What makes Linux safe from viruses? (Compared to MS Windows)
 

Well viruses do exist for Linux, as I have heard many people say, but it also true that only a miniscule fraction of the number of viruses infecting Windows, exist for Linux systems.

What are the technical aspects of Linux that make it THIS resistant to attack by viruses?

Well, probably the one thing that comes to mind is how user accounts are setup. If you are logging in as a regular user and you get a virus, it's pretty much only going to affect that user and their home directory as they won't have the permissions to affect any other part of the system.

So, don't login as root all the time and it's very likely you won't be infected with a virus. Also, don't open every email and it's attachment. When I ran windows, I never got a virus and I never ran anti-virus software. Most of the time it's the user not the system that gets the system infected.

1) Most windows hosts are run as root.
2) Tight coupling of components.
3) IE tightly integrated into OS.
4) IE runs binaries
5) RPCs a plenty
6) File name extension determines if a file is an executable
7) Filesystems can't be mounted nonexecutable.
7) Numerous places where a program can start when booting
8) COM objects in documents which launch dll's.
9) An unknown COM object in a document will download the dll from a remote machine
10) A single party (MS) is responsible for patching flaws.
11) MS sometimes sits on known flaws until a security investigator gets fed up with the delay and releases the info.
12) Convenience (such as html email) chosen over security by default. A big example is uPNP in routers a (MS innovation).
13) A larger population of unsophisticated users makes replication of malware easier.
By:
13a) clicking on links in email.
13b) clicking on anti-malware malware links.
13c) being dependent on shareware ( where source isn't open, they invented spyware ) for simple tasks instead of writing a simple bash script.
13d) doing dumb things like sharing the C:\ drive.
14) Fewer eyes scanning source code.
15) Ancient legacy code persists. Hard to get rid of. See #2 above for reason.
16) Having a single partition instead of one for the system. Another for programs. A third for user data. Partition can't be mounted readonly.
17) opaque registry makes it easier for malware to hide.

I'm sure I left out quite a few. This doesn't mean that you can be careless if you use Linux. You still need to secure services such as ssh and mysql. Keep an eye on your logs. Keep your system updated. Update your router's firmware.

Windows users are accustomed to purchasing or downloading binary packages. Few propriety packages are available for Linux. Linux users depend on open source software. So even if you install a binary rpm or debian package, it was built by the distro from source. So an ironic part of MS's problem is its success. An exception to this is propriety drivers such as for video cards. Imagine if a video card update contained malware.

I'm sure the number one factor is that fewer people are trying to write Linux viruses.

Look at things from a virus writer viewpoint for a moment:
1) Linux has a reputation for being more secure. (maybe deserved, whether it is deserved or not isn't relevent to this question). So you expect to need more effort to write the virus.
2) Linux is less common, which has an N squared effect on its value to the virus writer:
2a) It's harder to get the virus to propogate because the targets would be a lower fraction of the machines with which an infected machine communicates.
2b) Even at the same percentage infection rate (which 2a says you can't achieve) there would be a much lower total infection rate.
3) If you somehow succeeded despite all that, the information needed to launch effective counter measures is widely distributed (open source effect) so your virus would be killed off sooner.

Given all those disadvantages to the virus writer, it makes sense that fewer people try to write the viruses. So there is yet another level of N squared effect: Any factor that makes linux more secure both reduces the success of viruses that are written and reduces the number of viruses written in the first place.

Even within Linux, the variety in decisions made by the distribution maintainer and by the end user fragments the pool of infectable systems and further makes it a poor target choice for virus writers.

Ultimately, Linux puts in the hands of the system installer far better information and tools to make the system truely secure (vs. Windows). Then most people installing Linux systems fail to use those tools and information and use a system that fundamentally is only a little more secure than Windows. Then they are protected from viruses by being part of a small fragment pool of infectable systems, rather than by having a fundamentally safe system. As long as Windows provides the large uniform pool of infectable systems, Linux can be far safer even without all the fundamental reasons.

As any given distribution of Linux becomes very popular, people using that distribution may need to pay a bit more attention to making security decisions correctly.

Means if too many people jump onto Ubuntu,
my Debian system too could come under attack then.

My box isnt secure. It actually is my first install and _I_ havent taken any security precautions. So I guess the major factor protecting me box is the herd immunity described by johnsfine.

If you want to learn about securing your system, you can download and install Bastille from the repositories. It walks you through linux security and explains everything in great detail. So not only will your system be more secure, but you'll learn a lot too.

My first recommendation Is that any one on the internet via a highg bandwidth connection such as cable, T1-t3 and DSL (both (ADSL andf SDSL) have a web safe firewall router withthe laterst firmware, my recommendation for manufacures goe in the following order.

