A A
RSS

Do I Need an AntiVirus Program on Linux?

Mon, Mar 2, 2009

Tweet this!

Introduction

There has been a lot of debate recently over whether or not it’s a good idea to run an anti-virus program if you’re using Linux. Reading the forums, I see a lot of misunderstandings, particularly around what exactly it is that these anti-virus programs do and whether or not they’re necessary. I hope to clear up some of the confusion regarding the anti-virus situation on Linux.


What a Linux anti-virus is NOT

When you think of an anti-virus program, especially if you’re coming from a Windows world or using the best spyware remover, you think of a program that runs in the background and scans files as they are accessed (or, perhaps you have your entire system scanned on a regular basis) to see if anything is infected with a virus. This is an effective way of detecting and removing viruses on a desktop computer; and for a Windows machine, it’s all but a necessity given the vast amount of threats circulating on the Internet.

Linux anti-virus programs don’t work this way, because Linux anti-virus programs aren’t meant to protect the desktop machine from Linux viruses. An anti-virus program running on Linux is designed to detect Windows viruses, so that they aren’t spread, unknowingly, by the Linux user.

So why care about Windows viruses on Linux?

If you’re running Linux, you are, in a practicality, immune from a Windows virus. So why would you want to bother scanning your files – files that won’t work on your computer, anyway (except, for example, through Wine) – for viruses that have no effect on you? Well, the simple answer is, you wouldn’t. But it is more complex than that. I’ll explain.

Mail servers
The vast majority of Linux anti-virus programs run on mail servers. These are the computers that your mail client connects to when you want to send or receive an email. Since email is one of the main way viruses and trojan horses spread, these servers are the “front-line” in the battle to stop computer viruses. And, since so many of these servers run Linux, it’s clear to see the need for a Linux program to detect Windows viruses. If you’re running a mail server, whether it be for your home or office, you should definitely be using an anti-virus program to intercept any naughty files that might be trying to move in or out of your network via email.

File servers
Another place where you’d want to run an anti-virus program is on a file server shared my multiple users, even if you trust all of these users. File servers are basically repositories for data; some of that data might come to exist on your server through legitimate sources, but there’s no way for you to know where each and every file originated. Running an anti-virus ensures that if someone uploads an infected file, say, downloaded from a Peer-to-Peer network, your file server will detect the threat and stop any other users from becoming infected.

So what about Linux on the desktop?

Now that you understand what exactly these anti-virus programs for Linux do, it’s up to you to decide whether or not you want to implement them if you’re just running a standard Linux desktop machine. If you have Windows computers on your network, and you’re sharing files, it’s probably a good idea to run something like ClamAV, to keep those other machines safe.

Let me explain how I use my Linux Anti-Virus program on my desktop. I use ClamAV, but I don’t keep it running in the background (this uses up resources, and since I’m not running a mail server or transferring lots of files, it really isn’t necessary). I only use it from the command line when there is a specific file of questionable legitimacy I want to test; this is a great service I can provide to Windows-using friends. Since I’m immune to these viruses, I can check out files before they download them.


Conclusion

I hope I’ve cleared up some of the confusing around Linux anti-virus programs, and that I’ve answered the oft-repeated question, “Do I need to run an Anti-Virus on Linux?” In reality, the type of setup you have, and the quantity of your paranoia dictate the answer to this question; but for most people, it simply isn’t necessary to run an anti-virus in Linux.

Like this post?

10 Responses to “Do I Need an AntiVirus Program on Linux?”

  1. Mitza_003 says:

    You need a firewall on a sistem running linux. On the other hand, there is no need for an antivirus program.

  2. ewanm89 says:

    You do rootkit checks though?

    @Mitza_003, Firewalls just piss one off when they want to use a port… Better solution, do not run unknown services on your real interface (lo exists for a reason) ;)

  3. hmm says:

    @Mitza_003: why do I need a firewall on linux?

  4. AnthonyT says:

    Re. Firewalls: The Linux kernel includes iptables which if not disabled and in its default state will simply not respond to uninvited guests.The only reason for disabling it is when running a server.

    Personally, I use a virus scanner on my personal desktop for the reasons stated in this article as I’m sure any responsible Linux user does. I use clamtk which is a GUI for clamav and I also use nautilus-clamscan which provides right-click virus scanning on files.

    Search your repositoriesin your package manager for these.

  5. mannuforall says:

    I’m a new user of Linux and switched from windows.
    My most of work around Gmail and other web mail services and regular uploading/downloading tasks.
    As mentioned above I think there’s on serious need of Antivirus, but confusing on firewall.
    Plz suggests me if need to firewall and if needed, which one to use. Or the firewal already in Mint menu is enough.

    • Javier says:

      Firewall in Mint menu is in fact only a GUI to the same ol’ firewall system in all Linux distros, iptables. So that would be enough, but you better learn how to use it, unless you wish some unforseen problem spring up in an unadequate time for you…

  6. straight7 says:

    damn right .. but ..
    i need antivirus for linux, im using dualboot ..
    i need the antivirus to scan my windows partition LOL hahaha

  7. eddiehaskell says:

    So you dual-boot, run virtual machines, have a hybrid network, whatever. You’re running antivirus to check for malware which attack Microsoft OS’s. This is because Microsoft is ubiquitous.
    Your regular Joe buys a PC. Joe’s richer, hipper cousin buys a Mac. Your geek (especially the poorer ones) builds a Linux box, or a BSD even.
    Some of those evil bastards who create viruses know there are other machines to attack, especially servers. What this article doesn’t consider is the malware which is aimed at Linux.
    The firewall should protect you from direct attacks outside the network, but it won’t protect you from crap that you download. For examples, pictures and music with malware embedded.

Trackbacks/Pingbacks

  1. Geek Quest: All About Linux, But Where’s the Anti-Virus? « Sandy Chen - 24. Jan, 2010

    [...] ease my paranoia, I’m guided to this article by techthrob.com. Truth be told, it’s hard to reverse the brainwash Windows has done, [...]

  2. Do you run a firewall and/or antivirus on Linux/BSD? - 02. Jul, 2011

    [...] are fairly uncommon – GNU Project – Free Software Foundation (FSF) This might be of interest too Do I Need an AntiVirus Program on Linux? | Techthrob.com In practice Linux does not have a market share big enough in desktop to drive people to write [...]

Leave a Reply

Weekly Poll

What's the best Linux distribution for desktops?

View Results

Loading ... Loading ...

Search TechThrob

Advertisement