LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 03-19-2008, 09:37 AM   #1
ciden
Member
 
Registered: Dec 2006
Location: New Delhi, India
Distribution: PCLinuxOS 2010
Posts: 246
Blog Entries: 1

Rep: Reputation: 31
What makes Linux safe from viruses? (Compared to MS Windows)


Well viruses do exist for Linux, as I have heard many people say, but it also true that only a miniscule fraction of the number of viruses infecting Windows, exist for Linux systems.

What are the technical aspects of Linux that make it THIS resistant to attack by viruses?
 
Old 03-19-2008, 09:42 AM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Well, probably the one thing that comes to mind is how user accounts are setup. If you are logging in as a regular user and you get a virus, it's pretty much only going to affect that user and their home directory as they won't have the permissions to affect any other part of the system.

So, don't login as root all the time and it's very likely you won't be infected with a virus. Also, don't open every email and it's attachment. When I ran windows, I never got a virus and I never ran anti-virus software. Most of the time it's the user not the system that gets the system infected.
 
Old 03-19-2008, 10:20 AM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
1) Most windows hosts are run as root.
2) Tight coupling of components.
3) IE tightly integrated into OS.
4) IE runs binaries
5) RPCs a plenty
6) File name extension determines if a file is an executable
7) Filesystems can't be mounted nonexecutable.
7) Numerous places where a program can start when booting
8) COM objects in documents which launch dll's.
9) An unknown COM object in a document will download the dll from a remote machine
10) A single party (MS) is responsible for patching flaws.
11) MS sometimes sits on known flaws until a security investigator gets fed up with the delay and releases the info.
12) Convenience (such as html email) chosen over security by default. A big example is uPNP in routers a (MS innovation).
13) A larger population of unsophisticated users makes replication of malware easier.
By:
13a) clicking on links in email.
13b) clicking on anti-malware malware links.
13c) being dependent on shareware ( where source isn't open, they invented spyware ) for simple tasks instead of writing a simple bash script.
13d) doing dumb things like sharing the C:\ drive.
14) Fewer eyes scanning source code.
15) Ancient legacy code persists. Hard to get rid of. See #2 above for reason.
16) Having a single partition instead of one for the system. Another for programs. A third for user data. Partition can't be mounted readonly.
17) opaque registry makes it easier for malware to hide.

I'm sure I left out quite a few. This doesn't mean that you can be careless if you use Linux. You still need to secure services such as ssh and mysql. Keep an eye on your logs. Keep your system updated. Update your router's firmware.

Windows users are accustomed to purchasing or downloading binary packages. Few propriety packages are available for Linux. Linux users depend on open source software. So even if you install a binary rpm or debian package, it was built by the distro from source. So an ironic part of MS's problem is its success. An exception to this is propriety drivers such as for video cards. Imagine if a video card update contained malware.

Last edited by jschiwal; 03-19-2008 at 10:24 AM.
 
Old 03-19-2008, 11:11 AM   #4
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,109

Rep: Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114
I'm sure the number one factor is that fewer people are trying to write Linux viruses.

Look at things from a virus writer viewpoint for a moment:
1) Linux has a reputation for being more secure. (maybe deserved, whether it is deserved or not isn't relevent to this question). So you expect to need more effort to write the virus.
2) Linux is less common, which has an N squared effect on its value to the virus writer:
2a) It's harder to get the virus to propogate because the targets would be a lower fraction of the machines with which an infected machine communicates.
2b) Even at the same percentage infection rate (which 2a says you can't achieve) there would be a much lower total infection rate.
3) If you somehow succeeded despite all that, the information needed to launch effective counter measures is widely distributed (open source effect) so your virus would be killed off sooner.

Given all those disadvantages to the virus writer, it makes sense that fewer people try to write the viruses. So there is yet another level of N squared effect: Any factor that makes linux more secure both reduces the success of viruses that are written and reduces the number of viruses written in the first place.

Even within Linux, the variety in decisions made by the distribution maintainer and by the end user fragments the pool of infectable systems and further makes it a poor target choice for virus writers.

Ultimately, Linux puts in the hands of the system installer far better information and tools to make the system truely secure (vs. Windows). Then most people installing Linux systems fail to use those tools and information and use a system that fundamentally is only a little more secure than Windows. Then they are protected from viruses by being part of a small fragment pool of infectable systems, rather than by having a fundamentally safe system. As long as Windows provides the large uniform pool of infectable systems, Linux can be far safer even without all the fundamental reasons.

