I just stumbled onto this book by following a link in another post. Always being interested about security, I decided to check out one of the security questions in the FAQ section of the security section of the book (http://www.icon.co.za/~psheer/book/n...00000000000000)

I was not entirely surprised at the answer to the question:
I have heard that LINUX does not suffer from virus attacks. Is it true that there is no threat of viruses with UNIX systems?

Here are some excerpts from the answer:
Right away the author is incorrect in his definition of a virus. Technically, a virus is any malicious code that can attach to another file and execute when the "host" file is opened or executed.

Well this certainly flies in the face of everything I've been told about UNIX-like operating systems; It's not flexible, that's news to me! Usually Linux advocates won't stop talking about how much more flexible Linux is than other OSs. Besides, just because ordinary users cannot alter system files does not mean that their data can't be destroyed by a virus, and it can propagate as far as their privileges. For example, many novice Linux users often log in and run commands as "root", which would of course allow unrestricted access to all files!

Additionally, modern Windows OSs have a concept of rights and ordinary users are not allowed to modify the system unless they have "administrator" rights, so the UNIX concept of privileges is not unique. In fact, NTFS (the modern Windows file system) has more granular access controls than most file systems for UNIX-like systems (not that I'm saying NTFS is a better file system, I'm just pointing out that these concepts are far from being unique to Linux like the author seems to claim).

Wrong again. If a user opens or executes an infected file, it absolutely will execute the malicious code. There's nothing about Linux that prevents this behavior (if there was, the Linux kernel would have telepathic powers, which I'm fairly sure I would have heard about). Not all Linux virus scanners are restricted to scanning mail and file shares. Many companies that have deployed Linux systems wisely install virus scanners for the local system as well (being much wiser and less arrogant than the author of this book!).

More incorrect definitions (clearly, the author is not familiar with InfoSec). A worm is malicious code that can execute and spread on it's own, without a need for the user to open/execute it's "host" program, indeed worms do not have "hosts", because by definition they're self-propagating.

Sheer propaganda (coincidentally, the author's name is Sheer). Proprietary applications are not the only apps to have flaws, open apps can just as easily have flaws, so the first sentence is a red herring. Then the author goes on to admit that viruses could damage a user's data, so I guess now he has reversed course and agreed that a virus could exist that works against Linux! The dancing around semmantics of "applications that is insecure, not Linux" is pure silliness. Nearly all exploits for other OSs are exploits against the applications (not the OS itself), too. The fact that those apps were bundled with the OS doesn't make them part of the OS. On the other hand, flaws have existed, do exist, and will exist for the Linux kernel, which is "The Linux", so this distinction is meaningless and is once again just trying to mislead the reader.

That's nearly equally true of any OS. It's that administrator that makes by far the most difference in how secure your system is. An expert Windows admin can build a far more secure system than the average Linux user. Trying to qualify a viewpoint of "Linux is more secure" by saying "as long as the administrator understands everything" is like saying "anyone can blow up the world, as long as they know how to make a nuclear bomb".

I won't bore everyone by posting the rest of the security sections, but they're equally as ridiculous as the one above. This is what I mean when I say that Linux advocates are doing their would-be users a huge disservice by giving a warped view of Linux security and they're just setting people up for huge disappointments when they realize that Linux is not the virtual Fort Knox that they were lead to believe.

This is especially true of people who write in publications, and especially books! If you don't want a huge backlash against Linux in 5 years like there has been against Windows, don't lie and distort the facts! Everyone would be a lot better off if they stopped bickering about which OS is more secure and instead spent more time on educating people on how to secure their systems, since no system is completely secure out of the box (although OpenBSD is pretty close--OK, I just couldn't resist that). Oh, and one final thing: If you're not an expert on Information Security, don't give advice about it, and especially don't give advice in an authoritative manner, like writing a book or article about it.

I was actually thinking about getting that book . Kind of frightening, considering that I see people recommend it all the time. Though I noticed they did get one thing correct:

"Another issue is that LINUX servers are often installed by lazy people who do not take the time to follow the simplest of security guidelines, even though these guidelines are widely available and easy to follow. Such systems are sitting ducks and are often attacked."

I have Windows XP home edition and when I set up a non-admin's account yesterday it said that you can not install some programs without admin rights (ie you can install some) so I don't think that the restriction is the same as for Linux.
I maybe wrong and also with pro edition it could be different.
Another difference is that in Linux normal users can use almost all programs but in Windows XP last time I tried non-admin could not use Opera !
If you have people living with you (like I have) who are very computer iliterate this is a big security problem as it is harder to stop them doing something stupid with Windows. Particulary if they are 15 and like downloading spyware.

