Why Linux Doesn't (Usually) Need An Antivirus

Do Linux computers ever even get viruses?

There's a myth that Linux systems can't get viruses. Not true! Linux computers can get viruses, but that's not the whole story. The myth has a foundation in reality, and most Linux systems don't need an antivirus application.

Why Linux Is Resistant to Viruses

Linux is based on an older operating system called Unix. Unix was developed in the 1970s at Bell Labs. It quickly gained popularity and spread to the business world and academic institutions worldwide. Linux was an attempt to recreate Minix, a variation of Unix. As a result, it inherited many traits from Unix, including its user permissions.

On Unix systems, there's a clear distinction between user accounts and administrators. Users can't install programs system-wide, and they don't have access to important system folders. Suppose you downloaded and ran a virus or any malware on Linux. In that case, it would mess up your user account and the folders that your user account can access. It couldn't spread and infect the entire system unless you gave it administrative privileges. It's harder for a virus to damage a Linux computer.

The Ubuntu Linux Desktop

macOS is a descendant of Unix and has a similar permission system. So, this factor plays a role in the reason Macs are infected less frequently than Windows PCs.

Linux Isn't a Big Enough Target on Desktops

A hacker isn't likely to spend time developing malware for an operating system that only holds two or three percent of the desktop market. They're better off making a virus work on the operating system that holds the vast majority of the desktop space, and that's Windows.

Desktop computer

Most malware preys on people who aren't technically savvy. It's easier to trick someone who doesn't know what's going on to click a suspicious link or open a sketchy ZIP file. Most Linux users have a basic understanding of how their computer works. The hacker would have a better shot at duping an uninformed Windows user who bought their computer that way off the shelf.

All of this pertains to desktops. Servers are a different story. Linux is the biggest target for server systems because it holds the majority of the market. Most large businesses and major websites run on Linux systems. If a Linux server doesn't have adequate security, it may be in serious trouble.

Open Source Fixes Bugs Fast

Viruses and cyberattacks rely on known bugs and vulnerabilities in software on a computer. If an attacker knows that something isn't working securely, they can exploit it to get access to something significant. That's how malware gains control in many situations.

Open source code

Even though companies like Microsoft have gotten better over the years at patching their software and fixing bugs in a timely manner, the open-source world is usually faster. It's not that Microsoft or any company is intentionally negligent; they have fewer people looking at their code.

Anyone can review open-source code. That means that any programmer in the world can take a look. If something doesn't look right, an individual sends a fix to the developers. Even users with no tech background can help. If your Linux system isn't acting right, reach out to the developers and let them know. They're usually quick to look into it.

When Is Linux at Risk?

There are some situations where Linux is at risk of being attacked or infected with malware. In these scenarios, you must be aware of your Linux system's configuration and security. Otherwise, things are probably going to get out of hand fast.

Servers

Most of the web runs on Linux because Linux systems are known for stability. Linux servers make a great platform for many open-source programming languages that power the web, like PHP.

Servers

Thousands of websites run on poorly configured shared hosting and use outdated versions of web programs, like WordPress. These web services are accessible from anywhere by anyone, which makes matters worse. Hackers know this and launch countless automated attacks on Linux servers daily.

If you host a website or configure a server for just about anything, take the necessary steps to ensure that you follow all the security best practices.

The Web and Browser Attacks

Web browsers aren't only browsers. With all the things that a browser needs to do to access and interact with your favorite sites, a lot goes on under the hood.

Google Chrome on Ubuntu

Web browsers interpret and run code, like an operating system such as Linux or Windows. Increasingly, JavaScript powers huge chunks of the web, and a browser is what runs it. Suppose an attacker wants to target everyone regardless of whether they use Windows, Linux, Mac, Android, or an iPhone. In that case, they create malicious code in JavaScript that automatically runs when you visit a website.

Web-based attacks are a reason you need to configure a browser for security. You also need to exercise common sense while browsing the web:

  • Avoid suspicious-looking URLs.
  • Don't click a shortened URL unless you trust the source.
  • When possible, stick to sites secured with SSL.

What Can You Do to Protect Linux?

You won't find many conventional antivirus programs for Linux. That's because these programs don't really work. Once a Linux system is compromised, it's probably done. Instead, prevent intrusion from happening in the first place and audit logs to find out if something has gone wrong.

Block Ads and Scripts Online

On Linux desktops and laptops, the biggest threat comes from the web. It's fairly easy to block unwanted content on the internet. First, install a reputable adblocker. While a site might be above board, the ads on it may not. If you need another reason to avoid ads, ads could give your computer a virus. Try uBlock Origin on Firefox and Google Chrome. It's a lightweight option that blocks most everything.

Since JavaScript is the language behind most attacks from the web, block it from untrusted sources. Quality add-ons allow the JavaScript that makes the sites you trust work while blocking anything that might be fishy.

  • UMatrix is a great option for Firefox and Chrome that gives you a ton of control.
  • NoScript is another popular option for Firefox that automatically blocks scripts from many potentially harmful sources.

Check for Rootkits

Malware on Linux systems is usually referred to as a rootkit because it gains root, or administrative, privileges on the system. In most situations, if a computer has a rootkit, you'll need to format the drive and start over. That's why the available software checks for known rootkits, but it doesn't attempt to remove rootkits.

Two popular options, chkrootkit and rkhunter, are available for most Linux distributions. Run these to see if the system was compromised. Both are known for giving false positives, however. If you're going to work with these tools, expect to verify the results.

A rootkit is more likely to give some other indication that it's there. Mysterious network activity coming from a computer is usually a giveaway. Use a tool like Wireshark to see what traffic is passing through your computer.