It's curious to look on at this situation from Linux. Perhaps I shouldn't be too comfortable but it's really a different world. I suppose that one should take care which distribution one uses as that is also an effective entry point for software from the outside but at least a bit more obvious and open than some AV company.
I'm anxious to see what the Steam Deck, one of the first popular, user accessible Linux computers, will do to the Linux landscape.
For ages now, Linux has been relatively virus free because let's be honest, Linux is either used by just a few nerds (who are often just a tad harder to trick than the tech illiterate) or by servers, for which entirely different classes of malware exists.
With effectively no antivirus protection, either because of a lack of options or because the outdated mantra that "you don't need it" because of some peculiarities that Apple used for years to deny the existence of macOS malware, Linux users are bound to run into viruses sooner rather than later. Hackers that are after Steam accounts will definitely try their hardest to infect Linux desktop users.
My best hope is that the way Linux distributions are woefully incompatible with each other will protect the hardcore Linux users somewhat from the viruses that will inevitably be spread across the "common" Linux environment. I'm sure we'll see Flatpak/Snap viruses down the line, but for a short while, we'll hopefully still have time to see where the Linux landscape is headed.
The biggest benefit to being "virus free" (even though it's not), is the package management. On windows, most software installs, updates, etc., rely on you executing a random .exe file, downloaded from some random page online, while on linux, you trust the team of maintainers (who usually know what they're doing) to keep repositories relatively safe.
The same idea came for apple and google, and their software stores, but google mostly fucked it up by allowing a "flashlight app" to access your contacts and gps location, and apple fucked up by not allowing you to sideload a program at all, even when you know what you're doing and trust the software.
Did apple really fuck up or are they actually succeeding with iOS being the most "safe" mainstream end-user operating system by far.
Arguably they fucked up by bungling the Mac App Store so running executables downloaded from the web and software updating itself is still common.
I mean... sometimes you want to install 3rd party, non-appstore software, and not having that possibility is a fuck-up for me (and a reason not to buy apple).
I've the users act right and use the package management and Steam, they will be fine. If the users decided to "save money" with warez, cracks and black market software they will suffer.
And Antivirus software is available for Linux but only competent administrators use it, were needed.
You don't need warez at all. For example, people might want to run Microsoft Office on the deck if they hook it up to a dock (which Valve will sell later).
You can't run Office on Linux, of course, but there are plenty of scripts you can download to set up a VM and do some remote desktop trickery (I've just recently gotten cassowary running on my laptop for exactly this use case).
It's the small touches like these that are the problem. Linux on the desktop, and especially Arch based Linux as is running on the Deck, eventually needs some kind of shell script to work around some kind of issue or lacking feature that people have come to expect from Windows.
Hell, even the "official" software stores will eventually become polluted because let's be honest, nobody guards Flatpak against malware and promising to make games run faster combined with a YouTube/Tiktok campaign will probably get enough installs to get plenty of hacked Steam accounts.
I've never seen an offering for Linux AV that doesn't require some kind of endpoint server setup. Most Linux viruses attack servers, and those seem to be the target of the Linux AV industry. ClamAV exists, but that's probably all you can say about that, it's not exactly difficult to evade.
The "I want it like Windows" people are an issue. Actually they were always? Old and bad behavior patterns. This hits the responsible people themselves. I'm feeling myself bad regarding using plugins from Github which aren't packaged by my distribution. And these plugin managers make it to easy :(
Regarding Flatpak (which I wish success) and Steam (which already has a lot success) I'm feeling more worried. They want grow and add stuff but actually must be a reliable source.
I'm just glad that Microsoft eventually decided to bring antivirus in-house, and I don't ever again have to mess with 3rd-party security products for my Windows box
The potential issue I see on Linux is the spread of third party distribution channels, like npm / pip / etc, which also tend to undergo much less scrutiny than official packages.
Sure, if someone gets root on my Linux PC, they could do a lot of damage. But my most important things are parked in my home folder, which any old script running as my user can access without any problem. No need for privilege escalation or other fancy things.
AppArmor and SELinux can probably mitigate this, but I don't think they see particular widespread use in "default deny" mode.
Linux is very secure by default, if you stick to open-source software and install it from the distro package managers. What I worry about is when Linux becomes more popular, and commercial software is ported over, and people start pirating it. The door is wide open when people start typing their root passwords into keygens. I expect the Linux world will have a revelation where they discover the power of AV.
