|
Linux Viruses?
Hi, I watched the BBC "Click" program on News 24 over the weekend and heard from one of the presenters that it is a fallancy to believe that Linux is safe from viruses. In fact, he said that there were viruses out there at this time, and some of us could be infected. As an elementary Linux user I understood from other Linux users that there were no known Linux viruses at this time and I've never heard anyone say on the forums that their Linux Machine had ever been infected.
Knowing TV programs like "Click", I am always a little suspicious that they are biased because of sponsorship (either directly or indirectly), ignorance or just plain scaremongering. What do our expert users think / know? Are there Linux viruses out there, and should we be concerned? gael. |
http://en.wikipedia.org/wiki/List_of...iruses#Threats - there are very few viruses and trojans out there for Linux. It must be said that the BBC does over emphasise and sensationalise threats. The permissioning in Linux is part of what helps to keep us safe. The last I heard was that there are around 40 viruses, not all in the wild. It's possible that that list has now grown, but I think we are a long way behind the Windows world!
There are virus scanners for Linux, I would recommend getting one especially if you serve files to Windows clients (whether as a server, a share or via email). |
Quote:
|
If you want to install virus scanner on Linux server then Clam is a good option. It has ClamTk frontend as a scanner or you can use the command line option as well.
|
My Linux does sometimes interact with my Windows, so I also have ClamAV in order to check files from time to time. Also I believe it's more efficient scanning a "sleeping" Windows as at that time the virus has no way of hiding itself from the OS like it could when it's running.
Also I scan all incoming mail for viruses. But this is mostly so that I could tell people if somebody I know sent me a virus, which so far just happened once. I think the virus-threat on Linux should not be disregarded, but also not be exaggerated. Many a Windows-user runs around as admin-user and thus is able to destroy his system with a click. Most Linux-users don't do this. Thus the risk of infection is usually limited to the user's files. Also the problem is that Linux is quite a bit more diverse than Windows is. You could say every Windows is the same, except maybe 32- and 64-bit versions of course. Just an example: Quote:
But how about for example explorer.exe on Windows? As said, I am pretty confident that if you compare explorer.exe from one Windows (let's assume Vista 32-bit with all updates) with another (also Vista 32-bit with all updates) the files will be identical. That binaries themselves are different is a minor problem I guess, but what about libraries? CentOS 5.2 has GLibC 2.5, Fedora 10 has GLibC 2.9. This is quite a difference. And that's a problem that doesn't exist on Windows. Also you should take into account that there's stuff like SELinux out there, which makes Linux even more secure than it is by default. So, the thing is that Linux, by being so diverse offers an extra challenge for virus-writers. If you send out a virus it would either have to be compiled on the machine that you want to infect (and who says gcc is even installed?), it needs to be compiled for the distribution you want to target (sucks because you surely want your virus attack as many computers as possible without too much work on your side) or, which might help a bit, but make the file a bit bigger, it has to be a static binary (although I'm not sure if there may be other problems associated to that). So, as you can see, the diversity of Linux, that every distribution in one way or the other is different from the others, contributes to the security offered by Linux. And then people complain there's so many Linux-distributions out there to choose from... |
i have ran ClamAV for years and the only things it has found were some windows viruses that Norton missed on Win XP ( Triple boot - fedora 9, cent5.2, win XP)
also RkHunter and chkrootkit have never found anything ever ,in the last 5 years . some of that is because SELinux is set to enforcing and IPtables has unused ports stealth blocked ( the default setting) just fallow good - safe practices and there is not to much to worry about. mostly the only thing you need to look out for is passing a windows virus to a friend who is running xp or vista from a shared file . |
Quote:
Quote:
Quote:
But even then, it's almost impossible that a virus will infect your whole system. At most, it would be confined to an user's account, that is, unless you are that weird to surf the net and open the mail as root. I'd worry more about hackers and other kind of attacks like DoS. Quote:
|
Here's a real, in-the-wild, current Linux worm: http://vil.nai.com/vil/content/v_154392.htm
This nasty infects certain routers with an embedded version of Linux if the user hasn't changed the factory settings and hasn't secured the box with a sensible password. That is the root of the problem, pun intended: with more casual Windows users flocking to Linux hoping to become casual Linux users, there will be more people doing the stupid thing, namely remove passwords, log in as root for everything, maybe even make everything executable which they get as an e-mail attachment prior to double-clicking it. The capacity for stupidity in humans is without bounds. So saying that Linux or any other system whatsoever cannot be attacked successfully is wrong. However, there is a difference if you have your gold reserves in Fort Knox or buried in your garden with a red x to mark the spot. Linux by default is closer to Fort Knox, and unless you consciously leave all the doors open and send the guards home your stuff is safe. Windows is more like the spot in your garden, unless you make conscious and constant effort to obfuscate the spot. Insofar I think it is much harder to successfully attack Linux on a wide scale, and not just because of its relative small spread and high diversity. Robin |
The fact that they used the term "virus" doesn't fill me with confidence on the accuracy of the story.
