LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Is Unix protected from viruses & malwares? (http://www.linuxquestions.org/questions/linux-security-4/is-unix-protected-from-viruses-and-malwares-4175427932/)

shivaa 09-18-2012 11:01 PM

Is Unix protected from viruses & malwares?
 
It's a silly question, but revolving in my mind for a long time. I have listened many times that Unix i.e. Linux or Solaris OS or other flavors cannot be infected by viruses or malwares? Is it true? Please explain with reasons.
Thanks in advance.

evo2 09-18-2012 11:47 PM

Hi,

please consider what you mean by "malware", "viruses" and "infected". If you can define those terms then you should be able to determine if "cannot be infected" is true or not.

Evo2.

shivaa 09-19-2012 12:55 AM

Like in Windows OS, a virus or malware is any program or application, which harm your computer by damaging your personal data and modifies your system configurations & settings, and moreover, it can steal your various login credentials etc. So is this thing possible in Unix based OS ? Can any such "malware" program damage a Unix based OS, or can modify it's configurations?

evo2 09-19-2012 01:14 AM

Hi,

given that explanation/definition, then the answer to your initial question, is no, it is not true. Any OS is potentially vulnerable to such attacks.

Cheers,

Evo2.

shivaa 09-19-2012 01:49 AM

Okay thanks. But to be honest, I have never seen any such attack on my Solaris or Linux OS. Is shell (command interpreter) in Unix based OS responsible for saving the OS from such attacks? any further explaination is most welcome. Thanks again

evo2 09-19-2012 02:01 AM

Hi,

consider if I sent you an email with an attachment and asked you to execute it... eg a shell script containing 'rm -rf $HOME'.
That is a trivial example, based around social engineering and naivety of users, but it meets your definition of malware.

If you want higher level examples look at any of the security advisories for you any of the OSs you discuss.
For example, the debian security-announce list:
http://lists.debian.org/debian-secur...2/threads.html

Evo2.

salasi 09-19-2012 02:05 AM

Quote:

Originally Posted by meninvenus (Post 4783916)
...I have never seen any such attack on my Solaris or Linux OS.

Right, well that seems to be a valuable piece of information. In your experience, for however many years, you have never seen such an attack.

That doesn't prove that no such attacks are possible, but it does at least show that, in the current conditions they are rarely seen.

Quote:

Originally Posted by meninvenus (Post 4783916)
Is shell (command interpreter) in Unix based OS responsible for saving the OS from such attacks?

There are many factors, but the fact that there is a shell isn't really one of them. Just as an example, Windows has a shell, of sorts, available and that doesn't seem to have protected it, does it?

Quote:

Originally Posted by meninvenus (Post 4783916)
...cannot be infected by viruses or malwares? Is it true?

You are asking whether it is impossible to get viruses or malware (why you specified viruses when that is included in malware, I don't know), is whether on a Unixy OS it can ever be possible to suffer from malware by some kind of infection. A simple web search should show you that there are cases out there, so the answer to that question should be obvious.

yilez 09-19-2012 02:31 AM

My understanding is that viruses, malware, etc are possible in Unix, and there are some that do exist. However they aren't the same as those in Windows. As an example, Windows had an issue with the Blaster worm many moons ago. If your computer was connected to the internet, you would probably get it without any action required (I think I reinstalled windows back in the day, and got it within 3 minutes).

This is very difficult to do in Unix. The problem with windows is that you are, or were, administrator by default. There were also many services running by default that the user didn't know about. These also ran as admin. This made it easy for someone to code some malware that took advantage of a flaw (be it in a service, or the user) that would change the entire system. Unless you log in as root, this is difficult to do in Unix. Even your services often run as another user (I have apache run under apache, or something). Therefore, if a piece of malware takes advantage of a flaw in apache, it can only affect those resources that the user apache can access.

Things are better with recent editions of Windows (UAC pops up and tells you when it is going to do something), but most users will click continues anyway.

There were a few cases some time ago about malware affecting Mac OS systems (iChat, I think. You had to enter a password on this), and another one taking advantage of PHP. I can't remember the details though, but they were both patched quickly.

* All of the above might be nonsense. It is almost entirely based on my observations, and no real research.

EDIT: A slightly old explanation. http://www.theregister.co.uk/2003/10...ndows_viruses/

Noway2 09-19-2012 08:42 AM

Generally speaking, Linux does not suffer from the same security vulnerabilities that Windows does. Also, in the basic desktop/laptop user application, Linux systems tend to me significantly more secure than an equivalent Windows system. While there are 'viruses' for Linux, there are none that I know of that would be considered out in the wild.
That being said, yes, it is possible to contract malware on a Linux system, or even have control of your machine taken by an intruder (this is called being PWN'd). Again, in a normal desktop/laptop configuration, unless the user takes deliberate action that enables this, it is a rare and unlikely occurrence.

