Do I need an anti-virus in Linux?


Updated: March 26, 2010

Big question. Windows users and recent converts often ask them. A classic mistake, making a rather linear, one-for-one comparison between Windows and Linux. But no matter. I'm not here to berate. I'm here to educate. And I'd like to answer this very crucial, if very simple question. And the simple answer is: no, you do not need an anti-virus in Linux.

Teaser

First, a secret

Yes, let me tell you a little secret. Come closer. That's it. You don't need an anti-virus in Windows, either! Boom! There you go. Now, the simplicity of this statement is too much to bear for most Windows users, especially people indoctrinated to believe the only thing keeping Hell away is the one little program called anti-virus.

The truth could be not be farther from the truth [sic]. In some certain cases, anti-virus might be useful in helping the user decide whether the execution of a certain program might be malicious, harmful or detrimental to the health, integrity and security of his/her operating system and/or data. But the emphasis is on the word might.

A much better, fool-proof security is achieved by the right kind of strategy and a reasonable, layered approach to identifying threat vectors and mitigating them. Never by blind fear and sheep-headed reliance on brand names.

Since this article is mainly intended for Windows users mulling a move to Linux and new, less experienced users wondering how secure their Linux box is, first here's a selection of articles and tutorials that should help you focus your efforts correctly.

Safe Web practices - How to enjoy Internet and be safe, without unplugging the cable.

Mail security - How to enjoy mail communication with peers worldwide without getting lost in spam and alluring offers of vast richnesses.

SuRun - How to run a limited account on Windows, easily.

Windows 7 security - Basics of security in the newest Windows release.

Windows messages - Learn how to answer those prompts, correctly.

Now that we've figured out Windows security, calmly, rationally, let's see why running an anti-virus on Linux is pretty much a waste of resources, financially and digitally.

Reason 1: User account

While Windows has always struggled providing the world with a multi-user working environment, where there's only one admin and lots of ordinary users with limited computing powers, Linux has always done this well. Based on UNIX, the operating system created from these very foundations, Linux manages to have you enjoy utmost productivity with relatively low privileges. You need not be admin to perform 99% of tasks.

True, in Windows, you have the same mechanisms, called Limited User Account and more recently, the combination thereof and User Account Control (UAC), which provide a rather decent security for the user. But it can still be flaky, because most programs for Windows are created by people with the admin attitude, which makes it easier to code and deploy the software, but makes it more difficult to secure the box and prevent errors.

By running as user, by default, Linux makes both user-triggered errors and external attacks smaller in scope. While nothing, nothing can prevent deliberate self-destructiveness, the right permissions can prevent users from causing accidental damage.

This does not mean you can throw caution to the wind. Users still have full control of their own content. Nothing is easier than deleting your own files, right. But the same can be said about chainsawing your femur.

But the system remains intact. Most configurations cannot be read, let alone changed by ordinary users. Only the admin, called root can do that. Or users that have been granted the right privileges, using the mechanism called sudo. But even then, it requires interaction and providing the right password.

sudo

Against a clueless user and automated attacks, the user account is quite sufficient. But it is not impregnable. And software does occasionally have vulnerabilities, which can be locally and remotely exploited to grant higher privileges or access to system files. Which brings me to my second point.

Reason 2: System updates

You have system updates in Windows, too, no big deal. The difference is, Windows updates are only available for Microsoft products. This means that programs downloaded manually will have to be periodically updated separately. Some programs make it very easy to keep them up to date, like for example Firefox and Opera browsers, both of which check for patches and install them automatically, without any great hassle for the user. Others require that you uninstall the existing version, reboot, etc. All in all, almost every single Windows user is running at least a portion of his/her programs out of date.

This is not necessarily a bad thing. But it could be. Some programs may have vulnerabilities and they won't be solved until you proactively fix them. But when you have tens of programs waiting for updates, this can be a serious nag. The lack of desire to maintain your machine and just run it and enjoy, the fear of things breaking up, and plain simple forgetting to update them all add up into making your system less secure than it might be.

