jump to navigation

Antivirus for Linux 4 January, 2009

Posted by aronzak in Uncategorized.

One of the questions that many new Linux users ask is “Should I run antivirus software on Linux?” I have two reasons why not to and three why you should.

Why you don’t need to:

1. Linux has better inherent security features. The ‘root’ and normal user permissions means that it is harder for malicious code to damage your system. Also the files permissions can make it hard to execute code. There are ways around all of this, though.

2. Less malware is written for Linux. This will change in the future, but it is a great benefit now.

If you only want to keep your own computer safe, strictly speaking, there is no absolute need to install any antivirus software in Linux. But if you are running Linux on a mixed network, I have three reasons why you should:

1. Surviving to raise the alarm. Imagine for a moment that you are in charge of the Royal guard in a medieval castle. Who would you choose to defend the castle walls against intruders? A slow, sleepy, sloppy guard? Or a young, fit and fiercly loyal guard? Windows has a long history of letting intruders through, Mac a shorter one. Linux, at the moment, is uncompromisable.

When a new virus is written, it takes time for antivirus writers to respond. This window of opportunity for viruses is referred to as the “zero day” period. Analysis of files without needing virus signatures is one protection, but it is not perfect. If a Windows (or these days, Mac) computer gets hit with a zero day virus, any antivirus software on the computer is usually made ineffective by the virus. When a new virus signature is made for the virus, it’s too late for an infected computer. But Linux, which didn’t get infected, can get the update.

2. Fighting back. Now that you’ve got a new virus signature, the next time you scan for viruses in a network sharing folder, you’re likely to find the virus.If it bleeds, we can kill it. Linux has saved the day.

3. Mopping up. Imagine someone that is sick and throws up in your house. They then decide to try and run outside, but they don’t make it all the way and they throw up again. Similarly, when a computer gets sick it leaves a mess all over the place. Viruses usually copy themselves over your network and on USB sticks. Even if your network does not get compromised, it can still be convenient to use Linux to help mop up the viruses that end up coming into contact with your computer on USB sticks (even thouth they’re not dangerous).

So, in short, running antivirus software on Linux is a good idea. It can help defend Windows and Mac computers and can be convenient to get rid of lingering malware. So, what’s on offer?

1. ClamAV

ClamAV is a free and open source virus scanner. That means that it can easily be installed natively on a Linux system using the ordinary package management system. This is extremely convenient. In Debian types, just do

apt-get install clamav

and it should install.

You might also want to install a GUI frontend. One called klamav appears to be the most advanced. Here’s some screenshots:


A nice configuration dialogue with an icon.



Klamav has a nice drop down box and a percent bar that makes it easy to use. Unfortunately, while ClamAV is popular because it is free and open source, weather or not it is as effective as other AV products is questionable. Though I understand that it is getting much closer to the competition and does run a lot faster than other AV software in Linux.

Most vendors provide professional products for Linux servers; so they also provide home editions for the desktop for free. Most vendors that do provide free linux versions hide them, trying to get Windows users to buy professional products. If you search for “linux” in a box, usually you’ll find a page that has a link, which is impossible to find otherwise.

One exception to this is F-Prot antivirus which has a link to the Linux section on the front page. Also, F-Prot is integrated in Puppy Linux, wich gives a graphical tool (which automatically downloads the required files). This is one of the smallest AV downloads I’ve seen (only 13MB) but it is Command Line Interface (CLI) only. This may be a good or a bad thing.

I’ve also used AV products from Avast and Grisoft (AVG) with GUIs that were fairly user friendly.

Others you might want to check out:

AV            GUI

Avira ? 45MB

AVG Free yes   ~50MB Also brothersoft

Avast yes   registration required

Panda reg.

Bit Defender CLI only. Terrible website, never managed to get a download link, despide having used it in the past. Even send an angry email.



1. PaulBeck - 19 February, 2009

Hey! Nice piece. Very informative. Thanks.
I bailed on Bill almost 3 years ago after buying into promise of a secure, stable Windows system for 16 years. Little did I know how joyful it would prove to be among the ranks of the Linux and Mac users. Oh yes… and did I mention TROUBLE-FREE? But, of course, I remain concerned about viruses. It really does take time for ‘average’ users to learn that not even email that *appears* to be coming from a friendly contact is always safe. Ah well… going on year 3 of Mac & Ubuntu bliss.

2. Linux malware « Aronzak’s Rantings - 19 February, 2009

[…] commerce I don’t view as a smart choice. Possibly related posts: (automatically generated)Antivirus for LinuxEveryone says Linux is secure, here are the facts!SecurityFiretorrent adds Opera-like torrent […]

3. Ade - 2 February, 2012

Almost free of Windows, Yippeeee !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: