Do viruses exist for Linux?
I'm just curious if there are ANY viruses out there for Linux. I'm asking this because I'm wondering whether or not to purchase antivirus software for it. I know there are kernel flaws and software bugs at times, but in general are there any viruses whatsoever?
Also, if I should purchase antivirus software, do you have any recommendations? Thanks. |
a linux mail server that has windows clients needs it to protect the win boxes. other than that it's not needed. you hear of these "proof of concept" linux viruses that someone cooked up in a comp-lab somewhere, but unless you are running as root, or have your permissions set rediculously loose, there is little to fear.
|
If you do a search at Symantec or McAffee for "linux viruses", you will get a number of viruses listed. There was also a thread several months ago where someone had a server get infected with a virus and had a bunch of files altered. So they very much do exist and though rare, some are in the wild.
|
Don't run as root. Don''t run services as root. Have a strong root password. No virii.
|
I don't see the value of having a poll for this. Viruses do exist on Linux, that is a fact - there really is no need to vote on it.
|
I understand, XavierP, but "virus" is indeed more of a Windows term. That's why I placed the poll.
|
True, but they do exist and the first handful were widely publicised.
|
No OS spreads a virus. Users spread virii. Protet your computer like your home. Maintain it like your car. You'll be fine. Tell your neighbor to do the same. Before you know it, exploits are gonna be rare.
edit reason: I CAN'T SPELL!!! |
True, but the companies that make an OS are responsible for their creations IF they plan to sell them. Users may spread virii, but developers create the possibility for them.
One question remains: about how MANY viruses are there for Linux? |
Quote:
|
This is by no means a complete list, but those who are clicking on "No" should do some reading.
http://securityresponse.symantec.com....jac.8759.html http://securityresponse.symantec.com...ux.simile.html http://securityresponse.symantec.com...inux.svat.html http://securityresponse.symantec.com....hyp.6168.html |
That's also true, but developers should test code before they sell it for security bugs and the like. As an alternative, they should hire an external firm to audit the code. It's their responsibility to ensure that their apps are secure. Part of the responsibility is the user's, but much of it belongs to the coders.
|
My fear is that in the not-so-far-off future where Linux is prevalent on the desktop, and virus writers target the machine, we're going to be having trojans pop up on the desktop and ask for the root password to run a trojaned program the user downloaded.
|
Virii for linux.... no.
worms..... yes. however the worm would be unabe to touch any files the user responcible for getting the worm does not have access writes to. and rpovided things like your bash_profile is set to read only, and owned by root, the worm would be incapable of loading itself dureing bootup or login. |
Quote:
Errm, sorry to disagree but see the links in post 11 and you'll see that they clearly do exist. And the worms in Linux can be quite devastating to vulnerable systems (see slapper, ramen, lion worms). |
Quote:
By the way, another common misconception is that a *n*x virus would need root to cause any real damage. That is clearly incorrect, since many functions of worms these days will operate quite happily without root privilages, including a) perticipating in a DDoS attack b) sending spam c) operating as a proxy anonymizer and d) harvesting address books. |
So does one need antivirus if they have Linux?
|
You would be wise to have A/V, yes. I believe there are several free offerings for Linux, although I cannot vouch for their effectiveness or performance.
|
Just a side note Caveman. Did you read the descriptions provided by symantec?
2 of the viruses pose absolutely NO threat the other 2 are given the lowest rating symantec gives. They all have a disclaimer similar to: Quote:
Are they a threat? No Happy slacking :) |
Do they exisit? clearly they do
Are they a threat? No - In my eyes no AV company is an objective party when it comes to reporting threats. IMHO this is all about security awareness. So preparation and vigilance IMHO is the best thing. If you prepped your system against other types of attack and if you need additional coverage for whatever reasons, DO run AV SW and don't let others discourage you. As for the plural of "virus": it's "viruses" and not "virii". I did some small performance tests a long time ago (2002 or early 2003). Search this forum. Maybe we could do this again in 2004. |
Why does a virus have to compromise a whole system to be considered a threat? It is quite easy to see how a few local user compromises done well could escalate anyway. For example, the Pine mail parsing bug. Edit the user's shell startup files to startup a different shell or to run something like a perl script interpreting commands before they reach the actual shell (does everybody `ps' to check what process(es) they have initialized?), that waits for the user to run certain binaries (eg: passwd, su, sudo; any that are likely to expose useful data) and logs input (or even just logs all input if it is deemed more simple or effective). I am not saying with due vigilance that this can be limited at least, but the threat is there from a local user compromise. Also, this is just an example, please do not say that this is easy to solve because nobody reads mail on your servers and therefore I am entirely incorrect.
