Why Linux Doesn't (Usually) Need An Antivirus

Do Linux machines ever even get viruses?

There's a myth that Linux systems can't get viruses. Not true! Linux computers can get viruses, but that's not the whole story. The myth has foundation in reality, and most Linux systems actually don't need an Antivirus.

Why Linux Is Resistant to Viruses

Linux is based on an older operating system called Unix. Unix started out in the 1970s at Bell Labs, but it quickly gained popularity and spread to the business world and academic institutions worldwide. Linux was originally an attempt to recreate Minix, a variation of Unix. As a result, it inherited a lot of traits from Unix, including its user permissions.

On Unix systems, there's a clear distinction between user accounts and administrators. Users can't install programs system wide, and they don't have access to important system folders. If you were to download and run a virus or any kind of malware on Linux, it could only mess up your user account and the folders that your user account has access to. It couldn't spread and infect the whole system unless you somehow gave it administrative privileges. It's much harder for a virus to damage a Linux computer.

The Ubuntu Linux Desktop

MacOS is also a descendant of Unix, and it has a similar permission system. So, this factor also plays a role in the reason Macs get infected much less frequently than Windows PCs.

Linux Isn't A Big Enough Target on Desktops

Put yourself into the shoes of a hacker. Are you going to spend a ton of time developing malware for an operating system that only holds around 2 percent or 3 percent of the desktop market? You're better off making your nasty virus work on the operating system that holds the vast majority of the desktop space, and that's still Windows.

Desktop computer

There's another interesting bit here. Most malware preys on people who aren't exactly technically savvy. It's much easier to trick someone who doesn't know what's going on to click that suspicious link or open that sketchy ZIP file. Most Linux users have at least a basic understanding of how their computer works. After all, they chose to install Linux on it in the first place. The hacker would have a better shot at duping an uninformed Windows user who simply bought their computer that way off the shelf.

All of this pertains to desktops. Servers are an entirely different story. In fact, Linux is the biggest target for server systems because it holds the majority of the market and most big businesses and major websites run on Linux systems. If your Linux server doesn't have adequate security, you may be in serious trouble.

Open Source Fixes Bugs Fast

Plenty of viruses and types of cyber attacks rely on known bugs and vulnerabilities in software on a computer. If an attacker knows that something isn't working securely, he or she can exploit it to get access to something significant. That's how malware gains control in a lot of situations.

Open source code

Even though companies like Microsoft have gotten better over the years at patching their software and fixing their bugs in a timely manner, the open-source world is usually still faster. It's not that Microsoft or any company is intentionally negligent; they simply have fewer people looking at their code. Open source code can be reviewed by anyone. That means that any programmer in the world can take a look, and if something doesn't look right, an individual sends a fix to the developers. Even users with no tech background can help. If your Linux system isn't acting right, reach out to the developers and let them know. They're usually quick to look into it.

When is Linux at Risk?

There are some situations where Linux really is at risk of being attacked or infected with malware. In these scenarios, you must to be aware of your Linux system's configuration and security. Otherwise, things are probably going to get out of hand fast.

Servers

Most of the web runs on Linux. It makes sense because Linux systems are known for their stability. They also make a great platform for many of the open source programming languages that power the web, like PHP.

Servers

Thousands of websites run on poorly configured shared hosting and use outdated versions of web programs, like WordPress. To make matters worse, by the very nature of being a web server, they're accessible from anywhere by anyone. Hackers know this, and launch countless automated attacks on Linux servers daily.

If you're hosting a website or configuring a server for just about anything, take the necessary steps to ensure that you're following all the security best practices.

The Web and Browser Attacks

Web browsers aren't just browsers. That might sound confusing, but when you think of all the things that your favorite browser needs to do in order for you to access and interact with your favorite sites, it's pretty clear that there's a lot going on under the hood.

Google Chrome on Ubuntu

Web browsers interpret and run code, just like an operating system like Linux or Windows. Increasingly JavaScript powers huge chunks of the web and your browser is what runs it. If an attacker wants to target everyone regardless of whether they're on Windows, Linux, Mac, Android, or even an iPhone, they create malicious code in JavaScript that runs automatically when you visit a website.

Web-based attacks are a big reason you need to configure your browser for security. You also need to exercise common sense while browsing the Web. Avoid suspicious looking URLs. Don't click a shortened URL unless you trust the source. When possible, stick to sites secured with SSL.

What Can You Do to Protect Linux?

You won't find many conventional antivirus programs for Linux. That's because they don't really work. Once a Linux system is compromised, it's probably done for. Instead, prevent intrusion from happening in the first place and audit logs to find out if something has gone wrong.

Block Ads and Scripts Online

On Linux desktops and laptops, your biggest threat comes from the web. It's fairly easy to block a ton of garbage on the internet. First, install a reputable ad blocker. While a site might be entirely above board, the ads on it may not. If you needed another reason to hate ads, they actually can give your computer a virus. Try uBlock Origin on both Firefox and Google Chrome. It's a great lightweight option that blocks just about everything.

Since JavaScript is the language behind most attacks from the web, block it from untrusted sources. Quality add-ons allow the JavaScript that makes the sites you trust work while blocking anything that might be fishy. UMatrix is a great option for both Firefox and Chrome that gives you a ton of control. NoScript is another popular option for Firefox that automatically blocks scripts from many potentially harmful sources.

Check for Rootkits

Malware on Linux systems is usually referred to as a rootkit because it gains root, or administrative, privileges on the system. In most situations, if you have a rootkit, you're going to need to format your drive and start over. That's why the available software checks for known rootkits, but it doesn't make an attempt to remove them.

Two popular options, chkrootkit and rkhunter, are available for most Linux distributions. Run them to see if the system's been compromised. Both are known for giving false positives, however. If you're going to work with these tools, expect to verify your results.

A rootkit is more likely to give you some other indication that it's there. Mysterious network activity coming from your computer is usually a dead giveaway. Use a tool like Wireshark to see what traffic is passing through your computer.