Home Learn Linux Linux Tutorials Myth Busting: Is Linux Immune to Viruses?

Myth Busting: Is Linux Immune to Viruses?

In a word, "no."

Any computer that is attached to a network is not immune to viruses. But, as with everything else, it's relative. If you compare the vulnerability of Linux to Windows, you can understand why so many say Linux is immune. But before we get into any myth busting, let's examine just what a computer virus is.

According to Wikipedia, a virus is a computer program that can copy itself and infect a computer. That's a pretty broad description. Most people would consider a more specific definition. That same Wiki page continues on to say The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, adware and spyware programs that do not have the reproductive ability. Now we're talking.  So with the two definitions combined, you could say a computer virus is any type of malicious code or software that can either infect a computer and replicate/distribute itself or a piece of malicious code or software that can be unwittingly distributed via numerous electronic means.

Means to an End

Computer viruses can be transmitted in many ways, such as:

  • Email attachments.

  • Malicious URLs.

  • Within applications (such as browser add ons).

  • Rootkits.

It will be my attempt, in this article, to show you that although it is very challenging for a virus to infect a Linux machine, that does not mean you should be without protection.

Email Attachments

Why are email attachments not so dangerous in Linux? Well, generally speaking it is because nearly all malicious email attachments target Windows machines. When you get those suspect attachments they are usually in the form of .exe or .zip files (the .zip files containing malicious .exe executable code). When you click on an .exe file in Linux your machine will not really know what to do with it (unless you have Wine installed).

But say that attachment has targeted Linux machines and is in the form of, say, .deb, .rpm, or .bin - what then? Those types of files can be installed on Linux machines. Well, first and foremost - if the file is in .deb format and you are using an RPM-based system, nothing will happen. If, however, you receive an email with a .rpm attachment, and you're using an RPM-based system, what happens? It will ask you for either your root or your sudo password (depending on your security model).

What would be the proper reaction to this? To not proceed. The difference between this model and the traditional Windows model is that when you double click on that attachment in Windows, the installation can proceed without your intervention. In certain instances there is no "sanity" check. Click and BOOM the virus has installed itself and you are infected.

Now naturally, if you are using a Windows machine, you are taking advantage of an anti-virus solution to prevent such issues from arising. What about Linux? Do you need an anti-virus for Linux? You might be surprised when I say "Yes!" But why? If Linux is so much more immune to viruses, why should you employ a virus scanner?

Let me ask you a simple question: Have you ever forwarded anything with attachments to another user? If so, is that user a Windows user? If so, you could very well have given that attachment a chance at a successful infection. So why not add a virus scan to your Linux system to avoid such an issue?

And if you manage your own email server (such as a Postfix or Sendmail server) on a Linux machine, anti-virus scanning is a must have. Just because your email server is a Linux machine does not mean an email containing a virus is non-lethal. That email-strapped virus could easily make its way to a Windows machine where it will happily begin its infectious life.

To that end, you owe it to yourself to install an anti-virus such as ClamAV.

Malicious URLs

I have yet to come across a URL that has done any direct damage to a Linux machine. But harmful URLs are not the only type of malicious URLs. One type of URL is a spoofed address. A spoofed address is a malicious address that masquerades itself as a safe address. These can be in the form of a fake bank account login screen, or Paypal login. Any number of addresses can be spoofed. And any address that requires you to log in with credentials is dangerous when spoofed.

Do these types of threats directly effect the Linux operating system? No, but they do effect the user. Fortunately most modern browsers have add ons to protect your browsing experience. These should not be neglected just because you are using Linux. A good sampling of Firefox add ons can be found in the Firefox Security Add on page.

Application Danger

Because Linux is open source, you can not trust every piece of software out there. You can, however, trust all software that is distributed by your distribution's OFFICIAL channels. For example, any software officially supported within the Ubuntu Software Center will be safe. Once you venture outside of the realm of the "Officially Supported," you risk installing malicious software.

