2

On a non-international forum I was reading a discussion about using an Antivirus on Linux Desktops. There are two opinions:

1. Anti-Virus is best-practise regardless of the OS used
2. Anti-Virus on Linux does more harm than good

Now most of the answers there are primary opinion based. However one argument that keeps getting used is that there is a real danger in having an AV on Linux because it has to run as root. I personally do not really see why this in itself is such a big security risk, assuming you install a 'legit' antivirus. I am having trouble seperating the opinions with 'facts' about the risks of Linux AV.

What are the real risks of installing an AV on a Linux Desktop?

toom
  • 584
  • 3
  • 20
  • See also [Should I get an antivirus for Ubuntu?](https://security.stackexchange.com/questions/63097/should-i-get-an-antivirus-for-ubuntu) – Sjoerd Jun 21 '18 at 10:10
  • @Sjoerd feel free to correct me if Im wrong, but this seems to hint more to: Are there virusses for Ubuntu? – toom Jun 21 '18 at 10:13

1 Answers1

11

AV pros:

  • Can detect old viruses
  • Sometimes can detect recent viruses (depending on vendor detection/update time)
  • Sometimes can proactively detect viruses and alert to a suspicious activity

AV cons:

  • Do contain bugs (all software does) and run with high privilege level, sometimes exploitable.
  • Usually consist of megabytes of closed-source, really complex (parsers for tens of file formats, process monitoring, etc...) code that you run as root.
  • Demand trust in vendor, vendor's internal security architecture, vendor-generated SSL certificate for https web AV functionality, ...
  • Slow down your system
  • Do close to nothing against qualified attacker or targeted attack.

I tried to be objective, but my bias is clear. AV can protect against CoolPhoto.jpg.exe email attachments, but if you are advanced enough to run Linux on the desktop then you do not need that protection.

Andrew Morozko
  • 1,759
  • 7
  • 10
  • 4
    I think this is a fairly objective post. Given that virtually any programmer can write a virus that is not detected by AV in 10 minutes is testament to the fact that AV is only good for known samples or very, very badly written malware. I [wrote an answer](https://security.stackexchange.com/a/182288/165253) similar to yours on another post, elaborating on the downsides to antivirus (although it was not specific to Linux). I came to the same conclusions you did. – forest Jun 25 '18 at 02:39