Should You Run Anti-Virus On Linux?

Short answer: No.
Long answer: No. However, do not copy and paste random commands found on the World Wide Web, and only use sudo privileges sparingly.

As a *relatively* new Linux user, the advantage of having the device running without antiviruses or data collection (both consuming so much of the resources) breaks any disadvantage.
Been quite the journey switching to Linux, but the worthiness and the end result is what makes all the effort feel like nothing.

I have been using computers since the DOS days, so I have been running Windows since Windows began. In all that time, I have had 1 virus and that was on Windows 95 and I would say it was my fault that I got that one. No anti-virus program can protect you from yourself. Not a single one can stop a virus that you give permission to run. I have reloaded many PCs that had hundreds of virus and malware programs on them at the same time. The users waited till they could no longer use the PC before doing anything at all. I did a clean install of all their stuff and gave them a stern talk about their habits. Most "got it" and I never had to deal with their PCs again. Some were back in weeks with the same infections. They could not stop going to the places that got them infected. They are their own worst enemy. "I just need a better anti-virus program," is all they would say. For these people, it wouldn't matter if they were running Linux, they would still find a site that would infect them.

I worked at a very large company and we had windows and linux users in the same network. The internal servers that ran linux did have anti virus to hinder the distribution of windows and mac malware (mostly ransomware) because we were sometimes attacked by hackers.

Thank you for this! I've been having this question on my mind for a few weeks now, glad to have it answered. Great video, keep it up! :D

I appreciate not only the definitive answer but the reasoning behind the answer.
Again, thank you so much for your videos and all you do for the Linux/FOSS community, esp us noobs out here. 🙂

Very informative. Thanks for the video. Was surprised to see that SELinux wasn't mentioned though I understand that that precaution is mainly designed for the server space.