|
Citing 4 previous viruses as proving the rule for all possible future viruses on a platform is ludicrous. Linux hasn't been popular for nearly as long as Windows, Linux doesn't have nearly the install base of Windows, and last most of the people writing viruses hate Microsoft. What you have are purely issues of convenience, not technical restrictions.
As I pointed out above, there are a *lot* of ways that you can do evil things with a system without being root. In fact, I was just at an FBI Infragard meeting yesterday and the Symmantec rep said that the worst worms are those that don't do anything obvious to the system, but just passively sit there and collect data, or act as remote-controlled zombies. |
Quote:
As for Linux viruses being a threat, that really depends. As unSpawn pointed out, if you harden your box and use smart computing practices, then you can significantly minimize the impact of a Linux virus to pretty much nil. Now if you don't do those things, they can do some serious damage. Most of the time it's due to executing infected files as root and having wide-scale alteration of files, which seems to have the side-effect of system binaries getting broken. At which point if you want to save any important files you have to visually inspect them and make sure they're clean. Maybe you don't consider having to re-install your system and visually inspect a truck-load of files as being a "threat", but I can think of alot better ways to spend my day. To be fair though, that is the worst-case scenario and it does require some serious user stupidity to occur. And as rare as Linux viruses are, it's not very likely either, but it still can and does occur. IMO I'd be alot more concerned about day zero exploits and hardening my box than I would spend time worrying about viruses, but to flatly deny they exist and cannot damage a Linux system is incorrect. |
Quote:
:) |
my view is yes there are virii for linux.......just like any other OS......
would I go out and buy an antivirus software .........no mainly because if I were to write a virus or trojan that worked well I would make sure it didnt end up on the symantec list of know viruses (just used as an example). By not letting anyone know about it, and not sharing it with my freinds, and using it wisely. So therefore symantec wouldnt know about it so therefore wouldnt be able to protect you from it.........get my point? anti-virus software is a waste of time......IMHO |
Quote:
What about all of thise people who are writing viruses AND sending them out? Do you also think thatt locking your house is pointless? There are viruses for all the OSes, some have more than others, as long as people are distributing viruses and others are allowing them to run on their pcs we will always need protection. |
Quote:
Thats all symantec does......thats all Macafee does.....(thats all any antivirus prog does). And the catch is.....most viruses and trojans that do exist arent even on their lists....... so why put your faith or money in something that is only 50/50.....(I wont) Ill just do it myself........its not that hard and doesnt take too much time away from surfing porn...... just a little reading and anyone can do it. If your running a system that has classified or top secret info on it.......IT SHOULDNT BE ON THE INTERNET TO BEGIN WITH....... if you dont want your personal information available to anyone .......DONT DISPLAY IT ON A NETWORK AVAILABLE TO ANYONE (IE: the INTERNET)........ nuff said |
That is a very harsh assessment - and why should we have to go down the list of thousands of viruses to find what each individual exploit is? By the same token, why bother updating your system?, simply subscribe to Bugtraq and recode every bit of software which has a vulnerability.
Also, I find your reasoning a little strange. First you say that the virus guards are worthless, then you say go to Symantec and read their list of viruses and exploits. Surely, since Symantec can only list the ones they know about, we will all be at risk from the ones Symantec don't know about? |
This is an argument that will never end......its like arguing over should we eat meat or vegetables......
