X
Tech

Do you need antivirus on Linux?

If you've been a Windows user for years, then you are well aware of the need for antivirus software. It's a given. But does the same hold true for the open-source operating system?
Written by Jack Wallen, Contributing Writer
Umbrella shielding cyber atttack
ANDRZEJ WOJCICKI/SCIENCE PHOTO LIBRARY/Getty Images

I've been using Linux as my primary operating system since 1997 and I have never installed a desktop antivirus solution on any computer. The only exception to that rule has been when I deploy a Linux mail or file server, where I might add something to scan for suspicious email attachments of malicious code within files. But that's server-only (which is a different beast altogether).

As for the desktop? Never. Not once.

Also: The best Linux laptops

Guess what? After over two decades, I've not experienced one issue with viruses or malware on any Linux desktop I've ever used.

Now, before you hop onto the nearest soapbox, let me add that this has been my experience and my experience alone. But I would think that nearly thirty years of never having to deal with such things paints a very clear picture to answer the question with a simple… no.

If you were to stop me on the street and ask, "Does Linux need antivirus software?" I'd answer "no" every time.

But why? Why are Linux users so certain they don't need to bother with antivirus software when every Windows user knows that working without an AV solution is asking for trouble?

Also: Sparky Linux is a blazing-fast distro that can keep your older machines running for years

There are a few answers to that question. But before I get into those answers, let me say that nothing is absolute. The second a computer is connected to a network, it's vulnerable. On top of that, zero-day exploits are discovered daily (even within the realm of open-source software). But being vulnerable on a network and vulnerable to viruses can be viewed as two distinct things. You could have a desktop computer with Secure Shell running that is out of date and vulnerable to attacks. A bad actor could get onto your network and access your desktop via port 22 and have at whatever's on that machine.

The old adage, "Where there's a will there's a way," always, always, always applies. 

But with viruses and malware, we're talking about something altogether different. This is by design.

It's all about permission

I'm not going to get too deep into the nuts and bolts of this, because you don't need to know the difference between 0777 and rwx permissions. What you do need to understand is that on any Linux system, for an application (be it LibreOffice, Evolution, Spotify, Slack, or even a piece of malware) to be installed, you have to give it explicit permission to do so by typing your user password. Until you do that, the software cannot be installed. 

Also: Thinking about switching to Linux? 10 things you need to know

Or, let's examine a simple shell script. Let's say you receive a malicious shell script as an attachment and you unwittingly save it to your Downloads directory. That script will remain in that folder doing nothing. Why? Because it won't have executable permission. 

For example: The downloaded file is called backup.sh. When you save that file to your Download directory, it'll have both read and write permissions but it will not have executable permission, which means it can't run. To give it executable permission, you'd have to issue a command like:

chmod u+x backup.sh

Once you've issued the above command, the script can be run. Until then that file will remain in your Downloads directory, doing no harm.

However…

You knew this was coming.

Just because Linux doesn't need an antivirus solution, doesn't mean you're 100% safe from malicious software. The thing about Linux is that you have multiple routes for installing software, such as:

  • Your distribution's package manager and official repositories
  • Third-party repositories
  • From source
  • Universal package managers (such as Snap and Flatpak)
  • Web apps
  • AppImages
  • Downloaded files (such as .deb and .rpm files)
  • Scripts

The problem is, how do you know which of these are actually safe? There have been malicious software found in multiple third-party repositories. And if you're downloading source code from an unknown source, all bets are off.

Also: Deepin 23 aims to reclaim the title of the most beautiful Linux desktop

Just like with any operating system, you should only install software from a reputable source. My best advice for most users is to limit installations from official distribution sources. For me, that means the built-in package manager, official repositories, and Snap/Flatpak sources. 

The other caveat is that you, a proud Linux user, have probably inadvertently received viruses and malware via email attachments. You've probably ignored and deleted them as well. But what if you didn't? What if you forwarded that adorable kitty photo you received (from some random person) along to a family member who uses Windows? If they click on that attached file, bad things could happen.

And that is why some people advocate installing a mail scanner like ClamAV. With that solution installed, if you ever receive an attachment you need/want to send to someone else, run a quick scan on the file and, if it checks out, you can safely send it.

Also: My favorite Linux email client flunked spellcheck until I did this

But for those who want to add some layer of protection, I would recommend installing the uBlock Origin extension on your web browser of choice. With that solution added, you can be certain that no rogue ads or scripts can compromise your system via malicious web pages.

In the end

Remember, nothing is ever 100%. And the second this is published, a bad actor might have figured out a way around Linux security, and my answer is rendered wrong. But for nearly 30 years that answer has held firm. I've never once used antivirus software on a desktop Linux installation and I don't imagine (unless things radically change) that I ever will.

Editorial standards