Great video and a good topic for commenters bouncing ideas of each othe when thinking about solving problems. Sometimes the linux box is the firewall or squid proxy (or similar) and so antivirus is on there generally anyway as an option. Extra layers of security are not a replacement for security though. For example, making a choice between dependency tree and containers is an example because containers are not a replacement for security but an extra layer of security. Encouraging distros that still use dependency tree installs for software already on the (CD/DVD) ISO file _(rather than deprecating old software in favour of assuming an app-Image or SNAP packake or Flatpak as a future of application distribution)_ prevents an eggs in one basket scenario. It is often more lightweight on hardware generally and keeps older microarchitectures that stood the test of time _(and old architectures in general)_ as an extra string to the bow even if the processing power and storage are older and humble, rather than having all eggs in one basket with the latest approach of early adoption. A method of application distribution that can give you everything is also a method of application distribution that can take everything away from you. If using SSL, ask yourself if you want to use LibreSSL. Likewise SSH and secure sockets are useful so that not everything has to be done by tunnelling which after all can potentially hide a hack that somehow manages to get in. There are pros and cons to VPN. It is not to say bad things about VPN but rather to be mindful of taking a nuanced approach to having the right tool for the job at hand. The compromises of today become the standards of tommorrow. A password is one way to use an identity layer. An OpenPGP card might include GnuPG. It is not just what you are signing into but by what mechanism you do so which you take into consideration. LAM MPI (See Open MPI) comes from excellent work at Indiana University as in Open Indiana OS. sometimes looking out side of linux _(even if only to return to linux perhaps)_ for an OS and technology is a way to keep options open.
Using a Linux antivirus is an opportunity to reach out to and donate a few dollars to those linux coders, keeping them in the loop. Antivirus software exists not only to protect against a malicious software but to write malicious software preemptively sort of like ethical hacking. Even if those "potential" malicious softwares never pop into existence, the knowledge of what thet technology can do thereby does come to pass. As such there is utility in the existence and publicising of the software which is also a body of knowledge in that form. This software technolgy and spreading of an idea (sometimes including peer review) can influence future hardware design for example of a custom microarchitecture. Ironically, that very microarchitecture _(for example of a CPU, gate-array or some other component)_ also may never come into existence in a more tangeable real-life (such as hardware) form but may remain in emulation forever more. Preemptive distributed "ethical hacker" hacks against ledger poisoning and DHT attacks are another way to anticipate and prevent malcious software events. Speed of scanning with ClamAV _(or some other antivirus)_ can be planned for when building your computer such as whether or not you desire a filesystem which does a lot of its work in memory (like ZFS) because do rmeber that will use memory even though you might desire that for something else at that moment. So consider using a fast journaling system like Reiser4.04 (e.g. for Debian10 see metztli) and whether or not you want to thereby use a magnetic HDD rather than a SSD (or NVMe) since journaling can be hard on the NAND semiconductors for wear and tear. The HDD also avoids the namespace passthrough mess of NVMe for virtualisation.
Some might say an antivirus for a virus that does not exist yet is unnecessary detail, an answer to a question nobody asked, however, also, they say there is no such thing as bad data. Many a prototype in software exists and becomes useful later and that is not exclusive a concept to merely an antivirus software. For example the notion of voxel graphics being used on old dumbphones retroactively was an example of that happening. Remember what license you might sek for software (and it can affect antivirus too). Ask yourself of a license you seek to use, "Is there a GPLv2 or GPLv3 or or MPL or MIT or Apache or BSD and so on?"_ The Botan software library can be an impressive software where people desire that license. If you adopt container distribution, ask yourself if you seek to forever relying on the fastest for example where BitSwap is IPFS _(a use case being IPFS and Netflix as an example)._ Consider also if you are using encryption that relies on a hardware specific instruction set. Antivirus software can also be a form of proprietary software but also FOSS software (or even Public domain) and so the technology, by means of existing when written as a FOSS (or copyleft, etc.) antivirus software, can be a future contribution to a technology yet to be invented and that might be in the Public Domain such as by Copy-Left. Not only does an antiivirus get written but also some sort of documentation comes with it, be that a manual _(as in the constructive heads up for 'RTFM' meaning 'read the flipping manual')_ or a humble changelog. As somebody with a stationery fetish, knowing that I can have the liberty to draw a chart over time of antivirus changelogs to further embellish the picture-framed graph-paper adorned walls of my catacombs HQ really makes my day. I can sleep like a baby at night knowing that in my world every potential bug is a potential feature. Relax, guys. As I whisper the innoculating sweet nothing of "trust me" into your ears, you can rely on me, just like you can rely on Porton Down.
My comment has no hate in it and I do no harm. I am not appalled or afraid, boasting or envying or complaining... Just saying. Psalms23: Giving thanks and praise to the Lord and peace and love. Also, I'd say Matthew6.

Another excellent guide, thank you very much👍

Note on ClamAV: it actually ships with an "on-access daemon" (at least it does on RHEL & Fedora) that uses kernel APIs to scan and block access to malicious files when users try to read them. If you are deploying Clam on a server that accepts arbitrary data upload, this is likely what you want to set up (of course, alongside regular full disk scans).
I've had Clam deployed in this configuration on a file server for a small office for more than a year now, and I've had significantly reduced number of virus-related tech support calls. But again, this is only to protect Windows clients in the network. TBH it was quite a hassle to set up correctly (especially with enforcing SELinux), so if you've got a Linux desktop instead of a server, it's most likely more work than it's worth.

Linux Cast, another great Linux youtuber, recommends updating your system once a week or every couple of weeks. I've set up a crontab to do it automatically.

Congratulations on 200k ...u really are doing Great 👍

Thanks, very informative and helpful!

I would say "do you need" and "should you" are very different questions. You don't need but you should consider it.
Yes, there are not many linux based viruses, but as you said, if you use linux as a file server it makes a lot of sense. So it depends.
The other thing to keep in mind is, that when it comes to security it doesn't hurt to be ahead of the curve.
Since you mentioned firewalls. Do you need to run a firewall: no. If you are a regular desktop user then there should be nothing configured that listens on external ports. Everything should only use loopback. Yes, firewalls are a lot more common. The reason is that there are a lot of systems that need it thats why it is rather easy to do. It would be nice if that happened with virus scanners as well. Make it a lot more easy and accessible to use them and that only happens when a lot more people use them.

