Announcements
Planned Site Maintenance
Due to scheduled maintenance, account creation for new Community users will be unavailable 11 a.m. Eastern October 23, 2020 – October 24, 2020. We apologize for any inconvenience.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Re: Anti-malware software for Linux? Is it needed?


@JoePete wrote:

@Shannon wrote:

Following best practices and hardening a system won't always make it invulnerable to compromise.

 

Systems should be secured using a defense-in-depth approach, with deployment of an anti-malware solution being another layer of protection.

 

Regulatory authorities often mandate securing systems with an anti-malware solution, in which case you'll have to comply.


Sure, if I were going to juggle flaming chainsaws, I might want to wear a helmet and gloves, but you know what? The better practice would be to not juggle flaming chainsaws.


Let's look at this from the perspective of risk management. Taking the analogy, there's a good driver who follows best practices --- but tends to drive without fastening his seat-belt. Assuming he's in an area with traffic regulations that mandate the use of seat-belts, he'll run at least 2 risks: -

 

  1. Meeting with an accident.
  2. Getting caught violating traffic rules.

(Note that risk 2 doesn't depend on 1)

 

Now there are the following ways to deal with this: -

 

  1. Risk avoidance : Not driving the vehicle at all.
  2. Risk acceptance : Continuing to drive without a seat-belt.
  3. Risk reduction * : Ensuring that the seat-belt is fastened while driving.
  4. Risk transfer : Getting an insurance policy.

* This can be also achieved by getting a very good vehicle, driving on roads with a low accident rates, etc.

 

If we look at the use of a Linux system --- or any system for that matter --- that needs to be connected to the outside world for business reasons, and assume it's secured and maintained with best practices, there's still the risk of it being compromised by malware, however low that may be.

 

Risk management options are: -

 

  1. Risk avoidance : Completely isolate the system from the outside.
  2. Risk acceptance : Continue using the system as it is.
  3. Risk reduction : Deploy an anti-malware solution on the system.
  4. Risk transfer : Getting dependent business operations insured.

 

Ultimately, the strategy chosen will depend on the risks. If it's not a critical system, well- secured using best practices and not under regulation, then you might choose not use anti-malware on it. On the other hand, if it's critical & must comply with regulations mandating the use of the anti-malware, you would probably want to use this on the system.

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz