There’s a lot of misinformation in this thread. Linux malware targeted at desktop users has actually become more apparent in recent years due to the growing number of users.

That didn’t use to be the case because Linux was almost exclusively used for everything except end user desktops.

What you need to understand is Linux is fundamentally more secure from the OS perspective. A good example is how there are no network listening services running like how Windows has SMB/NetBIOS which had the infamous eternal blue vulnerabilities.

That means it is highly unlikely you will be targeted by system/service level malware that exploits known vulnerabilities, so long as you stay reasonably up to date with your package manager. Add on to the fact you probably won’t be running such software like Apache or NGINX anyways.

but is it a reasonable concern?

Yes, you should still stay vigilant as a user as current malware, even for windows, typically invovles some level of social engineering.

The bonus for linux is that you should optimally never have to download executables from the browser. Anytime you do, make sure to pay close attention to what you are downloading and where from.

Some key stuff for linux:

1. Never do a curl | bash. Always download the script and peruse it to see what it actually does.

2. Always prefer packages from package manager, and be careful if using 3rd party repos such as AUR or COPR

3. Don’t download binaries from untrusted sources, and never run as sudo without knowing what it does.

Are there sufficient tools for people who don’t really know what they’re doing to be reasonably secure on Linux and will they keep up if the threat profile expands as Linux picks up more users?

Yes, I suggest you become a little bit familiar with a distro that has SELinux (ex: Fedora). It’s just a MAC security control scheme, but it adds a lot of benefit if you aren’t familiar with Linux in general.

Aside from that, you can use ClamAV for virus scanning. AV and consumer EDR on Linux isn’t that widely available due to the low amount of malware at this time, but I do expect that to slowly change as the userbase grows.

As malware detection gets better, I’m sure ClamAV will add features and functionality to keep up.

One of the main reasons why Linux can be more secure is that, being open-source, anybody is able to review the code and submit changes, meaning vulnerabilities and exploits are usually patched very quickly. This is one of the reasons why Linux has a larger market share when it comes to servers, since data security is pretty important for those!

Linux already runs a huge portion of the world’s servers, which are a more lucrative target for bad actors than an individual machine, so it’s solidly battle tested.

Yes, security concerns are always reasonable, specially when you’re switching to different software.

Generally speaking most Gnu/Linux distributions are safer than your average windows install, mostly because on windows you download .exe files from developer’s website. Which exposes you to a higher probability of a man in the middle attack between your computer and the website or simply you clicking a fake clone of the website on the search engine.

Installing software on windows is scary, I tend to double check the link from on the search engine, and then on wikipedia and check the wikipedia change history too to make sure the link on wikipedia wasn’t edited.

Even if the link is legit it’s possible that the developer simply forgot to pay for the domain, someone snatched it and is now serving a malicious version. Or simply the server may be compromised.

On Gnu/Linux on the other hand, usually software is installed via the repositories which are signed by the mantainer’s pgp key. That means that even if your server is compromised the package manager wont install the software if the signatures don’t match, if they do match, it’s still possible but very unlikely that the software was compromised somewhere in the supply chain, from the original developer to the maintainer, but as soon as detected the software is quickly removed and it’s usually on your distro’s security notices.

Gnu/Linux is also generally more secure because when you update the system (and you should do it frequently), it updates also all installed applications (assuming you installed them via the repo). So while on windows you still have that same old version of a PDF reader or a video player since you first installed it that may have a known exploit (yes, I know chocolatey exists, but I’m talking about a standard install), on Gnu/Linux the applications are usually up-to-date.

Of course a system is only as secure as the weakest link, if one application is insecure that may compromise the whole system, that’s where you should read hardening guides, you can sandbox applications with bubblewrap or firejail, for sandoxing applications, you can install linux-hardened if you have an arch-based distro, between other things that I never got my head around like SELinux or apparmor.

Malware is the least of your worries with Linux. The real reason malware has historically been more prevalent on Windows isn’t necessarily because of market share, it’s in the way software is distributed. In the Windows world, you go to random websites and install proprietary software; you have know idea if it’s trustworthy, even when you’ve found the official site. On Linux, you get your software from repositories (like the app store on your phone) where the software is open source and has been reviewed. All this software comes from trusted sources, you’re never accidentally going to get malware from your OS.

Your concerns are valid.

In my opinion the easiest solution, if you don’t know what youre doing (or dont wanna care) would be to use exclusively an immutable distro. That would lock you out of tweaking the system, but also heavily limit any potential malware. This should be sufficient imo:

• keep system up to date
• dont run programs or commands from unofficial channels
• have firewall enabled and running
• make offline backups of user files
• use immutable distro

Linux has a long history of being significantly more secure than Windows as well as being a much smaller target. Linux malware might exist these days, but it’s rare at most.

