Malware on Linux – When Penguins Attack

Attack penguin courtesy of Shutterstock

Regular Naked Security readers will know that some security topics cause more friction that others.

Lately, artificial intelligence has provoked its fair share of excitement.

Surveillance and privacy are other topics that draw out some very varied viewpoints.

But if you really want to fan the flames of controversy on Naked Security, put on your asbestos underwear [they don’t use that any more – Ed.] and ask the question…

What about malware on Linux?

Here’s how the argument might go if you were to ask that question:

  • Malware is impossible on Linux because Linux is secure by design, unlike Windows.
  • Even if Linux malware were possible, users would have to agree to run it, so that wouldn’t count.
  • Even if users agreed to run it, they wouldn’t be root, so that wouldn’t count.
  • Even if they were root, who cares? There isn’t any malware for Linux, so there.

The simple truth, of course, is that Linux is much more similar to Windows – in design, implementation and real-world security – than it is different.

As a result: there is malware for Linux; it can do plenty of harm even if you aren’t root; and it may be able to infect without you realising.

Just like on Windows.

For all that, the “malware scene” on Linux simply never unfolded like it did on Windows, because the vast majority of Linux computers are servers, not desktops.

What happened instead? How big is the malware scene on Linux? How much risk does it pose? What could that do to your business? What can you do about it?

Sophos security expert and fellow Naked Security writer Chester Wisniewski set out to answer all those questions.

And in this fascinating podcast, intriguingly entitled When Penguins Attack, Chester explains what he found:


Malware on Linux – When Penguins Attack

(Audio player not working? Download MP3, listen on Soundcloud, or read the transcript.)


Are you a security sysadmin?

Sophos Cloud Server Protection now supports Linux, so you can protect your Linux servers (and desktops!) from the same console that you use to look after your Windows and OS X computers.

Are you a Linux user?

If you don’t need a management console, you can use Sophos Antivirus for Linux Free Edition – on desktops and servers, at home and at work.

Want to improve your Linux security?

Linux fan Paolo Rovelli of SophosLabs gives you 5 tips to improve your Linux security.