Top 7 Antivirus For Ubuntu

Published by Adrian in Antivirus, Guides, Web Security

I am a Ubuntu User. I like it because it adds a friendly interface to Linux, and it makes it easier to use. It is not easy as Windows or Mac OS but is more user-friendly than Linux is. You still have to use your terminal window a lot but is nothing compared to Linux.

A lot of people are switching to Ubuntu for security reasons. But like any other operating system, Ubuntu is not free of malware. Hackers are trying to get into any OS. But can you get Antivirus for Ubuntu? Yes, you can and here are the top 7 Antivirus For Ubuntu:

  1. ClamAV
  2. Sophos Antivirus for Linux
  3. Comodo
  4. F-Prot
  5. Rootkit Hunter
  6. ESET NOD32 Antivirus 4
  7. Avast Core Security

Before you leave quit reading this article, because you think Ubuntu is unbreakable, hear me out. We switched from Windows to Ubuntu to make sure we will not be hacked. A lot of people are preaching that Ubuntu or other Unix based OS is unbreakable, and you think that too. But First, let’s look at some facts

How to get hacked on Ubuntu

Do a little search on Google, and you will find out Ubuntu can be infected. In fact, there were several major attacks in the past years. Ubuntu relays a lot on the open-source nature of Linux. Everyone can add features, spot weaknesses, and fix them. But that is what I think they got in trouble in the first place. Anyone can have access to the source code, and if a skilled programmer, as many hackers are, sees a weak spot can exploit that. Let’s see some of the most commons ways that a hacker can infect you.

Wine

This is an application that helps you to run Windows programs on Linux. If you are a gamer, chances are that most of your games will not run on Ubuntu, so you have to use Wine to run that game.

Windows viruses can run on your Ubuntu PC using Wine. As long as you have this app open, the virus can run and affect all the windows components wine comes with. Also, it can be a virus created for Linux but to run with Wine. In this case, you have to remove Wine from your pc to stop the infection.

Those types of viruses are pretty rare, and if the virus was created for Windows, you are safe. I will not bet on it, but be cautious with the Windows programs you want to run on your Ubuntu.

Wannacry

This is one of the worst malware created in the past years. Actually, it is ransomware that encrypts your files. It can also affect your Ubuntu Machine, but only if you run Wine. The most damage that it can make to you is to encrypt your Windows files that exist on your pc. That means your programs will not run. If you don’t have a backup of those files, you might have to delete them without getting them back.

Websites.

The vast majority of servers operate on Linux. Anytime a website is hacked, it is because the attacker exploited a vulnerability that exists on Linux. This may not affect you directly, but a hacker can get your information from a website that has it. You cannot do anything about it if that website or hosting provider doesn’t have any security software installed. What you can do is not having the same password for all of your accounts.

If you use it as your primary Operating system and not run Wine or any other software that can infect your PC, you are not 100% safe. There are chances you can get infected if you have a habit of doing reckless stuff.

If you want to push the limits on your online browsing but still be safe, there are antivirus solutions for Ubuntu too.

1. ClamAV

ClamAV is relatively easy to use. It comes with a simple user interface and straightforward. There are a few distinct sections:

Configuration

  • Settings. It has few checkmarks for types of files you want the antivirus to scan.
  • Whitelist. Here you can select the directories you don’t want this antivirus to scan.
  • Network. You can set your proxies here if your network is using a proxy server.
  • Scheduler. Set the time where you want this antivirus to scan your home directory. Also, here you can set the time for this antivirus to update its database with new antivirus signatures

History

  • History. It shows you all your previews scans and infected files if it finds any.
  • Quarantine. Here you can see all the files ClamAV quarantined. You can manage those in this section

Updates

  • Update. You can manually request an antivirus signature update.
  • Update Assistant. Here you can select if you want automatic updates or if you wish to update ClamAV antivirus manually.

Analysis

  • Scan A File. You can manually select and scan a specific file on your machine.
  • Scan Directory. You can choose to scan a directory.
  • Analysis. It will show you the reputation of files.

