4

It is well known that as a target for viruses, and other exploits Linux compares favorably to other operating systems. However there are a number of known Linux specific threats. There are also a number of mostly commercial anti-virus products for Linux aimed at the desktop (e.g NOD32, Comodo, Sophos).

My question is, do any of these products actually protect against Linux specific threats? This Wikipedia article claims that some of these products do, however I have yet to find any other claims or evidence that this is the case.

I understand that virus protection could be considered necessary on Linux servers which distribute content to other vulnerable clients (such as a mail server), however do these desktop specific applications really provide any utility? What function is it they are actually performing?

Ben
  • 43
  • 3
  • The answer is "sort of", most products out there for Linux do...something. Whether or not they will help depends on: A) your environment, B) What the system itself is doing, C) Other settings ON said system. Many of my servers I don't have a security system, on others I do. – Gravy Aug 01 '16 at 17:24

3 Answers3

2

I understand that virus protection could be considered necessary on Linux servers which distribute content to other vulnerable clients.

These servers usually have(should have) strict administration policies like

  • Don't keep a package the you're not using/rarely using.
  • Apply security patches on a regular basis
  • Run services when only and when you require it, well that's a cronjob !
  • Have regular backups
  • low latency mirrors

and so on. Moreover, there are different layers of protection offered by Enterprise Level Linuces which includes (but are not limited to)

  • Firewalls
  • Root Jails, where an application is root jailed to a specific directory so that in case of successful exploit, the exploiter can't access anything beyond chroot directory except in rare circumstances
  • Software specific security mechanisms (Say for Apache, you have Allow,Deny options)
  • Pluggable Authentication modules(PAMs)
  • Discretionary Access Control Mechanisms.(eg. User permission on files)
  • Encrypted files (eg A LUKS encrypted home directory)
  • Mandatory Access Control Mechanisms( eg SELinux, AppArmor)

A (good) Linux Administrator would exhibit good understanding of these mechanisms and ensure that they are in place to give the clients get best protection possible.

On the other hand a third party (commercial) AV solutions may(would) require you to disable one or more of these applications whereby you're saying no to some inherent security mechanisms in Linux.

sjsam
  • 1,594
  • 2
  • 14
  • 22
  • Thanks for the answer, however I intended my question to be more specifically aimed at desktop use and desktop anti-virus software, rather than enterprise/server installations (although I concede I may not have articulated this clearly). I appreciate that the security considerations of a server are different to that of a desktop and will very much be application dependent. My comment referring to servers was intended more of an acknowledgement of anti-virus applications that scanned for, e.g. Windows specific threats, which may be desirable on a mail server – Ben Aug 01 '16 at 18:06
  • Regarding however do these desktop specific applications really provide any utility? In my personal experience, they often require you to trouble shoot for hours if not days, to - at the least - set them up. I may not want to comment on how useful they are as the community doesn't encourage opinionated suggestions. – sjsam Aug 01 '16 at 18:12
  • @Ben : Having said that, all the features -described in the answer- are available for desktops too. It is just that - as you might be well aware - they're are often auto-managed so that the end user is not given the overhead of manually managing stuff.. – sjsam Aug 01 '16 at 18:16
2

They do protect against Linux threats. Read following article for reference:

Linux: 16 Security Packages Against Windows and Linux Malware Put to the Test

"In the lab at AV-TEST, 16 protection solutions for Linux systems were examined ... In the test lineup were security solutions for Linux from Avast, AVG, Bitdefender, ClamAV, Comodo, Dr. Web, eScan, ESET, F-Prot, F-Secure, G Data, Kaspersky Lab (with two versions), McAfee, Sophos and Symantec ... The lab unleashed on the systems 900 actually already known attackers for Linux."

user182821
  • 36
  • Your link is useful, but your answer needs more context. From https://unix.stackexchange.com/help/how-to-answer : "Always quote the most relevant part of an important link, in case the target site is unreachable or goes permanently offline." – JigglyNaga Aug 03 '16 at 05:52
1

Most likely all you need is configure your server security overall and keep it updated.

Additional security software can be used but not really important from my experience.

If your root account password is weak and you allow to use password auth on your server it's a problem and this software will not help you :)

Configure your firewall, add 2FA and fail2ban and update your system. Most threats are within this triangle.

Tim Connor
  • 74