cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Contributor I

Anti-malware software for Linux? Is it needed?

Hi community,

 

This is a long going debate in the security world - what do you think around does a Linux device need anti virus - is it worth it and what's the risk for public facing and internal Linux system? All opinions - appreciated :).

3 Replies
Highlighted
Advocate I

Re: Anti-malware software for Linux? Is it needed?

As with most things in InfoSec it depends.

 

If you Linux systems is a thin client terminal e.g. a Igel technologies device running their Ubuntu derivative, and you've configured your VDI securely, locked down USB port etc, then since their is nowhere for malware to reside other than in memory (the devices don't have user writable local storage) then you'd been reasonable safe to not run AV.  You'll be running a very small risk that malware could create a hidden writable storage partition on the device and therefore survive a reboot, but in most environments this should be within risk tolerance.

 

Similarly if you're running Linux in a VM, say for development/experiementation, and you're willing to delete that VM entirely if infected, then not running antimalware is probably also within risk tolerance for most environments.

 

As for server based Linux, I'd consider your security control environment more fully rather than look at AV in isolation, as a point solution.  So you need to make the decision holistically looking at your architecture and the other defenses in place.  So for example, if your Linux box was behind a gateway that proxied connections to it are inspected traffic for malware and other attack signatures, was fully patched, was segmented from other more critical systems, runs a host firewall and maybe even HIDS and you have SIEM to monitor for anamolies and a good CSIRP, then you may consider than sufficient protection, but it'll all depend on your assessment of the risks.   

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Highlighted
Contributor I

Re: Anti-malware software for Linux? Is it needed?

Thanks big time Steve. I agree 100% that other security controls contribute to the overall security environment, however would like to focus entirely on the AV security control for Linux OS. We talk about layered security structure so i try to not think about other layers but just evaluate if nowadays Linux systems (web servers/file servers/workstations etc.) are need to have AV - are they being attacked frequently? It does not make sense to me to not put AV on the Linux systems as opposed to the Windows ones as - Linux systems are also widely used for web services, application services, and other public facing services in addition to internal servers and even workstations.

Highlighted
Community Champion

Re: Anti-malware software for Linux? Is it needed?

> Deyan (Contributor I) posted a new topic in Tech Talk on 05-22-2019 06:41 AM

 

> Hi community,   This is a long going debate in the security world - what do you
> think around does a Linux device need anti virus - is it worth it and what's the
> risk for public facing and internal Linux system?

 

There have been Linux viruses. In fact, there have been some "dual-infection" programs that would infect both Windows and Linux format applications (on Intel platforms). The risk is fairly low, but it is real.

 

As usual, the level depends upon your application and situation ...


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468