Does Mint need antivirus-antimalware-firewall
From The Linux Mint Wiki
Contents |
[edit] Does Mint need antivirus-antimalware-firewall
The short answer is NO!
This is a strange answer for someone used to the problems you have in Windows, but Windows is another world. If you have something really important on your computer, then by all means protect it with everything you can find. And if you are connected to Windows machines in a network, or have an email server, you should have an antivirus program that protects the Windows machines.
The reason is "file permissions"
In Linux you don't have permissions to do anything (except for the most part read) to files outside your /home folder. Those files are owned by root (or another user) who has the rights. That seems to leave your /home folder "unprotected". But as a program (like a virus) has to be installed to do something and installing is done outside your home folder (please correct me if I'm wrong) a potential virus is stopped. You have to be root, in Mint done with the sudo command, and give a password to install or change anything outside /home.
[edit] Anti-Virus Counterpoint Considerations:
(Needs placement under Anti-Virus section, a more clear explanation, and to direct the reader's attention to file permissions)
As pointed out above, a virus (under its formal definition) may not install onto your computer but may place itself onto convenient locations in your /home folder. This may lead to some rogue operation which some people may consider a virus; but would be more correctly defined with the word "worm" or "script". Since a user has permissions to edit their own startup programs, such a rogue script (if somehow executed by the user) could set itself to execute at startup, potentially scrambling or deleting data limited only to the user's folder in the /home partition *. Such operation cannot be catastrophic to your system as a whole, unless it was cleverly designed to prompt the user to enter their "sudo" password.
Such a script would not be detectable by a virus scanner in the Windows or Linux work. Since it would not have a specific binary finger print, and would most likely need to be customized to the targeted Linux box. To restate, this rogue program is not a virus, since it has no method of self execution/replication on a remote system. Also, it may email and use network devices to spread copies of itself; but again execution is generally dependent on the user. No system is totally secure, unless you have an informed operator.
Considerations:
- If it was an instantly destructive script that deleted files immediately, it would have little time to replicate. As it would be best/worst if the user didn't know the exact program (or even if it appended itself to an existing script known to be executed on the specified system).
[edit] Wine
Wine is an app designed to run Win32 exes under Linux. One could suspect it to be a virus danger. However Windows viruses barely run under Wine and what might escape from Wine will not execute. You may get "unpleasant files" on your disk(s) but nothing is messed up.
There is some interesting reading here: (two years old but probably valid) http://os.newsforge.com/article.pl?sid=05/01/25/1430222&from=rss Here is story from the Ubuntu forums that (almost) made its way to the headlines: http://www.ubuntuforums.org/showthread.php?t=72598
[edit] Antivirus
The fact that there are so many different versions (distributions) of Linux, basically the same but with small but important differences makes it hard for the virus writer. Ubuntu and thus Mint has its special way with root, the sudo. So not only are you running in a limited account, you simply never log in as root. This limits the possibilities for a virus to install itself.
Installing an infected program with sudo could is of course a risk. You should not install programs that are not in the repositories unless absolutely necessary. But if the repositories are infected then we are in trouble ..... An article often refered to is: http://www.linux.com/article.pl?sid=07/02/13/1637251 Another interesting article is: http://www.pcworld.com/article/id,126240-page,1/article.html
The solution this author has chosen is to install an on demand scanner (Avast) and scan when the need is felt :)
[edit] Antispyware
The need for this is even less pronounced than the need for antivirus.
Most spyware is Windows specific so it simply dies or is unable to run in Linux. Linux is not a big target for spyware, due in part to the difficulties of installing it (most Windows users run as "Admin", most Linux users do NOT run as "root") and in part to the relatively small install base (compared to Windows).
Just be sure that your software sources are trusted repositories, and keep a watchful eye on things that you install from other sources. Linux is not completely invulnerable to spyware, but installing it in Linux requires your permission due to the Linux security model. If you give your machine permission to install spyware, it will install.
[edit] Firewall
If you run any kind of server you need one, otherwise probably not.
All (modern) distros come with IP-tables and all ports closed from the outside.
If you have a direct connection to the Internet, you are better off with a firewall that makes your computer "stealth". If your ports are only "closed", an attacker still can't get in but could potentially notice that you are there and try to attack you.
A lot of people connect through some kind of router and then it's the router that faces the evil outside world and needs to be stealth (and most routers are configured this way by default), they are a hardware firewall. This also applies to many modems (ADSL or cable).
Having both a software and hardware firewall is your best defense, as the hardware firewall protects you against inbound attacks and the software firewall protects you from malware making outbound connections without your knowledge. However, as discussed earlier, Linux is much harder to infect with malware due to its security model (as long as you don't run as root, of course!), so generally a hardware firewall is sufficient for a Linux installation. And even if you don't have either kind log in attempts will fail, your ports are closed. To be even more secure you could add ALL: ALL in your /etc/hosts.deny file. This is is an order to deny all attempts to connect (that is not started from the inside, i.e. by you). If you have a network you have to add ALL : 192.168.0. to your /etc/hosts.allow file so your local network is allowed. (note: there should be nothing after 0.)
