Well, the first article pretty much says what I’m saying. In theory there can be viruses. In the real world they have pretty much no effect. They are more a curiosity than something that really exists and has had consequences. It even says you’re installing antivirus because of the windows clients, not because there were linux viruses.
The second article also is about a security vulnerability and talking about potential consequences. Not a virus that uses this as means to infect people. Not actual consequences.
We’re going in circles. I’m sorry.
And a virus and a vulnerability in some software (or kernel) that can you get hacked are two entirely different things:
They affect different parts of your infrastructure. It is unlikely that someone executes random binaries on your webserver. It is very likely that someone wants to listen to Spotify while editing 150 excel spreadsheeds. So it’s likely your employers execute stuff on their workstations. Also you wouldn’t install a browser in an AWS cloud instance to look at lewd websites. You’re going to use Chrome on your workstation. Viruses affect other and distinct parts of your infrastructure.
You protect for them by different means. Antivirus helps with viruses. For targeted attacks on your webserver, you have firewalls, filter requests, keep your software updated. And don’t do silly stuff. I’ll admit rootkit detection is kind of similar to antivirus. There is some overlap, for example you should also keep Chrome updated on your employers workstation. But updates won’t help you against a virus editing a file on the network share to replicate. You do vastly different things to protect against the different security threats that your company faces.
All the threats have different consequences. Some things just try to wreack havock in your company. Some things you’ll barely notice but hackers are stealing information. Some things try to extort you. Either by blackmailing you to pay to get your data back, or so it doesn’t get leaked. The next few workdays after that happened will be very different, depending on which of those possibilities happened.
So while talking about cybersecurity. Why would I lump all that together and strip the words of their meaning? And in this case on top: One thing is something that actually happened. The other things are just words about something hypethetical. I’m aware you have to protect against potential threats. Nonetheless both things are something different.
Regarding your advice: Yes. I’ve looked it up. I found no viruses that had any significant real-world impact. Hence me insisting on it. I said in my first comment I want to see impact. Not an academic study. Because context matters. We’re talking about someone advertising Linux to an undetermined group of people. These people are concerned with implications for them. If they need to worry. Not if in theory anything can happen. That doesn’t help you choose between two options. And we’re talking about ‘simple truths’. They’re kinda always false. But people want to hear them. They want it condensed into one sentence. Because they own a company that manufactures car tires and they don’t want to get a 20 minute lecture about computer attack vectors. They want to hear if they need to worry about their Linux server. Is it safe or not, do I need to pay someone to install Sophos? And be done with it.
You’re twisting my words so they lose meaning. And change the context. And then posting articles about something related but not the thing.