Flipping the Linux switch: The anti-virus question
We watched as a couple approached the little machine with a salesman. They jiggled the keys. They ran their fingers on the touchpad. They asked why the user interface wasn't as familiar as their home machine.
"Linux," said the salesman. (He was ever so helpful.)
The next question, "Does it come with anti-virus?"
That certainly stumped the salesman. He answered a non-answer, really. "Linux," he said, "It has Linux anti-virus."
For the record, the Eee, which runs a form of Xandros, does in fact have anti-virus. We are pretty sure the reason for this is two-fold. One, it puts some people's minds at rest to have something called "anti-virus" on their computer. Two, it does isolate and quarantine viruses -- viruses that might not affect Linux itself, but could easily be passed on to a Windows machine.
That's not to say there aren't viruses that can target Linux. Historically, there have been some. And there are browser exploits, of course, that no operating system is completely immune from. However, viruses, as we think of them in the Windows world, are highly unusual.
Why is this? People say it's because not as many people use Linux, so it's not as appealing a target for the virus creators. And certainly, to some degree, this is a true statement. There aren't as many Linux users, and when you're setting out to wreak havoc on as many computers as fast as possible, it makes sense to target the operating system the most people are using.
But that's not the whole story. Even the Linux viruses that have surfaced haven't been particularly widespread. This can be largely attributed to the way that Linux handles user accounts and permissions.
When you first install Linux, every one says, "Do as little as the root user as possible." First and foremost new users are told this to protect their new systems from themselves. It's easy to forget you're root, or forget where you are in the system, and really screw things up. But viruses are another good reason.
No doubt, you've noticed when installing a program from your distro's repository, you are asked for your root password. If you cancel out, or try to continue without root privileges, you won't get terribly far with the install process. If you've added a new repository, you might get warnings about trusted sources, and references to keys. As inconvenient as it might seem at times, this is the first line of defense against any nasties that might come to your system.
When you're wearing the root hat, you've got to know at least one (and preferably both) of the following things: Can you trust the repository or software source you're using? Do you know what the software you're installing really does? Generally, if you're installing from your system's repositories, you've got little to worry about. But if you're installing from an unknown source, know exactly what's coming wrapped in your package.
The good news is if you take the "don't run as root ever" advice (except when installing/removing programs), you're safe from the nasty things other people might send your way.
Regular users can not install programs to the larger system as a whole. They can install them to their home directories. So, then, what happens if a hypothetical virus, somehow, sneakily worms its way into your home directory?
Your home directory could be infected. If you don't have (or give) the malicious program root privileges, it's not going anywhere else. There are more than a few ways of eradicating this hypothetical virus (including deleting the user and their respective home directory, and creating the account afresh). But, as we said, Linux viruses are really quite uncommon.
There is another reason why. Ever download an executable file from a browser in Linux? It's different than Windows. If you download an executable script in Windows, it's ready to install. In Linux, in order to run the script, there's an extra step. It has to be made executable. Once again, this has to be done as root, so give it some thought before doing it. It's good to know, though, that the chances of an executable script taking off and doing its own thing on your Linux system is slim to none.
You can install anti-virus in Linux, if you really want. Certainly if you are setting up a file server in your home, or a mail server at work, you might want to run something like ClamAV. The systems that will benefit most from this aren't the Linux systems, but the Windows machines on the network.
Using Linux, of course, isn't an excuse to throw all caution to the wind. There are very real threats out there that aren't carried out by particularly clever bits of malicious code or disguised attachments. It can not protect you against phishing, for instance. But with a little due diligence, your system, and data, are safe. No yearly subscription required.