Do you really need antivirus software for Linux desktops?

It started, innocently enough, as a question asked in the ESET Security Forum titled “Eset – Do I Really Need Antivirus On My Linux Distros?” However, the answer to that seemingly simple question on Linux antivirus is more complex than a simple yes-or-no response.

Image Credit: David Harley

That there’s far less malware for Linux than Windows is not in doubt: A search in ESET’s VirusRadar® threat encyclopedia reveals just a scant few thousand pieces of malicious software for Linux. While that may sound like a large number, ESET processes 250,000 malicious samples every day on average, releasing several thousand signatures for Windows-based malware every few days. And, of course, one should keep in mind that the term “signature” is itself very broad these days: A single signature may be able to detect multiple families of malware; while one family of malware may require tens of signatures to detect all known samples.

Yes, the threatscape out there is dominated by malware that targets Microsoft Windows, but as the world’s most-widely used desktop operating system, Windows is also the most heavily-targeted.

There are many reasons that Linux doesn’t have the same sorts of problem with malware that Windows has, ranging across differences in operating system security models, market fragmentation due to the multitude of distros, and its dearth of acceptance by everyday users as a desktop operating system.

But “few threats” does not mean “no threats at all.” And while some of the more rabid fanatics will point out that Linux doesn’t have a computer virus problem, neither does Windows today: Only about 5-10% of malware reported to ESET’s LiveGrid® threat telemetry system on a daily basis is viral in nature.

The dearth of Linux-based malware is something I had mentioned previously in the ESET 2014 Mid-Year Threat Report, which you can view here, if you have about an hour to spare. However, if you do not, here is the relevant slide from the presentation:

Do I need AV for Linux? Chart

In case you chose not to view the entire presentation, allow me to explain what this chart means. What you are looking at represents the virus signature database updates released by ESET between January 1 and June 1 of this year. Everything that is colored light blue is some kind of Microsoft Windows-based malware—for which we commonly name with a “Win32/” prefix (“BAT/“, “MSIL/“, “NSIS/“, “VBA/“, “VBS/” and “Win64/” are also types of malware specific to Windows) when reporting its presence on the computer—everything else remaining on the chart is not. If you are having trouble viewing the non-Windows threats you may need to use your screen magnifier to zoom in a bit.

But, as the saying popularly (and incorrectly) attributed to Mark Twain goes, “there are lies, damn lies, and statistics” so treat that chart with a healthy dose of skepticism. For one thing, it does not provide any information about the amount of Linux malware detected by ESET, either in terms of absolute numbers or percentages—just the number of signatures added for each of the platforms. So, from a pure threat metrics perspective, this makes the chart less useful. But that is okay, because that is not the information I wanted to convey in the first place.

In the original presentation for which I created the chart, it was used in order to provide visibility into another metric which I thought very interesting: It serves as a kind of canary in the coal mine, an indication of the amount of effort required from ESET’s threat researchers in order to protect each platform.

While it is impossible—and misleading—to make 1:1 correlations between numeric values such as the amount of signatures and the severity of the threats they represent, looking at the volume being added on a per platform basis is an interesting metric to me, and here’s why: The number of signatures being added can serve as a kind of very rough guide to how much effort is needed to protect each platform. That, in turn, provides us with a kind of mirror image, which shows how heavily attackers are targeting those platforms.

What sorts of intelligence can we can gain from such data? Well, from the look of it, it appears that in the people who are creating malicious code are expending far more effort on the creation of threats for Windows than for other platforms. And what exactly might we infer from that? The simplest answer is this activity generates the highest rate of return on their investment (writing malware). While it may seem strange, or at least counterintuitive, to bring this up in a discussion of malware, it is actually central to this discussion:

Over 99% of the malware observed by ESET on a daily basis is written for the sole purpose of supporting some kind of economically-motivated criminal activity, whether it be a  (Distributed Denial of Service) attack, identify theft, spam, or plain-old robbery, albeit through somewhat newfangled methods of stealing account and transaction credentials for various financial institutions and services.

However, this is not an article about Windows-borne malware, or, at least, that wasn’t the intended topic.  When it comes to Linux and how it fits into criminals’ online activity, the threatscape is a bit different.  Linux has long been a staple of the webhosting world, and if you peer into the silver lining of cloud computing, it often looks more like Tux than, say, Clippy on the inside.  This becomes even more apparent when you look at modern supercomputers:  In 2014’s TOP500 list, just two of the systems listed ran some version of Windows.

