Linux servers come in many flavors, from Red Hat to SUSE to Ubuntu. All share a common reputation as being largely immune from the malware problems that plague Windows. It’s no surprise, then, that many IT professionals wonder whether it’s really worth installing antivirus software on their Linux servers. As it turns out, the answer, more often than not, is yes.
One reason to consider installing Linux antivirus is that malware for Linux does, in fact, exist. It’s far less common “in the wild” than Windows malware, but rootkits like the one that targeted the SSHD daemon earlier this year demonstrate that it is a real threat. Do you want to explain to the boss that a mission-critical server got trashed because you didn’t think it was likely to get infected?
While internal Linux servers have a small risk of exposure from Linux-specific malware, public-facing web servers are a major target. An average of 16,000–24,000 URLs are compromised each day by malicious code, according to SophosLabs. Cybercriminals target vulnerable components of websites, like content management systems (e.g., WordPress and Joomla), application environments (PHP), control panels (Plesk and cPanel), and even the ubiquitous Apache web server. Web servers should therefore always be protected with antivirus software and ideally with a web application firewall as well.
Even if a Linux server is itself not infected, it may still put your users at risk. Have you heard the story of Typhoid Mary, the woman who never became sick herself, but carried the typhoid fever infection and spread it to over 50 people? Linux servers can similarly act as carriers, especially when they function as file servers or document repositories. In fact, SophosLabs tells us that the majority of detections of malware on Linux systems are for Windows malware.
Finally, compliance regulations like PCI-DSS may simply require you to install antivirus software on systems that store or process sensitive data. Failing to install antivirus software in these instances may expose your organization to fines and/or legal liability in the event of data loss.
Sophos Server Protection
One common objection to installing antivirus on Linux servers is that it can affect the servers’ performance. Fortunately, Sophos Antivirus for Linux has a small footprint and minimal impact on system speed. Basically, you won’t know it’s there—except, of course, when it detects and blocks a threat from infecting your server or spreading to your users’ workstations.
Sophos Antivirus for Linux is available as part of Sophos Server Protection. Try it for 30 days for free!
Explaining botnets, exploit kits, Linux and Android malware (Podcast) | Sophos Blog
[…] Exploit kits, which leverage multiple exploits to find a hole in your security, are intimately connected to a problem many IT professionals don’t often acknowledge: infected Linux servers. […]
Highlights from Security Threat Report 2014 (Video) | Sophos Blog
[…] Among the topics James explores: what’s been happening with the new exploit kits we saw in 2013; how botnets are delivering nasty ransomware; why we can expect more advanced social engineering attacks; and why you need to look out for the coming threats to mobile devices, cloud services and Linux servers. […]
Why LINUX won’t conquer the world… yet! | B.A.T. '66
[…] Do you need antivirus on your Linux servers? […]
New webcast explaining threats for 2014: Smarter, Shadier and Stealthier Malware | Sophos Blog
[…] new techniques used by cybercriminal operators of botnets like ZeroAccess and Zbot; new threats to Linux, Mac and Windows; the rise of exploit kits that are smarter and sneakier than ever; and our […]
Sophos at RSA: Warbiking, RAM scraping, web server malware, and a live cyber attack | Sophos Blog
[…] on targeted attacks on Apache and other web servers, demonstrating the importance of protecting non-Windows web servers. Vanja’s session will investigate the attack phases, malicious components and the […]
What’s new in Sophos UTM Accelerated (9.2): #7 – Safer Web Application Firewall | Sophos Blog
[…] identify and block attempts to use protocol violations and cross-site scripting techniques to hack your servers. The full list of new threat categories is shown in the screen-shot from the UTM console below. And […]
How to protect your virtual machines from malware, without affecting performance | Sophos Blog
[…] create an interesting security challenge. On one hand, they’re every bit as susceptible to malware and other threats as conventional systems. On the other hand, traditional antivirus software […]
Don’t believe these four myths about Linux security | Sophos Blog
[…] as some people believe Macs are immune to viruses, some Linux users have the same misconception – and who can blame them? After all, vendors have been […]