running?
Also, in Ubuntu, you have security updates on an almost daily basis, rather than waiting for the next service pack.
Furthermore, 99% of the software you are running comes from trusted sources.
That said, AV might still be useful, for example to check Windows files, including your WINE programs. Also, in fact, there are some Linux viruses out there; but they have a very hard time spreading and so are not, in general, a major concern. Read more here.
And, of course, Linux does not protect you from bugs in Javascript or web browsers.
You can see a brief description of Linux antivirus programs here.
I always run an Antivirus on my systems - nevermind if it's Windows, OSX or Ubuntu/Linux. Never think you are safe - a system can ALWAYS be hacked or infected - even Linux based distros. I remember the one time I got malware from Gnomelook.org on Ubuntu, because I installed a screensaver for my Ubuntu system. Read here.
And I have had 1-2 other Java malware coming on my Ubuntu system, because they were targeted for OSX and Windows, but it also ran on Ubuntu/Linux. Who knows what else I had during that time, because I didn't use an Antivirus.
Sure, the threat is much smaller right now (for Ubuntu/Linux based distros), but like Android: Once it gets more popular - you will see much more malware rise from the hidden ashes, because it's possible now already (my personal opinion combined with what I mentioned before).
I use the free and personal edition of "Bitdefender" on my Ubuntu system, because Avast wasn't working with "Ubuntu 12.04" and everything else was too difficult to set-up. Sure, ClamAV is good and easy (it's in the Ubuntu Software Centre), but their reaction time to threats (at least in the past) has been very, very slow. ClamAV also misses a lot of Windows viruses -> detection rate is not that good, at least when compared to commercial products (like Bitdefender, Avast, etc).
Verdict: Just my two cents on the subject. Never think you are safe, because you are not. A system can always be infected one way or the other - always. I haven't had a single problem with Bitdefender on Ubuntu and while an Antivirus/Security solution can never give you 100% security - it is better than nothing. I have been infected with malware both on OSX and Linux - on two systems where most ppl in the community said it couldn't happen or where I was told an Antivirus is not needed: Community Link
Oranges
There are some theoretical viruses that target Linux systems (whether specifically or cross-infectors that propagate through Ms-Windows), But there has never been a documented infection of Linux programs in normal desktop use.
If you are in the habit of regularly downloading Windows programs from the internet and running them using wine, then you should get an anti-virus to scan them. You might also think about limiting your wine usage to a different user account - in case a malicious windows program (infected or otherwise) wants to destroy your user data.
Otherwise, don't bother.
You can try BitDefender Antivirus for unices. Its one of the best scanners ive tried with a intuitive GUI and regular updates. Unfortunately its a on demand only scanner but good for those e-mail attachments and USB Drives.
http://www.bitdefender.com/world/business/antivirus-for-unices.html
The short answer is NO, but if you share files with a Windows operating system then it wouldn't hurt to install a virus tool that you can run on your flash-drives and such to check if they are clean before distributing them among Windows users.
Any viruses contained in files from a Windows machine will only affect the same computers.
Speaking of all the security issues in general, but leaving out the viruses, Ubuntu has build-in security.
However, Ubuntu will not stop you from installing malware like the Windows anti-viruses try to do. For example, if someone tricks you into installing software that will spy, spam, or destroy all your data then you're out of luck.
Many more security mechanisms are available if you choose to set them up: firewall rules, anti-virus scanners, network monitoring, two-factor authentication, etc... These additional mechanisms are mostly intended for servers and you should not need to worry about them as a desktop user.
Having that said, there are many vulnerabilities and Linux systems get broken into every day all over the world. Security teams come-out with updates to fix these vulnerabilities regularly. Ubuntu has it's own security team that releases updates and advices for systems administrators.
Here is an overview about anti-Viruses and Ubuntu security.
In practice Ubuntu is much safer than Windows. In terms of exposure to malware, Ubuntu is comparable to Mac. But as @Giacomo pointed out, living in a nearly virus free world can leave Mac users naive.
