Linux Viruses?
 

Hi, I watched the BBC "Click" program on News 24 over the weekend and heard from one of the presenters that it is a fallancy to believe that Linux is safe from viruses. In fact, he said that there were viruses out there at this time, and some of us could be infected. As an elementary Linux user I understood from other Linux users that there were no known Linux viruses at this time and I've never heard anyone say on the forums that their Linux Machine had ever been infected.
Knowing TV programs like "Click", I am always a little suspicious that they are biased because of sponsorship (either directly or indirectly), ignorance or just plain scaremongering.
What do our expert users think / know? Are there Linux viruses out there, and should we be concerned?

gael.

http://en.wikipedia.org/wiki/List_of...iruses#Threats - there are very few viruses and trojans out there for Linux. It must be said that the BBC does over emphasise and sensationalise threats. The permissioning in Linux is part of what helps to keep us safe. The last I heard was that there are around 40 viruses, not all in the wild. It's possible that that list has now grown, but I think we are a long way behind the Windows world!

There are virus scanners for Linux, I would recommend getting one especially if you serve files to Windows clients (whether as a server, a share or via email).

So what do you recommend for Virus scanners because I am serving files to Windows clients in my network. Thanks.

If you want to install virus scanner on Linux server then Clam is a good option. It has ClamTk frontend as a scanner or you can use the command line option as well.

My Linux does sometimes interact with my Windows, so I also have ClamAV in order to check files from time to time. Also I believe it's more efficient scanning a "sleeping" Windows as at that time the virus has no way of hiding itself from the OS like it could when it's running.

Also I scan all incoming mail for viruses. But this is mostly so that I could tell people if somebody I know sent me a virus, which so far just happened once.

I think the virus-threat on Linux should not be disregarded, but also not be exaggerated.
Many a Windows-user runs around as admin-user and thus is able to destroy his system with a click. Most Linux-users don't do this. Thus the risk of infection is usually limited to the user's files.

Also the problem is that Linux is quite a bit more diverse than Windows is.
You could say every Windows is the same, except maybe 32- and 64-bit versions of course.
Just an example:
I am sure that, unless you also run Fedora 10 X86_64 and have same version of bash (bash-3.2-30.fc10.x86_64) installed that your file will be different.

But how about for example explorer.exe on Windows? As said, I am pretty confident that if you compare explorer.exe from one Windows (let's assume Vista 32-bit with all updates) with another (also Vista 32-bit with all updates) the files will be identical.

That binaries themselves are different is a minor problem I guess, but what about libraries?
CentOS 5.2 has GLibC 2.5, Fedora 10 has GLibC 2.9. This is quite a difference. And that's a problem that doesn't exist on Windows.

Also you should take into account that there's stuff like SELinux out there, which makes Linux even more secure than it is by default.

So, the thing is that Linux, by being so diverse offers an extra challenge for virus-writers. If you send out a virus it would either have to be compiled on the machine that you want to infect (and who says gcc is even installed?), it needs to be compiled for the distribution you want to target (sucks because you surely want your virus attack as many computers as possible without too much work on your side) or, which might help a bit, but make the file a bit bigger, it has to be a static binary (although I'm not sure if there may be other problems associated to that).

So, as you can see, the diversity of Linux, that every distribution in one way or the other is different from the others, contributes to the security offered by Linux.

And then people complain there's so many Linux-distributions out there to choose from...

i have ran ClamAV for years and the only things it has found were some windows viruses that Norton missed on Win XP ( Triple boot - fedora 9, cent5.2, win XP)

also RkHunter and chkrootkit have never found anything ever ,in the last 5 years .
some of that is because SELinux is set to enforcing and IPtables has unused ports stealth blocked ( the default setting)

just fallow good - safe practices and there is not to much to worry about.

mostly the only thing you need to look out for is passing a windows virus to a friend who is running xp or vista from a shared file .

That's true, but it's also "old news". As someone above said, BBC -and most channels by that matter- over emphasize things that really have nothing surprising or new on them. One of these days they will make an special program telling us that the man has been at the moon, you know.

False, and a simple google could have sorted that out for you long ago. "linux viruses".

In like 15 years, I've never been infected with malware on linux (well, that I know of ;) ). It's just that the security model of the OS prevents any threat from propagating, even if it reaches your mailbox. To start with, no linux program is that dumb as to run an attachment without you doing it yourself. However, don't be misslead by my words. I have no doubt that as linux become more famous, more crapware and malware will be made available, so we can enjoy it just like windows users.

