LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-25-2008, 10:57 PM   #1
raphtor
Member
 
Registered: Aug 2008
Location: india
Posts: 174

Rep: Reputation: 30
virus immunity


can anyone tell me how exactly unix or linux is immune to virus?i mean how the processor knows what is an infected file??any site is know more is welcomed...
 
Old 09-25-2008, 11:15 PM   #2
johnson_steve
Senior Member
 
Registered: Apr 2005
Location: BrewCity, USA (Milwaukee, WI)
Distribution: Xubuntu 9.10, Gentoo 2.6.27 (AMD64), Darwin 9.0.0 (arm)
Posts: 1,152

Rep: Reputation: 46
Ok, it works like this:

First, there are about 400 different linux distros. These use different init systems and keep important files in different places. this means a virus would not only have to be written for linux, but it would have to be written for the specific kind of linux that you are running. Since windows has the majority of the market share and a virus can run equally well on almost all of them no one is putting the effort into writing linux viruses.

Second on a properly configured Linux/Unix/OSX system you do not run as root. This means you don't have the ability to do any serious harm to your system, you can only write to files that you have permission to write to; so any 'virus' that tried to wipe out your system could at most affect your personal documents. It wouldn't be able to affect the whole system or even the files on your computer that belong to another user.

These two things combine to make Linux/Unix/OSX the virus free environment that it is. First a 'cracker' would have to be determined enough to write a 'virus' that would only work on a small fraction of the linux computers that are a very small fraction of all computers; then he would only be able to (at most) delete your photos/music/homework, but not bring the system down or be able to compromise it in any serious way.
 
Old 09-26-2008, 12:09 AM   #3
popowich
Member
 
Registered: Nov 2004
Location: Rochester, New York
Distribution: RHEL5
Posts: 53

Rep: Reputation: 15
I believe this is a little misleading. It is still possible to create a virus/worm that targets a specific generally internet facing package that runs on "linux", for example apache, your favorite FTP server, etc, and use that as a way to try and gain access to another system. Adding an existing rootkit to a worm looking for a newly discovered vulnerability that can be used to gain local access can potentially do a lot of damage. Anyway, linux is not immune, and the differences between it and windows are just "different".

-Raymond
 
Old 09-26-2008, 01:37 AM   #4
johnson_steve
Senior Member
 
Registered: Apr 2005
Location: BrewCity, USA (Milwaukee, WI)
Distribution: Xubuntu 9.10, Gentoo 2.6.27 (AMD64), Darwin 9.0.0 (arm)
Posts: 1,152

Rep: Reputation: 46
What he asked about were infected files. perhaps I was to simple in my response, there are still many things that could happen. there are rootkits and you could get hacked. a properly configured web accessible service should be chrooted so that even if it's compromised you don't have to worry because it can only affect the small area that it is chrooted in. linux is a very secure system when properly set up. it isn't invincible in any magical way but I have been using linux for years on many computers. I set up all my families computers and they run linux too. none of these have ever had any security related issues.
 
Old 09-26-2008, 03:26 AM   #5
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
The CPU knows nothing of viruses on any system. No WinDuhs virus will run on Linux because the binary executable format is different and Linux does not know how to run a WinDuhs program. (You can use 'WINE' to run some programs, but then there are numerous other troubles for the virus even when running under WINE.) JavaScript and any other common interpreter (PDF, PostScript) of course provides opportunities to do some nasty things on both Linux and WinDuhs. The WinDuhs exploits also tend to be somewhat straightforward; on Linux you first need access to an account and then you need to gain root privileges; since there's a large number of different combinations of software versions (and vulnerabilities) on Linux, a cracker needs to put in a lot more effort to root a Linux box than a WinDuhs box. WinDuhs also provides many dozens of services by default; all these services offer opportunities for an exploit; most of these services are in fact not essential (except to WinDuhs - stupid design) and most don't even exist on Linux/UNIX so there's a lot of opportunities lost.
 
Old 09-26-2008, 05:30 PM   #6
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
Quote:
Originally Posted by raphtor View Post
can anyone tell me how exactly unix or linux is immune to virus?i mean how the processor knows what is an infected file??any site is know more is welcomed...
in short, no virus designed to run on any MS Windows system will work on a Linux or *nix system. As stated they are not the same binary thus can not be executed.

there are hundreds of thousands of viruses, if not millions, for MS Windows.

there are only a FEW hundred for Linux and even less for OSx.

NO Operating System (OS) is IMMUNE to viruses. Linux and other *nix OSs are just less susceptible to them then MS Windows is due to the very nature of the *nix OSs being built from the ground up to be a NETWORKED OS. This means it was designed with security in mind from the start and not as an afterthought. MS Windows on the other hand was and still is not designed as a network OS and thus is STILL not built around security. You still need to be a "root" Administrator to accomplish even the most mundane task in Windows (including installing MS Office) and as a result a large amount of users run with elevated permissions, far beyond what is secure and safe for the OS, causing the security nightmares we see today in the computer world.

