Linux Security

No, Linux Doesn’t Need an Antivirus or Firewall

Joel Lee 11-10-2017

Linux isn’t invulnerable. In fact, that’s one of the most common cybersecurity myths that gets Linux users into trouble. This belief makes it easy to put your guard down, and when your guard is down, that’s when you’re most likely to get sucker punched.


But just because Linux has security holes 4 Surprising Linux Security Issues You Should Be Aware Of They say you should use Linux if you want security. That might be true, but you still need to be on your toes! Read More doesn’t mean you need antivirus or firewall software. While you may decide to install one anyway — and there’s nothing wrong with that — here are a few reasons why it may not be as helpful as you think.

Why Linux Doesn’t Need an Antivirus

Malware for Linux desktops is rare

Since Linux is the least popular desktop operating system, and since Linux users tend to be a tech-savvy bunch, and other operating systems have easier security holes to exploit, it simply isn’t as profitable to attack Linux.

Of course, Linux malware does exist. To say otherwise would just be naive and untruthful. However, it just isn’t as big an issue as it is on other operating systems, and there’s almost no chance you’ll run into one (unless you’re viewing inappropriate content 5 Ways Visiting Adult Websites Is Bad for Your Security & Privacy While pornography is often discussed in the context of morality, there's a huge security-and-privacy angle that is often overlooked. If you know what to look out for, the safer you'll be. Read More or torrenting from disreputable sites 10 Easy Ways to Never Get a Virus With a little basic training, you can completely avoid the problem of viruses and malware on your computers and mobile devices. Now you can calm down and enjoy the internet! Read More ).

Software installations are safer on Linux

Think about how software gets installed. On Windows and Mac, users often download EXE, MSI, and DMG installer files that request system-level access in order to make the necessary installation changes. That’s a prime avenue for malware attacks. One mistake, one trick, and you’re toast.

But Linux is different. Installer files exist but are unconventional — most users rely solely on package managers like APT and YUM. As long as you keep to trusted repositories, the risk of catching malware this way is virtually zero. That risk increases when you start playing around with obscure PPAs and the like Linux PPAs: Installation, Removal, and Security PPAs -- personal package archives -- are a way to install Linux software via the Terminal. But are they safe to use? How can you remove a PPA? And which are the safest PPAs to... Read More .


No, Linux Doesn't Need an Antivirus or Firewall linux computer desktop security

Linux protects itself against malware

The fundamental structure of Linux makes it difficult for malware to take root, and even if you do end up contracting a virus or Trojan, it will have a tough time doing any real damage to the system. This is due to how permissions work in Linux.

Every file in Linux has three permission settings:

  • What can the file’s owner do with this file?
  • What can the file’s owner group do with this file?
  • And what can everyone else do with this file?

If a virus hypothetically infected your system, it would likely be executed under your local account, and so would be limited to your user actions. Local user accounts can’t do anything to system-level “root” files, so the malware would be trapped and restrained (assuming you don’t accidentally execute the malware with “sudo” What Is SU & Why Is It Important to Using Linux Effectively? The Linux SU or root user account is a powerful tool that can be helpful when used correctly or devastating if used recklessly. Let's look at why you should be responsible when using SU. Read More ).


Antivirus effectiveness is questionable

Suppose one day there’s a new malware that targets Linux desktops. It makes use of a never-before-seen security exploit and it makes its way onto your system. Before you can even realize it, the malware wreaks havoc on your data and leaves you wondering what you could’ve done to prevent it.

Would antivirus have helped you here? Probably not.

Generally speaking, antivirus software is always one step behind viruses. It can’t protect you against threats it doesn’t realize are out there, which means antivirus developers are by definition reactive. Chances are, you’ll be hit by the malware before the antivirus understands how to deal with it.

And did you know that Linux antivirus clients primarily scan for Windows malware? Some do find Linux infections, but they mainly cleanse files of Windows infections so that you don’t pass that malware to your other computers or to your friends and family through file transfers.


No, Linux Doesn't Need an Antivirus or Firewall computer security malware antivirus

Smart security habits are often enough on Linux

Two of the most well-known attack vectors on Linux desktops are Flash and Java. These two cross-platform platforms are known for their security vulnerabilities, which is why we recommend getting rid of Flash and stop using Java.

But those aren’t the only ones. Other potential vectors for malware include Silverlight, PDF files, outdated extensions and plugins, infrequently-updated cross-platform apps like OpenOffice, and more. USB drives can also carry latent malware.

All this to say: if you eliminate potential attack vectors, avoid shady parts of the web, steer clear of stray USB drives, drop bad security habits and develop good security habits 8 Tips for Online Safety Used by Security Experts Want to stay safe online? Then forget everything you think you know about passwords, antivirus and online security because it's time to be retrained. Here's what the experts actually do. Read More , then there isn’t much to gain from antivirus software.


Why Linux Doesn’t Need a Firewall

Don’t worry, this answer is much shorter.

A firewall is simply a filter that determines which network packets (i.e. data) can come in to your computer from the internet and which can leave your computer to the internet. It’s mainly used to allow and/or disallow incoming connections. Outgoing connections are rarely filtered.

