LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-30-2009, 02:50 AM   #1
gael33
Member
 
Registered: Feb 2009
Location: Scotland
Distribution: Linux Mint 18.0 Cinnamon 64 bit
Posts: 301

Rep: Reputation: 20
Linux Viruses?


Hi, I watched the BBC "Click" program on News 24 over the weekend and heard from one of the presenters that it is a fallancy to believe that Linux is safe from viruses. In fact, he said that there were viruses out there at this time, and some of us could be infected. As an elementary Linux user I understood from other Linux users that there were no known Linux viruses at this time and I've never heard anyone say on the forums that their Linux Machine had ever been infected.
Knowing TV programs like "Click", I am always a little suspicious that they are biased because of sponsorship (either directly or indirectly), ignorance or just plain scaremongering.
What do our expert users think / know? Are there Linux viruses out there, and should we be concerned?

gael.
 
Old 03-30-2009, 03:06 AM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 469Reputation: 469Reputation: 469Reputation: 469Reputation: 469
http://en.wikipedia.org/wiki/List_of...iruses#Threats - there are very few viruses and trojans out there for Linux. It must be said that the BBC does over emphasise and sensationalise threats. The permissioning in Linux is part of what helps to keep us safe. The last I heard was that there are around 40 viruses, not all in the wild. It's possible that that list has now grown, but I think we are a long way behind the Windows world!

There are virus scanners for Linux, I would recommend getting one especially if you serve files to Windows clients (whether as a server, a share or via email).
 
Old 03-30-2009, 03:18 AM   #3
ahmed_as8
Member
 
Registered: Nov 2008
Location: Egypt
Distribution: Ubuntu, SuSE
Posts: 101

Rep: Reputation: 16
Quote:
Originally Posted by XavierP View Post
http://en.wikipedia.org/wiki/List_of...iruses#Threats - there are very few viruses and trojans out there for Linux. It must be said that the BBC does over emphasise and sensationalise threats. The permissioning in Linux is part of what helps to keep us safe. The last I heard was that there are around 40 viruses, not all in the wild. It's possible that that list has now grown, but I think we are a long way behind the Windows world!

There are virus scanners for Linux, I would recommend getting one especially if you serve files to Windows clients (whether as a server, a share or via email).
So what do you recommend for Virus scanners because I am serving files to Windows clients in my network. Thanks.
 
Old 03-30-2009, 03:25 AM   #4
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
If you want to install virus scanner on Linux server then Clam is a good option. It has ClamTk frontend as a scanner or you can use the command line option as well.
 
Old 03-30-2009, 03:34 AM   #5
reptiler
Member
 
Registered: Mar 2009
Location: Hong Kong
Distribution: Fedora
Posts: 184

Rep: Reputation: 41
My Linux does sometimes interact with my Windows, so I also have ClamAV in order to check files from time to time. Also I believe it's more efficient scanning a "sleeping" Windows as at that time the virus has no way of hiding itself from the OS like it could when it's running.

Also I scan all incoming mail for viruses. But this is mostly so that I could tell people if somebody I know sent me a virus, which so far just happened once.

I think the virus-threat on Linux should not be disregarded, but also not be exaggerated.
Many a Windows-user runs around as admin-user and thus is able to destroy his system with a click. Most Linux-users don't do this. Thus the risk of infection is usually limited to the user's files.

Also the problem is that Linux is quite a bit more diverse than Windows is.
You could say every Windows is the same, except maybe 32- and 64-bit versions of course.
Just an example:
Quote:
Originally Posted by md5sum $(which bash)
0b3c287a8a291c3c068734c26818b3a9 /bin/bash
I am sure that, unless you also run Fedora 10 X86_64 and have same version of bash (bash-3.2-30.fc10.x86_64) installed that your file will be different.

But how about for example explorer.exe on Windows? As said, I am pretty confident that if you compare explorer.exe from one Windows (let's assume Vista 32-bit with all updates) with another (also Vista 32-bit with all updates) the files will be identical.

That binaries themselves are different is a minor problem I guess, but what about libraries?
CentOS 5.2 has GLibC 2.5, Fedora 10 has GLibC 2.9. This is quite a difference. And that's a problem that doesn't exist on Windows.

Also you should take into account that there's stuff like SELinux out there, which makes Linux even more secure than it is by default.

So, the thing is that Linux, by being so diverse offers an extra challenge for virus-writers. If you send out a virus it would either have to be compiled on the machine that you want to infect (and who says gcc is even installed?), it needs to be compiled for the distribution you want to target (sucks because you surely want your virus attack as many computers as possible without too much work on your side) or, which might help a bit, but make the file a bit bigger, it has to be a static binary (although I'm not sure if there may be other problems associated to that).

So, as you can see, the diversity of Linux, that every distribution in one way or the other is different from the others, contributes to the security offered by Linux.

And then people complain there's so many Linux-distributions out there to choose from...
 
