I ran my previous blog entry past a co-worker and he said, in effect, all you are saying is that you don’t think that anti-virus is necessarily on Linux. What about all those rants out there from people who believe that they need anti-virus so strongly that they believe that they got a virus that could have been prevented by anti-virus software?

That’s when I realized that my previous blog post was adding heat rather than light to the issue of anti-virus software on Linux. The real goal of my previous post was to point out that some common anti-virus software for Linux requires the user to disable stronger security mechanisms, a practice which I find intolerable and inexcusable. I also wanted to make the minor point that people asking about anti-virus software are often trying to adhere to the letter of the policy rather than rethinking the intent of the security policy.

As a new blogging experiment, I’ll attempt to explain why I think that anti-virus software is unnecessary starting from first principles. To do this, I’ll add short daily blog postings on relevant topics that will eventually add up to my conclusion.

In this series, I will address questions like

  • What is a virus?
  • What is a worm?
  • What is malware?
  • What does anti-virus software do?
  • Do Linux viruses exist?
  • Has anyone ever caught a Linux virus in the wild?
  • What attacks have been successful against Linux?
  • What happens on Linux if you were to catch a virus?
  • Are you claiming that Linux is impervious to all malware?
  • What anti-virus software would you recommend for Linux?

As a general rule, the topic of anti-virus software is probably my least favorite security topic. I’d much rather argue about SELinux usability any day. Nonetheless, I hope that this experiment will prove useful as an in-depth explanation as to why the consensus of Linux security practitioners is that you really don’t need anti-virus software on Linux.