Having switched to Linux from Windows, I was accustomed to the idea of “needing” an antivirus program. Early on when I made the transition to Linux, the idea of not getting viruses seemed foreign.
Therefore, up until recently, I was using ClamAV for one of those “just in case” scenarios. Thus far, every time I used it, it never found anything malicious (at least not in the traditional sense I had experienced with Windows).
A friend said that, essentially, having an antivirus program in the first place creates a greater “attack surface,” and thus does more harm than good. (Oh, like using WordPress to blog, right? Hence the second blog.) To help explain the concept of attack surface, check out this article from tripwire: Understanding What Constitutes Your Attack Surface. As they put it:
Put simply, your attack surface is the sum of your security risk exposure. Put another way, it is the aggregate of all known, unknown and potential vulnerabilities and controls across all software, hardware, firmware and networks. A smaller surface can help make your organization less exploitable, reducing risk.
A typical attack surface has complex interrelationships among three main areas of exposure: software, network, and the often-overlooked human attack surface.
The article goes into greater detail about these three attack surfaces, but to sum it up:
- Software Attack Surface: the software environment and any related interfaces
- Network Attack Surface: vulnerabilities from network ports, protocols, devices, etc.
- Human Attack Surface: one of the most widely exploited attack surfaces, these correspond to humans and their related vulnerabilities. Social engineering is a frequently used attack against the Human Attack Surface (for instance, sending a fake email telling someone that their account has been compromised.)
So, therefore – no more antivirus program. There are probably other attack surfaces that I could reduce as well. If you’re a regular reader here, you know that I’ve made quite a few mistakes along the way, but I enjoy sharing that process with you. I suppose that’s showing my “human attack surface,” eh?
This is probably one of the reasons that people hate “bloatware,” which some Linux distros include. Thus it’s understandable why people prefer distros like Gentoo, Arch, and LFS.
Still, Linux isn’t invincible. If you don’t need an antivirus, then what types of security measures do you need? Hmm…I’ll get back to you on that.