Linux has a reputation for being a safe platform, but should users be looking for an antivirus solution?
Linux has a reputation for being a safe platform. Its permission-based structure, in which regular users are automatically prevented from performing administrative actions, predated many advances in Windows security.
Many are under the impression that Linux antivirus isn’t necessary or important. For both desktop and server users, this is a myth. This article explains how this OS works and why it needs protection.
Linux is an operating system (OS), derived from UNIX, with versions for servers, desktops, and other endpoints. While Linux is one core operating system, there are many variants called distributions (or ‘distros’ for short). It’s relatively rare for Linux to be used on desktops – adoption is typically less than 2% – and it is substantially more popular on servers.
In business settings, most users are likely to be running either Windows or Mac on their computers. However, most servers, whether for internal file-sharing or external purposes, such as web servers, are likely to be running Linux.
In a typical small business environment:
Operating System (OS)
Workstations - popular among creatives
With Linux systems, users are automatically assigned restricted permissions. This applies both to human users as well as those assigned to processes (system users). Users are free to create accounts with elevated (superuser, sudo) permissions and a root user is included with the operating system by default.
Because regular users are restricted from performing administrative functions, their ability to damage the system is reduced. Additionally, even if security exploits were able to run under a user account, they would not be able to perform extensive system damage through tampering with the OS core.
Linux isn’t typically a prime target for cybercriminals, as Mac and Windows are more widely adopted, and virus authors prioritize these operating systems since they are more likely to cause widespread damage. For this reason, many Linux users have long believed that the OS doesn’t need antivirus software.
However, while Linux use on desktops has historically remained at relatively low levels, the inverse is true for servers. Antivirus is necessary for cybersecurity teams that wish to better protect their endpoints.
While fewer viruses target Linux machines, that doesn’t mean that there are none. Other threats for Linux machines include adware, spyware, rootkits, and key loggers.
For any organization that is running multiple Linux servers, not installing any antivirus protection and simply hoping for the best is risky. Many business servers, including those running Linux, are mission-critical resources. Consider how your sales performance would be affected if your CRM or ERP system were not available, even for an hour?
Quantifying the cost of potential downtime for your business is a useful exercise to demonstrate why investing in proactive preventative resources is the most sensible approach.
Linux servers can be targeted by:
If a Linux server is successfully breached, then the consequences could be serious. Linux servers can be used to run:
Consider some of the consequences of a successful server hack:
Security measures that can help you to protect a small business include:
Users should be encouraged to connect to the Linux server using a VPN. This means that all communications are secured within an encrypted channel that should be impermeable to hackers.
Many social engineering exploits, like phishing, could be prevented if employees were educated on proper means of avoiding scams and spotting suspicious websites and emails. Make sure that your staff is fully educated on how to prevent viruses and other threats from entering servers. For example, invite them to test their basic knowledge of cybersecurity with an online quiz.
If you are running Linux servers, you must make sure that they are running a reliable and regularly updated protection software. It’s important that you protect your endpoints in the same way. The antivirus solution you choose should be capable of detecting both conventional and zero-day (undocumented) threats.
Strong passwords and two-factor authentication (2FA) are excellent ways to make endpoints more secure. It’s possible to run 2FA on a Linux server to add extra security to connections made over Secure Shell (SSH). You could also consider enforcing a password rotation policy for all non-administrative users.
An advanced solution, such as next-gen antivirus, is capable of detecting both conventional and emerging threats to defend your business against bad actors and viruses.
Ubuntu is a distribution, or variant, of the Linux operating system. You should deploy an antivirus for Ubuntu, as with any Linux OS, to maximize your security defenses against threats.
While Linux does a great job at boosting its native security posture, no OS is 100% safe from cyberattacks. All businesses should install antivirus along with other security measures to make sure that their servers remain well protected. We've got you covered — learn more about our Linux antivirus solution.
In addition to the disruption and changes caused by the Covid-19 pandemic, the education sector has been subjected to cyberattacks more than ever before.
Find out how to secure your Linux server and protect data from hackers, including best practice tips for hardening including root logins and firewalls.