What protection?

memyselfandi · 27 May 2011 at 17:44

Main reasons to run an antivirus product on Linux is if the system is being used as a mail server, (to scan outgoing and incoming emails), or if it is a file server for Windows clients, (to scan the content of the shares). But in general for a standalone box it's not normally required.

An exception to this is if the system is being used for something which requires that it be secured to PCI-DSS requirements. Then you may have to install antivirus depending on your auditors requirements, (the rule itself is rather ambiguous whether you need to do this on Linux so some auditors say you do, some say you don't).

McAfee also do an antivirus product for Linux (with some quality limitations)

Cycrow · 27 May 2011 at 17:51

tbh, web servers, and other servers dont really count.
also not sure if the majority of web servers are linux.
althou its been awhile since i checked, but the majority used to be run on unix based systems, solaris and BSD being the main ones
althou this may have change, as red hat was getting popular for servers

the vast majority of viruses are targeted at end users, not servers

and in that, linux is only a small number.

also most viruses require the user to actually do something to trigger the viruses, someone who knows what thier doing wont be fooled as easily. which makes up a large share of linux users.

HumbleCoder · 27 May 2011 at 18:56

Al Vallario said:
Two things:

a) Linux is by no means a "small target"; a majority of web servers run linux;

I don't see that as reason why they would be targeted. Web servers are **generally** run by people who know what they are doing making them a harder target that my mum sat at home with a glass of wine without a clue what she is doing.

zinc · 28 May 2011 at 02:51

Viruses shouldn't be a problem. However I can see a number of potential security concerns in an average linux desktop install. One would be adding untrusted PPAs or .debs etc. You don't know what is being added to you system. Also maybe not even now but next time you update your machine the developer of the application can just push out an update on that repository and as usual you confirm the update without thinking. This update from an untrusted source could introduce anything into you system.

Also a lot of new users use things like VNC which can be a security concern if not setup correctly.

wilko49 · 28 May 2011 at 03:55

Criticality assessment - if you only intend to use the machine for browsing/******* around, don't worry. If you intend to purchase things off the internet, probably safer. If you intend to run a server of any kind, seems irresponsible not to.

Someone attempted a network attack on my linux box a few years back which popped up in a security alert (think it was the built-in security manager in Fedora 8). Never figured out what happened as my hard drive died a few days later (probably unrelated, it was about 4 years old from a budget pre-build).

hanluc · 28 May 2011 at 09:47

Linux isn't really affected by viruses but it can spread them, I think this is the main reason for Linux antivirus programs.

memyselfandi · 29 May 2011 at 10:48

Cycrow said:
tbh, web servers, and other servers dont really count.
also not sure if the majority of web servers are linux.
althou its been awhile since i checked, but the majority used to be run on unix based systems, solaris and BSD being the main ones
althou this may have change, as red hat was getting popular for servers

It is more important what web server software is used rather than what platform it is running on. A lot of web servers on Linux, Solaris and BSD are likely to be running, for example, Apache. Hence a vulnerability in that package could affect any of those OSes, although may be mitigated dependent on the configuration (e.g. chroot jails etc).

zinc said:
Viruses shouldn't be a problem. However I can see a number of potential security concerns in an average linux desktop install. One would be adding untrusted PPAs or .debs etc. You don't know what is being added to you system. Also maybe not even now but next time you update your machine the developer of the application can just push out an update on that repository and as usual you confirm the update without thinking. This update from an untrusted source could introduce anything into you system.

Also a lot of new users use things like VNC which can be a security concern if not setup correctly.

Which is something which affects all OSes not just Linux. If you install dubious software, or software from untrusted sources then you good be opening yourself to issues.

wilko49 said:
Criticality assessment - if you only intend to use the machine for browsing/******* around, don't worry. If you intend to purchase things off the internet, probably safer. If you intend to run a server of any kind, seems irresponsible not to.

There is a bit of a difference here ... if you are running a server then you should be considering everything you are putting on to it, software wise, to prevent things being introduced which caused problems.

The more important aspect in this case is to limit your exposure to the internet (i.e. only opening the ports necessary and no more) and making sure that the software serving on those ports is configured securely and kept up to date with security patches. This is more important than running antivirus software on the server.

PermaBanned · 29 May 2011 at 13:54

Al Vallario said:
b) As far as speed of patching is concerned, there's no reason to believe linux being open source would necessarily mean quicker patching. If a vulnerability were exposed in Windows, for example, Microsoft have far more resources and centralised expertise to throw at the problem.

I would disagree - when a vulnerability is exposed in Windows they have a comparatively small team to deal with it, who are doing it because they get payed to do it, and get payed if it gets done quickly or not. If a vulnerability is exposed in Linux then it will quickly spread through countless communities, get a bug report and any one of any number of programmers throughout the entire world will develop a patch because they want to, which will itself be tested and (if it is a problem with the kernel) released as part of the next kernel update, all within the space of maybe a few days. Probably less time than it would take for anybody to come up with a way of exploiting that vulnerability.