Why Linux Doesn't (Usually) Need An Antivirus

Do Linux machines ever even get viruses?

Linux laptop on an office table

 Pixabay

Why Linux Usually Doesn't Need An Antivirus

There's a common myth around the Internet that Linux systems can't get viruses. Simply put, this isn't true. Linux computers absolutely can get viruses, but that's not the whole story. The myth has foundation in reality, and most Linux systems actually don't need an Antivirus.

The Permissions

The first bit of information that you'll need comes from Linux's history. Linux is based on an older operating system called Unix. Unix started out in the 1970's at Bell Labs, but it quickly gained popularity and spread to the business world and academic institutions worldwide. Linux was originally an attempt to recreate Minix, a variation of Unix. As a result, it inherited a lot of traits from Unix, including its user permissions. On Unix systems, there's a clear distinction between user accounts and administrators. Users can't install programs system wide, and they don't have access to important system folders. If you were to download and run a virus or any kind of malware on Linux, it could only mess up your user account and the folders that your user account has access to. It couldn't spread and infect the whole system unless you somehow gave it administrative privileges. It's much harder for a virus to real damage to a Linux computer.

In case you were wondering, MacOS is also a descendant of Unix, and it has a similar permission system. So, this factor also plays a role in the reason Macs get infected much less frequently than Windows PCs.

Linux Isn't A Big Enough Target on Desktops

Put yourself into the shoes of a hacker. Are you going to spend a ton of time developing malware for an operating system that only holds around 2-3% of the desktop market? You're better off making your nasty virus work on the operating system that holds the vast majority of the desktop space, and that's still Windows.

Desktop computer

There's another interesting bit here. Most malware preys on people who aren't exactly technically savvy. It's sad, but it's much easier to trick someone who doesn't know what's going on to click that suspicious link or open that sketchy ZIP file. Most Linux users have at least a basic understanding of how their computer works. After all, they chose to install Linux on it in the first place. Again, weighting the odds, the hacker would have a better shot at duping an uninformed Windows user who simply bought their computer that way off the shelf.

Keep in mind that all of this pertains to desktops. Servers are an entirely different story. In fact, Linux is the biggest target for server systems because it holds the majority of the market and most big businesses and major websites run on Linux systems. If your Linux server doesn't have adequate security, you may be in serious trouble.

Open Source Fixes Bugs Fast

Plenty of viruses and types of cyber attacks rely on known bugs and vulnerabilities in software on a computer. If an attacker knows that something isn't working securely, they can exploit it to get access to something they shouldn't. That's how malware gains control in a lot of situations.

Open source code

Even though companies like Microsoft have gotten better over the years at patching their software and fixing their bugs in a timely manner, the open source world is usually still faster. It's not that Microsoft or any company is intentionally negligent; they simply have fewer people looking at their code. Open source code can be reviewed by anyone. That means that any programmer in the world can take a look, and if something doesn't look right, they can send in a fix to the developers. Even users with no tech background can help. If your Linux system isn't acting right, you can reach out to the developers and let them know. They're usually quick to look into it.

When is Linux at Risk?

This was touched on a bit before, but there are some situations where Linux really is at risk of being attacked or infected with malware. In these situations, you really need to be aware of your Linux system's configuration and security. Otherwise, things are probably going to get out of hand fast.

Servers

Most of the web runs on Linux. It makes sense because Linux systems are known for their stability. They also make a great platform for many of the open source programming languages that power the web, like PHP.

Servers

Thousands of websites are run on poorly configured shared hosting and use outdated versions of web programs, like WordPress. To make matters worse, by the very nature of being a web server, they're accessible from anywhere by anyone. Hackers know this, and launch countless automated attacks on Linux servers daily.

If you're hosting a website or configuring a server for just about anything, take the necessary steps to ensure that you're following all the security best practices.

The Web and Browser Attacks

Web browsers aren't just browsers. That might sound confusing, but when you think of all the things that your favorite browser needs to do in order for you to access and interact with your favorite sites, it's pretty clear that there's a lot going on under the hood.

Google Chrome on Ubuntu

Web browsers interpret and run code, just like an operating system like Linux or Windows. Increasingly JavaScript powers huge chunks of the web, and your browser is what runs it. If an attacker wants to target everyone regardless of whether they're on Windows, Linux, Mac, Android, or even an iPhone, they can create malicious code in JavaScript that runs automatically when you visit a website. It's a scary thought, but it's a real threat.

Web based attacks are a big reason you need to configure your browser for security. You also need to exercise common sense while browsing the Web. Avoid suspicious looking URLs. Don't click a shortened URL unless you trust the source. When possible, stick to sites secured with SSL(HTTPS).

What Can You Do to Protect Linux?

You won't find many traditional antivirus programs for Linux. That's because they don't really work. Once a Linux system is compromised, it's probably done for. Instead, you'll find ways to prevent anything from happening in the first place and ways to find out if something has gone wrong.

Block Ads and Scripts Online

On Linux desktops and laptops, your biggest threat comes from the Web. Thankfully, it's fairly easy to block a ton of garbage on the Internet. First, install a reputable ad blocker. While a site might be entirely above board, the ads on it may not. If you needed another reason to hate ads, they actually can give your computer a virus. You can try uBlock Origin on both Firefox and Google Chrome. It's a great lightweight option that blocks just about everything.

Since JavaScript is the language behind most attacks from the web, you can always block it from untrusted sources. Quality add-ons will let you still allow the JavaScript that makes the sites you trust work while blocking anything that might be fishy. uMatrix is a great option for both Firefox and Chrome that gives you a ton of control. NoScript is another popular option for Firefox that automatically blocks scripts from a ton of potentially harmful sources.

Check for Rootkits

Malware on Linux systems is usually referred to as a rootkit. That's because it gains root, or administrative, privileges on the system. In most situations, if you have a rootkit, you're going to need to format your drive and start over. That's why the available software checks for known rootkits, but it doesn't make an attempt to remove them.

There are two popular options, chkrootkit and rkhunter, that are available for most Linux distributions. You can run them to try to see if the system's been compromised. Be careful, though. Both are known for giving false positives. If you're going to work with these tools, expect to look up and check out your results for verification.

It's also important to remember that a rootkit is more likely to give you some other indication that it's there. Mysterious network activity coming from your computer is usually a dead giveaway. You can use a tool like Wireshark to see what traffic is passing through your computer.

Closing Thoughts

While Linux systems can become infected with malware, it's still very rare on desktops/laptops. Exercise common sense when downloading and running software. Block ads and scripts from untrusted websites, and generally use best practices in running your computer, and you'll probably be alright.