Most users use their OS as a bootloader for their browsers. If you use linux I recommend that instead of intalling an antivirus you do what's said on the video + hardening your browser like installing an adblocker and blocking popups

Interesting video DT how about a video for us newcomers on setting up firewall and disc encryption and maybe SSH although the later maybe for a more experienced user

very thorough and clear explanation, Thank you !

Thanks for the overview. It applies to all systems as well! Doing everything you've said will lock down most machines! Could you do a web browser security setup with password management video? Web browser's, portable hotspots & routers such as Net Gear have many settings that are not explained as optimal configs.

I'm someone who does like having AVs just in case, cuz the best viruses are the ones you can't see/expect and I reckon Linux will see more of those in the future.
If you're already "nerdy" enough to use Linux though you might as well harden your system security by yourself, run everything in a VM and make (preferrably external) backups. That's pretty much the foolproof way for any PC user imo

another nice "keep your heads up" video DT ^^
it's true enough, whatever OS got the most "normie" users, that is what OS you gonna craft your virus for.
but whatever OS is used, malware that doesn't need user interaction aside.
the one behind the keyboard tend to be the one that installs them.
and if Linux ever become the standard desktop, I think it's interesting in the sense of "how do you craft such"

Thank you. Very informative.

I kinda like the editing of this video. The zoom in and out is pretty nice 👌

GREAT WORK thank you

There are tons more attack vectors that are very hard to protect against. Imagine a malicious npm package repository gets hijacked and it has millions of installs. If a software previously known to be legitimate pushed some malicious updates you're going to get infected no matter the OS you're running. Having an AV may protect you against some obvious malicious behaviour or known malicious files and that's good on any OS.

Great vid!
Where did you get your T-shirt?

Antiviruses may be useful in scenarios where automation is needed, at the end user level in many cases they generate a false sense of security and unnecessarily consume system resources, which is bad for low-end computers, although they can help people less experienced it should be noted that false positives are not uncommon either.
Another important thing is that most antiviruses programs are proprietary software, and together with controversies such as the Avast issue, they may not be as reliable as they seem at first glance.

So agree! Good tips.
Maybe check out safing Portmaster. Great firewall, blocks all incoming connections by default.

I'm one of those that use clam Av, because I'm pretty much the only one around me in regular contact, that uses Linux. It has saved me from passing on a virus or two to someone on a Windows machine. As many I know don't know computers well and am more likely to get something from them, that I could pass onto someone else.

I love your shirt, man. My exact feelings on Ubuntu.

One of the things I became used to is to always install software from either Fedora's repository or from Flathub. The sensation I have nowadays when occasionally running Windows and I need to download an application and install is of the same nature of the sensation I have if I forget to buckle my seat belt before driving... It feels unsafe and unnatural. If the day comes when we will really need an anti-virus (I don't think we're there), for me it would be enough that the repositories had an anti-virus scanning every application that is added to the store (if they don't have already). Using Linux is implicitly trusting the repositories and I'm fine with that. Users who download ELF files elsewhere do it at their own peril.

Can you tell me where to buy these t-shirts? Asking for a friend and myself

I've noticed that, when I immigrated (moved from windows to Linux full time) I realized Linux doesn't really need AV, so that put my digital brain/heart at peace.

This was so funny. I was do a Linux Mint install on my stream today and we got talking about viruses and malware on Linux. At the end I always tell people about your channel and low and behold here you are talking about the same thing.
I remember back in college, in one of my classes about operating systems, someone asked "Why does Windows get all of the viruses and Linux gets none?" I raised my hand and told the class that the reason for this is because all of the viruses are written on Linux and we are not going ti infect our own systems.
Joking aside, if Windows users treated their system the same way those of us on Linux do, update the system every time it shows one available, use strong password, stop auto logging in , and stop downloading stuff without knowing who or where it came from, then they would not have to user anti-virus. Using common sense is the biggest thing you can do to stop, I am guessing, 90% of the viruses out there.

No sure yes but as a good backup from over network possibly, self-replicating, be a good idea to still have AV on Linux and occasionally run it to scan entire drive.