For most Linux desktop users, firewalls are unnecessary.

No, Linux Doesn't Need an Antivirus or Firewall linux server cables

The only time you’d need a firewall is if you’re running some kind of server application on your system. This could be a web server, email server, game server, etc. In this case, a firewall will restrict incoming connections to certain ports, making sure that they can only interact with the proper server application.

If you aren’t running any server applications, then a firewall serves no purpose. If no servers are running, then your system isn’t listening for incoming connections, and if it isn’t listening for incoming connections, then nobody can connect.

Most Linux desktops run zero server applications out of the box.

Tips for Maximizing Linux Security

Despite all of these reasons to not install antivirus software, you may want to do it anyway — and that’s fine. Even if you never catch a single malware infection, it’s not like you’ve lost anything by having antivirus available. Better to be safe than sorry, right? After all, Linux isn’t as secure as many think.

For options, here are some good free Linux antivirus apps The 6 Best Free Linux Antivirus Programs Think Linux doesn't need antivirus? Think again. These free antivirus tools can ensure your Linux box remains virus-free. Read More .

We also have recommendations for security-focused Linux operating systems Linux Operating Systems for the Paranoid: What Are the Most Secure Options? Switching to Linux delivers many benefits for users. From a more stable system to a vast selection of open source software, you're onto a winner. And it won't cost you a penny! Read More , which ramp up security measures by several notches. Of them, you may like Qubes OS the best Qubes OS 3.2: The Most Secure Linux Operating System Qubes OS is a functional and intuitive security-oriented Linux operating system, and is used by Edward Snowden. Does its onus on security, superb compartmentalization, freedom, and integrated privacy features make it right for you? Read More : it isolates apps through virtualization, essentially running them in a sandbox and minimizing risk of malware infections.

And for maximum privacy, be sure to use a VPN on Linux Everything Linux Users Need to Know About Installing a VPN Linux is inherently more secure than Windows. But this doesn't mean that you shouldn't keep an eye on how you access the internet. A firewall is necessary, and increasingly so is a VPN. Read More .

Do you run antivirus or firewall software in Linux? Why or why not? Got any other points to add? Let us know in the comments!

Image Credit: 3DDock/Depositphotos

Related topics: Computer Security, Firewall, Linux, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Liz Thompson
    September 11, 2018 at 3:34 pm

    Mint came with a FIREWALL and I use it.

    As far as antivirus... don't use it.
    I have in the past had something hammering away at my system online.
    I rebooted and it went away.

  2. John Smith
    November 8, 2017 at 5:28 am

    Anyone who says Linux doesn't need a firewall has either never used Linux, or does not use it for any serious or even daily basis.
    No OS is safe without a properly configure firewall.
    Look into your favorite distro, you'd see iptables, ufw and others.
    Please do a better research before posting such wild claims.

  3. WaitWhat
    October 12, 2017 at 3:29 am

    This is a poorly written article, Looks like someone had a preconceived notion and went looking for facts (maybe) to support it. Next time keep in mind that the high percentage of people who consume MUO articles know a thing or two about a thing or two. Sorry but you, or someone else, are going to have a very uncomfortable meeting soon and you will need to sit there take it. If you want to know what a well researched, entertaining and educational article about AV looks like. Search for an article that was published on October 10th 2017, about Kaspersky and Israel in a very well known US newspaper. Trying to tell you how to find it but not mentioning the article title or publisher, hope you can find it.

  4. Bob Westmoore
    October 12, 2017 at 12:48 am

    I had to do a double take to make sure it wasn't april's fools day.. The OP has no clue about the topic he's writing about. Running a "game server" come on.

  5. Loloy D
    October 12, 2017 at 12:01 am

    While it does make sound sense to not install antivirus on Linux, there still exists very few caveats. And among the AVs out there, only ClamAV may be the most reputable open source option. I have to agree that sensible computing practices would lead a user to a virus-free experience.

    A firewall, on the other hand, is a totally different story. It is indeed needed, even if you don't use any daemon that welcome incoming connections. This is especially true if a casual user uses Wine-based apps that keep "phoning home" or elsewhere, even though occurring in a non-malicious manner. These "phoning" activities could waste your network resources dramatically and would lead a user to unnecessary exposure.

  6. Scot
    October 11, 2017 at 11:59 pm

    This is biggest crap piece of writing I've ever read. I'm SOC Manager for a Managed Security Services Provider and I warn anyone reading this article to completely ignore EVERYTHING in this ignorant article.
    First Malware doesn't need to be run as sudo to be installed. If you're logged in as Root guess what you already have administrator rights. Additionally, malware can use any one of the multiple escalation of privileges exploits available in order to gain the necessary rights to be installed. Or more commonly it will be bundled with legitimate software and be silently installed in the background without the users knowledge. Oh guess what if you don't use an antivirus... You would never know .... I guess ignorance is bliss?

