Can I get a virus by using "sudo apt-get install"?

apt on a default Ubuntu system will be very unlikely to get viruses. However, it doesn't mean it isn't possible:

  • Malicious PPA
    One of the features of APT is the ability for admins to add Personal Package Archives (PPAs) or other software sources to the APT cache. These third-party APT sources are not necessarily trusted, and may carry viruses. However, it would take an intentional action of the machine's admin to add one of these infected sources, making it rather hard for one to add itself.
  • Hacked Repository
    In theory, a software repository may be hacked by a malicious party, causing downloaded .deb files to potentially carry malicious payloads. However, official software repositories are very carefully watched and security for these repositories is pretty tight. A hacker would be hard-pressed to take down one of the official Ubuntu software sources, but third-party software sources (see above) may be compromised a lot easier.
  • Active MITM/Network Attacks
    If a network is compromised higher up (by, say, your ISP), it is possible to get a virus from official software sources. However, an attack of this caliber would require an extreme amount of effort and the ability to Man-In-The-Middle many sites, including GPG key distribution servers and the official repos.
  • Poorly Written/Malicious Code
    Vulnerabilities do exist in open source, peer-reviewed, and maintained code. While these things aren't technically considered "viruses" by definition, certain exploits hidden or never revealed in the code could allow a malicious attacker to place a virus on or pwn your system. One example of this type of issue would be Heartbleed from OpenSSL, or the much-more-recent Dirty CoW. Note that programs from the universe or multiverse repos are potential threats of this caliber, as explained here.

apt (due to its importance on Linux systems) is pretty heavily guarded against almost all of these types of attacks on both the client and server side. While they are possible, an admin who knows what they're doing and knows how to read error logs will be able to prevent any of these attacks from taking place.

Additionally, apt also enforces signature verification to ensure that the files downloaded are legitimate (and are downloaded correctly), making it even harder to sneak malware through apt, as these digital signatures cannot be faked.


As for responding to a malware infection incident, the absolute easiest path is to burn the system to the ground and start again from a recent (and known-clean) backup. Due to the nature of Linux, it can be very easy for malware to manifest itself so deep in the system that it can never be found or extracted. However, packages like clamav and rkhunter can be used to scan a system for infections.


apt-get will only install from the official Ubuntu repositories which are checked or from repositories you've added to your sources. If you add every repository you come across, you might end up installing something nasty. Don't do that.


Files downloaded by sudo apt-get are compared to a check sum / hash sum for that file to ensure it hasn't been tampered with and is virus free.

Indeed the problems people have encountered when you google "sudo apt get hash sum" is too much security against viruses.

Linux is not completely virus free by any means however incidents are probably 1000 times less than windows.

Then again judging by my screen name I might be biased :)

Comment on November 28, 2017 mentions how Windows has 1,000 more workstations than Linux so why bother hacking Linux. It brings up the fact Linux is running on all 500 of the faster Super-Computers now and most Webservers are running Linux which makes it the best way to hack all the Windows workstations that attach to the internet.

Google Chrome, Android and Windows 10 gives users ample opportunity to give away their privacy and probably some security at the same time.