In Linux, one often times still runs a web browser, which in turn runs things like Java and Javascript. Applications written in these languages can be exploited, so in this regard, the same logic remains as with Windows of "doing to stupid things, in stupid places, with stupid people".

There are a myriad of reasons why Linux security is inherently better than Windows. Some of the reasons are:
1 - genetic diversity in that there is a lot more difference amongst Linux systems than Windows, making it harder to target a one size fits all application
2 - separation of privileges and using the least privilege approach. In other words, the default is not to have the main user automatically have administrative privilege. Also, the preference is for commands to be executed with elevated privilege as required rather than having the privilege level being tied to the user role
3 - a significantly better permissions system built in and then imrpoved upon by Mandatory Access Control systems, such as SELinux and Apparmor.
4 - defaulting to not having open ports
5 - software obtained through repositories, and using cryptographic signing, with software being available as source code as opposed to a binary executable from Joe's Happy House of Malware.
6 - improved logging, making a forensic analysis more practical
7 - A different in the mindset amongst users, where the average Linux user is more tech savvy than the average Windows user and hence has a more security focused mindset.

shivaa 09-19-2012 09:56 AM

Thanks a lot all of you. Although there's no definite answer available for this question, but what I concluded is that it's posible to infact a Unix based system, but it's very rere and ofcourse tough.

frieza 09-19-2012 10:24 AM

i think another big difference between *Nix and windows is greater separation of executable data (software) and NON executable data, often via the execute bit, which in the case of Internet downloads is per default OFF (thus requiring the execute bit be manually set before the program can run, or the program be forcibly run via some other means) whereas windows, via activex and other similar avenues, programs can be executed WITHOUT first asking the user (or even telling the user for that matter), do that while running as an admin and the entire machine gets compromised, running something as a limited user (as per default in *nix) and the user's home directory gets torched, maybe, but not the system as a whole.

craigevil 09-19-2012 01:03 PM

Malware and security issues do exists. However most rely on the user doing something that can be considered ignorant.

Such as:
Malware Found Hidden In Screensaver On Gnome-Look - Slashdot - http://linux.slashdot.org/story/09/1...-on-gnome-look

Or security vulnerabilities in applications like Java, Flash, Skype, php, etc.

And of course the use of insecure passwords on servers.

salasi 09-19-2012 02:24 PM

Quote:

Originally Posted by craigevil (Post 4784347)

And of course the use of insecure passwords on servers.

I just wanted to pick up on that briefly; If, for example, you set up ssh insecurely (with insecure passwords, allowing root login, not doing anything else to prohibit 'bad' logins) you will have allowed anyone to log in as root access with only a moderate level of difficulty. In that circumstance. the person who logged in could do anything, including installing whatever bad program that they wanted to.

So, if you got that wrong, there is no way that your system could be secure. There is no OS that could overcome that level of bad config, so, if you are going to configure your OS and critical apps badly, it will be vulnerable. (Sort of goes along with Noway's point 7, although competent admins are important too.)

jefro 09-19-2012 03:49 PM

Linux, and the other Unix and like OS have all been under attack for decades. Each day a very serious hole is discovered in code from the OS to the Apps. Apps tend to be the largest security issue. You may be shocked to find that most major break in's to data are not just limited to MS products. Not sure there is any OS connected to the web that is secure by default or can't be hacked.

People (bad people) tend to target industrial or commercial Os's for a reason as opposed to the reasons they attack home users. Kind of like the difference between a jewel thief and a mugger. Both have their ways to attack victims.

Netbsd has claimed to be the least holes I believe but that assumes almost no applications running.

Assume that your data can be compromised because it can.

sundialsvcs 09-19-2012 04:02 PM

The biggest vulnerability in any computer system scenario has two ears.

Windows very-wrongly gets nailed for security problems because, quite inexplicably to me, its very fine and well thought out role-based security model is completely turned off for millions of "Home Edition" users. But, don't blame Windows for that. And above all, don't suppose that any computer system or type of computer system is somehow "protected from" exploitation by a clever and determined human.

But I suggest also that you stop using the expression, "virus," which is clearly intended to invoke notions of biology ... of something that will "infect" that biological organism unless its "immune system" (helpfully and continually bought from your favorite 'security' firm...) constantly protects it. These analogies are not appropriate.


All times are GMT -5. The time now is 12:40 PM.