Lately it is coming up about the great threat of viruses in Linux. Some even say that it is a greater threat than viruses in Windows. This makes me laugh. Can somebody explain to me the real threat on Linux viruses and how it is different from Windows. Thanks,

There were talking about that, along with browser exploits on Future Tense the other day (NPR). I've never seen a Linux
virus myself. Seen plenty of Windows and MAC viruses, but never a Linux one. I keep checking at least once a week with CLAMSCAN...

I dont check up on viruses at all realy but as gulo said there are mac viruses! isnt mac based on BSD which i know isnt the same as linux but is very similar to linux so it wouldnt soprise me if linux viruses do start to appear. also as the popularity and the userbase of linux increases crackers will start to try and make viruses in linux but crackers will see no point in cracking a system with such a small % of computer users.

if linux dominated the market and was installed on 90% of the worlds computers then crackers would try harder to compremise linux.

just my

In the future, for sure, there will be viruses and other malware in the linux world also. However it's likely that they can't damage your system as much as their windows counterparts because of the architecture of gnu systems. They first of all don't have sufficient rights to do anything too major (of course things like trashing your home directory are annoying enough...) and secondly gnu systems don't madly go about executing every piece of code they run into, which is a major problem with windows systems. In the future we will probably have to start paying more attention to the actual (not claimed) security of our gnu systems also. Maybe :. at the end of your path just won't do in the future and you might have to familiarize yourself with commands like ulimit to prevent things like : (){ :|:& };:

Their are more rootkits then viruses for linux. I guess the difference is that the rootkits are designed to take control of the machine rather then serve some ridiculous purpose as many viruses do. I run chkrootkit once a day in a cron job. Thats the extent of my "virus" checking on my linux boxes.

I should have been more clear. I was thinking about viruses I've seen for system 6, 7 & 8. There are NO viruses as of yet for OS10 last I heard.

IIRC, there are seven known viruses for Linux. All were created in the lab as "proof of concept", and have never been seen in the wild.

Rootkits, on the other hand, *are* a problem, but a little security conciousness on the part of the user can keep them from being a problem.

Thanks for the information. What are Rootkits?

Re-read " Crashed_Again" post. He just said what rootkits are...

Yes, thanks for that reference. That does give more of a description of rootkits. I would also like even more specific information about rootkits if anyone knows. How does a rootkit get into a Linux box? Are there various ways? Do they only get access through email attachments or maybe buffer overflows? Thanks

Google - "define: rootkit"

• A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems.
  http://www.tsl.state.tx.us/ld/pubs/c.../glossary.html
  
• A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, capture passwords and message traffic to and from a computer, mask the fact that the system is compromised, etc.
  www.onesync.com/R%20GLOSSARY.htm

Padma,
Thanks. Great info. I did not know I could search that way in google (define). Your previous reply said there were seven known viruses for Linux. Is that documented somewhere (I did try to find that on google)?

The 7 viruses thing is something I read somewhere (maybe here! ) a while ago. It could be completely wrong.

And for how they get installed, well, email attachments *could* do it, but you would have to open and run the attachment, and supply your root password when necessary, to get it to install. I *hope* most Linux users are smarter than that....

I would guess the most common method would be from installing "wild" binary software, that you don't *know* is safe. Possibly a non-firewalled system could be accessed, and the root password retrieved via a password-cracker, but, again, I hope most Linux users are smart enough to use a good firewall.

It's me, I say it's me. I'm a linux virus, well, maybe just a virus - at least that's what they tell me when I can actually get to one of my LUG meetings (though it could also be that I've suffered from the stupidity virus for most of my life).

Good on Padma for the excellent define:rootkit thing though!

cheers

John

Actually there are some in the wild. We've even had a few threads in the security forum in the last 6 months with systems infected by linux viruses. Ironically a common vector for getting infected is downloading cracking tools from questionable repositories. In fact there was a fairly modest outbreak (as far a linux viruses go) recently when a cracking site was offering the brutessh2 tool for download and the file was infected with Linux.RST . Similarly, I've read several forensic analysis where a system gets infected when a cracker compromises it and uploads infected cracking tools. That being said, they are certainly very rare.