This story is a little dated (2003) when there were only 60,000 windows viruses. http://www.theregister.co.uk/2003/10...ndows_viruses/ Learn about root kits, securing services, closing ports, etc. Run rkhunter to scan for root kits. Use noscript in Firefox. Never run as root. That is the main reason there are many thousands (60,000 in 2003) of viruses for Windows and 50 for Linux. You need to be social engineered to run a binary installer as root. Almost all Linux users rely on their distros for software. Avoid using Lindows or Puppy Linux. Normal users run as root. Lindows name changed, and they may not make this root mistake anymore. Rely on open source programs that your distro has vetted. Don't download binary installers unless you are absolutely certain about the source. E.G. Sun's Java or an nvidia installer. Code:
LINUX WINDOWS--- It does concern me when users post about installing RH9, or want Linux to have some of the convenient features of Windows that make Windows less secure. Convenience is inversely proportional to security. --- As applications move to the web, will be be dependent on the security of third parties? That doesn't fill me with confidence. --- There are a few potential problems when we install close source apps & plugins. E.G. flash. Flash. Flash isn't simply a document format. It is a language. The same is true of postscript & pdf files. So keeping software up to date is important. Good Luck! |
Quote:
Besides, most viruses use exploits in the system, but with Linux these are fixed way faster than with Window$. |
Quote:
;) |
Quote:
As they say, nothing is impossible, but some basic precausions will keep your Linux machine free of viruses, even without heavy things like SELinux. The above posts have given some good advice. Not running as root probably the main one. A basic firewall (like IPTables) is probably a good thing too. I would also like to add shutting down services like ftpd and sshd if you don't use them. Check that you set them up properly if you do use them (in order to avoid hackers). Mons |
Quote:
"It is important note there are a couple of criteria that must be met before your router can be exploited via Psyb0t. First, the router must be a MIPS device (x86 devices are not vulnerable to Psyb0t). Second, it has to be configured to be administered remotely (from the internet, not the local LAN), and third it needs to be using the default password that the device was originally configured with (a common insecure practice)." http://www.mxlogic.com/itsecurityblo...me-Routers.cfm What kind of idiot enables remote administration without having changed the password? |
Robin:
Well spoken. Well argued. Fairly said rhetoric. May the newbies from windows read your post. Congratulations. I have nothing else to add but admire. Malek Mustaqiim |
Thanks for all the eye opening replies from you guys ... the real Linux users rather than the BBC Media people who seem to always wax lyrical about Microsoft. Having said that, Microsoft does have its place within the Computing community ... so I'm not knocking it. As for the safer option, I think Linux and a little common sense :)
Thanks again, gael. |
Chances of a linux user getting a virus over a life time is somewhere around less the %2, (now thats according to my teacher Over @ Geeks to Go) Purely Because you would need to give it permission (sudo within Root?) to run.
|
First of all, let's all stop using biological terms, like "virus" and particularly, "infect."
