Avira, the German anti-virus firm founded by Tjark Auerbach in the 1980s, has decided to kill off its Linux anti-virus product.
The company, which used to be known as H+BEDV, says that it is no longer actively selling or developing its Linux-based anti-virus products, but will continue to deliver detection and engine updates until mid 2016.
In a knowledgebase article, the company explains that the reason is a commercial one. Avira concentrates on the consumer and small business market, where Windows and Mac OS X are the dominant operating systems.
That’s fair enough. Although a respected player in the industry, Avira isn’t the biggest anti-virus company in the world, and it has to make careful decisions about where best to focus its resources and expertise.
What I’m worried about though, is the message this could send some people. In particular, those who live in denial about Linux malware.
Linux zealots, don’t be too quick popping those champagne corks. You would be wrong to take this as an admission by the anti-virus industry that there is no malware problem on the Linux platform.
Sure, there is much much less Linux-specific malware than there is Windows malware, or Mac malware or even Android malware. But that doesn’t mean it doesn’t exist at all.
Earlier this year, for instance, Symantec reported that the high profile attack against South Korean computer systems incorporated a module that was designed to remotely wipe Linux systems, wiping out the /kernel, /usr, /etc, and /home directories.
Prior to that, security firms had detailed HTTP iFrame injecting Linux rootkits and multi-platform malware attacking Windows, Mac *and* Linux systems.
And way back in 2008, SophosLabs reported on the continuing prevalence of Linux/RST-B, which had been infected systems since at least early 2002. Experts at Sophos had discovered thousands of Linux systems where the malware was running as root.
There are a good number of other examples of Linux-based malware detailed on the websites of security researchers if you care to hunt around for them.
Even if you aren’t worried about your Linux computers being affected by malware, you might want to consider whether you are doing everything you can to prevent malware taking advantage of your systems to spread further. For that reason, a Linux anti-virus product might be a good choice for your toolbox.
Linux users don't need snake-oil AV on their systems. They're smart enough to know better!
Wasn't there also something about poorly configured BusyBox recently?
To play the odds, you have to know the odds. The number of Linux machines compared to Windows machines is miniscule. The number of Linux virus vs the number of Windows viruses is literally several orders of magnitude. The last figure I heard was something like under a hundred for Linux (most of whom are not in the wild but merely proof of concept) vs a couple hundred million for Windows.
Frankly, an antivirus for Linux is overkill and can't rationally be recommended for personal users given the extremely low odds of being infected. For a corporation, of course, it would be reasonable to have AV for Linux servers, especially email servers that serve email to Windows users, because of the much higher probability of being targeted due to higher email volume and Web connections..
Don't forget: Most of the malware that is spread to Windows machines via the web is located on Linux servers. So unprotected Linux servers spread a big part of the malware prevalent on the web.
While everyone expects a Windows user to protect his client, there is also the responsibility of content providers to ensure that their website is malware-free. With AV on servers, this would be possible. It is a big mistake on the side of the hosters not to use AV on their Linux servers.
An excellent point.
If only more people scanned their Lunux web servers – the net might be a safer place.
Yes but is a problem of general net security, not strictly a virus related issue. In other words you would end up catching a malware not designed to run autonomously on that machine (that is usually the focus of AV like Avira). In such a condition you could evaluate virus signatures and not behavior, with very poor chances of dectection for today's threats.