I would like to point out then that when I am discussing Linux, I’m referring to the various Linux distributions (or distros, for short) out there, not just the Linux kernel itself.  For that matter, it would be best to extend this concept to cover not just to the distro, but the stack of software that is running on top of it, whether it be a classic LAMP stack for serving up web pages or inside networking gear moving bytes around.

A large part of the Internet runs on Linux, often far away from public view in vast data centers.  Even when Linux is right in front of us, it is often invisible because it is running unnoticed on such devices as modems, routers and set top boxes.  I would like to focus first, though on those data centers.

Linux is very big…

So, what exactly is it that makes Linux ideal for data center environments?  Data centers consist of thousand, tens of thousands or even hundreds of thousands of servers, and managing that many computers rapidly becomes very challenging.  Licensing costs for server operating systems vary, but Linux distros essentially start at free, although enterprises often end up paying for documentation, support and maintenance, or the costs of devoting staff to customizing it as needed.

Likewise, Linux’s support of various network protocols, scripting languages and command shells—that support being typically more diverse than Windows, at least out of the box—means that it is comparatively easy and inexpensive to script management of systems.  And this tends to scale well.

And then there’s performance.  As one of the first operating systems to originate in the Internet era, and coming from an educational rather than commercial background, Linux was designed from the ground up to connect with other systems using standard protocols such as TCP/IP. Indeed, it took Microsoft Windows server operating systems years before they could match Linux in various raw network throughput tests.

…and Linux is very small

Just as Linux scales up to very large computers, it can also be tailored to run on very small devices.  Google’s Android, which largely powers the smartphone and tablet industries, is based on Linux.  You might find devices running Linux throughout your home:  In your family room, such devices as DVRs, media players, set-top boxes and the Smart TVs in your entertainment center might be running Linux, while the broadband modem and network router that connect everything to the Internet run Linux as well.  If smart, digitally-connected kitchen appliances take off, you may also be cooking with Linux one day.

Regardless of what these small devices around your home or office do, though, they have one thing in common:  They don’t look very much like traditional computers.  They don’t have keyboards, or even monitors (unless, perhaps, they are built into your monitor), and you probably access them remotely through your web browser so as to configure and manage them.  If they communicate with you at all, it is perhaps with an LED light or two to let you know they’re working.

The Linux Threatscape

So, what exactly are the threats facing Linux today?

Well, as previously mentioned, Linux usage tends to concentrate in two areas: The very large (data centers) and the very small (embedded in appliances and the like).  In the former case, unless you work around servers all day, you may not be aware of how Linux is behind many of the most popular web sites and relied-upon services we use every day.  And in the latter case, you may simply not be aware that your home router, DVR, set-top box or other “smart” home appliances are running some form of Linux.  Even though both of these cases are not what we traditionally what we think of as “desktops,” it does not mean they are immune to the same kinds of threats, either.

Hosted Linux servers in data centers have long been a part of the malware ecosystem, although probably not in the way most people think of it.   There are many web site hosting companies out there that run outdated, insecure software and have poor system management practices.  They often end up hosting command-and-control servers used by Windows-based malware to phone home for updates and instructions, serve as drop zones used by malware to store stolen information en route to the criminals who have stolen it, and so forth.

Earlier this year, ESET’s researchers uncovered Operation Windigo, an attack mostly targeting Linux servers (some *BSD, Mac OS X Server and even a few Windows servers were also affected), that over the last two years affected over 25,000 servers.  At first glance, 25,000 systems may not seem like a large number, given that many botnets scale to ten or thirty times that size, but when you consider that a single server might host tens, hundreds or even thousands of web sites, the actual number of end users affected by the attack was very large, indeed.

A true anecdote from my own experiences:  A web forum on which I am active was affected by the Windigo campaign for many months.  When I notified the site administrator that I was seeing attempts to pop up advertisements for pornography being blocked by my security software, he told me to check my Windows-based PC for viruses.  It was only several months later that the hosting provider for the forum—a large web host known more for their wallet-friendly pricing than for support or security—admitted that the server on which the site was running had been compromised for the better part of a year.

At the other end of the computing spectrum, we have all of those appliances with computers embedded in them running some version of Linux.  These include devices you might not necessarily think of as computers, such as Smart TVs and DVRs, as well as devices to which you may connect your computer, but do not necessarily think of as having a discrete operating system in them, such as routers, printers, NAS and so forth.  We have seen numerous Smart TVs from companies such as Samsung, Philips and LG that can be taken over remotely, might spy on their users’ viewing habits, or even on the users themselves via built-in webcams.  And there are also worms like RBrute, which modified routers’ DNS settings in order to inject ads, steal credentials and redirect search results.

