Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Deyan
Contributor I
‎05-22-2019 06:41 AM
‎05-22-2019 06:41 AM

Anti-malware software for Linux? Is it needed?

Hi community,

 

This is a long going debate in the security world - what do you think around does a Linux device need anti virus - is it worth it and what's the risk for public facing and internal Linux system? All opinions - appreciated :).

Reply
0 Kudos
10 Replies
Shannon
Community Champion
‎05-30-2019 05:01 AM
‎05-30-2019 05:01 AM

@JoePete wrote:
@Shannon wrote:

Following best practices and hardening a system won't always make it invulnerable to compromise.

 

Systems should be secured using a defense-in-depth approach, with deployment of an anti-malware solution being another layer of protection.

 

Regulatory authorities often mandate securing systems with an anti-malware solution, in which case you'll have to comply.

Sure, if I were going to juggle flaming chainsaws, I might want to wear a helmet and gloves, but you know what? The better practice would be to not juggle flaming chainsaws.

Let's look at this from the perspective of risk management. Taking the analogy, there's a good driver who follows best practices --- but tends to drive without fastening his seat-belt. Assuming he's in an area with traffic regulations that mandate the use of seat-belts, he'll run at least 2 risks: -

 

  1. Meeting with an accident.
  2. Getting caught violating traffic rules.

(Note that risk 2 doesn't depend on 1)

 

Now there are the following ways to deal with this: -

 

  1. Risk avoidance : Not driving the vehicle at all.
  2. Risk acceptance : Continuing to drive without a seat-belt.
  3. Risk reduction * : Ensuring that the seat-belt is fastened while driving.
  4. Risk transfer : Getting an insurance policy.

* This can be also achieved by getting a very good vehicle, driving on roads with a low accident rates, etc.

 

If we look at the use of a Linux system --- or any system for that matter --- that needs to be connected to the outside world for business reasons, and assume it's secured and maintained with best practices, there's still the risk of it being compromised by malware, however low that may be.

 

Risk management options are: -

 

  1. Risk avoidance : Completely isolate the system from the outside.
  2. Risk acceptance : Continue using the system as it is.
  3. Risk reduction : Deploy an anti-malware solution on the system.
  4. Risk transfer : Getting dependent business operations insured.

 

Ultimately, the strategy chosen will depend on the risks. If it's not a critical system, well- secured using best practices and not under regulation, then you might choose not use anti-malware on it. On the other hand, if it's critical & must comply with regulations mandating the use of the anti-malware, you would probably want to use this on the system.

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Reply