That is not to say you should not trust any software not provided through the official channels of your distribution. Because Linux is open source, software is generally under a lot of peer scrutiny. No one wants to be known as the coder that created malicious Linux software.

But if you are of the paranoid persuasion, as long as you stick with software supported by your distribution, you should avoid installing any malicious code on your machine.

I will warn you, though, there was a proof of concept virus for Linux that took advantage of both GNOME and KDE launchers. This code could be added to either the ~/.config/autostart folder (For GNOME) or ~/.kde/Autostart (For KDE). Anyone really paranoid (using either GNOME or KDE) could create a bash script to search for, and delete, any suspicious files (or links) in that directory. Just be careful writing that script so that you do not delete anything important.

Got Root?

Root kits are the real danger. A root kit is a system of malicious software designed to obfuscate itself such that the user has no idea it was installed and is running. I have been a victim of a root kit (long ago) and strongly suggest the addition of the rkhunter tool. In fact, when installing a new Linux system, rkhunter is one of the first tools I add. And as soon as it is added, it is used.

Root kits are those nasty pieces of software that once installed are really difficult (if not impossible) to remove. And some root kits are so bad they compromise your system such that you can not recover. And if you're wondering how many root kits are out there, install rkhunter, run it, and see how many root kits it checks for. You will be surprised. And root kits do not just attack servers. I have seen desktop machines infected with root kits. This is especially true if your Linux machine lives on a static IP address with no firewall protection between it and the outside world.

Final Thoughts

So, what do you think? Is Linux immune to viruses? I hope your answer is "no." That answer, and the prevention it inspires, will keep your Linux machine virus free for years to come. Personally, I have used Linux for twelve years and not had a virus or any malicious software on any of my personal machines or servers. If you are cautious like me, you too can enjoy virus-free computing for years. But if you fall into the trap of believing that Linux is perfectly immune to viruses, you very well might fall victim to that naivety.





Subscribe to Comments Feed
  • zolar1 Said:

    Linux is immune to all 'WINDOWS' malware. Since the vast majority of Linux distro's make the user use the OS as a user and not the admin or root user, it is quite difficult to install any malware without entering the root password. Running a distro from a live environment is immune to all malware of any kind. Just restart and it is like nothing happened since everything is erased on restart.

  • Steve Said:

    Not always, The new Ubuntu live USB saves info from the last time it was used.

  • Alex Said:

    You are correct, however this type of device wouldn't be called "live" since it saves everything, it's called "persistent".

  • Enri Said:

    A malware is a software program. That's all you need to know to understand that there is no OS which is virus-free.

  • Jonathan Said:

    No, but linux is inherently more secure. Apart from .desktop files, it's hard to even infect your own account. It's impossible to infect root without explicitly launching as root and entering the password for it.

  • Paolo Said:

    I remember Apple users saying the same about OS X: "Malware in its traditional sense is impossible on OS X", "you need to be super-user", "you need you manually insert your password to allow a program to be installed", etc... That was before the Google security team shown at the PWN2OWN competition that it was possible to install a program as the OS X administrator just by browsing a URL from Safari...

  • Joart Said:

    In fact - ClamAv is a anti-windows-virus program. That is if your mailserver serves windowsmachines - its not a Linux question. There are, as far I seen, no anti-virus program for Linux viruses. No real visuses exists. There are some trojans - but in fact - if we talk servers without GUI I never heard of any viruses. There are rootkits and exploits - yes. But that is a security question of another type - to secure software and dont use the root password.