Up until Windows 7, Microsoft updates came only once a month. Even now, they are not that frequent. This means that you were running the risk of using an operating system with potential problems for up to a month without a known resolution. Now, let's see what happens on Linux.

Linux distributions ship as a whole - from kernel, the heart of the operating system, to every single application installed. Your distribution includes not only the critical components, it includes fonts, programs, drivers, and everything else. And when you update your Linux system, you update everything.

The built-in update management utilities with daily checks are a common thing in pretty much every single Linux distribution. You merely need to confirm the installation of available packages. You do not need to think about what needs updating, when or why. The entire thing is done automatically. It's the perfect solution for the lazy and the forgetful, as well as less knowledgeable users who won't bother with computer maintenance.

Updates in Fedora

Updates in openSUSE

Furthermore, the distribution updates are quite frequent, every day, minimizing the window of risk your system is exposed. Then, there's also the question of reboot. Unlike Windows, which requires frequent reboots after updates, most Linux distributions will ask for a restart only when core components are replaced, far less frequently than you're used to in Windows, making the desktop experience more streamlined and pleasant. You can actually like the system updates and not treat them as a hassle.

Updates

To sum it up, you get updates for everything, including the tiniest programs, themes, fonts, icons, kernel, drivers, security patches, bug fixes, everything. All in one mouse click. Your instant messenger, your email client, your browser, your office suite, your microblogging software, your web camera drivers, your graphic drivers, every single components gets updated, automatically, all the time. Which brings me to my third point.

Reason 3: Availability of software

Many Windows users hunt after favorite programs online, going from one site to another. There are many good programs all about, some which can be downloaded from official vendor sites, others waiting for you in mega software index sites like Softpedia, Download.com, MajorGeeks, and others. Using these is quite safe and recommended. This is the best way to ensure you get the content you want, sans any undesired surprises.

Unfortunately, too many Windows users do not know where to look for software, often visiting wrong sites, downloading wrong software or even malicious software. Then, there's the use of cracked and pirated software, which adds yet another element of uncertainty into the equation.

In comparison, Linux users manage all their software using a centralized utility called package manager, which is tightly integrated with the update manager. The utility is a window to the software repositories provided by the distribution you're using, where you can find tons of applications, tools, utilities, and drivers for your system.

Software manager in openSUSE

Synaptic in Knoppix

The repositories contain free and sometimes non-free (proprietary) software, including popular items like Nvidia drivers, Skype, Google Earth, Opera, and many others. The content is digitally signed, so that when you download from the repositories, you know you're communicating with the real server and not a rogue, fake one. The use of digital signatures also makes software quality control easier and safer, reducing the chance of wrong or bad versions being either accidentally or maliciously pushed to the users.

Nvidia

The combination of frequent security updates for the entire system and digitally signed repositories that contain pretty much everything, both managed without even once using your browser and visiting this or that site searching for software, makes the chance of a Linux user stumbling upon a malicious piece of software rather slim.

Even in Windows, if you stick to reputable sources, download only from official websites and avoid pirated binaries, your chances of getting hit by a bad file is very, very low. In Linux, it's much lower, plus you have the enormous advantage of centralized software management. You simply don't need a reason to go about wandering and making mistakes.

If Windows is all about finding happiness by going door to door, Linux is all about having happiness shipped to you at your home address. You never need leave the coziness of your home. Now, let's see some other cool reasons.

Reason 4: umask

umask is a built-in shell command. And what it does is set an environment variable that automatically sets permissions on newly created files. In general, there are three permissions, read, write and execute. Simple, no?

Now, here comes the punch. By default, newly created files on Linux will never have the executable bit turned on. Some distributions catering to the Windows users are breaking this long tradition, but most Linux distributions still adhere to the golden rule. Newly created files are not executable. This means that if you download a file off the web, it will not be able to run until you give it the execution permissions, a very deliberate act on behalf of the user, making the chances of an accidental self-inflicted damage that much lower.

chmod 1

chmod 2

Imagine that .exe files you download in Windows cannot run until you give them the right permissions. That would make all sorts of automated drive-by attack vectors less successful.

