Do you need antivirus on Linux?

If you've been a Windows user for years, then you are well aware of the need for antivirus software. It's a given. Does the same hold true for the open-source operating system?
Written by Jack Wallen, Contributing Writer
Umbrella shielding cyber atttack

I've been using Linux as my primary operating system since 1997, and I have never installed a desktop antivirus solution on any computer running the open-source OS. The only exception to that rule has been when I deploy a Linux mail or file server, where I might add something to scan for suspicious email attachments, but that's server-only (which is a different beast altogether).

As for the desktop? Never. Not once (and Ed Bott would agree with me).

Also: The best Linux laptops you can buy: Expert tested

Guess what? After over two decades, I've not experienced one issue with viruses or malware on any Linux desktop I've ever used.

Now, before you hop onto the nearest soapbox, let me add that this has been my experience and my experience alone. Still, I would think that nearly 30 years of never having to deal with such things suggests that the answer to the question "Does Linux need antivirus software?" is a simple... no.

Why are we Linux users so certain we don't need to bother with antivirus software, when every Windows user knows that working without an AV solution is asking for trouble?

There are a few answers to that question. Before I get into those answers, let me say that nothing is absolute. The second a computer is connected to a network, it's vulnerable. On top of that, zero-day exploits are discovered daily (even within the realm of open-source software).

Being vulnerable on a network and being vulnerable to viruses are two distinct things. You could have a desktop computer with Secure Shell running that is out of date and vulnerable to attacks. A bad actor could get onto your network and access your desktop via port 22 and have at whatever's on that machine.

Also: How to connect Linux and Android - and why you should

The adage, "Where there's a will there's a way," always, always, always applies. 

With viruses and malware, however, we're talking about something altogether different. This is by design.

It's all about permission

I'm not going to get too deep into the nuts and bolts of this, because you don't need to know the difference between 0777 and rwx permissions. What you do need to understand is that on any Linux system, for an application (be it LibreOffice, Evolution, Spotify, Slack, or even a piece of malware) to be installed, you have to give it explicit permission to do so by typing your user password. Until you do that, the software cannot be installed. 

Also: Thinking about switching to Linux? 10 things you need to know

Or, let's examine a simple shell script. Say you receive a malicious shell script as an attachment, and you unwittingly save it to your Downloads directory. That script will remain in that folder doing nothing. Why? Because it won't have executable permission. 

For example: The downloaded file is called backup.sh. When you save backup.sh to your Downloads directory, backup.sh will have both read and write permissions, but backup.sh will not have executable permission, which means backup.sh can't run. To grant it executable permission, you'd have to issue a command like:

chmod u+x backup.sh

Once you've issued the above command, backup.sh can be run. Until then, backup.sh will remain in your Downloads directory, doing no harm.


You knew this was coming.

Just because Linux doesn't need an antivirus solution, doesn't mean you're 100% safe from malicious software. The thing about Linux is that you have multiple routes for installing software, such as:

  • Your distribution's package manager and official repositories
  • Third-party repositories
  • From source
  • Universal package managers (such as Snap and Flatpak)
  • Web apps
  • AppImages
  • Downloaded files (such as .deb and .rpm files)
  • Scripts

The problem is, how do you know which of these are actually safe? There has been malicious software found in multiple third-party repositories. Plus, if you're downloading source code from an unknown source, all bets are off.

Also: Want to save your old computer? Try these 5 Linux distributions

As with any operating system, you should only install software on Linux from a reputable source. My best advice for most users is to limit installations from official distribution sources. For me, that means the built-in package manager, official repositories, and Snap/Flatpak sources. 

The other caveat is that you, a proud Linux user, have probably inadvertently received viruses and malware via email attachments. You've probably ignored and deleted them as well, but what if you didn't? What if you forwarded that adorable kitty photo you received (from some random person) to a family member who uses Windows? If they click on that attached file, bad things could happen.

That is why some people advocate installing a mail scanner like ClamAV. With that solution installed, if you ever receive an attachment you need/want to send to someone else, run a quick scan on the file and, if it checks out, you can safely send it. Otherwise, delete it.

Also: 5 reasons why MacOS and Linux go together like a knife and fork

For those who want to add a layer of protection, I recommend adding the uBlock Origin extension to your web browser of choice. With that solution added, you can expect that no rogue ads or scripts can compromise your system via malicious webpages.

In the end

Remember, nothing is ever 100%. The second this is published, a bad actor might have figured out a way around Linux security, and my answer is rendered wrong. For nearly 30 years, however, that answer has held firm. I've never once used antivirus software on a desktop Linux installation, and I don't imagine (unless things radically change) that I ever will.

Editorial standards