  • Brandon Rinebold Said:

    TLDR: They're not really *immune*, they're just mostly servers and don't do any of the stuff that opens them up for infections. That leaves a number of desktops so small that they're not worth writing a virus for. Not to say they're common but they DO exist. There is nothing inherently more secure anymore about Linux when it comes to infection vectors. The only thing really holding back linux viruses is that it's simply not worth writing a virus payload for the number of linux desktops out there. Linux servers, on the other hand, naturally avoid almost all currently popular infection vectors by virtue of just being servers and not using their web browser and having a competent firewall in place much as Windows and Mac servers do. Viruses 42 [25][26] Arches [27] Alaeda - Virus.Linux.Alaeda[28] Bad Bunny - Perl.Badbunny[6][29] Binom - Linux/Binom[30] Bliss - requires root privileges Brundle[31] Bukowski[32] Caveat [33][34] Coin [35][36] Diesel - Virus.Linux.Diesel.962[37] Hasher [38][39] Kagob a - Virus.Linux.Kagob.a[40] Kagob b - Virus.Linux.Kagob.b[41] Lacrimae (aka Crimea) [42][43] MetaPHOR (also known as Simile)[44] Nuxbee - Virus.Linux.Nuxbee.1403[45] OSF.8759 PiLoT[46][47] Podloso - Linux.Podloso (The iPod virus)[48][49] RELx [50] Rike - Virus.Linux.Rike.1627[51] RST - Virus.Linux.RST.a[52] (known for infecting Korean release of Mozilla Suite 1.7.6 and Thunderbird 1.0.2 in September 2005[53]) Satyr - Virus.Linux.Satyr.a[54] Staog - obsoleted by updates Vit - Virus.Linux.Vit.4096[55] Winter - Virus.Linux.Winter.341[56] Winux (also known as Lindose and PEElf)[57] Wit virus[58] ZipWorm - Virus.Linux.ZipWorm[59] [edit]Worms Adm - Net-Worm.Linux.Adm[60] Adore[61] Cheese - Net-Worm.Linux.Cheese[62] Devnull Kork[63] Linux/Lion Linux/Lupper.worm[64] Mighty - Net-Worm.Linux.Mighty[65] Millen - Linux.Millen.Worm[66] Ramen worm - targeted only Red Hat Linux distributions versions 6.2 and 7.0 Slapper[67] SSH Bruteforce[68]

  • esquire Said:

    dude are all these made up names? i see lindose which is a linux distro aiming to be like windows and something like cheese camera utility

  • imec Said:

    From what I've gathered over the years, it seems as though Linux is only vulnerable to Trojans, whereas Windows can get infected from all sorts of nasty exploits even when you've never given permission to a program to run on your computer. In fact, I'd say that 90%+ of the viruses that I've ever gotten were from general browsing, not executable; there's no way to do a "sanity check" when everything is coming through the back door. Case in point: I use NoScript religiously, install an AV and disable Java without exception first thing on every Windows install. Can't say that I've ever felt the need to do so with Linux (although I do make sure to keep my Cookies in check). Also, Brandon, to say that Linux has as many infection vectors as Windows is just plain drivel. The permissions system in Linux/Unix is a HUGE roadblock for virus makers. Oh and I can pull stuff from Wikipedia as well: "[That argument] ignores Unix's dominance in a number of non-desktop specialties, including Web servers and scientific workstations. A virus/trojan/worm author who successfully targeted specifically Apache httpd Linux/x86 Web servers would both have an extremely target-rich environment and instantly earn lasting fame, and yet it doesn't happen."

  • Brandon Rinebold Said:

    You're as bad as the 'Macs don't get viruses' people, assuming because something doesn't happen that it must be impossible because of some magic in that system. Flash and java still provide out-of-cycle security updates on Linux. If the flaws only affected Windows, they wouldn't need to do so until the next scheduled feature update. You're being protected by the fact that you're not worth the effort to target. Java droppers execute on Linux systems every day and are stopped by something as simple as there being no %appdata% folder on your linux machine for the dropper to save its payload to. If the malware writer bothered to write a payload for Linux and a bit of code to try to download it to somewhere that actually exists and add it to your user's startup scripts instead of the Windows registry, you'd be just as infected as the Windows user it was built for. It's not your permissions systems that sets you apart anymore, it's your users (and lack of). Windows picked up a convenient equivalent to sudo with Windows Vista and has been capable of running as a limited user and using 'runas' for over a decade. This drivel, as you call it, is truth. Windows has more or less caught up in terms of actual security. Linux had a huge lead for a long time in that area. Your claims were perfectly valid up until about 2003-2005. XP offers an equivalent file permissions system if users are willing to use limited accounts for daily use. Vista made sudo the default.