Having an anti-virus program on Linux is the best way to scan a hard drive with Windows on it. A Windows virus or trojan is totally dead and can't hide while being scanned from a Linux OS. I either take the drive out and plug it in a Linux desktop or use a bootable USB or CD Linux distro with an antivirus on it. Other than being used as a tool to fix Windows I really don't need an antivirus.

The only problem I can foresee as a Linux user when they were sending out cd's. My first taste of Linux was Saboyan, adding unknown 3rd party repos. Hackers at least imhop are poisoning the repo in order to infect your computer. Windows uses .exe and the like. Whereas Linux uses packages and tarballs. Not really much of a chance of getting infected, but it's still possible and hackers are writing progs to do that more often now.

AV is only a safety net for those that just randomly click on things and dont pay attention to what they're executing, you dont really need to run it on anything technically. The main issue is primarily the user's habits and how the software is distributed and obtained.

After I had some issues with external HDD, I felt I have to install clamav on my desktop. No viruses 😀 Although I'm using btrfs, I think DT reminded me about firewall. It's a good idea. Thank you, Derek! 🙂

I have ClamAV set to run and update at times when I'm unlikely to be using my computer. For me, it's like the grip safety on an M1911: It's not hurting anything to have it, and it might help.

Just Linux users don't usually distribute software via executables due to dependencies. It's always packages that are usually from well known repositories. Modern Windows OSs also block exe-files distributed over the net.

i still install ClamAv into any linux distro to check drives i plug in, its helpful if you want to check a windows drive externally.

Use a strong and complicated password just like DT does !

Since you mentioned ssh there is one thing that is a must to do: Never ever use deafult port for ssh,change it to any other except 22 for security reasons. What i said doesn't come from me but from cisco. I will give you good reason to avoid default port. Few days ago i came across list of trojans and ports they use and one of them used 22. Whenever you're implementing something avoid defaults at any cost especially if you're hardening your security and you as advanced linux user know it but most don't. If you really wanna keep undesirables from your system and network consider using digital certificates. Certificates aren notorously difficult to break through but still not impenetrable but they add layer of security, they are equaly notoriously diffuclt to write.

good advice

Just FYI: We have a hardware firewall, and the log shows many "Ping of Death" packets dropped in the last week.

Also if you serve any files (exs e-mail, FTP, HTTP/HTTPS) it is suggested to a use virus scanner.

I've been using a hosts file to block ads and unwanted sites for years. It makes the Internet a much nicer place, and makes a lot of the initial infection vectors simply unavailable. I use the winhelp2002 file, although the maintainer has kind of abandoned it at this point.

Are Linux servers also not being attacked as well? Given servers' prevelance, I'd think they would be.

Thank you buddy.

I had no idea the firewall is disabled by default. Thanks!

Yeah, just run all copy-paste scripts from Internet as sudo users :D actually it would be nice if some program could check for the user WHAT is he running from external curled or copypasted script. This would be extremely useful for new users especially.

Very sensical. I do all of that, and I never have bank details or logins on any computer. In my head or in the little safe at home in case I forget.
MacOS is in a decent position as well - it is BSD Unix at its base, so also open to eyeballs from the community.

but behavioral analysis is always a good thing to add to your OS, I mean all EDR solutions have more feature than the behavioral analysis and probably are very stupid(still evolving) features, like the heuristic analysis.
but when a malware get into your OS, it's not the end of the game(tom and jery as malware analysts say) and should not be, so even if you do a mistake which is really really common. there should be a way to detect that, which is where antiviruses/EDR solutions or any equivalent tool or script you wrote yourself etc comes in handy.
for example, your got yourself a miner that persists itself by injecting itself in a dependency that must run on the startup of the OS, so would you just consider it the end?
I don't think it's the good way to think of this, you still can check the integrity of your binaries or analyse behaviors of some binaries (for example some binaries shouldn't be able to spawn other processes).
so there is another stage after you get "hacked", that's where having an antivirus or any thing similar could be useful.
so most folks would say, don't download random stuff from the internet. don't just run command... etc. but the person himself don't read source code of a certain 3d party software some of which WMs and status bars, and so on. and to be honest almost nobody does. so we all can get hacked at any point in time.
now the same person would say that he haven't got hacked ever in his life. but then, he's not a corporation and he's not attracting too much attention to his setup to begin with. so considering yourself(in general) secure just because you are careful of what you download has some shades to it.
also let's consider you read each package source code before you decide to use it... even then if there is a bug in that package you probably won't know that so vulnerabilities are not a thing you avoid just by downloading the famous packages or reading the code of what you download. I know that nobody can get away form this, so here is where the automation comes in handy, now the vulnerability as simple as a very stupid buffer overflow but the user(even some security specialist) can't notice the exploit when it happens. but the automation can.
so saying that you don't need an AV/EDR is kinda not really true, I wrote many malware samples on windows and even windows defender(really shitty) caught some of them when I try to do some shady remote execution. where the user won't notice anything while he's watching his cats videos on catshub.com.
so basically and generaly, automation is a really good thing to have in your poor operating system.

