Is there a point in installing antivirus on Ubuntu?
This is simply not true. There are many types of malicious code which can be run on 'Nix.
The point is (and the misunderstanding), is that there is significantly less when compared to Windows. For whatever reason it's become common place to use AV on Windows.
http://en.wikipedia.org/wiki/Linux_malware
There are a few AV programs for Linux.
There is also more information on super user. The rest of 'my' answer is copied from the answer of that post:
Well, it factually is not... it's just less subject to hackers developing viruses that target Linux systems. Consumer grade computers usually run on Windows and thus, when targeting a wide audience, Windows is the way to go.
Don't misunderstand Linux and viruses, there definitely ARE Linux viruses.
Some distros have additional protection layers such as SELinux in Ubuntu for example. Then there's the default firewall and the fact that alien files don't automatically have permission to be executed. Specific execution permission has to be granted before execution is possible.
Then there are several other factors that make Linux a hard place to be for viruses usually non-root users on Linux systems have no to little executable files at their disposal that would allow for viruses to stay undetected en propagate. Some programs just require you to be logged in as root (or by use of
sudo
) before they run or to access/modify directories other than your home. It's just a lot harder to develop a viable virus that would spread as good as it would in Windows.UPDATE:
As mentioned below, most machines that run Linux are either servers that are run by people who know a thing or two about what they're doing. People that run Linux for desktop use usually choose to and also do know what they're doing. Almost all computer illiterate run Windows and therefore it's much easier to get those computers infected. "Hey, this machine tells me that I have I virus and I have to purchase this Anti-Virus program called 'FAKETrojanHunter' to get rid of it... Okay, let's do it!"
Because no Linux distribution/installation is equal per se, it's harder to develop malware that would infect them all as efficient as possible. Furthermore, almost all software run on Linux is Open Source, making malware much more easily detectable since it's source is open to the public.
First ask why is Ubuntu-Gnu-Linux more secure.
- As it is MOSTLY (unless you install non-free) Free Software (Software libre): the source code is available (Freedom 1 — the freedom to study how the program works), making it harder to hide malicious code.
- The huge repositories and the installer: make it, mostly, unnecessary to install arbitrary software.
- The system is better architected: designed to be secure. If a virus is written, that exploits a vulnerability, then fix the vulnerability (vs blame the virus and detect when it gets onto the system).
- Files are not executable by default, no matter what there name or extension.
- Diversity: Different distributions, address randomisation in kernel to make bug exploits more difficult, etc.
In addition you should:
- Backup regularly.
- You can use the multi-user feature, even if it is just you using the system:
- Have a sandbox user for testing new software.
- Set up subversion (or mercurial, or if you are good at using stuff that is hard to use git) a revision control system, so when you break something you can role it back. Then have the repository owned by a user svn, with no write permission to any one else. Then use tunnelling (ssh) to connect. That way if your account is compromised, the intruder can break things, but the old state will be in the repository, and can not be deleted.
- Look into configuration management e.g. cfengine, Puppet, Chef (or perhaps the fairly new Ansible).
Note: Gnu/Linux is not perfect, there are many problems. There is currently research into new ways to improve security. But it is still better than the rest (possible exception of some of the BSDs)
Yes there is. Imagine that you have a file with a windows only virus as part of the payload and it passes through your Linux machine. You have the opportunity to remove it before it is sent with e-mail or on a USB stick to a friend. If this happens the virus is now on his Windows machine.