  • minas Said:

    You clearly don't know what you are talking about. "You're being protected by the fact that you're not worth the effort to target." This is the most stupid answer people give. I don't think these companies are not worth the effort to target. Most big companies use Linux - IT IS worth for viruses to target Linux. Yet Linux is more secure than windows. This means something.

  • Brandon Rinebold Said:

    Let me clarify: only *Desktop Linux* benefits from security by obscurity (since you seem to be shoving those words into my mouth repeatedly as if I were applying them to all Linux systems). Servers, whether Linux or Windows, benefit from security by... well... not letting stupid people log in to browse the Internet while executing miscellaneous scripts automatically and firewalling all nonessential traffic. Desktops are, as a general rule, the almost universal targets of malware. Linux desktops aren't worth the effort to target because they're too uncommon. Servers might be worth compromising but malware isn't an efficient mechanism for doing so because since they're not browsing the Internet, you have to find a security flaw in an internet-exposed service. If you found a flaw in said service, you can most likely export any information in the application it is associated with but you're unlikely to be able to get it to install anything for you since the service should be running with limited permissions. Therefore.. say it with me... you don't see Linux malware because you don't see Linux desktops. It's not magic and it's not immunity, it's just an interaction between the use-cases of Linux and the business decisions of malware writers.

  • Rob Said:

    The conversation is intresting in the fact that it allways comes in to the question about that Linux is better than windows, this was NOT the question the qustion IS do you need antivirus software un Linux and I say Yes since even if the specific virus cant infect the linux host system it could be a store point for the virus so that when a machine such as a windows machine logs on to that machine it could get infected. And where did you get the virus from: the Linux machine even if it was just stored there and not virusscanned on that machine.

  • Toqeer Said:

    For Example If some body want to trace my any type of computer data with a virus can he do Plz tell me????????????????

  • punkassbitch Said:

    yes, your computer will be fucked no you smart ass, Linux can't be traced tell that to windows hacker. they cant scare with petty hacks, i been through that ever since i switch to linux all i'm gonna say hack my computer now douchebags.

  • Piece_o_Ham Said:

    There are two reasons why I still feel that Linux is more secure, with number one being that Windows machines often have multiple admistrators, where as on Linux you never actually (are supposed to) run as the root user (I believe some systems don't even let you); Meaning that you must put in your password each time you install something which can make you consider what you are doing a little more. I feel that the "This program needs administrative privileges" warning has become meaningless. The second reason is that Linux updates are usually a lot easier to install and occur more frequently, so if there is a security flaw, it may be fixed by next week. In the end however, you should use whatever OS suits you best regardless of what other people think. And for me that OS would have to be Linux.

  • Maxamoto Said: There, that should put the argument to rest.

  • Herbie Said:

    The enemy's greatest weapon,,, COMPLACENCY.

  • Ole Juul Said:

    I don't think complacency is the worst of it. Trust is. I can't imagine why anybody would be trusting enough to hand over administration to someone else. If I were to see "This program needs administrative privileges", I'd dismiss it in a blink. That would be like an employee telling the bank manager that they need the combination to the vault. As that manager, I'd just look at them and say: "no you don't." - and then promptly fire them for asking.

  • Mike Said:

    So after reading all of these posts, why not just run an av/rk hunter to have an insurance policy, seems pretty harmless as doing an oil change a little sooner..Doe's linux, specifally Kali use any optimizers or registry cleaners ? Is it necessary because I have noticed a slowdown on my laptop, I do clear the cookies..

  • Ole Juul Said:

    You may not realize it Mike, but we can tell that you're not running Linux. :) Nice troll though.

  • SandJ Said:

    I won't run anti-virus s/w on my Linux boxes because they are bloatware that slow down loading and all web and disk access, steal my RAM, spend ages doing downloads and deliver me no benefit.

