Hello! Sorry maybe for this beginners-question: do I need dedicated anti-virus / anti-malware software for my Linux System?

I’m not using my laptop for anything shady: no filesharing, no pirating, etc. Just the usual boring bit of work or streaming or surfing the web. Do I need dedicated safety measures? Like ClamAV for example? I read a bit about it but there where mixed messages, where people said it’s not needed.

I’m running Linux Mint and Cinnamon on a laptop since a few months and couldn’t be happier with an operating system. Everything works fine and until now I had no trouble at all (besides this little annoying bug, where my touchpad gets randomly set to “deactivated”, but this really is a minor issue and maybe just a “stupid user”-Problem).

Before I suffered through decades of windows. But no more!

  • kyub@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    5 months ago

    If the user is at least somewhat competent, antivirus is normally not needed. Antivirus has several issues on its own, before even considering its defense “capabilities”: it can contain spyware itself (harvesting user data, auto-uploading “interesting” files to the AV vendor cloud which leaks personal data, etc… e.g. Avast was recently caught spying on the web browser traffic of all their user base and then selling that data. Yes, that’s an AV vendor you’re supposed to trust), AV (like all software) has security holes which can be exploited (there was already malware which only worked BECAUSE you had an AV installed, and it wouldn’t have worked if you hadn’t), and you have one more process constantly running in the background with lots of access rights which isn’t great either, it may even damage your system by finding and quarantining false positives, and if your system is already infected then any AV running on it is also compromised as well and won’t find certain malware anymore because the malware can hide its processes from the AV. Furthermore, AV is only somewhat good at detecting past threats, not good at all at detecting current, dangerous threats. (Typically, virus writers test their own creations against current AV anyway, ensuring that they don’t detect it). Also, no AV detects e.g. Windows 10+/MS Office/MS Edge/Google Chrome/etc.'s invasive telemetry, which is (in this case) a euphemism for spyware functionality bundled with an otherwise legitimate application. AV should at least warn about it, otherwise it doesn’t live up to its promises of combating spyware at all.

    All in all, a competent user is likely to have more security/privacy issues or trouble WITH an AV, than without it. Which means, in the hands of a competent user, AV is the only thing on the system which behaves the most like malware. So simply by learning and following good security practices, you can avoid most if not all threats coming your way anyway, without any additional software needed on your machine.

    That said, if the user is quite incompetent and executes everything at random and doesn’t really care what sites he visits or what phishing mails he opens, and generally has a carefree attitude when workilng at the device, then having an antivirus constantly scanning everything and maybe avoid execution of a known threat, can do more good than harm.

    If you’re ever unsure, upload the file in question to virustotal.com - it will scan with something like 30 antivirus engines. You can’t do that on your own. That makes it more likely that something is found, if there is a known threat in it. Or ask on a forum. If you’re unsure your own system is infected, scan it with an offline virus scanner booted from a USB drive (preferably also with multiple scan engines), because scanning from inside an already infected system cannot ever guarantee full recovery. Although, no AV can ever guarantee full recovery regardless, which is why in the end you should completely re-install any infected system, and not rely on one AV’s cleaning capability. Because there’s no guarantee that the AV found and cleaned everything. If the malware contained a backdoor then maybe there’s new, undetected malware already present as well.