Someone should write a really infectious virus for Linux to make all the fanboys shut the fuck up about security.

Question is: Who?

they already did.

There are plenty of virus for linux, the problem is that it is difficult to trick a linux user into executing an infected file making it almost impossible for a linux virus to spread.

a downloaded binary is not executable unless you explicitly set the executable flag (which you have no reason to do for things you don't expect to be executable (i.e, images, etc), users normally only install software through a trusted repository (getting your virus into one of those is very difficult and even if you manage it would only affect some distributions (the ones using that repo) for a limited amount of time) and files that are infected post installation will most likely only run using a limited user account (which makes it difficult for a virus to propagate between users on the same system even.

The package managers also ensures that all software on the system is kept up to date. (outdated third party software is probably the main security issue on windows systems)

The thing is: as stated above almost nobody downloads executables from the Web. So for PCs the attack would need to come through exploits in browser or mail client. For servers the issue is even harder, since there is usually no untrusted software sources.

Except you get your malware into the library repositories like maven central, node package index, bower or pypi. Some people managed to distribute malware by publishing a package that spells almost like something well known, e.g. spring3 instead of spring, or boot-strap instead of bootstrap. If your package behaves the same as the original, you can basically hide everything this way.

@ItsNotMyFault Beautiful explanation. We can also add that the average Linux user is more tech savvy than the average Windows or even OSX user (the why of this is not the topic here). So they are much more prone to do or install things without knowing the potential implications. So, not only the Linux architecture will make it more difficult for a virus to infect and spread, but the very characteristics of the community of users will. I've been a Windows user for years and once I've become knowledgeable enough about computers in general, I never had the need to install an antivirus or any other extra security software.

This is something that will never change, you cannot make everyone a computer expert, so deception will always be an important attack vector.

@ohundred @Huuugo @ItsNotMyFault Linux isn't secure because of the people that use it. So, using Linux doesn't guarantee you dont get a virus, you can be stupid in any OS available.

Like the people who sudo every command they run? 😂

I laught but I'm no better ...

The best was that time that the mint webpage got hacked and they changed the iso for one with backdoors, there is always a way.

@ohundred I've also moved on from antivirus software for the most part. The funny part is that much of the free antivirus software available is so intrusive that it's almost like a virus itself. Oh the irony

Meanwhile, have I already told you about how Linux is the safest OS of them all?