As any given distribution of Linux becomes very popular, people using that distribution may need to pay a bit more attention to making security decisions correctly.
 
Old 03-19-2008, 12:37 PM   #5
ciden
Member
 
Registered: Dec 2006
Location: New Delhi, India
Distribution: PCLinuxOS 2010
Posts: 246
Blog Entries: 1

Original Poster
Rep: Reputation: 31
Means if too many people jump onto Ubuntu,
my Debian system too could come under attack then.

My box isnt secure. It actually is my first install and _I_ havent taken any security precautions. So I guess the major factor protecting me box is the herd immunity described by johnsfine.
 
Old 03-19-2008, 12:44 PM   #6
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
If you want to learn about securing your system, you can download and install Bastille from the repositories. It walks you through linux security and explains everything in great detail. So not only will your system be more secure, but you'll learn a lot too.
 
Old 03-19-2008, 01:28 PM   #7
inspiron_Droid
Member
 
Registered: Dec 2006
Distribution: Debian (Wheeze)
Posts: 391

Rep: Reputation: Disabled
My first recommendation Is that any one on the internet via a highg bandwidth connection such as cable, T1-t3 and DSL (both (ADSL andf SDSL) have a web safe firewall router withthe laterst firmware, my recommendation for manufacures goe in the following order.
  1. NetGear
  2. Belkin
  3. Linksys
  4. Cysco
 
Old 03-19-2008, 01:38 PM   #8
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
1) Very few viruses exist that may infect *nix systems.
2) Think of the linux kernel as an armored car and the Window$ kernel as a large block of swiss cheese with wheels mounted on it (and with rodents making homes of the holes in the cheese). Which would you rather drive ?
3) Making a user account most certainly helps keep a box secure, this is usually discouraged on Window$ systems simply by the way things are setup there. Hopefully this bad habit will NOT transfer to Linux by the users used to it.
4) Iptables/Netfilter is infinitely better than any McAfee or Norton or other BS Window$ filewall software, but you must configure it properly. This typically has more to do with hack attempts and also worms and trojans ... still viruses.
5) The Linux kernel is open-source, which makes it much more likely that the white hats will find a bug before the black hats do. The opposite can be said for the Window$ kernel.
6) There are no secrets behind Linux, the same CANNOT be said for Window$ ... there are many secrets ... many, and if you don't know them, then maybe, at least, you know who knows them

Last edited by H_TeXMeX_H; 03-19-2008 at 01:41 PM.
 
Old 03-19-2008, 02:03 PM   #9
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,109

Rep: Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114
Quote:
Originally Posted by H_TeXMeX_H View Post
Think of the linux kernel as an armored car
I think of mine as an armored car with the windows rolled down so I'm very glad that from a distance the theives don't notice the difference between that and the well washed bullet proof glass in the windows of your armored car.
 
Old 03-19-2008, 03:13 PM   #10
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,790
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Originally Posted by johnsfine
Look at things from a virus writer viewpoint for a moment:
1) Linux has a reputation for being more secure. (maybe deserved, whether it is deserved or not isn't relevent to this question). So you expect to need more effort to write the virus.
Actually, Linux doesn't just have a reputation for being more secure, it is more secure. By design. And yes, that is relevant to this discussion.
Quote:
Originally Posted by johnsfine
2) Linux is less common, which has an N squared effect on its value to the virus writer:
2a) It's harder to get the virus to propogate because the targets would be a lower fraction of the machines with which an infected machine communicates.
2b) Even at the same percentage infection rate (which 2a says you can't achieve) there would be a much lower total infection rate.
Bull. Linux is actually EXTREMELY common in the server world. There are plenty of numbers to suggest that it outnumbers Windows boxes in the server world. And since these are the computers that are connected to the internet 24/7/365, they are HIGH VALUE targets.

Quote:
Originally Posted by johnsfine
3) If you somehow succeeded despite all that, the information needed to launch effective counter measures is widely distributed (open source effect) so your virus would be killed off sooner.
I'm not so sure about that. It depends more upon the community responding than anything else. Direct attacks on the kernel would probably get solved sooner, but attacks against applications might not be. Take phpBB for example, they've been a security nightmare for YEARS and they're open source.

Quote:
Originally Posted by johnsfine
Even within Linux, the variety in decisions made by the distribution maintainer and by the end user fragments the pool of infectable systems and further makes it a poor target choice for virus writers.