Around the 5:40 time mark, disk encryption is talked about. My questions are "Can't someone guess or crack the password for that as well? Does disk encryption stop the files on your drive from being readable when connected to another machine or from a live disk? Am I missing something?"

Throwing out a generic "you don't need an AV" is throwing out a generic "I don't know who you are but I know you're smarter than any hacker you can find online" which is quite a statement without knowing who you're talking with

I am Decryption my file on fedora but when i use xdm download manager does not work say your file is protected for use

When I switched from Windows to Linux I had a key for an antivirus on Windows which worked on linux as well so I installed it and has so far it has not detected a single threat, I will probably still renew my license after it expires as it is always a good to have.

I update at the start of every day. Takes a few minutes to download a couple of small updates rather than a big download of multiple updates plus a bunch of installs once a week or so.
But that's just me.

Obrigado !!

Ths for this video

It depends on the user and the demographic of the user as well (this actually applies to Windows users, and for crying out loud, Windows users, don't have your admin account the same as the first account that you setup, such a simple extra thin layer of protection, not much, but better compared to not doing it and not even having a password). Most of your script kiddies don't mess with Linux, because typically the users are more cautious compared to Windows users. But as far as virus/malware etc, it doesn't even have to directed at Linux specifically, but cross platform software in general. For instance, a few yrs back there was nasty malware being used in PDFs when opend/read in browsers, especially as default. That was no bueno on all 3 systems. Stuff like that.

Even in Windows, you don't really need an antivirus as long as you don't do 'stupid' things.
But yea, get a firewall. Preferably a hardware firewall. I highly suggest Firewalla Purple for Internet speeds < 1Gbit or Firewalla Gold Plus for Internet speeds > 1Gbit.

A lot of people bring up good points about the whole "don't visit sketchy websites or download sketchy files" but that doesn't help when more reputable piracy sites can look just as sketchy as any other site out there
As someone who will openly admit to practicing piracy, I can attest some sites do look a bit sketchy but provide what you're looking for. Some of them look pretty damn legit and professional and you can still get viruses
If you're gonna pirate something, you definitely need an anti-virus software just in case because it can be a mixed bag for what's safe and what's not safe
Also- even though sites like VirusTotal exist- VT only works with files of around 660MB, which a lot of modern games and programs exceed in size which makes the website a bit redundant and not that useful
In general some common sense can help but, it can't always stop a virus if you go through a piracy site for a copy of a game that's $500 for a real copy because of price jackers and scalpers

Does Ubuntu come with a built-in firewall?

DT mentions updates in linux. As soon as he mentions the word update, I look and darn sure nuff, I had an update.
Getting like windows with the updates, honestly

What about uncomplicated firewall?

Years ago I had a well known Windows anti virus programme that reported itself as a virus.

good video. hilarious shirt.

TimeShift or gnome backup is also Great for newbies

Good video.

Antivirus on Linux is more for detecting viruses for other operating systems than it is for Linux viruses. Sure Linux viruses do exist, but it's not likely for one to get on your system if you follow the common sense best security practices. I've run Linux on a desktop for over 20 years now and not once have I ever gotten a virus for Linux on a Linux desktop. I've only ever run an AV on Linux to check files for other operating systems. When security bugs are found in software on a Linux system, they are usually patched very quickly with the update available to you on your distro of choice by the time you find out about the bug. Unlike other systems that typically release patches on a monthly basis, in the Linux world a security patch gets made, tested, and pushed out very quickly. It's not just one company with thousands of programmers the hackers are fighting against, it's literally a community across the whole world they're up against so when bugs get discovered, someone is almost always working on it to fix it ASAP.