The top 2 things that you can do to stay extra safe:
Actually not, there is a really low chance to get a virus using linux; to avoid malicious packages, try to install software only from the software centre or PPAs that you trust. If you want to scan your files for windows viruses (in order to prevent your friends' PCs infection when exchanging files), you can use CLAMAV (which is the best natively-supported Linux antivirus)
I disagree with traditional answers that claim that no virus scan is needed. It is exactly that attitude that is making linux more and more vulnerable.
The only reason that no virusscan is needed is because black hackers tend to focus more on Window$ and portable devices. We actually have very little data about the actual amount of viruses and trojans in linux. This is also because there are very few security firms working on it. There are a few minor, public tools. There have been viruses in the past:
Alaeda – Virus.Linux.Alaeda
Binom – Linux/Binom
Kagob a – Virus.Linux.Kagob.a
Don't "live in denial about linux malware." There is even a little guide, a how to.
That said, there is a virusscan in linux. It is a bit harder to use than traditional windows scanners, but I have used it in the past to get rid of viruses on jump drives that were infected on window$:
sudo apt-get install clamav # to install it
man clamav # for more info
Don't worry too much about viruses, but don't pretend that there is 100% certainty that they do not exist. So my answer is: there is probably no need to install a virusscan that is continuously monitoring your system, just don't think that there will never be or never have been linux viruses or that you will never need a virusscan.
Yes Ubuntu has a default firewall, but you need to configure it
Ubuntu uses ufw to configure the firewall. But it may not be enabled by default.
To enable the firewall open a terminal and type:
sudo ufw enable
Further info can be found in ufw's man page. In a terminal type:
man ufw
Coming to antivirus part, ubuntu does not have a default antivirus, nor does any linux distro I know, You dont need a antivirus program in linux. Although, there are few available for linux, but linux is pretty much safe when it comes to virus.
I am not worried about my Ubuntu gets infected with virus because I know the chances are very slim , but I have avast installed in case my windows gets infected I can clean it from Ubuntu using avast ( I have dual boot, XP and Ubuntu).
Its needed if you wanna scan your NTFS partitions..I use opensource antivirus clamav to scan my NTFS drives.It is awesome,but some times the result may be false positive,so be sure before you delete a file..Cheers....!
Linux itself has some pretty neat security measures already, and the nature of linux there isnt much malware out there to begin with , so AV is not essential.
The reasoning behind that can get complicated , you may want to research it
Security is a matter of how you use your computer. Thinking before acting, most of the times is the best Antivirus/Malware protection mechanism.
For users coming from Windows having an Antivirus seems to be essential but they are tricked into a false sense of security. Before clicking on a mysterious link just because Bob told you that the flash video there is awesome and you just have to check it out is such a potential risk.
Always think twice before visiting a certain site or opening a certain file. If it stinks like fish it probably is fish.
Now to answer your question. No, as long as you don't plan to have Windows machines on your network or to interact with them in any way by transferring files for example then no you won't need any Antivirus. If there are Windows machines in your network or you plan to transfer files from/to such a Windows machine then to protect the Windows machine you should use one of the already mentioned Antivirus packages.
The security team is doing a great job at fixing vulnerabilities but this task is most of the times to be performed as a reaction to a certain vulnerability, just keep that in mind.
A virus is computer program that writes itself to another program, which would then write itself to other programs and so on. In Ubuntu, only root is allowed to write to executables. This means that a virus would have to gain root access before it could infect your system. So even if the virus did reach your computer, it would be very difficult for it to actually infect it. It is not impossible, but difficult.
But a virus is not a virus unless it is able to actually spread. It is very uncommon for users to copy software directly between themselves. Instead, you'd download the software from the distributor, who has compiled the code from source and then signed it. First of all, this means that a virus would be incapable of spreading because it isn't being copied. But it also means that Ubuntu would actually refuse to install infected software quite simply because the certificate would no longer be valid. When you install Ubuntu from a CD, you can test the CD for errors. It's the same principle. If the software has been changed, then it is no longer valid. Whether that's because of tampering or a bad download, is actually quite irrelevant.
