cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Deyan
Contributor I

Anti-malware software for Linux? Is it needed?

Hi community,

 

This is a long going debate in the security world - what do you think around does a Linux device need anti virus - is it worth it and what's the risk for public facing and internal Linux system? All opinions - appreciated :).

6 Replies
Steve-Wilme
Advocate II

As with most things in InfoSec it depends.

 

If you Linux systems is a thin client terminal e.g. a Igel technologies device running their Ubuntu derivative, and you've configured your VDI securely, locked down USB port etc, then since their is nowhere for malware to reside other than in memory (the devices don't have user writable local storage) then you'd been reasonable safe to not run AV.  You'll be running a very small risk that malware could create a hidden writable storage partition on the device and therefore survive a reboot, but in most environments this should be within risk tolerance.

 

Similarly if you're running Linux in a VM, say for development/experiementation, and you're willing to delete that VM entirely if infected, then not running antimalware is probably also within risk tolerance for most environments.

 

As for server based Linux, I'd consider your security control environment more fully rather than look at AV in isolation, as a point solution.  So you need to make the decision holistically looking at your architecture and the other defenses in place.  So for example, if your Linux box was behind a gateway that proxied connections to it are inspected traffic for malware and other attack signatures, was fully patched, was segmented from other more critical systems, runs a host firewall and maybe even HIDS and you have SIEM to monitor for anamolies and a good CSIRP, then you may consider than sufficient protection, but it'll all depend on your assessment of the risks.   

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Deyan
Contributor I

Thanks big time Steve. I agree 100% that other security controls contribute to the overall security environment, however would like to focus entirely on the AV security control for Linux OS. We talk about layered security structure so i try to not think about other layers but just evaluate if nowadays Linux systems (web servers/file servers/workstations etc.) are need to have AV - are they being attacked frequently? It does not make sense to me to not put AV on the Linux systems as opposed to the Windows ones as - Linux systems are also widely used for web services, application services, and other public facing services in addition to internal servers and even workstations.

rslade
Influencer II

> Deyan (Contributor I) posted a new topic in Tech Talk on 05-22-2019 06:41 AM

 

> Hi community,   This is a long going debate in the security world - what do you
> think around does a Linux device need anti virus - is it worth it and what's the
> risk for public facing and internal Linux system?

 

There have been Linux viruses. In fact, there have been some "dual-infection" programs that would infect both Windows and Linux format applications (on Intel platforms). The risk is fairly low, but it is real.

 

As usual, the level depends upon your application and situation ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Pedro_Joro
Newcomer I

No.. Linux does not need a anti-malware the same way Windows does..

 

You should focus more on the developers and/or the IT-department. Those two are the biggest issues in Linux security – they are the “malware”…

The developers treat Linux like something mystical that should be only managed by them ( plus, they want to have “Linux skills” in their CVs ) and the IT-department thinks that the only thing a server needs is a Antivirus and manage Linux like it was some kind of Windows server..

 

Both of them ( too many times ) do not understand even the basic UNIX security principles…

The anti-malware that Linux desperately needs is having people that can think outside the Microsoftverse.. 😉

( Not counting services/servers that cater Windows users.. )

Dejavu
Viewer II

All I can say is linux machine can be compromise as easy as window machine. Exploit from the application to get reverse shell, lateral movement from internal compromised machines, vulnerability or malware that build in your opensource package (system lib or application lib). You need to weight your assets against the security control cost and see if you need it.
CraginS
Defender I


@rslade wrote:

...

There have been Linux viruses. In fact, there have been some "dual-infection" programs that would infect both Windows and Linux format applications (on Intel platforms). The risk is fairly low, but it is real.

 

As usual, the level depends upon your application and situation ...


As a long time Mac owner (started with a MacXL - look it up!) I remember when the mantra was Macs don't need anti-virus s/w because there are so few no one  is writing any viruses for Macs.

Yeah right! Like that was a good  idea!

 

Craig

 

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts