This is a long going debate in the security world - what do you think around does a Linux device need anti virus - is it worth it and what's the risk for public facing and internal Linux system? All opinions - appreciated :).
As with most things in InfoSec it depends.
If you Linux systems is a thin client terminal e.g. a Igel technologies device running their Ubuntu derivative, and you've configured your VDI securely, locked down USB port etc, then since their is nowhere for malware to reside other than in memory (the devices don't have user writable local storage) then you'd been reasonable safe to not run AV. You'll be running a very small risk that malware could create a hidden writable storage partition on the device and therefore survive a reboot, but in most environments this should be within risk tolerance.
Similarly if you're running Linux in a VM, say for development/experiementation, and you're willing to delete that VM entirely if infected, then not running antimalware is probably also within risk tolerance for most environments.
As for server based Linux, I'd consider your security control environment more fully rather than look at AV in isolation, as a point solution. So you need to make the decision holistically looking at your architecture and the other defenses in place. So for example, if your Linux box was behind a gateway that proxied connections to it are inspected traffic for malware and other attack signatures, was fully patched, was segmented from other more critical systems, runs a host firewall and maybe even HIDS and you have SIEM to monitor for anamolies and a good CSIRP, then you may consider than sufficient protection, but it'll all depend on your assessment of the risks.
Thanks big time Steve. I agree 100% that other security controls contribute to the overall security environment, however would like to focus entirely on the AV security control for Linux OS. We talk about layered security structure so i try to not think about other layers but just evaluate if nowadays Linux systems (web servers/file servers/workstations etc.) are need to have AV - are they being attacked frequently? It does not make sense to me to not put AV on the Linux systems as opposed to the Windows ones as - Linux systems are also widely used for web services, application services, and other public facing services in addition to internal servers and even workstations.
> Deyan (Contributor I) posted a new topic in Tech Talk on 05-22-2019 06:41 AM
> Hi community, This is a long going debate in the security world - what do you
> think around does a Linux device need anti virus - is it worth it and what's the
> risk for public facing and internal Linux system?
There have been Linux viruses. In fact, there have been some "dual-infection" programs that would infect both Windows and Linux format applications (on Intel platforms). The risk is fairly low, but it is real.
As usual, the level depends upon your application and situation ...
No.. Linux does not need a anti-malware the same way Windows does..
You should focus more on the developers and/or the IT-department. Those two are the biggest issues in Linux security – they are the “malware”…
The developers treat Linux like something mystical that should be only managed by them ( plus, they want to have “Linux skills” in their CVs ) and the IT-department thinks that the only thing a server needs is a Antivirus and manage Linux like it was some kind of Windows server..
Both of them ( too many times ) do not understand even the basic UNIX security principles…
The anti-malware that Linux desperately needs is having people that can think outside the Microsoftverse.. 😉
( Not counting services/servers that cater Windows users.. )