A relative of mine has recently sent me an email. He recently came across this alarming head-line from anti-virus vendor ESET:
KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt
The email goes on to describe a piece of software that encrypts the contents of the disk and demands a ransom.
My relative is alarmed and feels that surely an anti-virus is now needed.
I feel strongly that an anti-virus is not needed on Ubuntu. Rather, I feel that the best protection for an Ubuntu user is to install security updates promptly, to keep regular backups and to only install software from trusted sources like the Ubuntu Software Centre. Is that advice now out-of-date with the advent of KillDisk?
How does it do that? (of course the article does not mention that ...). From the link ...
We need to know how they believe they can circumvent the admin password ...
Best method to counter this: create regular backups and keep more than 1 backup of anything important to you. It is always possible to format a disk and reinstall and to restore a clean backup.
Me too! But a virus is just a small part of all malware. You also got rootkits, and crapware like what you describe above.
No! That advice is the best you can get. At the moment we can consider Ubuntu Software Center free from malware. That article and similar articles I found all lack 1 bit of information: how does it actually encrypt our disks.
As obvious, Linux is not entirely secure, but the need for anti-virus software should not arise given that security patches are downloaded regularly. Also the KillDisk ransom ware has surfaced recently and is known to target only business organizations and companies hosting servers. Home Linux users should be safe as of now. More importantly, all Linux users must get to know how much difference superuser/root privileges can make, if permissions are granted to unknown, malicious programs (results can be completely undesired or even devastating). Of course, maintaining regular back-ups should not be a problem for regular users.
This answer will assume that the malware is actually a trojan, ie it revolves around the user actively running (perhaps as root) something suspicious.
There are a few reasons Linux is said to be more virus-proof than Windows. None of them are that Linux is inherently more secure than Windows. While it is true that Linux distros tend to protect operating system files much better than Windows does (though this is more thanks to Windows needing to be backwards-compatible with older software than any inherent difference), in any case that doesn't protect you from attacks against your personal files, or being part of a botnet, which are the two things that are all the rage in viruses these days.
No, the main reasons are:
Much smaller user-base for possible attacks. While there have been plenty of attacks that target Linux servers, those are not amazingly relevant here, since they tend to exploit boxes that are deliberately left exposed to the internet, and so the means of exploitation are totally different. Linux on the desktop is so small a target it's usually not really worth it.
Linux distros have a much stronger sense of installing software from trusted sources. You don't have to worry about Sourceforge injecting malware into your installers, or the website of an old project having been hacked and the downloads replaced with malware, because this isn't the standard place to get software from.
So, the latter is very important. If your habit is to use Ubuntu like you would use Windows - downloading software haphazardly from the web, from random sources, and trying to get them to install nicely in your distro - you're going to have a bad time. You should try to install as many things as are feasible from Ubuntu's software repositories, which are much more carefully vetted and very unlikely to contain malware. If you do need to download software from external sources, you should use as much due care and attention as a careful Windows power user user would - make sure you have a reasonable way of trusting the source, and don't just blindly run commands you found on the internet without understanding what they're doing! Be especially wary of anything that requires root (
sudo), but keep in mind that even things without root can do a lot of damage to things that matter.While agreeing with everyone else, basically, I just want to point out that there is a fundamental error floating here: the assumption that an anti-virus can only improve security (and hence the question being only "do I need an anti-virus or is it unnecessary").
Not only an anti-virus is probably not needed in any current GNU/Linux system, but it's very likely that any anti-virus you may find (and especially one that is advertized loudly) will be detrimental to security (either directly by having exploitable flaws if not backdoors, or indirectly by encouraging you to be more sloppy on security because you think you're protected by your anti-virus).
I'd say, yes, you need an anti-virus of some sort. Everyone saying that "Linux (/Ubuntu) is save to viruses" should give this a read: http://www.geekzone.co.nz/foobar/6229 The examples in the article are for Gnome/KDE, but that's not what matters: It is very possible, it would just work a little different on Ubuntu.
Yes, it will be significantly more hard for you to get a virus in case you do all updates, just download from trusted repositories, etc. But you won't get really secured against viruses. Sure, you aren't completely save with an anti-virus either. But it protects you on even another layer, which is never a bad thing. Maybe there is an infected device in your network? Also, everyone makes mistakes, browses on the wrong website with JavaScript enabled, or whatever.
And ransomware in general doesn't even need special permissions to be executed: As @Jupotter pointed out, it is already a lot of damage possibility if it has default user permissions.
yes an antivirus will protect you from KillDisk, malware and it will also help you to remove junk flies from your computer.