It doesn’t seem like it has a lot to offer, but this is just a simple antivirus. Don’t let the simplicity of it to fool you! This antivirus is installed on the majority of web servers, and it encounters more attacks that you can think of. Because of this, its virus signature database is vast.

2. Sophos Antivirus for Linux

When I hear the brand Sophos, I think of a Mac Antivirus. A few years ago, I had a job with a digital agency. Sophos was installed on all of their Macs and Pc as their antivirus. I had a great experience with it, and I think it is a good product.

Looks like Sophos decided to create an antivirus for Ubuntu too. It wasn’t that hard since Mac Os is based on Unix also. Sophos promises to deliver on-access, on-demand and scheduled scanning for Ubuntu desktops with a minimal performance impact

Live Protection

Like any good antivirus, Sophos is watching your machine continuously. It can detect and remove in real-time viruses, trojans, and malware using signature-based detection and heuristic detection. If you are using Wine to run Windows applications, Sophos can detect and remove Windows viruses and malware.

Performance

Technology is evolving from year to year. I remember my first Pc had about 256mb of ram and a 2.8ghz P4 processor. Back then, that was a gaming pc. Now even the cheapest laptops come with 4gb of ram and a 2 core processor. Antivirus developers are also trying to offer the best protection with a minimal performance impact.

Sophos updates come in small packs of 50kb to prevent using a lot of your internet bandwidth. Also, you can help improve the performances of Sophos by tweaking its settings. You can exclude directories and files, and Sophos will not always check them and only scan new files.

Ubuntu users should know or learn how to use the terminal. With its Ubuntu version, Sophos does not come with a user interface, so you have to use it inside the terminal. But they have a web-based UI.

3. Comodo

Another Free Antivirus for Ubuntu Users. What I find interesting about this antivirus is its cloud behavior analysis. If it finds a suspicious file, it uploads it in a virtual sandbox and lets it run to analyze its behavior. If it has malicious intent, it will block it out from your pc. This is a handy feature for identifying new threats.

User Interface

Unlike other Ubuntu antivirus, Comodo offers an easy to use and simple UI. You can see a summary, run a scan, see which files or directories were quarantined, emails that were blocked, and many more. This is extremely useful for a new user that didn’t develop the skills to use the terminal.

Real-Time Protection

Comodo offers multi-layered real-time protection. I mentioned a bit earlier about their cloud-based behavior analysis. Beyond that, like any other antivirus has signature-based and heuristic detection. This antivirus also submits the new findings to their database. It will identify the threat immediately in the future and for you and for other users.

Email Protection

This is an added bonus that Comodo offers. A lot of people think that email viruses are gone. But that is not true. Yes, we are using our personal email less than we used to, but we are still using it. I get a lot of spam in my inbox across my accounts, and I think some of them are actually infected. So having this feature in an antivirus definitely is a plus.

4. F-Prot

F-Prot a free, open-source antivirus for Ubuntu. It can be used for desktop and servers. This antivirus offers protection against viruses and malware, including Trojans. This antivirus doesn’t have a UI, so you have to be familiar with running terminal commands.

Large Database

Any antivirus has a database that contains all know protection. Thanks to the internet, this database is regularly updated so you will not be caught off guard when a new virus hits. F-Prot has a database of over two million known threats, and it updates it periodically.

Schedule

Running periodic scans is something that you should always do. You can run a manual scan whenever you want. But you can also schedule your scans ahead. If a virus was missed by a previous scan, there is a good chance it will be identified and removed with a periodic scan

Boot

F-Prot will start running when you press the on button on your PC. It scans for boot sector viruses. Those viruses can be on the HDD, SDD, CD, or Floppy disks (if you are still using something like this). Those types of infections can make your machine not boot.

