That's always the problem with using the word "Never". That should have been "Almost Never" or "Rarely" (which is true for me at least) , and I didn't catch it when I proof-read my comment. Sorry about that.
And yes: while traditionally people might install just from their distribution, times have changed a bit and people now do install from pip, cargo, npm, etc; but these are _somewhat_ trusted repositories still (rightly or wrongly).
Some people sometimes use curl as well. Due to the nature and low volume, this still doesn't give literal viruses much leeway. This is because it's not a target-rich environment (only a few executables), it's not guaranteed to happen on many computers, and most importantly, people tend to only curl in one direction. When you curl, you're mostly going to end up downloading executables from some central location. Typically these executables don't subsequently get copied to (m)any other computers or back to the server. So a literal virus doesn't get a lot of traction to replicate the way a virus wants to.
If you do manage to curl some malware, what you'd get is probably going to be something that's properly called a Trojan. Trojans are definitely a thing.
Just because you're on Linux doesn't mean you're magically completely invulnerable to all kinds of malware, you still need to act with care.
On the upside many distributions are more or less designed to keep you safe by default, and won't suddenly do something crazy to get you into trouble. On the downside the human operators are not always similarly inclined. ;-)
And yes: while traditionally people might install just from their distribution, times have changed a bit and people now do install from pip, cargo, npm, etc; but these are _somewhat_ trusted repositories still (rightly or wrongly).
Some people sometimes use curl as well. Due to the nature and low volume, this still doesn't give literal viruses much leeway. This is because it's not a target-rich environment (only a few executables), it's not guaranteed to happen on many computers, and most importantly, people tend to only curl in one direction. When you curl, you're mostly going to end up downloading executables from some central location. Typically these executables don't subsequently get copied to (m)any other computers or back to the server. So a literal virus doesn't get a lot of traction to replicate the way a virus wants to.
If you do manage to curl some malware, what you'd get is probably going to be something that's properly called a Trojan. Trojans are definitely a thing.
Just because you're on Linux doesn't mean you're magically completely invulnerable to all kinds of malware, you still need to act with care.
On the upside many distributions are more or less designed to keep you safe by default, and won't suddenly do something crazy to get you into trouble. On the downside the human operators are not always similarly inclined. ;-)