Ive said my piece.....and have nothing to add......... Peace |
Quote:
Symmantec, McAfee, et al do not remove services or install update patches to your system. What anti-virus programs do are look for files and system settings that match patterns of known viruses/worms, and to a limited extent they look for behaviors that are consistent with a virus or worm and try to quarantine the responsible file. In other words, they are exactly what they say: Anti-Virus. They're not IDSs (although both companies make IDS products), they aren't firewalls (although both companies make those, too)... Anti-Virus simply seeks and destroys viruses and worms. It's reactive in that you have to get the virus before they will do anything. They don't harden your system at all. Your notion of creating a virus which stays off the radar of major A-V vendors is a nice faerie tale. First off, A-V companies have a huge amount of resources, you would probably be staggered by all the collection methods they have. Then you have all these organization out there that have Anti-Virus products installed. When they discover that they have a virus that got through, they report that immediately to their vendor. If you think it's possible to create a virus that will go undetected for any meaningful amount of time, you're wrong. The people at Valve Software were arguably idiots when it came to protecting their systems, but they eventually discovered the trojans that allowed their Half-Life2 source code to be stolen. Nearly all organizations have IDSs installed that will detect anomalous traffic. Eventually someone will discover your creation by accident. The only way to have your virus not be discovered is to never use it, and then by definition it's not a very successful virus, is it? Your last arguments about systems with top secret data or personal information competely miss the point. Did anyone even pay attention at all to what I posted before? Virus/worm creators are largely uninterested in collecting information off of personal computers, what they want to do is create a large zombie army of machines that can be remotely controlled. It doesn't matter what OS those machines have, it doesn't matter how fast or slow the machines are, it doesn't matter what type of Internet connection they have, it's the sheer quantity of zombie boxes that is important. Those zombies can be used to launch DDoS attacks against sites such as SCO, Microsoft, Amazon, etc... They can be used to send millions of spam messages per day, which surprisingly actually get enough responses to make it very profitable (especially if you aren't paying for the computers and bandwidth to send the spam and host the websites). The zombies can be used to set up elaborate "phising" schemes for capturing large amounts of credit card numbers or bank accounts through scams. Out of all the things I just described above, how many of them require root? Answer: ZERO Do you people get it now??? |
Quote:
Apparently you arent getting it...........you have changed everthing I've said into something dramatic ...........DO WHAT YOU WANT WITH YOUR MONEY PAL.........and I hope it fares well...... I FARE WELL WITH MINE......but maybe take a step back and realize that the bumpersticker mentality of you need Norton or you need Macaffe or whatever.......may be what drove you to write what you just wrote.........REALLLY take a step back and look at the details look at the source.......oh....sorry you cant ...... anyways .........this is my last post .........FINAL PEACE from someone in information security................. |
What does looking at the source of anti-virus products have to do with *anything*? You can look at the source of things like clamav, etc... It just does exactly what I said.
Since you just resorted to personal attacks and completely ignored my technical statements, I'll assume you are conceding that you don't have a sound technical case. In that case, thank you and please stop trying to mislead people with inaccurate information. By the way, I don't work for an A-V company and I've only bought one A-V scanner in my life (AVG), which isn't even working (go figure), so I'm far from some type of industry fanboi. I'm just trying to give people the facts instead of a bunch of made up opinions. |
Quote:
|
yes they exist, but most people i would immagine woldn't want to write viruses to take down linux systems.. if I were a cracker i'd spend more effort into breaking into a system and using it to launch attacks against others..
|
after long hours late nights and trying to get ppl to break into a machine I set up f0r them....I have to say I did receive a virus.....but It was one that only affected the current users priveleges(easily expunged)........so dont use X as root........dont run programs that require X as root........and for godsake dont run services wich arent needed........
if your running a server ....use a chroot/jail.......... no antivirus will prevent polymorphic??? no firewall will prevent mistakes that you allow......and further more......why not use netcat to answer a few server calls for you .......you can even make it execute a program as needed on a timely basis. but I have to retract my statement that antivirus software isnt necessary .....IT IS! for those who dont have the knowlege to make it on their own............ |
Bummer. Just out of curiousity, what virus was it?
|
its was a trojan of sorts .....wich waits for the user to gain root priveleges and use it..........
(many rootkits available on the web nowadays).........ssh......was the culprit |
Not a virus, but I imagine having AV would have helped anyway.
|
All times are GMT -5. The time now is 07:51 PM. |