Linux is a popular operating system, especially for servers. The question that always comes up is how useful virus protection is for Linux, because on the one hand the risk of infection is much lower, but on the other hand it can have much greater effects on the complete system. First of all, it can be said that the threat situation for Linux is much more relaxed than for Windows. On the one hand, this is due to the fact that the number of users in Windows is much higher than in Linux, and on the other hand, because the Linux system is designed to be more secure than Windows right from the root.
Linux Server als Patient-0
Malware also occurs under Linux, of course. However, since the majority of these malicious programs are tailored for the Windows system, Linux cannot be damaged or destroyed by them. Therefore, it is important to note that in a mixed network environment on a Linux NAS, Windows viruses may also be present sooner or later. In this case, the Linux OS acts as a kind of index patient from which the malware is distributed to all clients accessing the server. This can have more serious consequences than if only a single client becomes infected. Thus, it can be basically stated that it is recommended to use an antivirus for Linux, which regularly scans the files for malware when Windows computers access a Linux server.
Virus protection for Linux due to malware risk under Linux?
The risk of catching malware, such as viruses, trojans, etc. under Linux is low because:
1. New software is checked under Linux via a checked software center:
The Software Center consists only of trusted package sources. In Windows, on the other hand, where software can often be downloaded through third-party websites, the risk of virus-infected installations increases.
2. Linux users do not have root privileges by default.
In Linux, it is more difficult for viruses and Trojans to gain root privileges if the user cannot access root privileges. In Windows, on the other hand, applications can only be run with administrative rights in a few steps.
3. Linux security vulnerabilities are closed very quickly.
Unlike Windows, Linux security vulnerabilities are closed very quickly. With Windows and the associated software, on the other hand, months can pass. Successful infections that have infiltrated Linux systems are usually the result of software that has not been updated.
4. Since the program code in Windows hardly changes
(compatibility among Windows systems), many viruses, Trojans, etc. work for a long time. Linux, on the other hand, changes in the program code and due to different distributions, not every program is compatible either, which makes the programming of viruses, Trojans and other malware very time-consuming and success is also very rare. Due to malware, virus protection for Linux is therefore not absolutely necessary.
Virus protection for Linux due to the threat rootkits?
One threat scenario that should be taken seriously in terms of Linux antivirus protection is root access to Linux as well as rootkits. Root access on Linux has all administrative rights. Rootkits are collections of tools for attackers with the aim of successfully camouflaging themselves from detection by virus scanners. Such rootkits allow logging into a compromised system, monitoring network traffic or launching applications and processes. Most of the time, these kits are used for consensual attacks.
A useful tool called “chkrootkit” helps to detect such rootkits, which can be found in the package sources of all distributions. It is advisable to use this tool with the help of an independent live CD to ensure that one’s own system, and thus the program, has not been compromised in turn. It is quite possible that an attacker has camouflaged his rootkit against the software. There are therefore other tools, for example “rkhunter”, which can also be found in the package sources of all distributions.
Are virus scanners a burden for Linux systems?
Virus scanners, as they are used today, use three techniques:
I. Virus signature: Virus signature is a kind of fingerprint of the virus. Antivirus programs work with huge virus signature databases that grow larger with time. The antivirus programs scan the files of a system in the background which consumes a lot of resources.
II. Heuristics: Heuristics examine files for typical characteristics of malware. The problem that arises from this is that Linux functions often cannot be distinguished from just that.
III. Behavior detection: behavior detection checks the behavior of programs before and after an installation is complete. Again, the danger is that anti-virus software often cannot distinguish between Linux behaviors and virus behaviors.
Conclusion about virus protection for Linux
So, in conclusion, the probability of the Linux system being corrupted by malware is lower compared to Windows. However, it is generally advisable to install antivirus protection on any system, and consequently Linux antivirus protection as well.