Given Covid, you should wrap it in heavy shrink wrap so it cannot breath and use lots of hand sanitizer ;-)

But to answer your question, you shouldn't need any virus protection:

1. The OS is a read only filesystem that flip flops between two different OSes controlled/managed by Valve

2. Flatpaks you install tend to be "sealed", that's why Flatseal exists so you can change Flatpaks rights (like turning permissions on/off on an Android Phone.

If you do other crazy things like enable r/w, install linuxbrew, etc. you open yourself up to YMMV.

3. How much do you trust the game/software manufacturers? Could they have criminal or nation state back doors. It does happen.

4. Proton is a translation layer for Windows API calls to Linux API calls. If there is malware in Windows game, it would be running an "isolated windows/wine" environment. It may appear the same to a game, but malware tends exploit on a much lower level which wouldn't be the same given it's "to linux" intermediary. So if you use a Linux native binary, you're more at risk.

Now, does that mean a virus or malware won't exist now or in the future - nope.

Being an open "console/pc", bad actors will start to craft payloads given the known/static platform the Steam Deck is (just like any console). So they could start making things to steal account credentials or cookie/tokens given some accounts have thousands of games and are worth thousands -- even at a discounted, shady pricing. In that area, I would target their custom bootloader as it's not Open Source IIRC.

But to counter that, Its OS will be always upgrading. Valve has a vested customer interest & their reputation to protect. Being built on open source Arch, that bodes well for the Deck.

As a Linux SA, I'm not worried about malware per se. I have put in a feature & bug requests about the fact that ufw is not installed (which is needed by the KDE Firewall management tool).

If you are running any "server" off your deck, you'll want full control over all incoming traffic. Be it basic SSHd, minecraft, CS:GO, co-op'ing, etc. I want to all unrequested inbound traffic to DROP ( into the bit bucket). This protects me not only from attacks, but a variety of other annoyances.

Plus, OpenVPN or Wireguard are not baked in for VPN connects when using Public WiFi. Both VPN & uwf are needed to protect user internet credentials from being stolen. I'm more concerned about the network vectors than the software vectors.

Cheers, retro.

Generally the risk of getting a virus or malware is pretty low as long as you use a bit of common sense and avoid running untrustworthy software.
Besides, the overwhelming majority of viruses and malware are designed for Windows, and should not have any effect on Linux.

So in short, just use common sense and don't run iffy software and you should be pretty safe.

^^What retro said.

The open source nature of the Linux ecosystem is what helps protect it from vulnerabilities and malware attacks. So much so that the three gaming rigs we have here at home have been running for several years without any AV software on Linux.

Of course attacks could happen, but it’s something I honestly don’t even think about due to my confidence in the open source community and the POSIX structure of the OS.

Linux doesn't have many viruses since not many people use it. While flatpak sandboxing isn't very good, if you stay with trusted software, it will not be a problem.

The need for an AV is a myth. This myth, not really surprisingly, gets perpetrated by AV vendors and then further carried by people believing those marketing speech about 100% protection or whatnot.

Less trustworthy magazines perpetuate this BS as well. Fun fact: while security amateurs will happily tell you than an AV is the #1 thing to do, security pros, while mentioning them, push them down to the fith or so place of important things to pay attention to.

Here's the thing, an AV is, always, a secondary line of defense at best with your own vigilance being the first. That's the same for any PC, be it running Windows or Linux (or MacOS, for that matter). Or Steam Deck, of course.

AV is great for exploits that don't actually need the user to make a mistake though.

Originally posted by Red Star Gopnik:

AV is great for exploits that don't actually need the user to make a mistake though.

Not really. A solid patching strategy is what's best for such cases. It just so happens that a solid patch strategy is the #1 most important pillar of online security, both in practice and according to security professionals.

Thanks for all the responses! I appreciate the perspectives! Sounds like my OneXPlayer might be a bit more at risk, but probably nothing to worry about. Thanks again!

Since the beginning, Linux was built from the ground up with security in mind.

Not sure if SteamOS has the selinux or apparmor modules running by default, but it does have root and kernelspace locked reasonably well.

Originally posted by Electric Cupcake:

Since the beginning, Linux was built from the ground up with security in mind.

Not sure if SteamOS has the selinux or apparmor modules running by default, but it does have root and kernelspace locked reasonably well.

That's a bit not realistic. Linux is secure, but things like X11 or flatpaks can diminish any gains pretty quickly