AV? or NO AV? that is the question.

[gabriel13]

Right, a stupidity which I find often on forums and articles online is that Linux is a virus free OS...and the subsequent distros following with the same claim.
Due to this people often get confused whether they need an AV or not, and the reasons for having an AV, although quite valid, still leave much unanswered.
So let me clarify a couple myths about any linux distro, Ubuntu included.

1. Yes, it is possible for a virus to infect a Linux machine. And Linux virii do exist.Now, the problem here is that it is virtually UNLIKELY that YOU will get infected.
Reasons being that most viruses are meant to exploit windows faults, therefore there are very few virii which actually work on linux.
Also linux is very distro specific, each distro has its own packaging method, e.g. deb, rpm, ipk etc...
This creates another problem for the virus, it would have to be created to target a specific distro, or group of distros, thus limiting itself, windows doesn't have this problem.
Constant updates help minimize the chances that a well supported distro will be infected.
And last but not least a common Linux user is generally more experienced than a common windows user, therefore the Linux user would be able to suspect and avoid infected files with greater ease.

2. No, AV software do NOT only scan for windows virii.
They scan for any virus whose signature is in its database, and those which do heuristic scanning can scan even more, this doesn't matter what OS the virus is targetting.

3. No, you do not ONLY need an AV if you share files with windows machines. You need an AV on any machine which accesses the internet, independently of the OS.
Although it is true that if you catch a windows virus it will not affect you, but whoever you share it with, it is not the ONLY reason as to why you need an AV software.
The real-time scanning feature may be unnecessary, but a powerful AV should be installed in case of emergencies, and occasional scanning.
The scan will clean both the widows virii and any Linux virii which you might have picked up.

Conclusion:
AV software are a must in any OS. But on Linux distros you will be using them less frequently. You do not need real-time protection, but carry out regular scans, e.g. Once a month. Both to make sure your box is clean and to keep your windows friends virus free.

[unspawn]

So let me clarify a couple myths about any linux distro, Ubuntu included.

Ah, deities be thanked, we're saved!..

virii

Since you're clarifying it's good to know only VXers use "virii" (which isn't even proper Latin): the plural is "viruses".

viruses are meant to exploit windows faults

No, exploits make use of flaws: viruses infect.

Also linux is very distro specific, each distro has its own packaging method, e.g. deb, rpm, ipk etc...

No, that's distro-specific modifications to software, a packaging method would in no way hamper or benefit a virus.

Constant updates help minimize the chances that a well supported distro will be infected.

No, it wont: sane practices (like browsing habits) could have an effect.

And last but not least a common Linux user is generally more experienced than a common windows user, therefore the Linux user would be able to suspect and avoid infected files with greater ease.

No, they're simply not: most are just users half of which aren't even remotely aware they run Linux these days.

No, AV software do NOT only scan for windows virii. They scan for any virus whose signature is in its database, and those which do heuristic scanning can scan even more, this doesn't matter what OS the virus is targetting.

No, the OS does matter, that's simply a money thing ;-p

The real-time scanning feature may be unnecessary, but a powerful AV should be installed in case of emergencies, and occasional scanning.

No, realtime scanning (in whatever way) actually is helpful.

The scan will clean both the widows virii and any Linux virii which you might have picked up.

Is that a fact?.. Can you show us a sample of a Linux ELF infection and a perfect cleanup?..

AV software are a must in any OS. But on Linux distros you will be using them less frequently. You do not need real-time protection, but carry out regular scans, e.g. Once a month. Both to make sure your box is clean and to keep your windows friends virus free.

While it certainly is worth something protecting lesser OSes, focusing on AV and viruses is (IMHO and with all due respect) Windows-centric thinking: with Linux you need to: - keep your OS up to date, - have sane browsing and software habits, - secure, harden and regularly audit your machine(s) as the threats we face are different from what users of "the other OS" experience. Please focus on that instead.

[ant2ne]

Is it possible that the OP is confusing viruses with other forms of malware? Too often all malware is lumped into the category of virus. On a windows system I've seen viruses that then download other forms of malware. And your 'anti-virus' product is capable of cleaning up executable application based and java based types malware. Both of those things help blurr the lines of what exactly a true virus is. But I completely disagree. I've never run any "anti-virus" product on my linux workstations. My browsing habits are not the safest and I've never gotten a "virus". I have gotten this pop up once which showed my C:\ drive getting scanned and finding multiple malware hits. I thought that pretty funny since I don't have a C:\. I suppose that pop up could be considered malware.

EDIT:
Here is a good read http://en.wikipedia.org/wiki/Computer_virus Check out the section titled "Vulnerability of different operating systems to viruses" where the author says

In 1997, researchers created and released a virus for Linux—known as "Bliss".[23] Bliss, however, requires that the user run it explicitly, and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked.[24]

[lisati]

Is it possible that the OP is confusing viruses with other forms of malware? Too often all malware is lumped into the category of virus

Sounds a bit like some of my workmates, some of whom like to use their browser's default page's search box to get to Facebook. No doubt we could, if we chose, spend some time discussing bloopers of this type.

I have gotten this pop up once which showed my C:\ drive getting scanned and finding multiple malware hits. I thought that pretty funny since I don't have a C:\. I suppose that pop up could be considered malware.

And then there's the ones which claim that your PC is slow, with a similar offers of software to download.

[ant2ne]

And then there's the ones which claim that your PC is slow, with a similar offers of software to download.

Right, and a registry cleaner.

[PartisanEntity]

Well you might disagree with this, but I clean the registry in Ubuntu at least once a month. I find the machine runs faster afterwards.

[ant2ne]

^^ this guy

[SeijiSensei]

My only encounter with malware was an attempt to get me to buy Antivirus 2010, and this came from the New York Times's website! When I closed a tab that contained the infected article, a window that looked very much like Windows Explorer appeared on my screen and began rattling off the number of infected DLL files it "found" on my machine. After I finished laughing, I tracked it down to a Javascript that was delivered alone with the article I was reading. Times readers like me were not happy to see the Grey Lady distributing malware, but the source was some third-party advertising channel, not the paper itself. They have since become more restrictive about third-parties, and I have not seen a repeat of the problem.

Note that this type of malware relies on the browser and user stupidity. The operating system had nothing to do with it.

[ant2ne]

Are you sure it came from the Times? I mean, if I were to write something like that it would have a timer delay on it so sometime after you navigated away the thing would pop up thus making it harder to track what page attacked you. Then you wouldn't know who to contact about it. The webmaster remains unaware that it has been exploited. Leaving the vulnerability up longer to get more victims.

[Xentime]

Well you might disagree with this, but I clean the registry in Ubuntu at least once a month. I find the machine runs faster afterwards.

This put the biggest smile on my face.


But back on topic:

While it certainly is worth something protecting lesser OSes, focusing on AV and viruses is (IMHO and with all due respect) Windows-centric thinking: with Linux you need to: - keep your OS up to date, - have sane browsing and software habits, - secure, harden and regularly audit your machine(s) as the threats we face are different from what users of "the other OS" experience. Please focus on that instead.

I could not agree more to this statement. Trained browsing/software habits go a long way. I personally don't run any anti-virus on my Windows machine, but I do have Malwarebytes for on-demand scanning and malicious website blocking. Haven't had a single infection yet, but please keep in mind I wouldn't advise this to anyone unless you have well trained browsing/software habits.

All the anti-virus ruckus is really a Windows-centric approach and quite dated (in my opinion), these days it is easier to exploit weaknesses in third-party software be it click-jacking or drive-by attacks, let alone this usually allows you to attack multiple operating systems at once. Less work, more pay.