Threats on the Desktop

Just as the threats targeting Linux servers are very different from those faced by embedded systems, the kinds of attacks on Linux desktops tend to vary as well.

The first thing to understand about attacks on Linux desktops is that these systems are rarely infected by malware such as worms, trojans, viruses and so forth.  While this is partially due to Linux’s security model, the greater reason for this is simply the lack of market penetration by Linux in the desktop space.

These days, malware is used almost exclusively for financial gain by criminals.  In fact, this is so often the case these days that when malware is written for some other purpose, it becomes newsworthy simply for that reason alone.  Case in point:  Win32/Zimuse.  When we do see malware specifically for Linux, it often seems to be written either as a proof of concept or for other research purposes, and is rarely found in the wild on customers’ computers.

This, however, does not mean that Linux is immune to malicious software, especially when it comes to cross-platform threats.  HTML, Java, JavaScript, PDF (Portable Document Format), Perl, php, Ruby and even SWF (Adobe Flash) are all frameworks or languages that are supported under Linux, and these can be just as easily targeted under Linux as under Windows or Mac OS X, although the underlying operating system may still be more difficult to exploit.  Still, having anti-malware software installed means you can receive warning of potential threats.

Likewise, it is not unusual for Linux users to receive file attachments via email, or to be on networks with file shares, both of which can serve as vectors of malware, even if they only target Microsoft Windows.  And, of course, if a Linux-specific worm such as Linux/Ramen was spreading across the network, one would want to protect one’s desktop from it.  But even if the only malware on the network is targeting Windows, having anti-malware software installed can serve as a kind of “early warning” system to notify Linux desktop users that they are connected to an infected network.

As another anecdote, a friend of mine, whom I will call Richard, does exactly this.  A technical writer by vocation, he switched to a Linux-only environment after some bad experiences with Windows Vista.  Richard does maintain an isolated Windows XP system for occasions when he must do something in Windows that cannot be done under Linux, but, regardless of the operating system, all of his computers run anti-malware software.  When people at his office accidentally send an infected file to his Linux desktop, he lets them know in the kind of clear, concise and unambiguous terms used by professional wordslingers.

Closing Thoughts

While Linux desktop systems are not magically immune to malware, they are not saturated with it either, especially in comparison to their Windows brethren.  But, as both Operation Windigo and the escalating increase in Android malware have shown us, wherever a particular platform finds success, criminal elements are not far behind.  While Linux on the desktop remains comparatively malware free today, that may not be the case in the future.  Whether it’s a requirement for compliance reasons, or simply a desire to have an ounce of prevention, anti-malware on the Linux desktop can act as a form of insurance against future attacks

For additional information about Linux-related and multi-platform malware, please see the following articles from We Live Security:

And the following podcasts, as well:

I would like to thank my colleagues Oliver Bilodeau, Sebastian Bortnik, Bruce Burrell and David Harley for their feedback while researching this topic.

Do you use Linux on the desktop and, if so, have you ever come across malware, either for it or another operating system?  Do you also run anti-malware software on your Linux desktops?  Why or why not?  Let us know below!

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher

Picture Credits: ©phylevn/Flickr

Author Aryeh Goretsky, ESET

  • Tony Lawrence

    No OS is immune to malware. There are just more viruses for Windows. A Windows user can help protect himself/herself by using a guest account. This limits what programs can be installed. I was hit with a bug on a Zorin OS install years ago. Recently OS X has had a attack vector revealed. It is done with a USB. The point is be careful. Don’t be lulled into a false sense of security. Keep your OS up to date with patches.

    • bob

      An os that is not connected to the internet and has no updatability or way to introduce new software is 100% immune. (talking firmware os on a rom chip)

      • Bob,

        Even that may no longer be the case. Most embedded systems these days use EEPROM and not mask ROM because of the high expense involved in producing the latter. There’s also the issue of fixing bugs; placing the OS in ROM not just means that it should be 100% free of any bugs, defects and vulnerabilities before it’s burnt into a ROM, but that no new functionality or features will ever be added.

        Even embedded systems need updates from time to time and what you propose would add additional costs and complexity not just for developers, but users as well.