The rest of the article was great though.

The original author is more correct in his explanation, although somewhat blurred. A virus does not have to attach to another file. Webopedia has the best virus def that I've read:

"A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves...."

I think that the author was grossly oversimplifying such things. Settings like maxprocs and maxchildren, can stunt or render certain types of virii significantly less viral or completely ineffective, depending on their goal.

I completely disagree with the fact that there is no virii for Linux because few exist. However, Linux due to its architecture makes virus development significantly more difficult and the life cycle shorter.

No, that is the definition of malware in general. Webopedia is hardly an authoritative source on such matters. Read something published by security experts instead. It's exactly as I explained: a virus is malware that needs a host file to attach to, a worm is self-propagating.

It's not literally the same, and I didn't say it was. What I said is that you can accomplish more granular restrictions with NTFS than you can with most file systems for UNIX-like OSs, and that you do have non-admin users on Windows (which you just confirmed).

How is not being able to use a certain browser a security problem? By the way, the reason you cannot use that program is most likely becuase you're trying to use it with a different user than the one that installed it (there could be a variety of reasons, but basically the permissions are set in a way that you don't understand).

Spyware can just as easily exist for Linux, it's just not widely spread right now because it's not worth it. Any scammer, malware writer, spammer, or any type of other malicious person who relies on social engineering to accomplish their aim will always choose the largest possible audience so they have the biggest possible return on investment. Why would you write malware for an OS with less than 5% of the desktop market (probably less than 1%, actually)? You're going to write it for the biggest target, which is Windows. Take Mac OS, for example. It has around 5% of the desktop market, and it's far from immune to malware, yet almost none is written for Mac OS, why? Same reason malware is generally not written for Linux: Windows is an exponentially bigger target.

If you're not an expert on Information Security, don't give advice about it, and especially don't give advice in an authoritative manner, like writing a book or article about it.
Maybe there's someone with time on their hands willing to correct Sheer?

It is true that you do have non-admin users on Windows.
However there are two problems with it (a) as non admin I can install some programs and (b) when I created the account it said that you can not use some programs as non-admin user, which as far I know that is not true
for Linux (are there any programs you have to use as root ?? Feel free to correct if I am wrong).

Not being able to use a certain browser in itself is not a security problem.
However if you want to let non computer literate people use your computer, there is a security problem if they need to be administrator/root to use some programs. It is not my opinion that some programs need to be run as admin in XP home edition, that is what I was told when I created the account.

The other problem is that the default with XP seems to be run as admin (or at least that is how manufactures in the UK sell windows machines, perhaps not in the US). As far I know most versions of Linux by default tell you not to run as root by default and with Suse 8.2 I don't think you can even use a browser as root.

I agree with you that spyware could exist for Linux and probably does.
However surely wouldn't you need to be root to install it ?
I thought that you could not install programs as a normal user or is that wrong ? (I will try when I have time).

Are you sure that the reason why there are less linux/unix viruses is because there are less machines ? After all there are a lot of servers using unix/linux out there and a worm hitting them would be devestating.

Ok let's look at this whole thing for a second. In some ways everyone here is correct. To begin, One of the major reasons that Virii and other things such as spyware are not prevelant in Linux, and other unix based OSs is that they, as a desktop enviroment take up a tiny portion of systems. It is correct that many Servers, a good portion run Unix variants, however, Most productions servers are admined by professionals with knowledge and experience that assist them in avoiding contraction of things such as worms and virii. In addition, Production servers, often have limited user accounts on them, either few, or in cases such as mail servers, they are not full fledged shell accounts. Now, it is possible to create and install programs as a user on unix variants, however, it is only in that users space and will not affect the overall system. Some applications do require root access to install and run. Many applications such as, CD-writer sofware often, needs to be run as root, and because of this applications like sudo exists to allow special groups run things with root privelages. So it easily feasible that someone could, or has written malicious code which could exploit these things. Unix variants do have things working for them, like the reduced number of desktops running them. In addition though since many application run on unix variants are open source, the life cycle of aplications tend to be reduced, and therefore, things such as exloits when found can be corrected faster. Because not only does the author have the ability to correct flaws, but anyone with programming knowledg can correct the flaw. No software is perfect none ever will be exloits always come along. It is inherent Security measures, such as restricted user space, in addition to fast changes in code, and knowledge that make linux more secure overall. Admittedly, many first time linux users run their systems under root, however, a vast majority of users are not first time computer users. Unfortunately, becuase Oss like windows and mac have for so long done so much for many users, many converts are unaware of the severe damage that can be done running under root. Is any OSs bullet proof? No. Are there reasons to think Linux is more secure? Yes. But no Os will ever be perfect or ever be right for evveryone.

