You don't need antivirus unless you are running a mail server or sharing files with Windows users. This article explains in more detail about Linux security and viruses.

I've merged your thread into the GNU/Linux Antivirus Megathread. Please read the welcome message. As stated, there is no consensual answer to this question, so please take both "yes" and "no" answers with a grain of salt.

There are a lot of posts regarding AV and installing it on Linux, but my focus is upon a corporate environment. You have users that can access the Internet the same as a Window's machine, but the user cannot determine if they download something malicious. Not all Linux users are gurus. You can have a corporate network that is hosting viruses internally without detection.

Is it confidence or cost that causes people not to recommend AV for Linux? If your job was on the line what would you recommend to management? AV or not?

the user in a corporate enviroment is not usually root, so a virus would not do much, also most people run an anti-virus on a mail server, so a windows user wouldn't get infected anyways. It is also not necessary considering the lack of virus for linux, I don't think anyone in this forum has got a virus in linux.

In that case, I'd recommend some kind of AV irrespective of the technical issue. the bet is:

no AV, slightly better speed, no time "wasted" configuring
and
don't keep job if something goes wrong

versus:

AV, slightly less speed, some time configuring
and
keep job even if something goes wrong

My money is on the second option. As a 'super-fallback position' (for the paranoid sys admin only!) you can tell management that it might be difficult to test the AV thoroughly because Linux viruses are currently so rare, but you want to prepare for a future worst case scenario. Note that if management tell you not to bother (and that, technically, might be the right decision) they are going some way to taking the risk, not you.

Well, personally, I would rely on AV only under MS OSes. It is way too complicated to access to the system layer and start diagnosing anything.
Under Linux it's way much different but yes, it's possible to have viruses under Linux, but the only AV I see is the user and/or admin of the system.
There are file integrity checkers such as gamin and tripwire that exist wich may give clues on a system's infection, but nothing can tell if the viree has not been designed to change that software so it ignores those changes...

Actually a virus is not something different than any other program, it uses legitimate routines, often already written by well-thinking programmers.

The best way I see to absolutly PREVENT infections, is to copy screen-to-screen the software's source code and make sure no malicious actions are performed. That's what a very important server admin would do I guess.

To remove a virus is another story, you have to identify what are the actions performed, capture the data it sends on the wire, etc.

I don't want to scare any new comers, but some ways of being infected could be downloading precompiled software, installing from forged heavy-sized source code, downloading from a subtle replica site such as www.g00gle.com (this is just an example, not a real threat!) or even by letting unconfigured/misconfigured services listening on some ports.

Now to lower the stress level ^^, who would put malicious code in software knowing that it might be inspected by professional? If there's any virus being made, they better remain quite silent!

Finally, as many people already said, there are no real danger as long as the infected binary is not run in the root's domain.

I trust to the mods to move this if I failed to locate the most appropriate thread. I hope the references will be as interesting to other *nixies as they were to me.

http://servertune.com/kbase/?View=entry&EntryID=261
Mystery infestation strikes Linux/Apache Web sites
By Joe Barr

http://servertune.com/kbase/?View=entry&EntryID=261
Latest findings about the Random JavaScript Rootkit
February 04th, 2008

"Viruses" are so-o-o-o twentieth-century.

Today, web-sites are hacking your router!

Kindly look at this white-hat site: http://www.0x000000.com/ and prepare to be afraid ... be very afraid.

While it is entirely-true that unwanted modifications to the core system configuration are quite difficult in OS/X and in Linux (and, finally, becoming more-difficult in "stock" Windows), that's not how bad-guys are launching their attacks anymore!

Dear friends,
I am recently worried about security. I've been thinking about it for a while now, and ultimately decided to share my thoughts with you when I've found this great thread.
Security bothers me because it is one of the basic human needs to be safe, in order to be able to exist normally (Maslow's hierarchy of needs, which is explained in more details at: http://en.wikipedia.org/wiki/Maslow'...archy_of_needs ).

