Isn’t Linux virus-free? By the classic meaning of “virus”, yes. But there is malware for Linux.
What about the more traditional sense of “virus” we worry about on Windows operating systems? What about the risk posed by hostile data hitting user platforms through e-mail, web, and removable media? To the extent this matters in Linux, these are often vulnerabilities in browsers and Adobe products.
Best practice, enforced by cautious settings now included by default in most distributions, means you do not log in as root on a graphical console and run browsers and document viewers with high privileges. Debian-derived distributions disable logging in as root even on a text console or over SSH. This includes the very popular Mint and all the other Ubuntu variations.
A lot of Linux security comes from preventing the use of dangerous software by the root user.
Linux can play a protective role. The most common use will probably be to scan email moving both in and out on a Linux-based mail gateway. You can also:
The big-name providers offer Linux server malware detection and quarantining: F-Secure, Kaspersky, McAfee (now Intel Security Group), Symantec, Comodo, Sophos, BitDefender, Trend Micro, ESET, and more.
As for personal workstations, there just isn’t much anti-malware software. This is because it’s much like dragon repellent, a solution without a problem to solve.
I read one analysis that blamed the extent of the Windows malware problem on that environment’s generally proprietary and frequently expensive applications. That analysis said that this led to frequent use of “cracks” and “warez”, software modified from its original form and shared via dubious channels. Linux software, by comparison, is generally free and obtained through well-known repositories monitored by the community.
I don’t agree with 100% of this, especially the part that approaches a rationalization of “And so, that’s why we have to steal.” But there is something to this argument, most of all the benefit of the open repository.
Patching on a Windows platform is focused on the Windows operating system and the Microsoft applications. The rest of it — PDF document viewing and manipulation, development for C/C++ and many other languages, printer drivers, codecs for audio and video, plus whatever else — is all up to you. You may get frequent, annoying, and often ignored pop-ups for Adobe, Java, Chrome, HP printing updates, and more. That’s the disconnected application package management in action.
Compare this to Linux, where you have one unified package management space. Add the proprietary repositories to your Yum or APT configuration, and one check for available updates covers all installed software, from the base operating system through all applications.
The classic answer is Clam Antivirus. It’s free, open-source, and included in most (if not all) Linux distributions.
Comodo has the free Comodo Anti-Virus for Linux, which installs as a package named CAV_LINUX. It installs in /opt/COMODO/.
Sophos similarly offers their free Sophos Antivirus for Linux.
Avast!, AVG, BitDefender, and others have had desktop Linux malware scanners in the past, but they have dropped them. Now it’s server-only for the Linux side.
Finally, don’t overlook the Linux rootkit detectors. These include chkrootkit and rkhunter, both free and open. Run these from trusted boot media.
Many of the Linux vulnerabilities are in network services. We defend against these with patching, careful configuration, and input filtering with a web application firewall (WAF) or similar. We do patching and defensive service configuration in Learning Tree’s Linux server administration course.