Alex

I hate to correct you again on this, but the DoD does not see it your way. Symantec security does not see it your way. A virus is simply a program that alters the operation of a computer without *permission* and is self replicating. It DOES NOT have to infect a host file.

From Symantec.com:
http://service1.symantec.com/SUPPORT...99041209131106

From McAfee.com:
http://us.mcafee.com/virusInfo/defau...s_glossary.asp

Looks like Webopedia, McAfee, Symantec and the DoD agree with each other.

I think we all agree that the original author has a lot of wrong points, but it's silly to argue about the definition of a virus when it is very well known.

The incorrect usage today can be attributed to the mass-public's fundamental misunderstanding of the difference between a virus and a worm, and the tendency to call any and all malware a "virus". It's analogous to the acceptence of slang into modern dictionaries. I, however, am a purist.

a) this is true of UNIX-like OSs as well (some times--although not always--you can install programs as a user that other uesrs may access, but you can certainly install your own private copy; Windows has similar restrictions)
b) It depends on the distribution. There are many setuid programs that users really shouldn't be allowed to use (to restrict the possibility of privilege escalations via buffer overflows), and indeed some distributions and/or some security tools do enforce those limits (msec on Mandrake, for instance).

XP Home has less user restrictions than the Pro version, because it tries to be more user-friendly (which also makes it less secure).



That's true, but it's not strictly an OS insecurity, it's an insecurity with the default configuration. Linux and UNIX OSs have had plenty of problems with this too, such as early versions of Red Hat, many versions of Solaris, etc.

Incorrect. See above, users may install local copies of anything (this is the most common misconception, i.e. that users cannot install anything so Spyware would have to run as root, which is completely untrue).

Most servers are deployed at corporations, and corporations generally have much tighter security controls than home users (where Windows dominates). The other reason is that, although there are many systems deployed with UNIX or UNIX-like OSs, often the same vulnerabilities do not affect all of them because they don't share enough of a common code-base. If you were to try to attack all the UNIX-like OSs with a worm, you would potentially have to write hundreds of versions. With Windows you only need to consider 3 or 4 variants (Win9x, WinNT, Win200x/WinXP)

Like it or not though, the meaning of a word really depends on the public's perception of it. Even if the experts want to draw distinctions between worms and virii, the bottom line is that to Joe Sixpack, it doesn't matter -- calling any kind of malware a "virus" is pretty much standard practice. Let's face it, every specialized industry has its own jargon, but if the "official" terms you prefer to use are incomprehensible to the general public, nobody is going to understand what you're trying to say, and in this case, I think that a computer "virus" is much more well understood than a computer "worm". As an analogy, suppose you know very little about cars, but you've noticed that the car has been "surging" or "lurching" when it's accelerating. Now, if you were a mechanic, you may recognize that as a possible problem with the vacuum modulator, but trying to describe that to the man in the street, you'd probably be met with a puzzled look and a comment to the effect of "whatever you say". If you instead said something more generic, such as "You need a tuneup", that would (probably) instantly make sense to Joe Sixpack. Similarly, describing a virus as an unauthorized program that runs without the user's permission seems OK to me. Certainly the point is made. -- J.W.

But those are programs that should not be used. However I can not think of any programs that user could use safely which they need to be root to use. Unlike Win XP which means that people have to be root when they don't need to need be.

That is true although a lot of company MS servers were affected by Msblast, so obviously a worm (I agree with your definitions) like that attacking Unix servers could be devestating. I think there are a lot of corporations with poor security ie according to computer weekly at least 40% of websites in the UK that are a front end for a database are vulnerable to sql injection. I would guess that many of those are corporate websites.
It could be different in the US but I doubt it.

True, although one could say that is a good reason why high security eg power stations should use a UNIX-like OS.

I have to say that I agree with Chort that we should use the correct terms.
If for example we call Msblast a virus as opposed to a worm it confuses people who say well I did not download it or click on an attachment so how did I get it.
But if you say it is a worm and your machine got it because it had a fault with it then they can understand the problem more.