        EEPROMs are better choice from a cost and manufacturing perspective, but without hardware-based write-protection, they’re subject to the same kinds of attacks that can affect writable storage. As Tony Lawrence noted in his comment above, security researcher Trammel Hudson recently demonstrated Thunderstrike, an attack on the Apple Mac’s EFI firmware over its Thunderbolt port, which show that such attacks are not just limited to Windows or USB ports, either. Attacks via FireWire (IEEE-1394) can occur as well.

        Regards,

        Aryeh Goretsky

        • sumdumgai123

          “Trammel Hudson recently demonstrated Thunderstrike, an attack on the Apple Mac’s EFI firmware over its Thunderbolt port” — Again, not a Linux virus.

          • Hello,

            Yes, that is correct. This is an attack which occurs beneath the operating system at the firmware level. There have been attacks on firmware before from a variety of operating systems, including BSD and Windows. Neither of which are Linux, but it does indicate that attack research does occur on platforms besides Windows, which was the point I was trying to make. Apologies if this was not clear in my previous post.

            Regards,

            Aryeh Goretsky

          • sumdumgai123

            But isn’t the point of your article that desktop Linux users need commercial anti-virus software? That is what I read.

          • Hello,

            No, the point of the article is that desktop Linux systems may need anti-malware software, even if its for no other reason to than boost herd immunity for the computers running other operating systems in the environment

            As to whether it’s commercial, Open Source, freeware, public domain, closed source or whatever, that’s up to whomever is responsible for securing those systems. Pick whatever works best for the environment in question.

            Regards,

            Aryeh Goretsky

  • beast6228

    As long as you don’t use root on your Linux system the chances of getting malware is quite low. Most people don’t understand the difference between Linux and Windows, Linux is a true Multi-user operating system and Windows is not, which is why Windows can easily be defeated (even with guest accounts) I won’t get into the differences but there are many ways to protect yourself. Linux users can run jailed accounts for extra security and if you are one of those who must run Windows, you can always run a Virtual Machine (VMware) with a clone of your OS. (this runs your computer in it’s own separate protected space on top of the existing OS)

    • Hello,

      Preemptive multitasking and multiuser tenancy are both functions of Windows versions based on the Windows NT kernel, so I’m unsure of exactly what difference you might be referring to. Session isolation? The super-user account under *NIX can make system-wide changes. Likewise, recent versions of Windows have restricted accounts to limit users abilities to make system-wide changes as well, which are called, somewhat-confusingly, Standard User Accounts or simply the ‘Users’ account. These can be further locked down via Group Policy.

      Using virtual machines is a great way of isolating operating systems, but it is important to remember that the virtual machines need to be secured as much as the operating system hosting them does,if not even more so.

      Regards,

      Aryeh Goretsky

  • usulnet

    Windows has countless garbage virus/malware thrown at it all the time. The ones that target Linux/macs tend to be much more aggressive, there to be undetected and steal data. Fail to properly protect your networks at your own peril.

    • sumdumgai123

      Like what? Could you name one of these?

      • Hello,

        Just in case Mssr. Usulnet does not reply, you can read about several novel pieces of malware for Mac OS X and Linux in the ~25 articles and 2 podcasts cited in the Closing Thoughts section of the article on which you are commenting.

        Regards,

        Aryeh Goretsky

  • Dantalian

    With Linux rated as being on less than 2% of desktop computers, this article is an example of what that OS is really about: giving silly writers something to turn in to their editors. Linux has been in decline since 2008, when it missed its chance to go up against Vista. Only college students and masochists have the time and inclination to deal with Linux. And Linux developers and proponents must take the blame for that failure.

    • Hello,

      As you have noted, Linux on the desktop has never really taken off, but as the article noted, the number of attacks on embedded systems and servers running Linux appears to be on the increase, and in addition to these there are a rising number of platform-agnostic threats which Linux desktops are capable of transmitting, even if they themselves are not actually infected.

      It may make sense to protect Linux desktop systems, if only to prevent them from transmitting malware, even if the malware in question does not directly affect the Linux operating system itself.

      Regards,

      Aryeh Goretsky

      • sumdumgai123

        So I should burn cpu cycles checking for Mac virii on my Linux box? Why isn’t that the responsibility of the people with Macs?

        • Hello,

          Yes, you should, not to mention malware which affects Android, Windows, various other operating systems or is simply non-platform or cross-platform specific. Properly written and configured anti-malware software should not “burn CPU cycles” to the point where it affects your ability to use the computer or, for that matter notify you unless a situation requires your attention (something of a tangential issue, but I did want to mention it).