But even then, it's almost impossible that a virus will infect your whole system. At most, it would be confined to an user's account, that is, unless you are that weird to surf the net and open the mail as root.

I'd worry more about hackers and other kind of attacks like DoS.

No need to look at a linux virus to see idiotic things. They already say enough silly things when talking about windows viruses. Each four months you can see a paper telling you how terrific the xxx virus is, when the truth is that there are like 500 virus which do the same every single day. But, yet again, they sell it like something new. Maybe because they need something to fill, maybe because they randomly pick news that are not new, maybe because that virus infected the pc of the daughter of the director of the tv show, who knows.

Here's a real, in-the-wild, current Linux worm: http://vil.nai.com/vil/content/v_154392.htm

This nasty infects certain routers with an embedded version of Linux if the user hasn't changed the factory settings and hasn't secured the box with a sensible password.

That is the root of the problem, pun intended: with more casual Windows users flocking to Linux hoping to become casual Linux users, there will be more people doing the stupid thing, namely remove passwords, log in as root for everything, maybe even make everything executable which they get as an e-mail attachment prior to double-clicking it. The capacity for stupidity in humans is without bounds. So saying that Linux or any other system whatsoever cannot be attacked successfully is wrong.

However, there is a difference if you have your gold reserves in Fort Knox or buried in your garden with a red x to mark the spot. Linux by default is closer to Fort Knox, and unless you consciously leave all the doors open and send the guards home your stuff is safe. Windows is more like the spot in your garden, unless you make conscious and constant effort to obfuscate the spot. Insofar I think it is much harder to successfully attack Linux on a wide scale, and not just because of its relative small spread and high diversity.

Robin

The fact that they used the term "virus" doesn't fill me with confidence on the accuracy of the story.
This story is a little dated (2003) when there were only 60,000 windows viruses.
http://www.theregister.co.uk/2003/10...ndows_viruses/

Learn about root kits, securing services, closing ports, etc. Run rkhunter to scan for root kits. Use noscript in Firefox.

Never run as root. That is the main reason there are many thousands (60,000 in 2003) of viruses for Windows and 50 for Linux. You need to be social engineered to run a binary installer as root. Almost all Linux users rely on their distros for software.
Avoid using Lindows or Puppy Linux. Normal users run as root. Lindows name changed, and they may not make this root mistake anymore.

Rely on open source programs that your distro has vetted. Don't download binary installers unless you are absolutely certain about the source. E.G. Sun's Java or an nvidia installer.

OK, I'm being sarcastic on the last one.

---
It does concern me when users post about installing RH9, or want Linux to have some of the convenient features of Windows that make Windows less secure. Convenience is inversely proportional to security.
---
As applications move to the web, will be be dependent on the security of third parties? That doesn't fill me with confidence.
---
There are a few potential problems when we install close source apps & plugins. E.G. flash. Flash. Flash isn't simply a document format. It is a language. The same is true of postscript & pdf files. So keeping software up to date is important.

Good Luck!

I agree with all that (except I think in most cases SELinux is overkill).

Besides, most viruses use exploits in the system, but with Linux these are fixed way faster than with Window$.

Ahh, yes... I can see where you went wrong now.

;)

Yes, I agree. BBC try to market themselves as a serious broadcaster, but they are in many cases in the front of promoting moral and health panics. And on the Click program also computer health panics.

As they say, nothing is impossible, but some basic precausions will keep your Linux machine free of viruses, even without heavy things like SELinux. The above posts have given some good advice. Not running as root probably the main one. A basic firewall (like IPTables) is probably a good thing too. I would also like to add shutting down services like ftpd and sshd if you don't use them. Check that you set them up properly if you do use them (in order to avoid hackers).

Mons

Almost.

"It is important note there are a couple of criteria that must be met before your router can be exploited via Psyb0t. First, the router must be a MIPS device (x86 devices are not vulnerable to Psyb0t). Second, it has to be configured to be administered remotely (from the internet, not the local LAN), and third it needs to be using the default password that the device was originally configured with (a common insecure practice)."

http://www.mxlogic.com/itsecurityblo...me-Routers.cfm

What kind of idiot enables remote administration without having changed the password?

Robin:

Well spoken. Well argued. Fairly said rhetoric.

May the newbies from windows read your post.

Congratulations.

I have nothing else to add but admire.


Malek Mustaqiim

Thanks for all the eye opening replies from you guys ... the real Linux users rather than the BBC Media people who seem to always wax lyrical about Microsoft. Having said that, Microsoft does have its place within the Computing community ... so I'm not knocking it. As for the safer option, I think Linux and a little common sense :)

Thanks again,
gael.