    Regarding firewalls... AGAIN this is absolute misinformation. First Linux comes with a firewall by default ... It's called IPTables. Granted it's not a complete firewall solution but it does the job. All users should configure their IPTables to deny all and only white list external access under certain conditions especially if you use services like SSH or Telnet, as these allow for direct command line access to you device.

    I wish there was a report button for fake news because this crap qualifies, next time MUD decides to post an ill-gotten and completely Ignorant article about computer security, you should probably consult with someone who actually works in the field.

    • Scot
      October 12, 2017 at 12:07 am

      And to the ignorant comment about their isn't any malware for Linux... Maybe next time do a Google Search before you stating completely false statements...

    • AnnoyedReader
      October 12, 2017 at 1:38 am

      I guess the author conveniently forgot to mention the numerous RansomWare Variants that were discovered this year targeting Linux and Mac users...

      A little research would of gone a long way. I can now safely put this website in the bucket of sites to remove from my RSS feed as they publish articles about weakening the security protections instead of strengthening them.

      I would live to know what experience or qualifications the author has to justify his unresearched claims?

    • Oratile
      October 21, 2017 at 11:45 am

      Thanks for the info Scot.

  7. SomeoneWhoWorks
    October 11, 2017 at 10:57 pm

    Not going to lie but buffer overflow attacks are good ways of spreading malware and worms within the operating system. There are also these things called the rootkits have you heard of them? The person who wrote this article should do further research

  8. Tim Brogdon
    October 11, 2017 at 10:22 pm

    This is really bad advice. Linux has malware and security issues the same as any other OS. Linux does need BOTH AV and a firewall. If your not running a firewall and install SMTP for local use but miss configure it to be an open relay, a firewall would have protected you. If your running a web server and your website gets hacked and viruses placed on your server to infect others. Since you choose not to install AV you are now part of the problem. These are two out of thousands of possible issues with your logic.

    • KwaK
      October 12, 2017 at 8:56 am

      I think the author had intended the user case in this article to be the average, casual, everyday user that doesn't run servers and such ... which, while reduces the scope (instead of hundreds or thousands of users, you have only one compromised user), still puts them in even more danger because this userbase is the one that are usually unaware of the common Linux security/hardening practices and could have potentially dangerous services installed as part of some software bundle or left over from one.

      A perfect example of "would AV have protected you from a zero-day attack" ... if you're on the very first wave of targets, it might not protect you, otherwise, it most likely would have - the AV often receive more frequent updates than the OS receive patches (also, this depends on whether the system receives updates directly from public mirrors, which, while quicker, is potentially riskier, or a central corporate repo mirror ... also depends if your OS can be considered LTS, stable or cutting edge). The recent "wannacry" and derivatives of this cryptolocker virus also were quickly stopped BECAUSE of proper security countermeasures in place.

  9. Richard Steven Hack
    October 11, 2017 at 9:30 pm

    Given that most Linux distributions I'm aware of automatically install a firewall, I find the statement that a firewall is unnecessary to be undoubtedly incorrect.

    Plus many Linux distros come with SSH enabled by default and the firewall is needed to protect that, although if you don't use SSH it should be disabled.

  10. Lisanna
    October 11, 2017 at 6:02 pm

    "If you aren’t running any server applications, then a firewall serves no purpose. If no servers are running, then your system isn’t listening for incoming connections, and if it isn’t listening for incoming connections, then nobody can connect."

    The point of a firewall is to prevent incoming connections to servers you don't know are running. This is independent of whether or not you have one or two servers that you *do* want to accept incoming connections. If you don't want any incoming connections to your machine at all, a firewall is even *more important* in this case, not without purpose as you claim.

    It was irresponsible to publish this.

    • KwaK
      October 12, 2017 at 8:59 am

      I'm guessing the author of the article believes that locking doors to your house and your car is unnecessary as well - it's not going to keep anyone with a crowbar out is it? And who cares if every now and then stuff just goes missing or every other morning there's some stranger having breakfast in your kitchen or sleeping it off on your couch?

  11. Robin
    October 11, 2017 at 3:43 pm

    I agree completely. What I would like to know is what actual trouble that initial blanket statement about Linux users believing the security myth is hinting at. I doubt there is any.

    That's not to say that Linux is invulnerable. Only that no matter what you believe, in the past and present there hasn't been any actual malware threat for Linux on the desktop, ever. It's a different story if you run a server, especially an outdated one, and it is a bit different in the areas of Android and of the internet of things, but the risk on the desktop today is zero, even if you installed the very first version of, say, Ubuntu years ago and have been running that without any updates.

    That may change tomorrow. But antivirus is and for the foreseeable future will be a total waste of resources on the desktop.

    • William Vasquez
      October 11, 2017 at 4:24 pm

      You are absolutely right. In fact, some professionals recently discovered that having an anti-virus actually creates an environment to GET viruses. Yes, you can actually GET a virus by having an anti-virus. Don't believe me? Look it up. It leaves holes and exploits where infections can be introduced. They slow down a computer; they cause problems with some perfectly harmless software or websites; and are difficult to remove completely when you want to uninstall it and sometimes corrupt the operating system and registry.