1. NetGear
2. Belkin
3. Linksys
4. Cysco

1) Very few viruses exist that may infect *nix systems.
2) Think of the linux kernel as an armored car and the Window$ kernel as a large block of swiss cheese with wheels mounted on it (and with rodents making homes of the holes in the cheese). Which would you rather drive ?
3) Making a user account most certainly helps keep a box secure, this is usually discouraged on Window$ systems simply by the way things are setup there. Hopefully this bad habit will NOT transfer to Linux by the users used to it.
4) Iptables/Netfilter is infinitely better than any McAfee or Norton or other BS Window$ filewall software, but you must configure it properly. This typically has more to do with hack attempts and also worms and trojans ... still viruses.
5) The Linux kernel is open-source, which makes it much more likely that the white hats will find a bug before the black hats do. The opposite can be said for the Window$ kernel.
6) There are no secrets behind Linux, the same CANNOT be said for Window$ ... there are many secrets ... many, and if you don't know them, then maybe, at least, you know who knows them :)

I think of mine as an armored car with the windows rolled down :) so I'm very glad that from a distance the theives don't notice the difference between that and the well washed bullet proof glass in the windows of your armored car.

Actually, Linux doesn't just have a reputation for being more secure, it is more secure. By design. And yes, that is relevant to this discussion.
Bull. Linux is actually EXTREMELY common in the server world. There are plenty of numbers to suggest that it outnumbers Windows boxes in the server world. And since these are the computers that are connected to the internet 24/7/365, they are HIGH VALUE targets.

I'm not so sure about that. It depends more upon the community responding than anything else. Direct attacks on the kernel would probably get solved sooner, but attacks against applications might not be. Take phpBB for example, they've been a security nightmare for YEARS and they're open source.


Nonsense. The various distros out there have much more in common than they have differences. The differences tend to be around things like package management than anything else. The basic software running on most Linux systems is extremely similar from distro to distro.
Again, mostly hogwash. By design, Linux is a multi-user environment and as long as it is used in that manner, viruses are much harder to propegate because they can't get the kind of system-level access they need. Windows, in contrast, had the multi-user aspect bolted onto the side of what is fundamentally a single user OS. It has absolutely nothing to do with numbers and everything to do with design.

Should Linux users be worried about system security? Absolutely they should. But lets base that worry on real factors, not some FUD about how it is only the lack of Linux on the desktop that is keeping the mangy hordes of virus writers at bay.

Perhaps the biggest one is legacy support. In the days of DOS, the computer simply ran in single-user mode. MS is a company which has to please its clients to keep going (unlike the free software movement, which can continue even if we become unpopular). Therefore, MS has been extremely hesitant to break backwards compatibility. Everything up to Windows 98 would still run good-ol DOS executables. The trouble is, that when there was a design flaw in old systems, that got grandfathered in to new systems.

The switch to NT changed the ability of arbitrary code to get administrator access, but the truth is that the vulnerabilities of NT grandfathered into 2000, and to a lesser extent into XP. Linux doesn't have this problem, because we've never cared about breaking backwards binary compatibility. Since the vast majority of Linux programs are open source, that's not a problem - our distro's maintainers can simply recompile.

Ironically, when MS finally decided to break backwards compatibility (Vista), people were... not happy.

And I think there is something to be said for the fragmentation of the Linux community. We can say that distros are more similar than different, and that makes a lot of sense when we compare Debian and Ubuntu. But what when you compare Debian and GoboLinux? What about Ubuntu and Gentoo? We all know where to find /bin/sh, but many other things can be different. Some, yet not all distros use SELinux in some way. We run different kernel versions, which may cause pre-compiled viruses to segfault when they try kernel exploits. My kernel will refuse to load modules not compiled for that exact version by the exact same gcc. If your virus exploits a vulnerability that appears in glib, maybe not everyone has that version of glib. This fragmentation does significantly slim down the infection pool. Unless we maybe start seeing a lot more Java viruses. (And I'm sure we will soon)

We are more secure because we realized earlier the need for decent firewalling. This is not to say that iptables is superior to ... well, whatever it is win32 has - it may be, but I don't have the networking background to say. However, it is safe to say that people have spent more time writing and debugging good default settings for iptables. It is safe to say that more time has gone into studying how to use it to harden a system. Remember that although it hasn't always been iptables (it was ipchaines before, and I don't know what before that), Linux has been a server environment for most of it's life and thus would need a good firewall very early in its existence.

We are more secure because of our package management systems. When I install an app that needs a hole in the firewall, I don't have to muck about in it myself. I don't have to change anything by hand, it's handled for me.

And finally, yes - we have security through obscurity. Some people will tell you that there's no such thing, but they're wrong. What they mean to say is that security through obscurity is *very weak* security, which is true. However, as I don't attract the attention of any particularly persistent hackers, I get some small degree of deterrent from that.