LinuxSecurity

Do you need an Antivirus on Linux?

heartbleed-bug-hacker

Introduction

Linux is a really awesome OS, over the course of 25 years it has rapidly grown and powers majority of all web-servers on the internet as well as embedded devices and serves as the kernel for Android. While many contributors have worked hard to ensure the Linux system is secure by design there are still ways in which your Linux system can be attacked.

Much like your Windows PC or even a Mac Linux based systems often use web-based components which are susceptible to attack.

Many of these components include software you use every day such as Flash, Java & also other software packages such as Apache, MySQL and of course your web browser.

Like many devices connected to the internet Linux also has various attack vectors, so that means there is always a potential to get infected with malware.

From a security standpoint, Linux is less affected by common viruses which are programs designed to attach to other files and cause damage to the host computer and also the lower market share in the desktop arena when compared to Mac and Windows.

Due to the strict permissions and file access rights, this is significantly minimised although the more common threat to Linux is web-based exploits, Trojans, and rootkits which pose a serious threat.

Now for a standard laptop or desktop, these threats are not as common but are certainly more serious for a web server or other critical infrastructure using Linux.

In this article, we will cover some of the basic practices to help secure your system and keep your information safe.

Disable Adobe flash

adobe-flash-player-security-patch-update

One browser plugin that you may have installed on your computer is Adobe Flash while this ancient technology is not as common as it once was the unfortunate reality is that many websites including popular ones like BBC iPlayer still use it.

While flash itself does what it is intended to do the overall structure has many inherent security vulnerabilities which have consistently been discovered over the years.

This bad track record has led to harsh criticism from the infosec community who label it as insecure and poorly designed. Whilst Adobe has responded by quickly rolling out security patches the reality is that most people simply can’t keep up with all these patches and are often left with an outdated version installed.

With many companies moving to the much more modern, fast and secure HTML5 we are slowly losing the need to keep flash installed.

The first and foremost step would be to disable it or better off remove it completely to prevent it from running. For those who may need to use flash from time to time, you can download this handy plugin for Google Chrome.

The aptly named “Flash control” will allow you to keep flash disabled and then enable whenever necessary for those odd sites that still use it. This method is much more preferred for those who may need it but don’t want it always enabled and is a highly recommended plugin to install.

If you want to go a step further and rid your system of flash here’s how to do it, simply open a terminal window and type the following:

sudo apt-get remove --purge ubuntu-restricted-extras adobe-flashplugin flashplugin-installer
Remove Adobe Flash from Linux

Also to disable in chrome go to your address bar and type chrome://plugins and press enter, from here locate flash and press disable.

Only install from trusted repositories and PPA’s

linux-package

Being a Linux user there is a multitude of different sources for finding software, some options include your default package manager, software center, terminal and even .deb and .rpm package files for different distro’s available online.

This is by far the most critical factor in securing your system and that is to install software from reputable areas, some examples would include your software center as well as trusted developer websites. You should always avoid 3rd party file sharing sites, pirated software or unsigned .deb or .rpm files from unknown sources as they may have been repacked to contain potential malware or even rootkits which are the most difficult to remove.

Often websites such as Softpedia, Sourceforge, FileHippo and other sites belonging to developers are safe but you should always check to ensure the group or company is reputable and have produced quality software.

If you follow this general rule of thumb for software installation you can avoid 90% of malware and potential attack vectors as Linux uses strong authentication mechanisms when handling and installing packages, so only provide your password to allow trustworthy packages.

Also read: How to scan files with multiple antivirus apps all at once

 

Keep software up-to-date

607x320xapt-get-update.png.pagespeed.gp+jp+jw+pj+js+rj+rp+rw+ri+cp+md.ic.JA6rE15Rgk

One of the single biggest mistakes people make is not updating their software regularly, this large collection of outdated software makes it significantly easier for hackers to probe and attack weaker points as they can use a variety of exploits against your outdated software. The simple solution for this is to run the following command in your Linux terminal (assuming your using a Debian based distro e.g. Ubuntu, Debian, Mint etc)

To keep all your software update use the following:

sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get upgrade && sudo apt-get autoremove

Simply copy and paste the above line and press enter, now just enter your password and the update process should start. To save time you can paste the above code into your favorite text editor and save it as a .sh file and change the permissions to execute as a program.

This way you can keep the file on your desktop and run it every couple of days, in addition, many distributions incorporate a package manager or update manager allowing you to quickly update your software and OS from a GUI.

In terms of attack vectors your web browser is another major target for malicious websites and adversaries, thus it is always paramount to keep your browser updated. Most modern versions of Chrome and Firefox automatically detect when new versions are available and will install them for you but regularly checking and updating is still important.

With so many of using these browsers, it is often easy to forget about plugins too, ensure these are updated to receive patches and also other fixes to help improve your experience.

Whilst software is important to upgrade you should also consider upgrading your distribution itself to ensure you have the most recent security patches and supported software available for your computer.

Most Linux distributions come in LTS releases which guarantee a period of 5 years of support so try to stick with these as opposed to the latest short support versions which may only offer 1 or 2 years. Upgrading your system can have adverse effects if your not careful, so we always recommend a complete backup beforehand to prevent any loss of data. By staying updated every couple of years on a stable and secure release.

Get a firewall on your system

top-5-free-firewall-for-windows

When it comes to security most threats will come through the network so it’s always important to have a good firewall on hand to safeguard this constant flow of information. While many might think you will need to shell out a fair share of money for a complete security solution there are many free options to use.

Fortunately, in the Linux world, there is a massive collection of free open-source software to help you with this exact task. In this article, we will be looking at some good free firewall solutions that you can easily apply to your Linux desktop.

GUFW (Graphical Uncomplicated Firewall): This program is by far the simplest and easy to use firewall program to use on a standard Linux desktop. For most distro’s this will already be in the default repositories so no additional ones will be needed. To get started simply open your terminal program and issue the following commands

(assuming your using a Debian based distro like Ubuntu or Mint)   for other distro’s check out this link

sudo apt-get install gufw

After installing open your application menu and you should find a new icon called GUFW, launching this will give you a quick and easy GUI to manage your firewall. First off make sure it’s enabled then you can set your profile such as work, home or office simply choose whichever one suits you best.

From this menu, you can also add your own rules and filters to block specific ports, applications as well as network protocols like ssh which you may not need and want to disable. Once done press OK and close the program, whenever you want to launch the software you will need to enter your password for security but once in you can easily customise what you need.

For larger corporate networks and business environments

pfsense

For those of you in the enterprise world, you may require a more advanced firewall setup, that’s where PfSense comes in. This operating system can be installed on a computer and acts like a firewall/router which you can customise to suit your needs. The rules are very powerful and can be tweaked for maximum security as well as a high-performance router for your business.

This system is based on FreeBSD which is not Linux but another *nix type OS. Although it doesn’t really fit in with Linux it is a great tool to have and learn to improve your network security, in addition, it will also help you to expand your knowledge of Unix type systems which in many ways also relate to Linux.

Encrypt, Encrypt, Encrypt

encryption

When it comes to storing your sensitive data the best way to keep it from prying eyes is to encrypt the contents, this type of security can safeguard your data even if an attacker has physical access or worse manages to steal your laptop. In this case, we recommend an application called “Prey” which can handle anti-theft and works on Windows, Mac, Linux and even Android.

As for files stored locally you can use a program named Veracrypt, this is an open-source and powerful utility which gives you complete control over your files. While many encryption utilities do exist most are proprietary and as a result, there is no way to truly see how secure they actually are.

Dance-like-no-ones-watching.-Encrypt-like-everyone-is-watching

In this particular case, we always recommend an open-source solution as the source code has been audited and is known to be safe. Once you have Veracrypt installed you can go ahead and create a “virtual container” and “key file”, these are effectively files which act like virtual hard drives and store your encrypted data in them.

Be sure to pick a strong password to safeguard the contents, these files can be placed on a USB drive and must be mounted each time through the main program. Once mounted and logged in open up your file manager and you can access all your data, as usual, this is an absolute must for business leaders or anyone who travels around as theft is always an issue so it is paramount to guard your files against prying eyes.

So do you really need an anti-virus on Linux?

So the main question many people have is “do I really need an anti-virus on Linux” the answer in most cases the answer is probably no. If you follow general internet security and apply the techniques above as well as only visiting trusted sites and avoiding pirated software your PC is very much secure.

Now if you are storing important information or records then you should use some anti-virus software as it will scan and protect against most threats and is ultimately better then nothing. One other factor to consider is WINE which allows you to run Windows programs alongside Linux, over the years WINE has improved significantly and is always getting better at running Windows programs.

While many people depend on WINE to get their applications and games to work it can in rare cases open up a potential attack vector, so always make sure you’re scanning your executable files before installing them into WINE using a tool such as VirusTotal.

Also if you have Windows PC’s on the network it can help to use an AV as you will also be protecting files that pass through to those devices too, for the security minded, however, you may still want to have an AV just in case and run some scans occasionally.

Anti-Virus option

If you considering an anti-virus application for your Linux system then here are a couple of software solutions which I recommend, I have used these programs and have had good experience using them so definitely check them out and see for yourself if they are right for your computer.

ClamAV: A fully free and open-source scanner, this is not on-demand but will allow you to run scans quickly and easily and will also detect Windows malware.

To install it simply initiate the following command in your terminal sudo apt-get install clamav and to update it simply type sudo freshclam && sudo apt-get update. Unfortunately, this doesn’t come with a GUI so to set that up type sudo apt-get install clamtk. 

Sophos for Linux: Sophos has been a reputable name in the AntiVirus world and there Linux expansion is no different, to install it you will need to sign up and go through several steps on their website before being able to install it on your system but once it’s done you will have a fairly good AV protecting your system.

Unfortunately, there is no GUI so the entire application must be used within the terminal, without a GUI, however, scans often run quicker and have less overhead than a full-featured interface which to some may be unnecessary especially on a server.

Many long-time Linux users will often say you don’t need an Antivirus at all as Linux uses many secure protocols including strict user authentication and other feature like sandboxing and SELinux which help to strengthen the overall security of the system. While some of this is true it is always a good idea just in case if you handle sensitive information and works with other Windows PC’s otherwise it is probably not necessary.

 

And that’s it with a little bit of work you can help secure your Linux system.Out of the box, most distro’s are very secure and have this in mind although like everything nothing is 100% perfect and there can be attack vectors. Through this guide, we hope we have helped you by removing flash and other good practices to help keep your system safe.

Have any other tips or suggestions? let us know in the comments or send us a message on our social media pages!