You don’t get down off an elephant, you get down off a duck!
The same joke applies whenever somebody asks "How do you install anti-virus in Linux?". You don’t install anti-virus in Linux, you install anti-virus in Windows.
Lately, when you try to tell people that they don’t need to install anti-virus in Linux, they say "People tell me that, but I want it anyway".
So, let me explain why you don’t need anti-virus in Linux, and to do this we have to start with an explanation of what a virus is.
A virus is a malicious computer program, written to perform some sort of criminal activity with your computer. This can include deleting your data, but these days viruses are much more subtle. They don’t cause mindless destruction. They use your computer to illegally profit their writers. As such, they attempt to evade detection, because as soon as you detect them you would run an anti-virus scan and delete them! They also always set themselves to start up when the computer starts up, which is dependent on them gaining administrator access to your computer.
Once they have administrator access, they can evade detection until you run an anti-virus program that knows about them.
We all know that Windows programs don’t run in Linux. A virus is simply a Windows program, so it doesn’t run in Linux. This is because Linux programs use a different format to Windows programs - Windows programs use the EXE format, Linux programs use the ELF format. Even if Linux could understand EXE, it would be pointless because the programs would be trying to interact with Windows shared libraries or (in the case of viruses) the Windows internals directly, which of course are not present on Linux.
If you download a Windows trojan and double-click it on a Linux system, you get a "Cannot open file ‘boobs.jpg.exe’" message. Linux doesn’t understand the EXE executable format, only the ELF executable format. If you install a program like Wine, that can understand the EXE format and also allow the use of Windows shared libraries, you’ll still find that viruses won’t work. This is because the viruses try to gain access to the running instance of Windows, and of course there isn’t one.
Or, if they are programmed more conventionally, they manage to install themselves into a system-wide area in what they think is your Windows installation, but is actually just a Wine installation in your home directory. The result is that the virus might keep running until you quit Wine or until you restart. If you restart and then run a Wine program, the virus still won’t be run, because Wine doesn’t perform a Windows startup sequence.
Even if a Windows virus was aware of Wine running on Linux, it still could not start itself up when Linux starts up. Linux’s startup sequence requires root access, and there has never been any known way of getting a Windows program to give Wine the higher privileges necessary to modify the Linux startup sequence.
This is all fine in theory. I’m a big fan of the documentary series "Medical Mavericks", which documents the lives of medical self-experimenters, so I’ll put my own computer on the line.
I started with a brand-new GNU/Linux computer that I used every day from its build-date in January, to early July. A virus scan with ClamAV today yields a clean result. No viruses. Also, Wine is not running at the moment, so no Windows viruses are resident. I also had a Windows computer that my father was using (verified as clean on the build-date of the Linux computer), but I had to stop the test early because it contracted zlob.downloader - a nasty form of Windows virus that actually downloads more viruses.
Both computers were connected via local area network, and only the Windows computer had a personal firewall. The whole LAN has a firewall. Neither computer ran any sort of anti-virus between the start of the test and the end of the test.
But what would happen if I took a Windows virus and actually tried explicitly running it in Wine? I found a virus on a Facebook group, downloaded it, and double-clicked it. Wine started running, and then immediately ended. Neither wine, nor wineserver, nor the virus program itself, was running anymore. I tried running Wine in a terminal, but no error messages were output. The virus started running, and then immediately stopped running. I checked again with ClamAV, and it found the copy of the virus that I was trying to run, but it didn’t find any copies in /etc/init.d or anywhere else on my hard disk.
So do you need an anti-virus program in Linux? No, absolutely not! Windows viruses do not run. There are no Linux viruses, partly because there’s no place in the system for a Linux virus to hide, and partly because of all the security features in a modern Linux system. There are few Mac viruses, and all of those take advantage of Apple-specific security blunders.
If you still want to install an anti-virus program on your first desktop Linux system, after all I’ve told you, then I’m concerned that you won’t be able to break the Windows habit. But I’m sure that most, if not all of you, now understand more about why anti-virus is useless on Linux, and I warmly wish you good luck with the rest of your Linux adventures.
Entries (RSS)
You are right. I did exactly the same experiment as you did, and myself found only one occurence of the virus, but I stopped after 235000+ files tested. My experience was made because I work as a network adminitrator with the computers connected all the time at Internet. There is no way I can think of for a Linux OS to become really infected with a virus.
On the other way, managing an antivirus on Windows (any version) can became quickly a nightmare, especially if the user has a “click everything, without thinking first” attitude. And this is a must do on Windows, even though most users do not understand anything about viruses, antivirus, or how they work.
I don’t really have a strong opinion about anti-virus software under linux - but there are additional points that need to be considered. I do run windows occasionally - and I share files back and forth. A windows virus that is downloaded to the file system under Linux could infect a windows system that also has access to that filesystem - whether it be via software to allow Windows to mount an ext3 filesystem or Linux to mount an NTFS filesystem - or Samba across a network to map drives.
Further - many people would use a Linux box to run a mail server. In such a case - you’d have a responsibility to ensure you are not infecting other windows users even though such a virus would not affect you personally.
Also, as a final point - I think assuming that ALL windows viruses require specific windows services or access to the Linux startup in order to do damage may be a bit misleading. It’s quite possible that a virus could damage personal files in your home directory without being able to spread. I’d be more concerned about that since as you point out - since it is expecting specific windows services and EXE executable file formats - a virus that was able to run under Wine would be more likely in my opinion to destroy the file rather than infect it. The end result would be just as distressing however.
You’re explanation is fine and dandy, but what about those viruses specifically targeting the Linux OS in it’s various forms of distributions? It’s completely understandable that a Linux machine is immune to Windows or Mac viruses, and likewise for Windows and Mac being immune to viruses designed for other operating systems. Something that would better calm other people’s fears is some sort of factual reassurance that Linux is, in undeniable fact, more secure from malicious software. Not because the software is designed for another system entirely, but because the Linux OS is that much more secure in how it manages its processes.
tuatha, that is also true. I have written about it before, but
I should write about it as a follow up for Permanent ArticlesI have now written about it again. It’s “How to get down off a duck” in the Permanent Articles page. I like to call the article “There will be rooting” :-). Thanks for the suggestion.Mike, carrying an infected Windows file through a Linux machine to another Windows computer is a valid reason to run anti-virus software, but it’s one I didn’t really think of because nobody in my family actually uses Windows anymore. Mail servers, or any other type of servers, are a different story - this article was written for new desktop users.
Windows viruses being run in Wine could do damage to files in your home directory, but for the fact that viruses these days are Big Business; they are no longer written by loners who want to get back at society, they are now written by people who want to profit from malware. The best way to make maximum profit from your malware is to make it as undetectable as possible. A Windows user finding corrupted files would usually immediately run a virus scan. It’s in the virus writer’s best interest not to corrupt files, even if they find they are on a Linux system.
I just installed today the root kit hunter, after several month of downloading, access to internet, browsing. I found no infection with any malware. And I didn’t played with firewall or anything, just the standard configuration. But I do not run as root, even I am the system administrator. I fact, how many Linux viruses exists in the wild? Read http://librenix.com/?inode=21 . And do not believe the antivirus vendors, as it is in theirs best interest to sell antivirus for Linux, even though it is useless.
And for verifying files for Windows viruses, I find this useful only if you are the network administrator for Linux servers with Windows clients. In any other case, usually it is useless, as it is not the Linux system the source, and the Windows systems should have antivirus installed. And even if you scan for viruses instead of Windows users, chances are they will collect viruses from somewhere else, so the only thing you do is to waste your valuable time. After all, the Linux systems are the strong link in the Internet chain, while the Windows systems the weak link.
We need to be careful not to be lulled into a false sense of security by the fact that many viruses just don’t work with Linux. The first ever virus I encountered was a boot sector virus on an MS-DOS machine. And there are macros for MS Word documents…… There are opportunities for malware which don’t directly depend on the OS
lisati: Boot sector viruses are long-gone, in the grave. Most viruses that depend on portable media are gone too. Word macro viruses also declined in popularity after Word start prompting you whether or not to run macros - and besides, VBA support is not present in the Macintosh version of MS Office, and is only present in Novell’s builds of Openoffice.org on Linux.
All about Digimon Adventure Online Game. Digimon Adventure Fans Blog….
…Digimon is a small virtual pet. You can download and play an online RPG in the Digimon universe. It looks and feels like 2D graphic RPG adventure. You can train and level up your Digimon, make hundreds of quests, and travel through a huge universe a…
Shag Hairstyles and Haircuts…
shag hairstyle basically gotits name from the word “shaggy” since …once the hair is cutand layered it gives off a shaggy look. The shag hairstyle has always been apopular hairstyle, and there are plenty ofshag hairstyles to choose from…
Arbonne skin care products overview…
Arbonne International is one of the main companies in the world when it comes to skin care. Its skin care line is one of the best in the world that many women. The products of Arbonne skin care products are developed in Switzerland….
Stars Shag Haircut and Styles…
Stylists of the those celebrities are miracle makers, capturing each of their personalities and presenting them in sophisticated fun loving shag haircuts. Hopefully we’ll see more and more celebrities take our breath away with their gorgeous shags….
mortgage payments…
If you are thinking over a mortgage refinance, you should pay attention a lot of mortgage refinance program types. For example, you might want to look into a 12 years fixed-rate mortgage refinance. In this case your mortgage payments higher than a long…
Printable Barbie Paper Dolls…
Fashion printable paper dolls - are dolls designed to reflect fashion trends or occasionally fantasy play. The fashion dolls are made of paper, and are created both as for play and for collections. They are enjoyed by many people. The dolls are usually…
Tobacco Epidemic in China…
All kind of cigarette is dangerous, no matter how it is manufactured, said scientists. For example they found that smoking tobacco described as ‘light’ and ‘mild’ is not better than regular tobacco. scientists announced that the tobacco companies h…
NGO calls for prohibition on tobacco ads…
Researchers daclared in a study that heart attacks are hitting the overweight people more than a decade sooner than “normal” weight….
Swine influenza (swine flu) - general information…
Recommendations to avoid spread of the swine influenza among humans include using standard infection control against flu. This includes frequent washing of hands with soap and water or with alcohol-based hand sanitizers, especially after being outside….
The hottest short hairstyles…
Kylie Bax has a very cool new short hairstyle with lots of layers that is very short at the back….
2009 short hairstyles trends…
A short hairstyle might expose some things about your face that you are not quite like. Therefore, this is something to keep in mind for those who might be more introverted about some of our facial features. It is also noticed that it may take time to …
Actually it’s possible for linux to run windows programs (wine) and most wine setups expose either the user’s home directory or the whole filesystem. Who cares that it doesnt run as root, if it destroys your personal files isn’t that what’s critical? You can always install the OS again.