          The concept here is analogous to that of the asymptomatic carrier in a biological population. You don’t want to have your computer being the one from which malware is being reintroduced into the environment.

          To give yet another vehicular analogy, running security software is a bit like purchasing automotive insurance. You don’t necessarily purchase that because you are a bad driver and are planning on getting into an accident, but as a mechanism to help defend you against bad drivers and other unforeseen happenstances on the road.

          Regards,

          Aryeh Goretsky

  • sumdumgai123

    I have run Linux on my desktop for 15 years. There is no need from a security standpoint to run anti-virus software on your Linux system unless you are doing it as a favor to your Windows friends to let them know when they are infected. If you keep your system patched, there is no current threat out there for Linux.

    • KCKitsune

      Sumdumgai123, you’re they person that is going to be infected because you think you are invincible.

      EVERY OS out there has some flaw that a person can use to steal data or insert malicious code to do who knows what.

      • sumdumgai123

        Name one Linux virus that is in the wild and is a danger.

        • Hello,

          Just in case Mssr. KCKitsune does not reply, you can read
          about several novel pieces of malware for Mac OS X and Linux in the ~25 articles and listen to the 2 podcasts cited in the Closing Thoughts section of the article on which you are commenting.

          Regards,

          Aryeh Goretsky

          • sumdumgai123

            A novel piece of malware is not a threat. For malware to be a threat, it needs to be in the wild. It needs to have an attack vector. The examples you are listing are proof of concept and they require an authenticated user to run them. Hardly an attack vector dangerous to the home desktop user.

          • Hello,

            I am glad that you finally read some of our other research!

            Malware does not have to be novel in order to be a threat.

            At the height of its campaign, the Operation Windigo malware had infected about 25,000 *NIX servers (mostly Linux, but some BSD and Mac OS X as well) and were attacking about 500,000 PCs a day (mostly Windows, as that’s the dominant desktop operating system).

            I guess we will have to disagree on whether that is considered in the wild or a proof of concept, or if that is significant enough to be “an attack vector dangerous to the home desktop user.”

            Regards,

            Aryeh Goretsky

        • Olivier Bilodeau

          This one https://www.virustotal.com/en/file/8bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb/analysis/ among others. It “supports” running from both a privileged or an unprivileged account.

          Full disclosure: I am a Linux desktop user since more than 10 years and I research malware for ESET. Including Linux threats.

          • sumdumgai123

            How many infections? I looked at the virus you listed and searched the interwebs about it. Couldn’t find any instances of this infection. The link you share cites 8 detections. These are not threats. There is no documentation I could find about an attack vector. Looks like you have to be an authenticated user to initiate it. So that is not much of a threat. It appears to be a proof of concept, but I am sure there will be a patch against any vulnerability quite quickly. THat is what happens with Linux. A threat vector is patched quickly. If you keep your system patched, there is no reason to spend good money on some resident anti-virus resource gobbler. The anti-virus industry just wants us to think that. How many times has your Linux system become infected with a virus during normal use in 10 years?

          • Hello,

            As I have mentioned several times already to the question you seem to be repeatedly asking, the answer to your queries about Linux malware can be found in the Closing Thoughts section of the blog post on which you are commenting.

            I have provided over two dozen links to blog posts and podcasts discussing malware which affects Linux, Mac OS X and BSD, all of which are non-Microsoft operating systems. These articles answer questions about threats on these non-Windows operating systems, including some questions about the scale of those threats when that information is available and can be shared.

            Some of these articles also contain information about what the indicators of compromise (IoCs) are for various threats, as well as how to check your computers and remediate an infestation if found. It would probably be a good idea to read up on these and perform those checks, especially if you are not running resident anti-malware on your Linux desktops to protect them.

            Properly-written anti-malware software is not, of course a “resource gobbler,” but instead runs in the background consuming a negligible amount of resources and only notifies when you an issue comes up requiring user intervention.

            In the past ten years, I have had no accidental virus infections on any of my Windows-based systems. Obviously, working with malware on systems dedicated for that purpose is different; but there’s been no cross-contamination to clean systems. On the other hand, my main desktop and laptop were attacked for months by the Linux web server that I mentioned in the article. Unfortunately, there’s a lot of Linux systems out there which are not properly maintained or secured, and that makes them springboards for attacks against other systems, regardless of whatever operating system they run.

            Regards,

            Aryeh Goretsky

        • KCKitsune

          Sorry it took so long to get back, but it’s not what’s out there NOW, but what might come out in the future.

