If you do high risk activities, then running an A/V scanner would be useful. What are high-risk activities?
* Running any daemon that is available over the internet
* Not running an ad-blocker in all your browsers
* Allowing any Java or Javascript webpages without limitation
* Surfing to nasty parts of the internet
* copy/pasting commands from anywhere without understanding 100% what they do
* installing and using software from disreputable sources, bad PPAs, bad sources
* clicking any shortened links, or long links from disreputable sources
* have WINE installed; people do get windows viruses in WINE
* don't patch and otherwise maintain your Linux system(s)
If you deal with documents that Windows people create or you share documents with Windows users, then running an A/V scanner could be useful.
If you don't do those things, running an A/V on Linux that searches for Windows viruses isn't really useful.
Linux systems tend to be used as C&C servers if they get hacked. Normally, that would happen not from doing desktop-user stuff, but by running internet services like a web server or email or ftp or dns server that is available to the world. If you don't do that stuff and have a current, patched, maintained, router blocking all inbound connections to your LAN, then you don't need to worry.
The "Basic Ubuntu Security" webpage has more. Google finds it easily.
Could someone setup a reverse shell into your system? Yes, but only if they gain access to it in the first place. You can google "how to setup a reverse shell" for a guide. netcat, bash, ssh all support reverse shells over a network. These tools have been around for decades, but are seldom used by "bad guys."
In 25+ yrs, I've been hacked 3 times. Only once was it due to something a desktop user would have enabled. A laptop I'd installed and patched the day prior to visiting a security conference was hacked when I wasn't connected to any network, but had neglected to disable bluetooth. Since then, I softblock bluetooth devices and remove bluetooth programs.
Code:
$ rfkill list
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
3: hci0: Bluetooth
Soft blocked: yes
Hard blocked: no
The other hacks were due to me running daemons available to the internet. End-users don't to that stuff normally.
Bookmarks