Nonsense. The various distros out there have much more in common than they have differences. The differences tend to be around things like package management than anything else. The basic software running on most Linux systems is extremely similar from distro to distro.
Quote:
Originally Posted by johnsfine
Ultimately, Linux puts in the hands of the system installer far better information and tools to make the system truely secure (vs. Windows). Then most people installing Linux systems fail to use those tools and information and use a system that fundamentally is only a little more secure than Windows. Then they are protected from viruses by being part of a small fragment pool of infectable systems, rather than by having a fundamentally safe system. As long as Windows provides the large uniform pool of infectable systems, Linux can be far safer even without all the fundamental reasons.
Again, mostly hogwash. By design, Linux is a multi-user environment and as long as it is used in that manner, viruses are much harder to propegate because they can't get the kind of system-level access they need. Windows, in contrast, had the multi-user aspect bolted onto the side of what is fundamentally a single user OS. It has absolutely nothing to do with numbers and everything to do with design.

Should Linux users be worried about system security? Absolutely they should. But lets base that worry on real factors, not some FUD about how it is only the lack of Linux on the desktop that is keeping the mangy hordes of virus writers at bay.
 
Old 03-19-2008, 03:50 PM   #11
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Rep: Reputation: 48
Perhaps the biggest one is legacy support. In the days of DOS, the computer simply ran in single-user mode. MS is a company which has to please its clients to keep going (unlike the free software movement, which can continue even if we become unpopular). Therefore, MS has been extremely hesitant to break backwards compatibility. Everything up to Windows 98 would still run good-ol DOS executables. The trouble is, that when there was a design flaw in old systems, that got grandfathered in to new systems.

The switch to NT changed the ability of arbitrary code to get administrator access, but the truth is that the vulnerabilities of NT grandfathered into 2000, and to a lesser extent into XP. Linux doesn't have this problem, because we've never cared about breaking backwards binary compatibility. Since the vast majority of Linux programs are open source, that's not a problem - our distro's maintainers can simply recompile.

Ironically, when MS finally decided to break backwards compatibility (Vista), people were... not happy.

And I think there is something to be said for the fragmentation of the Linux community. We can say that distros are more similar than different, and that makes a lot of sense when we compare Debian and Ubuntu. But what when you compare Debian and GoboLinux? What about Ubuntu and Gentoo? We all know where to find /bin/sh, but many other things can be different. Some, yet not all distros use SELinux in some way. We run different kernel versions, which may cause pre-compiled viruses to segfault when they try kernel exploits. My kernel will refuse to load modules not compiled for that exact version by the exact same gcc. If your virus exploits a vulnerability that appears in glib, maybe not everyone has that version of glib. This fragmentation does significantly slim down the infection pool. Unless we maybe start seeing a lot more Java viruses. (And I'm sure we will soon)

We are more secure because we realized earlier the need for decent firewalling. This is not to say that iptables is superior to ... well, whatever it is win32 has - it may be, but I don't have the networking background to say. However, it is safe to say that people have spent more time writing and debugging good default settings for iptables. It is safe to say that more time has gone into studying how to use it to harden a system. Remember that although it hasn't always been iptables (it was ipchaines before, and I don't know what before that), Linux has been a server environment for most of it's life and thus would need a good firewall very early in its existence.

We are more secure because of our package management systems. When I install an app that needs a hole in the firewall, I don't have to muck about in it myself. I don't have to change anything by hand, it's handled for me.

And finally, yes - we have security through obscurity. Some people will tell you that there's no such thing, but they're wrong. What they mean to say is that security through obscurity is *very weak* security, which is true. However, as I don't attract the attention of any particularly persistent hackers, I get some small degree of deterrent from that.
 
  


Reply

Tags
virus


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Windows vs. Linux Compared With Mixed Results LXer Syndicated Linux News 0 11-14-2007 05:51 AM
linux slow compared to windows? InsaneLampshade Linux - Newbie 11 09-17-2007 06:48 PM
Different way of handling keyboard entries by Linux compared to WIndows? gommans Linux - Hardware 0 02-19-2007 06:44 AM
How secure is Linux compared to windows? bongski55 Linux - Security 18 09-19-2005 06:23 PM
Windows Dial up is Slow... Compared to Linux. trickykid General 5 07-20-2001 06:06 PM


All times are GMT -5. The time now is 08:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration