Linux is a popular operating system, especially for servers. The question that always comes up is how useful virus protection is for Linux, because on the one hand the risk of infection is much lower, but on the other hand it can have a much greater impact on the entire system.
First of all, it can be said that the threat situation with Linux is much more relaxed than with Windows. This is due, on the one hand, to the fact that the number of Windows users is significantly higher than to Linux and, on the other hand, to the fact that the Linux system is designed to be more secure than Windows right from the start.
Of course, malware also occurs under Linux. However, since the majority of these malicious programs are tailored to the Windows system, Linux cannot be damaged or destroyed. It is therefore important to note that sooner or later Windows viruses can also be present in a mixed network environment on a Linux NAS. The Linux OS acts as a kind of index patient from which the Malware distributed to all clients accessing the server. This can have more serious consequences than if just a single client becomes infected. So it can be said that it is advisable to use virus protection for Linux, which regularly checks the files for malware when Windows computers access a Linux server.
In Linux, if the user cannot access root privileges, it is more difficult for viruses and Trojans to gain root privileges. In Windows, on the other hand, applications can only be run with administrative rights in a few steps.
Unlike Windows, Linux security holes are closed very quickly. With Windows and the associated software, however, months can pass. Successful infections that have infiltrated Linux systems are usually the result of software that has not been updated.
(Compatibility under Windows systems), many viruses work, Trojans etc. over a longer period of time. Linux, on the other hand, changes the program code and due to different distributions, not every program is compatible, which means that programming viruses, Trojans and other malware is very time-consuming and success is also very rare. Because of malware, virus protection for Linux is not absolutely necessary.
A threat scenario that should be taken seriously when it comes to Linux virus protection is root access to Linux and rootkits. Root access in Linux has all administrative rights. Rootkits are collections of tools for attackers to successfully disguise themselves from detection by virus scanners. Such rootkits allow you to log into a compromised system, monitor network traffic, or launch applications and processes. Most of the time, these kits are used for concerted attacks.
A helpful tool called “chkrootkit” helps detect such rootkits, which can be found in the package sources of all distributions. It is advisable to use this tool using an independent Live CD to ensure that your system and therefore the program has not been compromised. It may well happen that an attacker has disguised his rootkit from the software. There are therefore other tools, for example “rkhunter”, which can also be found in the package sources of all distributions.
Virus Scanner, as used today, use three techniques:
I. Virus signature: The virus signature is a kind of fingerprint of the virus. Antivirus programs work with huge virus signature databases that grow larger over time. The antivirus programs search the files of a system in the background, which takes up a lot of resources.
II. Heuristic: The heuristic examines files for typical characteristics of malware. The problem that arises from this is that Linux functions often cannot be distinguished from these.
III. Behavior detection: Behavior detection checks the behavior of programs before and after an installation is completed. Here, too, there is a danger that anti-virus software often cannot distinguish between Linux behavior and virus behavior.
So, in conclusion, the chances of the Linux system being corrupted by malware are less compared to Windows. However, it is generally advisable to install virus protection and therefore also Linux virus protection on every system.