    • Hello,

      As you point out (correctly, I might add), Linux-specific threats are very low in frequency, especially relative to Windows. However, “very low” is not the same as zero and, as noted in the article, there are a lot of threats which are platform-agnostic.

      In my first anecdote, one thing I didn’t mention is that the site owner and site operator both use Macs and neither was running anti-malware software. Would things had been different if they had? Quite possibly, but that’s a bit speculative.

      When we talk about having layered defenses against attacks, part of that means securing the things we don’t necessarily think will become victims of attacks, even if it just means acting as a relay for them.

      Regards,

      Aryeh Goretsky

  • KCKitsune

    Question: Do you need anti-virus software for a Linux desktop? Answer: YES!!!

    Nothing, and I mean nothing, is dumber than thinking you’re invincible! Always assume that the bad guys are gunning for you!

  • jscottu

    If you need windows or Mac for some special program…get it. Otherwise…linux will do the trick.

  • Bob Johnson

    ‘Anti-virus’ typically refers to a specific application run by unskilled users to guard against intrusion by hackers. Linux, Mac and Windows systems all have protections in place that skilled users can use to prevent hackers from gaining access, but there are far more unskilled users on Windows than on the other two operating systems, hence the greater need for ‘anti-virus’ programs on Windows. Move those same unskilled users to Linux and give them the root password and Linux would need anti-virus applications as well.

    • Hello,

      Security practitioners (whom one assumes are classified
      as skilled users) do use anti-malware software. Of course, that’s not
      all that they use, the key is a defense-in-depth approach. Much like
      modern automobiles have seat belts, anti-lock brakes, airbags, crumple
      zones and a host of other features to protect their occupants,
      practitioners tend to rely on a variety of technologies, polices and
      procedures to keep the systems for which they are responsible free of
      malware (unless, of course, one is specifically using such systems for
      analysis activity).

      Here are a couple of articles you might find of interest:

      • Infosecurity Magazine – Is it time to move on from anti-virus?

      • We Live Security – Security professionals DO use anti-virus

      Thanks for your comments.

      Regards,

      Aryeh Goretsky

  • Martin Guy

    Um, actually it’s not a market share issue.

    Windows is thousands of times more vulnerable as supplied, mostly due to it being closed-source and so unvettable and unrepairable by anyone except MS techies, who are pressured by their managers to deliver something that seems to work as soon as possible, of which security is an untestable proposition.

    Multiply *that* by the market share and you have the current worldwide disaster.

    • Hello,

      That’s an interesting perspective. Thanks for sharing it with us.

      Regards,

      Aryeh Goretsky

    • sumdumgai123

      Absolutely. It is much easier in Win32 to escalate privileges than in Linux. And Microsoft doesn’t patch every vulnerability. Otherwise, their investment in Symantec would lose money.

      • Hello,

        I am trying to find a list of Windows kernel versus Linux kernel exploitations so that I can get an idea of the number and whether your assertion is correct. I have not found anything definitive, yet, but here are some figures on CVE’s from the NIST NVD:

        • # of records matching Linux in NVD for past three years: 460
        • # of records matching Windows in NVD for past three years: 158

        Perhaps Microsoft has just simply gotten better about through methods like their Trustworthy Computing (TwC) initiative.

        Oh, can you tell me a little more about Microsoft’s investment in Symantec? I was not aware that Microsoft had purchased any shares in Symantec Corp., and would like to read more about this. Thanks!

        Regards,

        Aryeh Goretsky

  • sumdumgai123

    ” And, of course, if a Linux-specific worm such as Linux/Ramen was spreading across the network, one would want to protect one’s desktop from it. ” — This is an 8 year old virus and every major distro was patched against it in 3 days from the known vulnerability. So when you evaluate Windows virii, do you use virii that only affect 8 year old Windows versions? If a virus only affects unpatched Windows XP systems, is it really a threat to any good Sysadmin?

    • Hello,

      Yes, you use even DOS and Windows 9x-based malware when evaluating anti-malware systems for modern Windows systems. ESET supported those OSes directly up until about three years ago, and we still get telemetry from our customers running Windows NT-derived operating systems of encounters with these. They are not highly prevalent, and may be the result of researcher activity, but it would be unusual for an anti-malware company to remove detection for a genuine piece of malware.

      Regards,

      Aryeh Goretsky

Follow us

Copyright © 2017 ESET, All Rights Reserved.