In other words, there are many reasons why viruses will have an insanely small chance of surviving in Ubuntu. So much that it can be considered almost impossible.
However, viruses are only one kind of malicious software. The anti-virus manufacturers like to use that expression for everything because of the fear factor. It is completely possible to make other kinds of malware, like trojans. Actually, this is a little bit easier on Ubuntu than other operating systems, using PPAs for instance, but also easier to detect. So in other words, even if Ubuntu is mostly immune to any kind of virus, it is not safe to assume that it is safe to run just any software.
You ask if you need antivirus software on you desktop. My answer is not about technical issues, it is about legal ones. Where I live, banks require you to have antivirus software installed on the computer which you use for online banking. If you have antivirus (and some other measures), there's a good chance that you get your money back. It depends on many things, and there is no guarantee, but they actually do this. From their own logs they can see many things and they see patterns that show that the account really is hacked.
If you don't have antivirus, and your account gets hacked, they can blame you and they might refuse to refund your money. Then you can go to court and prove them wrong, but are you willing to take that risk?
All software platforms need virus protection. However the majority of viruses are written for Windows and will not affect Linux. However, there is till the potential of cross-platform type viruses (Flash, Java PDF, etc) that can still do some damage on any system. Also, Linux can be a "carrier" and still spread viruses by e-mail or flash memories without you knowing about it because it had no effect on you. Therefore, I recommend installing Clam (Gnome) or Klam (KDE). This does not run in the background and needs to be updated and run manually about every week or so.
The problem with scanning for viruses on Linux vs on Windows is that it is more trouble than it is worth. Scanning manually takes more diligence and commitment than most people have. Setting it up to scan in the background is tricky at best and impossible for most users.
So you can do it, if you have the time and patience, but for me it is wasted effort. I don't use Windows and people who do, deserve what they get, IMO. When you choose Windows, it comes as part of the package deal. When you choose Linux, you get out of all of that nonsense. The security is built in and there are few enough viruses for Linux that you can stop worrying about it.
I am not running anti-virus on any of my computers that has linux installed. I'm not gonna say that you don't have to, but I chose not to.
To run a file on linux, you need to change the permissions for the file which requires super user priveliges. In addition, Microsofts windows are a greater market for virus-writers. You do not make a product that will be useable for a tiny amount of the market. The same rule applies to virus-writers. They will write harmful code to the platform where there are most users.
Another factor is in fact your own browsing. If you're visiting doubtful pages this increases your risk of getting harmful code on your computer.
The recent java-hole however, which resulted in malicious code could get the same priviliges as the java applet you were running could be fatal.
This could in theory download a file to your computer and give it privileges to run as an executable.
A lot of security holes in linux is actually security holes in the applications you install.
This post does not imply that you shold not install anti virus. Trust your guts! :)
Does Ubuntu need anti virus. Let me share our recent experience, we are coming to the end of of redeveloping or site on a new Linux server, running Ubuntu, ROR & Mongo. The server is to deploy our multiple directories which will accept Video/Audio and Text data. The server is still in dev mode and NOT public facing.
But we have had 2 instances of malware being installed, for spam distribution, this was picked up by the ISP as unusual traffic for a server in Dev mode. developing. This server does not have any inbound traffic apart from the developers (who) naturally are denying they are the source. But who else can it be as they are the only ones with access.
My point is, that once we have deployed to the live server users of our service will be able to create links YouTube etc, upload images, video, audio files, data and Pdf's.
Fortunately these 2 attacks have occurred during dev phase, had they occurred once the site is released it would have killed our service as the server would have had to be taken down.
So, whilst I understand the majority sentiment that Linux/Ubuntu is safe, I am afraid, from our experience it is not. Therefore we are having to investigate what security solutions are available.