Old 03-30-2009, 03:40 AM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,906

Rep: Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428Reputation: 2428
i have ran ClamAV for years and the only things it has found were some windows viruses that Norton missed on Win XP ( Triple boot - fedora 9, cent5.2, win XP)

also RkHunter and chkrootkit have never found anything ever ,in the last 5 years .
some of that is because SELinux is set to enforcing and IPtables has unused ports stealth blocked ( the default setting)

just fallow good - safe practices and there is not to much to worry about.

mostly the only thing you need to look out for is passing a windows virus to a friend who is running xp or vista from a shared file .
 
Old 03-30-2009, 03:47 AM   #7
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
Quote:
Originally Posted by gael33 View Post
Hi, I watched the BBC "Click" program on News 24 over the weekend and heard from one of the presenters that it is a fallancy to believe that Linux is safe from viruses. In fact, he said that there were viruses out there at this time, and some of us could be infected.
That's true, but it's also "old news". As someone above said, BBC -and most channels by that matter- over emphasize things that really have nothing surprising or new on them. One of these days they will make an special program telling us that the man has been at the moon, you know.

Quote:
As an elementary Linux user I understood from other Linux users that there were no known Linux viruses at this time
False, and a simple google could have sorted that out for you long ago. "linux viruses".

Quote:
and I've never heard anyone say on the forums that their Linux Machine had ever been infected.
In like 15 years, I've never been infected with malware on linux (well, that I know of ). It's just that the security model of the OS prevents any threat from propagating, even if it reaches your mailbox. To start with, no linux program is that dumb as to run an attachment without you doing it yourself. However, don't be misslead by my words. I have no doubt that as linux become more famous, more crapware and malware will be made available, so we can enjoy it just like windows users.

But even then, it's almost impossible that a virus will infect your whole system. At most, it would be confined to an user's account, that is, unless you are that weird to surf the net and open the mail as root.

I'd worry more about hackers and other kind of attacks like DoS.

Quote:
Knowing TV programs like "Click", I am always a little suspicious that they are biased because of sponsorship (either directly or indirectly), ignorance or just plain scaremongering.
What do our expert users think / know? Are there Linux viruses out there, and should we be concerned?
No need to look at a linux virus to see idiotic things. They already say enough silly things when talking about windows viruses. Each four months you can see a paper telling you how terrific the xxx virus is, when the truth is that there are like 500 virus which do the same every single day. But, yet again, they sell it like something new. Maybe because they need something to fill, maybe because they randomly pick news that are not new, maybe because that virus infected the pc of the daughter of the director of the tv show, who knows.

Last edited by i92guboj; 03-30-2009 at 03:48 AM.
 
Old 03-30-2009, 04:44 AM   #8
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Blog Entries: 14

Rep: Reputation: 35
Here's a real, in-the-wild, current Linux worm: http://vil.nai.com/vil/content/v_154392.htm

This nasty infects certain routers with an embedded version of Linux if the user hasn't changed the factory settings and hasn't secured the box with a sensible password.

That is the root of the problem, pun intended: with more casual Windows users flocking to Linux hoping to become casual Linux users, there will be more people doing the stupid thing, namely remove passwords, log in as root for everything, maybe even make everything executable which they get as an e-mail attachment prior to double-clicking it. The capacity for stupidity in humans is without bounds. So saying that Linux or any other system whatsoever cannot be attacked successfully is wrong.

However, there is a difference if you have your gold reserves in Fort Knox or buried in your garden with a red x to mark the spot. Linux by default is closer to Fort Knox, and unless you consciously leave all the doors open and send the guards home your stuff is safe. Windows is more like the spot in your garden, unless you make conscious and constant effort to obfuscate the spot. Insofar I think it is much harder to successfully attack Linux on a wide scale, and not just because of its relative small spread and high diversity.

Robin
 
Old 03-30-2009, 05:35 AM   #9
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
The fact that they used the term "virus" doesn't fill me with confidence on the accuracy of the story.
This story is a little dated (2003) when there were only 60,000 windows viruses.
http://www.theregister.co.uk/2003/10...ndows_viruses/

Learn about root kits, securing services, closing ports, etc. Run rkhunter to scan for root kits. Use noscript in Firefox.

Never run as root. That is the main reason there are many thousands (60,000 in 2003) of viruses for Windows and 50 for Linux. You need to be social engineered to run a binary installer as root. Almost all Linux users rely on their distros for software.
Avoid using Lindows or Puppy Linux. Normal users run as root. Lindows name changed, and they may not make this root mistake anymore.

Rely on open source programs that your distro has vetted. Don't download binary installers unless you are absolutely certain about the source. E.G. Sun's Java or an nvidia installer.

Code:
LINUX                                     WINDOWS
Users normally don't run as root             Users tend to run as root.
Executable bit required to run.              Numerous extensions used to determine if a program can execute.
Numerous Distros (herd immunity)             Monoculture (fast replication)
Scripts used (bad enough)                    ActiveX & COM units (infinitely worse) in documents & RPCs galore.
Source code can be vetted. (Many eyes)       Closed source programs dominate which can't be vetted.
Reliance on vetted open source from distro.  Blind trust in downloaded propriety software.