So (provided that Maslov is right), I started to think about it, and I probably started to invent the wheel again , but anyway you can take a look at my logic as follows:

First I asked myself:
Q: what are we dealing with?
A: Well, we have computer security problems (both existing and potential problems).

Q: So, starting from the beginning, what makes for a computer (thinking of a computer as an object)?
A: The software, the hardware, and the user.

Q: Which of these can be infected by malware (or be changed in a way that it does things we have no control over)?
A: The software, and the hardware, since the hardware is operated by the software.
So, the only part of this chain that is immune to attacks is the user.

Q: What does the user need to fight off the attacks (to stay safe)?
A: More speed?
Since, speed is relative, this could be done either by aiding the user's speed, or by slowing down the execution of software (execution speed of malware ideally, but the malware would have to be isolated first for this to work).

Then I let my brain rest from thinking about it for a while.

Meanwhile, since our brain never really rests (which is especially true during the sleep), I saw this movie (or should I say, I saw the light): "Tech Talk: Linus Torvalds on git" at: http://youtube.com/watch?v=4XpnKHJAok8

So, my question now is: has this... issue been already taken care of in git? Or, maybe I should ask:
Has this idea already been implemented within git, so we don't have to worry about it?

And, am I correct thinking that it works as long as you:
A: Pull software from trusted sources
B: Have some kind of backup, or history of changes?*

and provided that you have both of these elements.

*in case your trusted source is not trusted while you're pulling from it, which you don't realize during that process.

Now that things have cooled-down, I'm gonna un-sticky this thread and see what happens. Keep in mind that if there's another outbreak of "Do I need an antivirus?" questions I'll immediately give everyone a serious case of deja vous. That said, thanks to all the members who have contributed their $0.02 in this megathread - your time and energy is much appreciated.

It is almost unbelievable how many viruses are out there for windows based systems and what is needed to prevents system from being compromised. Should UNIX/LINUX based system be equipment with some type of virus scanner to prevent intrusion. I understand that UNIX/LINUX is a more secure designed system and the best thing for any system is to harden them but should an anti-virus be part of the arsenal?

For Samba servers and mail servers............yes. It's a good idea for a desktop box to so you don't forward attachments that are compromised.

If you're doing mail scanning and such-- sure it prevents recipients of messages and trojans from being bounced around. It's really NOT for the machine itself generally though.

The unix user security system is much different than that of windows, it had a different design philosophy and unless there is a buffer overflow or exploit of some kind being taken advantage of to get root access it limits how much damage the virus/trojan can do. It's one of the many reasons for instance that daemons should really run as their own user and not "nobody" or "root" or even a shared "daemon" user.

What exactly is the *nix design philosophy? From what I can tell, *nix is vulnerable to all of the same threats as Windows. For example they both still have an administrator account, both have configuration, software, and hardware vulnerabilities, both can be managed by users who don't understand the threats they face, etc.

Windows Vista actually seems to have many more built in security measures than *nix such as; Windows Resource Protection, Mandatory Integrity Control, Services Hardening, Volume Snapshot Service, Windows Defender, etc.

I think the reason why there isn't as many attacks for *nix is because of the environment it's in. For example, monoculture. Other things about the environment is that it's drilled into the brains of new *nix users to not use the root account unless absolutely needed, to only get software from trusted sources, to verify its integrity, etc. The average Linux user is more tech savvy than the average Windows user. I just don't see what's so special about *nix that prevents it from being attacked other than the environment it's in.

Well, Linux was constructed from the start to be secure. Windows have to be backwards compatible with the insecure past and many of those new security tools are just patching up that. Windows defender is to defend against viruses and since there are none for Linux no anti-virus is needed. Admittedly, since Linux isn't run by a big corporate giant, it is probably less fun to write visues for it, but it would also be more difficult, although not impossible.

As for the original question. Unless you are running a file server that serves Windows clients, I wouldn't bother with anti-virus, it just wastes cpu power. Any trojans and worms out there will find the unprotected windows machines irrespctive of what your Linux box has installed. Again, there are no viruses for Linux.

Mons