hi guys, I'm not brand spanking new but still a booby in gnu/Linux. before switching, on windows I used several malware scanners and they used to always pick up addware. I had no idea how managed to find its way onto my system, but I wanted to know if this stuff gets on Linux systems too?

Adware can get on Linux, but it generally takes more deliberate action by the user to do so on most distributions. It's also easier to find and remove if that adware didn't get root permissions.

There are some comercial antivirus programs on Linux (Avast, Kaspersky, AVG, etc.) and open source ClamAV (I don't known if it detect adware too), but really, if you use only applications from official repositories and open source code (or proprietary drivers from nVidia or ATI) from trusted sites, there should not be any malware inside them.

And if you install something from untrusted source, then I believe no antivirus can secure you totally, especially when you give him root access (which is usually done during installation).

other that some tracking cookies i have never found any on my systems . And it has been many years .

now there are a few BUT YOU have to install them .
then there a few that ONLY run in the ram so to uninstall you reboot .
A apple mac virus was found to do this - it did not really install but ran in the ram ,and was deleted on the next reboot .


i think at last count there was about 12 or so linux viruses
now compare that to the ? what ? 750,000 to 1.5 million windows viruses

Clamav is fine. (By all means, avoid avg crap and co.)

ClamAV is perfectly able to detect malware. It is my recommended antivirus, as it offers better integration with the system and is free software.

You must realize that, unlike with other Operating Systems, most software installed under Linux will be obtained from authenticated and trusted sources. A typical attack vector for malware in other proprietary systems is the installation of pirated or distrusted software, and this increases the chances of being attacked by some kind of trouble. As long as you obtain your apps from official places (original source code, the official repositories) you are 99.5% safe.

Contamination can for example happen through adware / spyware / malware piggy-backing installation of other applications (recently: download-dot-com inserting adware / malware in Nmap and other downloads), drive-by targeted exploitation of vulnerabilities (search for "Dancho Danchev" and web malware exploitation kits like Eleonore and Zeus) and tight integration between applications and the OS (like MsIE).


GNU/Linux as an OS is architecturally different. Separation of privileges for instance, to some degree, ensures unprivileged users are not able to contaminate a system on their own. Open Source Software is philosophically different as usage is free of cost and the source can be scrutinized by all. This does not mean that Linux is free from malicious activity (crackers piggy-backing spam-sending software, FTP or IRC daemons or botnet agents on a machine, web farms running Linux were abused to target Microsoft-running users) but when you install Linux your OS is complete and hits the ground running: there's no mandatory registration process to complete. There's no party checking if you run your kernel on a UNI or SMP machine (per processor licensing). There's no party checking if you run multiple instances of the same distribution (per seat licensing). There's no party begging you to "upgrade" the procutils package to the "pro" version (nagware). When you run say IceWM it doesn't show any adverts (adware).

Linux does not suffer from the excesses that are common in the commercial marketplace, especially when we're talking about the shady tactics of semi-legally operating bottom feeders, or in short: there's no money to be made from "infecting" Linux users in the adware sense, there is no commercial market that targets Linux users in this way.


I've run Linux for over some time now. I have encountered (or have been given) virus-infected files (very rare), trojans, malicious LKMs and whatever else. And at times I am not (or can not be) that careful about the places I visit. I am careful about what I install and from where though. My distribution's repositories carry GnuPG-signed packages, it has package content verification, I can diff two source packages to check for changes or ask a developer for confirmation and anything else gets scanned and run in a virtualization guest.

I've never encountered Linux adware...

2 members found this post helpful.

thanks for the very informative posts guys. is it possible to get any type of malware by just browsing the internet? ill add that I use noscript on Firefox too

It is possible. There are some web sites that will try to exploit known vulnerabilities in your browser in order to execute malicious programs on your computer, steal your bookmarks, sniff your passwords, etc. If your browser is outdated, it will likely have known unfixed vulnerabilities that could be used against you.

Luckily, if you are using the browser provided by your distribution and update often your system, this is less a problem, but it still exists. You have to be careful with what you do in the Internet. That said, many Firefox vulnerabilities I have seen applied to Windows only.

NoScript is an amazing piece of software. If you are interested, you can try Request Policy too. Request Policy is an extension designed to protect your browser from cross-site requests and other harmful redirections, while NoScript protects you from many ways of code execution.

1 members found this post helpful.

Hi thanks for that blackrider. I'm still new to security and all i did in the past was run a virus scanner every now and then. I'm trying to learn a little more so i can secure my computer properly. I just attempted to install that extension after educating my self on cross sight requests. The extension failed, can anyone verify the extensions compatibility with ice weasel?

Could you please post some examples / past known cases that apply to GNU/Linux please?


Same goes for you: please post examples that apply to GNU/Linux.

Other than browser exploits and tracking cookies, which can be a problem on any platform, any adware that contains executable code is likely to be written in code that works only on Windows.

I've followed alt.comp.virus for years because I find this stuff interesting and have not yet seen anything regarding live malware targeting Linux in the wild.

Still, it's wise to surf the net with reasonable paranoia, because there are folks out there who want to get you.

The first example I think of is the BEAST attack, which could be performed against any mayor web browser in order to break SSL/TLS encryption with a chosen plaintext attack.

I have not investigated it very deeply, but I think it depends on you running malicious JavaScript code. Ok, the attack mechanism is clumsy and can be avoided by a healthy paranoid person, but it exists.

There are some vulnerabilities around. CVE-2011-3660 is marked as having and Impact Subscore of 10, for example. You can have more fun here:

http://web.nvd.nist.gov/view/vuln/se...pe=all&cves=on

IIGC Opera patched version 10.x in 2011 for it and it seems Chrome did too.


You need:
- a known user and target the browser to load the Javascript,
- a MitM position to sniff and
- a web server you control.
To me that spells PoC, not clear and present threat. (Let alone it adheres to the concept of "adware" this thread seems to be about.)


Vulns, around they always will be, yes.


No thanks. You confirmed it is possible to "get any type of malware by just browsing the internet" so you must know. I don't. So that's why I'm asking you for examples.