Computers are electronic machines, nothing more or less. They do not "get sick." Nothing "happens to them." Millions of Microsoft Windows machines suffer regular failures simply because the security on those systems has been deliberately turned off. They are running as all-powerful "Administrator" users, with no passwords anywhere. Since any program run by a user runs with that user's privileges, and since Administrators are all-powerful, rogue programs have a field day. Both Linux and Macintosh (OS/X) systems therefore "fare much better," even to the point of being seen as "virus-proof," simply because their security model is turned on, as of course it should be. The owner or administrator of any system still has the obligation to be cautious, and to be informed. Linux, like all systems, has plenty of potential vulnerabilities, and the most significant of these is always located "between two human ears." |
Quote:
Even more, it can be extended to the moral sense, so you can use the word "virus" generically to imply a corrupting nature of any kind, when talking of any subject, and it would still be correct, hence we could say that <whatever you prefer> is a virus for our society. And that meaning would still be correct. http://dictionary.reference.com/browse/virus Code:
1. an ultramicroscopic (20 to 300 nm in diameter), metabolically inert, infectious agent that replicates only within the cells of living hosts, mainly bacteria, plants, and animals: composed of an RNA or DNA core, a protein coat, and, in more complex types, a surrounding envelope. |
A computer virus is not at all unlike a biological one. In fact, a program can be considered to be alive if designed properly.
|
Quote:
A biological virus is nothing more than a DNA sequence wrapped into some proteins (RNA in the case of a retrovirus). We could consider DNA like programs which are formed by numbers written in base of 4, instead of 2 like most computers do: C, A, G, T (C, A, G, U in the case of RNA) instead of 0 and 1. The only difference is that, bugs aside, the instruction set for the x86 is well known, while the instruction set for Life (tm) is, for the most part, a mystery. A biological virus can't do anything by itself, just like a computer one it only holds a code segment with the instructions to do whatever, and he needs a host where to put that instructions, so the host does all the work instead. PS. My whole point in case it's not clear is that I agree with you in the sense that there's little difference for me between a DNA sequence and a computer program. Being the only difference that a computer program is created using maths and logic at the very core, while for me (not so for creationists) DNA evolves in a completely random and casual manner, affected by the environment and attending only to the laws of biochemistry, which at the very core are just physics, the same laws that govern an electronic device (and by the way, molecules are just that, hi-tech electronic devices ;) ). |
In the latest Futures in Biotech podcast, two virologists were guests. They disagreed over whether a virus was alive. In my very humble opinion, a virus is only alive after it infects a cell. And then it is the cell that is alive, not what was the virus.
|
? ? ? ? ? ? ?
ELLO FOLKS :),
Nice topic, got a lot of information from this. N people as its open source, if someone inserts a part of a code into a software or a small tool which does activity which is not supposed to be done(no need to get root privelage even a normal basic file deletion or anything) and puts the modified software in ftp or other sites for people to download and use ,, wat will happen ? Is it that as its open source, software and operating system are available for free in the websites of the organizations which developed them only and we have to be careful enough to download from them only or is the above thing cant be done in open source. ? Thank you folks .. :) |
I do not understand what do you mean by that. Do you want to say that because the software is open source and the source code is available, someone can modify the code and put some malicious code in it and share the code? That is possible but then code is available to everyone and anyone can check for the code for malformations and correct it.
The advantage here is that if a closed source software is malformed at the source then you do not have the source and there is no way anyone else can change the code other than the original writer. |
In theory someone could come up with a program which includes a malware payload. He could advertise it as open source and offer the source code, excluding the malware parts. He can also offer the binary versions which do include the malware payload. It's not inconceivable. But in order for you as an end user to learn that this software even exists, it must be advertised somewhat. That means many people will probably look at it before you do, and some of them will be paranoid about this. They might compile the source and find out it is different from the binary version. They might run the binary version in a secure environment to see what it does. Whatever they do, someone will sooner or later find out that the program contains a malware payload.
So what you should do, if you want to use software you have not installed from the repositories of your distribution, is find out whether the software in question is known to cause problems. If it has been around for a while and people aren't complaining, then it is probably safe to use. If it's completely new and you have reason to mistrust it, don't use it. Robin |
That's not the way to think about it. Sure someone could do that, but with all the devs looking at the code it would never pass. In fact, the opposite is true, it's far less likely (if not almost impossible) for FLOSS to be infected with malware.
|
Quote:
So, as someone said, the OSS is at advantage here, because everyone can see all the code, and any suspicious code is rapidly audited for vulnerabilities of any kind. Note also that in linux there's really no point in downloading sofware from elsewhere but the home page of a project or your distro's repositories. Here we don't need to go fishing on warez sites, so why would I google for something instead of going to the home site? |
Quote:
|
:)
Thank you folks ,, that was really informative .. :)
|
| All times are GMT -5. The time now is 01:33 PM. |