Do I need An antivirus in linux?

Afraid to answer a bit background knowledge is necessary first.
Viruses hardly exists any more. Programs that infect other executables, overwrite parts of them and/or add new code to them is not how malware spreads nowadays in most cases. In windows that distinction is not really necessary, windows users use the term “virus” to describe every form of malware (and user error, sorry, couldn’t resist 😉 ). But in Linux that distinction is important as virus scanners in Linux do exactly what the name says…they scan for viruses. They don’t protect you against attacks from websites in any form. And on top of that they hardly even scan for Linux viruses…there are only very few proof-of-concept Linux viruses at all. And due to people never installing anything themselves but always packages provided by the distro through the package manager there is almost no attack surface for traditional viruses…no spreading of .exe saying they are the most fancy screensaver or similar. So the Linux virus scanners actually mostly scan for windows viruses, for example in a mail server scanning email attachments before delivering the mails.

Other forms than viruses are a serious threat though, also in Linux. Most prominent at the moment probably attacks from websites. This is something you have to defend yourself from in Linux as well. But not by installing a virus scanner…browser plug-ins are a much better line of defence there.

  • ublock origin: ad blocker but also blocks websites with known malicious content
  • privacy badger: Maybe not exactly relevant for malicious content..but relevant for websites trying to track you including for malicious causes
  • no script: Disables scripts for websites with the possibility to allow it on sites you specified. This will mitigate the majority of attacks you can get from websites.
  • Don’t install Adobe Flash!!!!!!! EVER!
  • Don’t install Java for your browser
  • Update your browser regularly (should be automatic in Linux so one worry less for you)

And now the last thing… Windows malware in Linux. Usually malware written specifically for windows won’t affect Linux systems and can’t even run on them. But…..well, wine is getting really good, good enough actually that even some malware can run in it. Now…this is usually not as much of a problem. Wine creates a emulated windows environment which is exposed to its programs (default: ~/.wine/drive_c). But wine also creates virtual drives by default that allow access the the whole Linux file-system and your home folder. Your system itself is not in danger there…you run wine as your user so it won’t have write permissions to system files but your home folder is another topic. Of course it’s pretty unlikely that any windows malware will be prepared for this specific case and search for files in the directory structure of Linux but it is possible. This is more relevant for really destructive malware…if the main goal of the windows malware is the delete everything they don’t need to take special care for the Linux file-system, they can just delete every file they have access too…which in wine’s case means your whole home folder. Not wanting to sound too alarmist here, a lot of malware won’t even work in wine and even if it does it’s usually isolated enough from your system….but wine’s job is not to make that isolation perfect, theoretically it is possible that windows malware accesses files in you home folder with wine.
Over all, virus scanner is probably not needed in Linux as long as you stick to common sense, install software from your package manager and stay away from untrusted repositories and especially open repositories like arch’s AUR. Browser protection is necessary though and very much recommended. With wine you are safer than in windows but it’s not absolute safety… so better to think twice before running programs in Wine you got from dubious sources.
With Love,

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.