Lot of people will tell you something like “don’t run stuff aS rOoT” but from personal security POV root is almost irrelevant. Potential attacker can do plenty of damage without root.

root only allows crossing boundaries of the current user, but for personal use, everything you care about is probably 100% accessible under your normal user account. You don’t need root to steal your photos and passwords, you don’t need root to shimmy a daemon in your ~/.profile to start every time you log in, you don’t need root to mine shitcoins, use your machine as part of botnet or whatnot.

Good advice is to vet everything you install, or choose a third party to vet it for you. In ideal world,

• choose a stable, well-maintained and up-toodate distro with a good reputation,
• limit installing software from official sources only. …and you’re probably going to be fine.

In less than ideal world, maybe add flatpak to the mix but assume that the repository is a wild west. Running AppImage apps or installing third-party .deb/.rpm/etc. packages, again, if you trust the source, you trust the source.

(But for f’s sake, don’t just run curl | bash scripts (with sudo or not) from random github repos and stuff.)

Most Linux malware comes from community repos and fake GitHub style projects.

The default package repositories in all the major distributions are safe. Some examples to be worried about are pip packages and the AUR if you’re using Arch.

My first programming language was qbasic as well. Fond memories of that.

Vet third party sources, just like you would have on windows.

One thing to think about with Linux—where I think you’re getting the wrong impression—there’s something like fifteen billion Linux installations globally. Compare that to Windows where there’s about 1.9 billion.

Yet for some painfully obvious reason, Windows has about an order of magnitude more serious, actively exploited vulnerabilities than Linux. For every serious, actively exploited Linux vulnerability (which includes basically anything in the tens of thousands of packages + kernel that are available and ready to install in any Linux install), Windows has vastly more. And that’s just the stuff branded by Microsoft!

There’s a whole lot of reasons why you’re much more secure in just about every way on a Linux install, but believe it or not, you know what the single most important factor is, that prevents malware from being much of a problem? Default permissions!

It sounds silly, but whenever you download something on a Linux desktop you can’t just execute it. You have to take an extra step and mark that thing/malware as executable before you can run it. It’s a step where everyone stops to think, “hmm… Maybe I should double check this.” 😁

This doesn’t stop the truly careless, of course. But it’s easily the biggest factor in preventing the sorts of “drive by malware” that people often get suckered into running.

Contrast this with Windows where literally everything is executable by default. You can change a .txt to an .exe and BAM! Windows will now attempt to execute it when you double click on that file (that would throw an error, but you get the idea).

If you read up on why android phones don’t need a virus scanner then basically the same applies to Linux.

But you can always shoot yourself in the foot on any web connected device.

Linux is very secure, or can be, but that depends on your threat model and how much you’re willing to do or put up with.

• full disk encryption with LUKS: protect a lost or stolen drive
• /boot partition encryption with GRUB: further protect a lost or stolen device by protecting the boot process and prevent possible kernel tampering
• hardened kernels: can offer aggressive system hardening that could negatively impact performance and user experience in return for extra security
• TPM 2.0 and Secure Boot: prevent malicious software from running during start up
• App Armor: prevents known and unknown application flaws from being exploited
• ufw (Uncomplicated Firewall): control and deny network traffic with rule sets

The great thing about Linux is there tends to be a lot of solid documentation that explains what features are for and how to implement them. Links above are mostly to the Arch Wiki. Whatever distro you use, you’d want to start at their wiki. I’m currently using CachyOS, and I’ve found their wiki to be very helpful.

Some other helpful features to look into are

• btrfs snapshot support with GRUB or Limine bootloaders: easy snapshot rollback in case of a bad update
• atomic distros like Bazzite: updates happen on a separate subvolume and don’t apply on reboot if they aren’t 100% successful
• immutable distros like NixOS: core directories like /usr, /bin, /sbin, /lib, /lib64, /etc, /boot, /opt are read-only for higher security against malicious software

there is no tools. if you get malware on linux there is no antivirus to stop it.

It is reasonable to be concerned, and you absolutely should be. Just because it’s a smaller target (at the moment), it doesn’t mean you’re completely safe. Having said that, if you apply general common sense to your habits, you will mostly be ok. You don’t have to be tech savvy to know that you shouldn’t be blindly installing software or running scripts you downloaded from the internet. You also don’t need to be tech savvy to be a safe internet user and have good security hygiene (i.e. avoid dubious websites, verify that sites are legit, only download from official sources, use an adblocker, responsible with passwords, etc.).

Basic security measures like installing UFW on your computer and blocking incoming connections already help a ton. Then you can install clamAV if you still deal with Windows files and extensions.

I’ve been using Linux and Unix for about 25 years and I’ve never had a malware problem.

I’m not saying they dont exist (they do), but malware for those systems seems much rarer.