Is Linux still safe? Do we need to use antivirus?

Linux itself (the kernel) is mostly safe. Until someone find a new ptrace or vmsplice bug of course…

But a desktop OS, whatever it is, will never be really safe IMHO. I would even declare that no computer system as large as an OS could be totally safe. The real difference is what the malware (virus/trojan/worm/…) will be able to do when it will come to your desktop! And here, using GNU/Linux and FLOSS in general make a difference.

First, FLOSS projects often care more about security than closed ones. This is simply because everybody have access to the source code so any security mistake would be pointed out relatively soon. And then there is two cases: either this is a serious project and the bug would be corrected quickly, or this is a project which doesn’t care much about security and most user will simply stop using it => the project will die because of lack of users.

Second, the way a Unix based system is organized, with strong privileges separation *by default*, make it relatively hard to exploit by malwares. Even if one do enter your environment and maybe install itself to be started with your session, because it can not install itself to start with the system without getting first privileges for that, it will have to find a way to escalate privileges up to root to really be able to harm the system.

Just try it! Without a real strong security bug in a program run as “root” (in the kernel, or into a library used by a program run as “root”), it’s just not that easy. Let’s even say it’s quite impossible until one of these bugs has been found. Of course, except bugs, there could be a security hole introduced by a misconfiguration, e.g. some knowledge-less user blindly following some wrong instruction in a forum.
But in this case it’s not a program bug but a user bug. 😉

Last but not least, about data security (lost or corruption of data), let’s remind everybody that the best way is not to use an anti-virus but to make frequent backups and to save a copy in another place (in case the main one would burn, be flooded or whatever) ! It’s the best way to protect your data from just almost everything.

Posted by Jean Christophe André, from HanoiLUG.