Reason 5: Diversity

There are hundreds of Linux distributions around. Even though many are based on just a few big ones, cross-distribution compatibility is not that big. Sometimes, you may run code built for another distribution on your own, but mostly, you will be forced to run packages specifically tailored for your own distribution.

RedHat code won't immediately run on Debian and Slackware code won't run on SUSE. Underneath, they're all the same, but different packaging and small nuances in the system conventions make the task of creating Linux malware more difficult. With hundreds of distributions and hundreds more different editions of said distributions available, writing malicious code that will target them all is near impossible. Windows is fairly easy, with just a few major versions, all rather compatible. Hell, you can run DOS code on Windows 7. But try running a package meant for Ubuntu Heron on Jaunty. Just a year apart and yet you'll get into a lot of trouble.

Diversity

The vast, almost infinite number of permutations containing kernel versions, patch levels, packaging, desktop environments, and software suites makes Linux malware game a lottery. It is possible to target specific versions, but it's a lot more work than doing the same thing in Windows. Low hanging fruit are easier to pick.

Reason 6: Open-source

Linux is mostly about open source. This means that anyone can take a look at the code. Not necessarily understand it, but making malicious software and distributing it is more difficult when your code is wide open to the public. Someone is bound to spot the troublesome bits.

Installing 1

Reason 7: Skill

Using Linux is different than Windows. And it is not a given. While most computer users have been pretty much born with Windows in their mouth, Linux is still a lucrative domain of more knowledgeable users, people less prone to accidentally ruining their system.

One of the main reasons for this is the fact Linux has to be installed manually, a procedure that is beyond the skill of most computer users worldwide. So is Windows installation, for that matter, but Windows comes preinstalled, whereas Linux does not. Furthermore, the very fact someone wants to run an operating system that is not the default choice of the masses indicates a willingness to learn and explore, a huge advantage when it comes to running your machine safely and smartly. If and when Linux becomes more popular, this reason will become less and less relevant, but for now, it still makes a huge, indirect difference.

Geekiness

Other reasons

On top of these, we have a smaller Linux desktop market, which warrants smaller attention, the underdog attitude, as well as a range of various security mechanisms built into the system.

I have not really elaborated on these, as they vary from distro to distro, but there are all kinds of tools and utilities available in Linux distributions, which make the system subversion more difficult. To name a few, there's SELinux, AppArmor and many others.

Security stuff

Conclusion

The combination of all said factors make the Linux malware game a boring one. It's very boring on Windows, too, despite the best efforts by fear-mongers and doomsday preachers to keep the heat on. But seriously, if you don't download turdy software, you won't get any brown stains on your keyboard. It's that simple.

Anti-virus is just a tool, nothing more. Used properly, it can do something, but it is not necessary. However, when powerful lobbies have a keen and financial interest in selling their software, the question of security becomes one of politics. Luckily, you need not be a part of the game. You can enjoy safe, sane and pleasant computing without going overboard with worry or wasting your digital resources on inherently futile activities, like running anti-virus software on your Linux box.

The only sensible application to this would be to spare your Windows friends from malware in transit, which you would be immune to, but they won't. However, this can be solved in many ways, without an anti-virus, including not forwarding junk mail and not having any friends in the first place. I hope this article has calmed you a little. And if I've saved you a dollar or two, perhaps you can donate it to a local charity or an animal shelter. Your money will be much better spent there.

P.S. The virus image on homepage taken from Wikipedia and distributed under GPL.

Cheers.

RSS Feed icon

del.icio.us del.icio.us stumbleupon stumble digg digg reddit reddit slashdot slashdot



Advertise!

Would you like to advertise your product/site on Dedoimedo?

Read more

Donate to Dedoimedo!

Do you want to
help me take early retirement? How about donating
some dinero to
Dedoimedo?

Read more

Donate