Hi community,
This is a long going debate in the security world - what do you think around does a Linux device need anti virus - is it worth it and what's the risk for public facing and internal Linux system? All opinions - appreciated :).
@JoePete wrote:
@Shannon wrote:Following best practices and hardening a system won't always make it invulnerable to compromise.
Systems should be secured using a defense-in-depth approach, with deployment of an anti-malware solution being another layer of protection.
Regulatory authorities often mandate securing systems with an anti-malware solution, in which case you'll have to comply.
Sure, if I were going to juggle flaming chainsaws, I might want to wear a helmet and gloves, but you know what? The better practice would be to not juggle flaming chainsaws.
Let's look at this from the perspective of risk management. Taking the analogy, there's a good driver who follows best practices --- but tends to drive without fastening his seat-belt. Assuming he's in an area with traffic regulations that mandate the use of seat-belts, he'll run at least 2 risks: -
(Note that risk 2 doesn't depend on 1)
Now there are the following ways to deal with this: -
* This can be also achieved by getting a very good vehicle, driving on roads with a low accident rates, etc.
If we look at the use of a Linux system --- or any system for that matter --- that needs to be connected to the outside world for business reasons, and assume it's secured and maintained with best practices, there's still the risk of it being compromised by malware, however low that may be.
Risk management options are: -
Ultimately, the strategy chosen will depend on the risks. If it's not a critical system, well- secured using best practices and not under regulation, then you might choose not use anti-malware on it. On the other hand, if it's critical & must comply with regulations mandating the use of the anti-malware, you would probably want to use this on the system.