[Linux]: Do You Really Need Anti-Virus Software?

When a seasoned Windows user first migrates to Linux, the first question is always “where is the anti-virus?” I have been asked this question countless time and were always given the “you are lying to me” kind of look when I told them that they don’t need anti-virus software in Linux.

Over the decade where computer viruses have become so rampant, it is to no surprise that many people are treating Windows and anti-virus software as one unit; and that one cannot live without the other. This is deeply imprinted in people’s mind and I suspect that if one day, they were to live without anti-virus software, they will have nightmares.

Back to the issue about anti-virus software in Linux: when I say that Linux don’t need anti-virus software, I don’t mean that it is completely safe from virus attack. In fact, anyone who say that Linux is completely safe from virus attack is saying a big fat lie. No operating system is completely safe from virus attack, and you can be sure that the salesman who is trying to sell you the EeePC is lying to you when he says that there is no virus for Linux. What I am trying to bring across is that: it is much more difficult for a virus to infect a Linux machine, even without anti-virus software. Let’s see why is this so…

By default, Linux does not grant its users root privilege. Users who are installing applications or making amendment to the filesystem need to provide the root password, of which failure to do so will render the installation process useless. Similarly, for a virus to create havoc and cause a system-wide destruction, it needs to has root privilege, which can only be granted by the user. As long as the user is careful about what he or she installs and do not grant executable permission to untrusted program from unverified sources, there is little risk of getting infected by virus. Without root permission, the best the virus could do is to infect the Home folder and wipe out all the data in it. Your system won’t hurt a bit.

Do I still need anti-virus software?

You will definitely need an anti-virus software if you are setting up a file server with your machine. In situation where you are running Samba or NFS servers, there is a possibility that the virus residing on your machine can infect the Windows PC in your network. In cases where you might have documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain viruses, you definitely want to eradicate them before you share the documents with your counterparts that are running Windows. Having an anti-virus software at check can definitely reduce the chance of your Linux machine becoming a virus propagator.

While Linux provides you with a pretty secure environment, it can only do so much. You still have to play your part to filter out the bad from the good and make sure that none of the viruses get into your system. With due diligence, I am sure that you can have a peaceful night without any virus scare.


  1. The thing that most people don’t realize is that AV isn’t needed on Windows either – and it doesn’t take extreme paranoia/caution to make it work.

    1) Do not run Internet Explorer except for websites that you trust – such as your bank. This does not mean “if my bank sends me an email, click on the URL to open it in Internet Explorer”. This means type in the URL yourself; or save it as a bookmark and only access it through that bookmark.
    2) Don’t use Outlook or Outlook Express. They both internally use Internet Explorer to display emails; someone could send an email designed to exploit an Internet Explorer weakness, and it would generally work.
    3) Don’t open email attachments unless you have specifically requested them. If someone you sends you something, confirm directly with them that they sent it to you — because as your blog post mentions, email addresses are easily faked.
    4) Always know what you are clicking on. This means that you can’t browse the web in Internet Explorer; and in Firefox, turn off JavaScript’s ability to change status bar text.
    5) Don’t download and install programs unless they are from a known and trusted source.
    6) Change explorer settings to always show file extensions. This way, you can always see what kind of file you are opening – and won’t be tricked into running “FamilyPhoto.jpg……….exe”

    Those six things will ensure that the ordinary person will never get a virus on Windows. If you wish to be safe, download a free AV solution such as ClamAV, and scan your hard drive once a month.

  2. @Curious George: Well said. It all boils down to social engineering. If you play your part in protecting yourself, it is really hard to get infected, regardless of which platform you are using.

  3. @CuriousGeorge: I thought exactly the same as you about not needing anti-virus on Windows, but I did manage to somehow get malware on my Windows computer even through a firewall and my “comprehensive wetware security” :-) I honestly can’t understand how it happened, but it did.

    The only way you can avoid getting a virus on Windows is if you don’t connect it to a network or the Internet, and even then I’m sure there’s still ways of contracting them…

  4. Yeah, you don’t need anti-virus software on Windows… unless you use flash disks. Flash disks and Windows are the bane of my existence.

  5. in windows just make a user that can't do anything except read files, then only allow that user on the web

Comments are closed.