5. Rootkit Hunter

Its name implies what it does. It is a rootkit scanner. This tool will scan for rootkits, backdoors, and local exploits. It is also a free tool that anyone can use! Rootkit Hunter is running sophisticated tests to detect any malicious app:

  • MD5 hash compare. This will scan files and see if there were any modifications to it or errors
  • Look for default files used by rootkits. It will scan for known rootkits.
  • Wrong file permissions for binaries. Any file or folder has a set of privileges. Rootkit Hunter will scan those permissions and warn you if it finds something fishy.
  • Look for suspected strings in Loadable Kernel modules and KLD modules.
  • Look for hidden files
  • Optional scan within plaintext and binary files

Like a lot of scanning tools on Ubuntu, this antivirus can be used only through the terminal.

6. ESET NOD32 Antivirus 4

Nod32 was a popular antivirus among my friends when I was in high school. It was a really powerful free antivirus. I used it for a year or so, never had an issue. It protected me from some of the mistakes a teenage boy always makes on the internet.

It is nice to see that ESET offers antivirus for Ubuntu desktops. They have over 30 years of experience in dealing with viruses and online threats. And with Linux based viruses and attacks on the rise, having an experienced ally will definitely increase your security.

Antivirus and Antispyware

Features like antispyware are not found on all the open-source, free antiviruses for Ubuntu. Nod32 has this feature. Spyware can mean anything, from an undetected hacker that can open your webcam when he wants, to a keylogger that will record anything you type on your keyboard. This kind of stuff can affect your personal data and your own life. This antivirus will try to prevent this from happening.

Device Control

Any file that comes in contact with your device will be scanned. From USB flash drives to network-connected devices. It will ensure that nothing malicious or infected will get into your PC from an external source.

Cross-platform Protection

If your device is connected to other devices that use different operating systems, Nod32 can identify and remove any type of virus from any platform.

User Interface

Not that common among Ubuntu Antiviruses, but ESET comes with a visual control panel. I don’t know about you, but I like to use a User Interface more than the terminal. I know how to use the terminal, but having a UI makes my life easier. I don’t have to write; just click. It is more convenient.

Lightweight

This product was designed with performance in mind. It can run on older PC because it is not utilizing a lot of resources. Also, it will not chock your internet speed with extensive package updates. All updates are coming in small parts. This is not specific to ESET. Every reputable antivirus does the same thing.

This antivirus is not free. You can get a free 30-day trial, but after that, you have to pay for it if you want to use it.

7. Avast Core Security

There is no surprise that Avast has a Linux solution. Being a well-known security company, they wanted to help out their Linux users too. The bad news is that it doesn’t aim for individuals but companies. You can find their Ubuntu antivirus only as a Business Package, which is not cheap.
It integrates with a server, and it targets 2 areas off security:

Email Scanning

In 1997 Patrick Ben Koetter released an email content filter called AMaViS. It is open-source that decodes, check and process emails to provide protection against spam, malware, and viruses. You can say it is the first layer of security before a malicious email hits your inbox. This Content Filter is periodically updated and improved.
Avast integrates with AMaVis, and it runs its separate scanner. This adds another layer of protection on an email server.

File Scanning.

Avast-FSS is the second service that comes with Avast’s business solution. Avast File Server Shield is based on the Fanotify access notification system available on Linux kernels. It provides real-time scanning of files written to any of the monitored mount points.

Their antivirus is a server antivirus, not a user antivirus. This will be a good solution if you have a ubuntu server or remote storage unit. I mentioned this here because I think it is a good solution, and probably you are working or want to work on a Ubuntu server.

Bottom Line

You know the story about the turtle and the rabbit! The rabbit lost because he thought the turtle is not a rival and underestimated it. In the end, the turtle won. In the battle with hackers, we need to be one step before and not underestimate it. Don’t rely on what people are telling you about Ubuntu’s security and let your guard down.

The attacks on Unix based Operating systems like Mac Os, Ubuntu, Linux, and others will increase, and not spending some time to secure your system will cost you in the long run. I don’t think you need an antivirus for your Ubuntu desktop if you have knowledge about viruses and how to avoid it. If you use common sense practices with a bit of skepticism, it will be enough. But if you are running a server that is continuously hit by unknown traffic, you probably should use a form of antivirus.

With all that said, make sure you are not the rabbit in the security field!