Since a large amount of Windows users run as "administrator" or at least with administrative permissions any virus that runs due to the users mistake or lack of knowledge about what they are doing is run as "administrator" and thus that virus or malicious software gains FULL ACCESS to the computer.

This is typically not true in the *nix world.

There are many other reasons, but this is ONE of many reasons why MS Windows is so much more susceptible to viruses then the *nix world.
 
Old 09-26-2008, 11:33 PM   #7
raphtor
Member
 
Registered: Aug 2008
Location: india
Posts: 174

Original Poster
Rep: Reputation: 30
1)ok.but even windows can have multiple users other than administrator.so if i login as another user in windows will my security levels increase??
2)also,if i for some reason login as root then u mean my system wil b as vulnerable as windows.
3)whats difference between sudo and root?
4)and say i have executed a linux virus in other than root mode?what is the max damage my system can suffer?
 
Old 09-26-2008, 11:43 PM   #8
johnson_steve
Senior Member
 
Registered: Apr 2005
Location: BrewCity, USA (Milwaukee, WI)
Distribution: Xubuntu 9.10, Gentoo 2.6.27 (AMD64), Darwin 9.0.0 (arm)
Posts: 1,152

Rep: Reputation: 46
Quote:
Originally Posted by raphtor View Post
1)ok.but even windows can have multiple users other than administrator.so if i login as another user in windows will my security levels increase??
2)also,if i for some reason login as root then u mean my system wil b as vulnerable as windows.
3)whats difference between sudo and root?
4)and say i have executed a linux virus in other than root mode?what is the max damage my system can suffer?
1) it's not quite the same thing

2) No but it would be a hell of a lot more vulnerable then normal.

3) sudo can be set up to allow normal users to do things that normally only root could do. it grants root privileges just for one command and is the proper way to set up tasks that you do frequently. root is a user on your system and everything he does has root privileges (not necessarily a good thing.)

4) if you somehow find a linux virus and then deliberately run it (not as root) the worst that could happen is you delete everything in your home directory. everything else would just get a 'permission denied' error.
 
Old 09-27-2008, 10:27 AM   #9
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
Quote:
Originally Posted by raphtor View Post
1)ok.but even windows can have multiple users other than administrator.so if i login as another user in windows will my security levels increase??
It will depend on the permissions of that user. If that other user has administrative rights then NO. If it is a restricted user then it will help slightly, but not near as much as under Linux. Windows users still have full access, normally without modification, to the rest of the system.
Quote:
2)also,if i for some reason login as root then u mean my system wil b as vulnerable as windows.
again not the same thing, but yes if you RUN as root for EVERYTHING you do n the computer, then yes you are running a much unneeded risk to your system.
Quote:
3)whats difference between sudo and root?
4)and say i have executed a linux virus in other than root mode?what is the max damage my system can suffer?
if you install a virus program as user, the worst thing that will happen is that user account will be corrupted and require removal from the system.

a simple rm -r /home/user will make it go away. sadly so will your data, but the computer and other users will NOT BE affected.

http://www.tech-faq.com/sudo.shtml

that should help with what sudo is.
 
Old 10-02-2008, 11:02 PM   #10
raphtor
Member
 
Registered: Aug 2008
Location: india
Posts: 174

Original Poster
Rep: Reputation: 30
ok heres a question.i recently installed ubuntu 8.04 on friends system and it was seeking password for every operation and drive access.my ubuntu 7.10 never asked me for them unless its a root operation.does that mean my harddisk is less protected and any virus wil affect my system more severely than just home folder?
 
Old 10-02-2008, 11:23 PM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,506

Rep: Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388Reputation: 2388
Clearly, your friend's system is not set up correctly...

Generally speaking, I spend my days as a "limited user" (actually, any one of several user-ids) on whatever system I happen to be working on, and I never respond to a root-password prompt. If I want to be doing something magical, I log-on as a magical user, do that magical thing, and then log off.

I have a system-maintenance account that is used for software installs other than the OS itself. It can gain access to "root," but my ordinary user-ids (which do not belong to the wheel group...) cannot.

Computers are not smart, and they don't catch colds. They do obey instructions. The notion that a computer can "get sick" is a dream from a clever marketing-department. If you don't want rogue programs to do damage unintentionally, simply use an account that cannot do these things intentionally. The rogue ... cannot succeed.

Folks like Norton and McAfee appeal to the human notion of "sickness" (and the idea that such things are inevitable unless you endlessly "immunize" against them). They're probably the reason why home-editions of Windows (inexplicably...) still don't turn-on system security but instead leave the system wide open. A computer cannot get sick. A "virus" is nothing more than a rogue.

Last edited by sundialsvcs; 10-02-2008 at 11:29 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Virus Removal... (Virus Live CD) Nathan1993 Linux - Distributions 7 04-06-2011 07:55 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
trend chipway virus detected boot virus rafc Linux - Security 1 05-13-2004 02:44 AM
::Virus!:: XxAndyxX Linux - Software 7 03-24-2003 09:36 PM


All times are GMT -5. The time now is 07:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration