Linux has a reputation for being a safe platform, but should users be looking for an antivirus solution?
Linux has a reputation for being a safe platform. Its permission-based structure, in which regular users are automatically prevented from performing administrative actions, predated many advances in Windows security.
Many are under the impression that Linux antivirus isn’t necessary or important. For both desktop and server users, this is a myth. This article explains how this OS works and why it needs protection.
What is Linux?
Linux is an operating system (OS), derived from UNIX, with versions for servers, desktops, and other endpoints. While Linux is one core operating system, there are many variants called distributions (or ‘distros’ for short). It’s relatively rare for Linux to be used on desktops – adoption is typically less than 2% – and it is substantially more popular on servers.
In business settings, most users are likely to be running either Windows or Mac on their computers. However, most servers, whether for internal file-sharing or external purposes, such as web servers, are likely to be running Linux.
In a typical small business environment:
Operating System (OS)
Workstations - popular among creatives
Why is Linux considered safe?
With Linux systems, users are automatically assigned restricted permissions. This applies both to human users as well as those assigned to processes (system users). Users are free to create accounts with elevated (superuser, sudo) permissions and a root user is included with the operating system by default.
Because regular users are restricted from performing administrative functions, their ability to damage the system is reduced. Additionally, even if security exploits were able to run under a user account, they would not be able to perform extensive system damage through tampering with the OS core.
Linux as a target
Linux isn’t typically a prime target for cybercriminals, as Mac and Windows are more widely adopted, and virus authors prioritize these operating systems since they are more likely to cause widespread damage. For this reason, many Linux users have long believed that the OS doesn’t need antivirus software.
However, while Linux use on desktops has historically remained at relatively low levels, the inverse is true for servers. Antivirus is necessary for cybersecurity teams that wish to better protect their endpoints.
Can you get viruses on Linux?
While fewer viruses target Linux machines, that doesn’t mean that there are none. Other threats for Linux machines include adware, spyware, rootkits, and key loggers.
Why complacency is a bad approach
For any organization that is running multiple Linux servers, not installing any antivirus protection and simply hoping for the best is risky. Many business servers, including those running Linux, are mission-critical resources. Consider how your sales performance would be affected if your CRM or ERP system were not available, even for an hour?
Quantifying the cost of potential downtime for your business is a useful exercise to demonstrate why investing in proactive preventative resources is the most sensible approach.
If a Linux server is successfully breached, then the consequences could be serious. Linux servers can be used to run:
File sharing servers
Consider some of the consequences of a successful server hack:
In the case of a DDoS attack on a Linux running web server, for instance, the company website could be forced offline. Users would not be able to access information about the company. Potential leads could be lost. For ecommerce website operators, even a minute of downtime could certainly be quite costly.
For email servers, hackers could steal the entire contents of the emails and attachments stored on the servers, obtaining sensitive and confidential company information, as well as those about clients. This could have a massive adverse impact on the organization’s ability to land new business and greatly erode public confidence in its professionalism.
How can you protect your data?
Security measures that can help you to protect a small business include:
Enforcing VPN connectivity
Users should be encouraged to connect to the Linux server using a VPN. This means that all communications are secured within an encrypted channel that should be impermeable to hackers.
Education and training
Many social engineering exploits, like phishing, could be prevented if employees were educated on proper means of avoiding scams and spotting suspicious websites and emails. Make sure that your staff is fully educated on how to prevent viruses and other threats from entering servers. For example, invite them to test their basic knowledge of cybersecurity with an online quiz.
If you are running Linux servers, you must make sure that they are running a reliable and regularly updated protection software. It’s important that you protect your endpoints in the same way. The antivirus solution you choose should be capable of detecting both conventional and zero-day (undocumented) threats.
Strong passwords and two-factor authentication (2FA) are excellent ways to make endpoints more secure. It’s possible to run 2FA on a Linux server to add extra security to connections made over Secure Shell (SSH). You could also consider enforcing a password rotation policy for all non-administrative users.
Which antivirus is best for Linux?
An advanced solution, such as next-gen antivirus, is capable of detecting both conventional and emerging threats to defend your business against bad actors and viruses.
Do I need to install antivirus on Ubuntu?
Ubuntu is a distribution, or variant, of the Linux operating system. You should deploy an antivirus for Ubuntu, as with any Linux OS, to maximize your security defenses against threats.
Linux isn’t automatically safe
While Linux does a great job at boosting its native security posture, no OS is 100% safe from cyberattacks. All businesses should install antivirus along with other security measures to make sure that their servers remain well protected. We've got you covered — learn more about our Linux antivirus solution.