Windows user: wait windows itself is a virus?
Linux pro: always has been

The thing is, if you use both windows and linux on different devices, even if a malware doesn't affect linux, your linux device can still be a vector for your windows device.

i am a linux main since 2 years...
i used to have a bug where windows defender would do a full scan off my SSD while booting.
literally 100% drive usage all the time..

For me, the biggest threat to my Linux distro is me. I tend to manipulate my operating system for fun and experiment. So I had to reinstall or try a new distro at least once a year. LOL :)

If you update your system regularly and stick to software from official repositories you dont need an antivirus.

Its Funny I agree with you, but most enterprise IT shops that have to meet PCI compliance are forced to install antivirus for linux. It is a waste for the most part but compliance is compliance.

You only need antivirus if your compliance requirements force you to have one.

Are browser password managers safe?

I use Clamtk tho sometimes when receiving files from peers

Im running Linux and a week ago every time i strt the system im getting around 10 notifications that are some type of virus or malware . So linux developers need to rethink not putting some type of protection in as standard.

i really like linux. it is my first time using it. i didn't know what it was at first. but it has chrome on it and i like it. it kind of sucks you can't put an anti virus on it. but always watch where to go. my parents tell me that all the time. i am really starting to like linux a lot,. but i am still new at it

I don't run AV mainly because I don't know a good one. (ClamAV doesn't cut it) I certainly would prefer to have AV that integrates with firefox and scans if site has sus javascript. For now I have to rely on uBlock blocklist only.
Being Uncatchable Joe is not the best form of security.

Watching this on a Raspberry Pi 4 with Manjaro. All my computers run Linux with no AV installed and have been trouble free for over ten years. I have one hard drive with Win 10 installed just in case I need to run some software which won't run on Linux. Again, no AV installed because I have disabled the network drivers.

In the past I connected into a windows file system to get rid of infected files using Linux

Linux Mint Cinnamon actually advises you when updates are available. Nice.

What? No final quip?

The biggest vector for viruses and malware is what I call "stupid clicking".

Could Linux users be vulnerable to malware created for macOS, due to the fact that both are essentially Unix systems?

Great video DT. I use ClamAV which perfect for my system76 machine. Even the support team at system76 highly recommend to use it.
Funny thing if you look at Norton, Symantec, McAfee, and some of the other big anti-virus software companies. They only support Windows and Mac. LOL 😆 🤣 😂.

In general virus and malware crap is enduser caused - driveby attacks exist though - but if you’re an average user that runs in a highly privileged account because sudo is annoying (which is the main reason why windows was so open in the past until they locked that away behind the uac prompts over a decade ago) you can always cause mayhem, no matter the os - Don’t install random stuff and stay away from dodgy sites and you’ll be fine!

Windows is my main OS and first thing I do after install is to disable antivirus and firewall.

Only wanted to know because i had a nightmare last night that somehow a windows virus ran on my linux mint distro using wine, started installing a bunch of windows 93 apps, and had really weird payloads that were a mishmash of every virus i know (solaris, wannacry, y.exe, youareanidiot, etc)
thank god that won't happen.

Love the shirt!

i wouldnt have minded something like defender when i used to run windows, if i could turn it off. in general anti-viruses take up alot of resources.

This comment is just a suggestion for a topic. I know you do not like to review Alpha releases. But some Alpha releases are very important. For example, Debian Bookworm. That is worthy of discussion. And talk about what you expect to happen by the time another release is published, such as what version of Qt.

I would anyways. You always wanna make it harder for hackers to get into your system. With Linux it’s already really hard, but if you can add an extra wall of security to make it THAT much harder, why not?

Well one year later you can get the free terminal app clamav then add the GUI clamtk

How else will you know if that rootkit will be detected?

Ubuntu means "I am, because we are." It is a traditional creed here in South Africa 🇿🇦. It is pronounced ooh booon too. 😊