Linux users are smart.;)                       Millions of lazy windows users.:cry:
OK, I'm being sarcastic on the last one.

---
It does concern me when users post about installing RH9, or want Linux to have some of the convenient features of Windows that make Windows less secure. Convenience is inversely proportional to security.
---
As applications move to the web, will be be dependent on the security of third parties? That doesn't fill me with confidence.
---
There are a few potential problems when we install close source apps & plugins. E.G. flash. Flash. Flash isn't simply a document format. It is a language. The same is true of postscript & pdf files. So keeping software up to date is important.

Good Luck!

Last edited by jschiwal; 03-30-2009 at 05:40 AM.
 
Old 03-30-2009, 05:41 AM   #10
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285
Quote:
Originally Posted by John VV View Post
i have ran ClamAV for years and the only things it has found were some windows viruses that Norton missed on Win XP ( Triple boot - fedora 9, cent5.2, win XP)

also RkHunter and chkrootkit have never found anything ever ,in the last 5 years .
some of that is because SELinux is set to enforcing and IPtables has unused ports stealth blocked ( the default setting)

just fallow good - safe practices and there is not to much to worry about.

mostly the only thing you need to look out for is passing a windows virus to a friend who is running xp or vista from a shared file .
I agree with all that (except I think in most cases SELinux is overkill).

Besides, most viruses use exploits in the system, but with Linux these are fixed way faster than with Window$.
 
Old 03-30-2009, 06:02 AM   #11
GazL
Senior Member
 
Registered: May 2008
Posts: 4,115
Blog Entries: 2

Rep: Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565
Quote:
Originally Posted by gael33 View Post
Hi, I watched the BBC "Click" program...
Ahh, yes... I can see where you went wrong now.

 
Old 03-30-2009, 06:40 AM   #12
monsm
Member
 
Registered: Feb 2005
Location: London, UK
Distribution: Gentoo
Posts: 568

Rep: Reputation: 37
Quote:
Originally Posted by GazL View Post
Ahh, yes... I can see where you went wrong now.

Yes, I agree. BBC try to market themselves as a serious broadcaster, but they are in many cases in the front of promoting moral and health panics. And on the Click program also computer health panics.

As they say, nothing is impossible, but some basic precausions will keep your Linux machine free of viruses, even without heavy things like SELinux. The above posts have given some good advice. Not running as root probably the main one. A basic firewall (like IPTables) is probably a good thing too. I would also like to add shutting down services like ftpd and sshd if you don't use them. Check that you set them up properly if you do use them (in order to avoid hackers).

Mons
 
Old 03-30-2009, 06:44 AM   #13
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,962

Rep: Reputation: 336Reputation: 336Reputation: 336Reputation: 336
Quote:
Originally Posted by bitpicker View Post
Here's a real, in-the-wild, current Linux worm: http://vil.nai.com/vil/content/v_154392.htm
Almost.

"It is important note there are a couple of criteria that must be met before your router can be exploited via Psyb0t. First, the router must be a MIPS device (x86 devices are not vulnerable to Psyb0t). Second, it has to be configured to be administered remotely (from the internet, not the local LAN), and third it needs to be using the default password that the device was originally configured with (a common insecure practice)."

http://www.mxlogic.com/itsecurityblo...me-Routers.cfm

What kind of idiot enables remote administration without having changed the password?

Last edited by rkelsen; 03-30-2009 at 06:50 AM.
 
Old 03-30-2009, 07:26 AM   #14
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,616

Rep: Reputation: 442Reputation: 442Reputation: 442Reputation: 442Reputation: 442
Robin:

Well spoken. Well argued. Fairly said rhetoric.

May the newbies from windows read your post.

Congratulations.

I have nothing else to add but admire.


Malek Mustaqiim
 
Old 03-30-2009, 01:24 PM   #15
gael33
Member
 
Registered: Feb 2009
Location: Scotland
Distribution: Linux Mint 18.0 Cinnamon 64 bit
Posts: 301

Original Poster
Rep: Reputation: 20
Thanks for all the eye opening replies from you guys ... the real Linux users rather than the BBC Media people who seem to always wax lyrical about Microsoft. Having said that, Microsoft does have its place within the Computing community ... so I'm not knocking it. As for the safer option, I think Linux and a little common sense

Thanks again,
gael.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux viruses PastorWirl Linux - Newbie 8 09-23-2007 05:10 AM
Linux and Viruses Chronothread Linux - Newbie 5 07-19-2007 05:28 PM
Linux Viruses? LinuxPimp Linux - Security 9 10-26-2004 02:51 PM
linux and viruses im_ka Fedora 2 02-13-2004 07:12 PM
Linux Viruses? isolationist Linux - Security 14 03-05-2003 01:59 PM


All times are GMT -5. The time now is 08:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration