Linux is an open source operating system that got its start in the 1990s. Since then, it's become the most popular OS of its kind and developed a reputation for incredible security, seeing as there are very few existing viruses that can affect Linux systems.
A huge number of developers are consistently reviewing the open-source Linux code, plucking out bugs and malware, ensuring there are no lapses in security, and scouring each line.
With this in mind, you might think that there's no need to use antivirus for Linux device – but no operating system is fully immune to online threats. In this guide, we look at why you may need antivirus for Linux.
Do I need antivirus for Linux?
Linux is concurrently developed by numerous people and parties, and not a single organization like Windows or Mac. It's an open source operating system, meaning it's easy for users to pick and choose which programs, services, and applications they'd like to use. However, assembling these elements into a functioning operating system is a tricky and time-consuming task.
Luckily, a Linux distribution (also known as a "Linux distro") will do the hard work for you.
More than 1,000 Linux distros exist, however, and figuring out which one is best for you will depend on a few vital factors; the device you're using, the things you plan to do on that device, and how familiar you are with Linux, to name a few.
We'll take a look at some of the most popular Linux distros below, and puzzle out whether antivirus is an essential piece of kit, or an optional add-on.
Ubuntu, published by Canonical, does not come with any pre-installed antivirus software, though the security measures that it does have are pretty impressive. The Canonical team is quick to neutralize threats and vulnerabilities in the distro, and every two years a new Long Term Support version is published. The desktop and server LTS are supported for five years apiece, and updates are automatically applied to the user's device. What's more, Ubuntu meets US government standards, as certified by the FIPS (Federal Information Processing Standard).
Due to a distinct lack of viruses and malware capable of affecting Linux – and Ubuntu – systems, it's easy to assume that antivirus software won't be necessary. However, you might benefit from installing an antivirus on your device if you intend to scan files for threats, either over your own network or outside it.
Additionally, if your email server is Linux-based, it's possible to receive infected mail from Windows users. You'll be passing that virus along if you forward the mail to another Windows user. An antivirus will prevent this, though you'll actually be protecting the recipient rather than yourself.
Again, Kali does not come with any built-in antivirus software, and we'd also discourage folks new to the Linux OS from selecting Kali as their first distro. Kali is, primarily, a pentesting (hacking) distro and has not been developed with the average user in mind.
The security-conscious and Linux-savvy enjoy Kali because of its encryption and privacy measures, granted by a versatile toolkit built into the operating system. Users can play with Nmap, Wireshark, and Aircrack-ng, amongst other features. Check out our how to setup Wireshark guide for more information on how to get it up and running.
Kali's nature means that installing an antivirus is a tricky undertaking. Due to the complex nature of the distro, and its intended usage, an antivirus is not necessary, but due diligence on the user's behalf – as well as a thorough understanding of the Linux OS – is a must.
Similar to Ubuntu and Kali, Fedora has no default antivirus baked into its code – but it does have a firewall! This firewall is intuitive and easy to use, and just about anyone will be able to configure it to limit incoming and outgoing connections. Fedora also prevents the installation of new software without user permission – this stops spyware from installing itself on your device, which can happen on Windows devices.
Fedora users might find it useful to install antivirus if they send a high volume of emails, to prevent accidentally passing viruses on to folks using Windows and Mac devices.
Should I use anti-spyware for Linux?
A quick Google search will inundate you with assurances that an antivirus is unnecessary for the Linux OS – but don't be fooled into complacency! It's true that Linux devices suffer fewer intrusions from viruses and other online threats, but it's not entirely immune to them.
Viruses, worms, malware, and Trojans can all potentially affect Linux systems, but the Linux distros are monitored so closely that threats and vulnerabilities are often patched quickly. However, as Linux becomes more and more popular as a desktop operating system, more and more malware targets it, and EvilGnome is just one of these new threats.
EvilGnome creates a backdoor in Linux operating systems, and deploys spyware that can then capture screen recordings, keystrokes and mouse clicks. It may also be capable of stealing files directly from your device.
Viruses, worms, malware, and Trojans can all potentially affect Linux systems, but the Linux distros are monitored so closely that threats and vulnerabilities are often patched quickly.
When it comes to individual Linux distros, it's difficult to determine which one is more secure than another, as this will largely boil down to how users implement the system. Each distro does come with its own pros and cons, however.
For example, Ubuntu has a problematic security record. 2012 saw the distro record user file searches. Canonical, the developers of Ubuntu, then passed this data on to Amazon. Ubuntu also logged user data for Canonical in 2018 – though it was claimed this data was anonymized.
The Debian distro doesn't have the same security blips as Ubuntu, or Mint, but what it gains in privacy it loses in compatibility. Some users won't be able to install Debian at all, and Debian is not compatible with proprietary drivers.
Is virus scanning important?
So, we've established that Linux is a secure operating system, but not an entirely foolproof one. Any operating system can be affected by viruses! As you might expect, however, an antivirus can prevent these threats from causing chaos on your computer.
There're all sorts of ways a virus can infect your Linux device – via malicious code and URLs and rootkits, especially – and you'll also want to be cautious when transferring files between your Linux device and Windows or Mac devices.
Buffer overruns, botnets, ransomware, and web scripts without sufficient restrictions are just a few of the nasties that can affect Linux systems – and even if the danger they pose is minimal, it's not worth the risk of letting them run riot.
Viruses can also affect your computer via email. Though, if you receive a virus in an email attachment, it probably won't wreak too much havoc on a Linux operating system. Antivirus software can help pluck out these malicious emails and prevent you from unwittingly passing them on to other people, who, if they have a Windows device, might suffer far worse consequences.
If you do decide to invest in an antivirus, we'd recommend scanning your device right after you've installed the software, and then at least once a week to ensure no nasties are lurking on your computer.