  • CJ M Said:

    Yeah, security isn't a benefit at all. It's just bloatware. (Sarcasm, idiot)

  • Giack Said:

    You are right: Anti-Viruses sucks! 1- They are bloatware! Well, actually they are the ones that remove them... 2- They slow down the machine! Clearly, as much as any other program you run... but, the good part is that most of malware will slow down your machine even more... 3- They steal your RAM! Because, in nowadays machine, with 2-4-8-16 GB of RAM, if a program uses more than few MB is stealing... 4- They do not deliver you benefit! Actually, if you don't see the benefit, it means they are working...

  • SandJ Said:

    I've had another long, hard, think about this article. I have decided it is a load of cobblers.

  • UOV Said:

    I wouldn't confuse security with anti-virus software. I recall on Win how slow everything is because of this (and am reminded when I go to the library). That's not security. That's the pretend marketing security. Security is a great benefit. A/V software is just bloatware.

  • Mark Said:

    I've found this post on the topic: It was pretty interesting to me and, even if from an anti-virus firm, it doesn't seem to be bias at all.m

  • Giack Said:

    "Linux users are not OS X users, although when it comes to security many of them have the same misconception that the latter had a few years ago." Cannot agree more...

  • TJ Said:

    "The number of “in the wild” threats for Linux-based operating systems is still way lower than threats for Microsoft Windows or Apple OS X."

  • Anonymous Said:

    I was a Symantec user for a while, and at some point I was fed up of their buggy and slow products. From that point I started using Sophos' products, they are awesomely lightweight and fast in comparison to Norton.

  • Anonymous Said:

    The problem is that American security firms had always sold false security. European ones do security much better. You just need to have a look at the history. All the first computer security firms are from Europe: Avast, Avira, Bitdefender, ESET, F-Secure, G Data, Panda Security, Sophos, ...

  • GS Said:

    +1 for your comment. My company used McAfee before my arrival. I need only to show them Panda for 5 minutes to make them change their minds...

  • EUser Said:

    European do it better. Indeed, where does Linux come from? Europe. ;)

  • Joe Said:

    If i was running windows os i would use bitdefender. Most AV is bloatware not to mention some sercurity firms such as norton create false positives just to nickle and dime the consumer into upgrading their product. Open source is the way to go and linux is way more powerful than Dos

  • Tommy Said:

    Linux is much more secure than Windows or the Mac OS X operating system but it's for a large variety of reasons. Macs can and do get viruses, so can Linux machines but it's rare. That's why in the corporate world 99% of machines are Linux based. Most servers and super computers run on some form of linux. The reason, A. security, B stability. I wrote two articles that I encourage people to check out. The first is here:, and the other is here:

  • Eric Grimaldi Said:

    Hey all, we have a computer/server infected with ebury operation windigo, there are chances that our business lost a lot because of it. we try to re-install we have the same result it's still there. We cannot work, we would like to know who to report to.

  • Sidharh Shankar Pd Singh Said:

    Unless we discuss the purpose of a computer virus, we are unable to come to an end point. the point is simple Linux is still not used at user end,

  • josh Said:

    I dived into Kali 3 months ago straight from Windows and i haven't looked back the extra performance I can get on my slower systems is incredible. and personally I have noticed, Lots of people stay away from computers because they are scared of viruses or people watching them. So the added security is nice too. And apparently Kali is a stupidly heavy distro to jump into as your first Linux experience. PERSONALLY, (I do have extensive windows knowledge) I'd say it's EASIER than windows. but you have to learn, But people had to learn on windows too.. Imo people find windows easy because it's always been, roughly the same, Start menu, Task manager, internet explorer. . since what 1995? and people are too stuck in their ways and content with what they have they don't need/want to learn. hence why you see younger folk, like myself, Trying it out and getting hooked.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Linux Training / Board

/** BC-056 Ameex changes to add tracking code - 2016-01-22 **/ ?>