Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well, firstly, Linux applications are kept separate from the OS. The tightly integrated nature of Windows makes it vulnerable. Ironic, considering that it was mostly engineered that way by Microsoft at the height of the browser wars.
Wrong, Windows machine is easy to infect because:
1) up to WinXP default user was also system administrator i.e. - "root"
2) There are a lot of people that don't know a thing about computer. But although infecting entire Linux system is not easy without security hole that allows escalation of privilegies, it is not that difficult to kill all data for one user, especially if user is careless, or install software that will run within those user's privilegies. Also, wine is perfectly vulnerable for windows viruses.
Quote:
Originally Posted by rkelsen
Secondly, the user is also kept separate from the OS.
Honestly, this phrase makes little sense. It would be nice if you explained what you tried to say.
Think about following:
1) There is linux software that doesn't require system-wide installation. Commercial programs (games), firefox *.so plugins, and some other software (i.e. blender) doesn't have to be installed system-wide. It goes into user folder, where it is perfectly writeable and easy to infect. Sure, there is a chance that home is on separate partition with noexec flag, but normally this is not the case.
2) On linux system there is ~/.kde/Autostart (probably similar folder for gnome and other WMs), .bashrc, and (most important) crontab. And there are a lot of places (~/.*) to hide the body, oops, I meant binaries or scripts. Why bother with infecting system in the windows way if you can make anything run many times per minute?
Infecting linux machine or installing malware is not impossible.
All you need is one popular (closed-source or open-source distributed as binary) application with network access and remote code execution exploit or scripting support. The best candidate for that right now is flashplayer plugin for firefox.
Add few popular closed-source network applications (games), bunch of inexperienced users (you know what distro is prime candidate), and you will get malware. Basically, to get more malware, you will need to make linux popular - so it will have games, a lot of newbies, etc.
So, the bottom line:
Right now need of AV software or Malware is low, especially when you know what you are doing on your system. But believing that "Linux is invulnerable because it is linux" is bad idea.
Wrong, Windows machine is easy to infect because:
1) up to WinXP default user was also system administrator i.e. - "root"
2) There are a lot of people that don't know a thing about computer. But although infecting entire Linux system is not easy without security hole that allows escalation of privilegies, it is not that difficult to kill all data for one user, especially if user is careless, or install software that will run within those user's privilegies. Also, wine is perfectly vulnerable for windows viruses.
Honestly, this phrase makes little sense. It would be nice if you explained what you tried to say.
Think about following:
1) There is linux software that doesn't require system-wide installation. Commercial programs (games), firefox *.so plugins, and some other software (i.e. blender) doesn't have to be installed system-wide. It goes into user folder, where it is perfectly writeable and easy to infect. Sure, there is a chance that home is on separate partition with noexec flag, but normally this is not the case.
2) On linux system there is ~/.kde/Autostart (probably similar folder for gnome and other WMs), .bashrc, and (most important) crontab. And there are a lot of places (~/.*) to hide the body, oops, I meant binaries or scripts. Why bother with infecting system in the windows way if you can make anything run many times per minute?
Infecting linux machine or installing malware is not impossible.
All you need is one popular (closed-source or open-source distributed as binary) application with network access and remote code execution exploit or scripting support. The best candidate for that right now is flashplayer plugin for firefox.
Add few popular closed-source network applications (games), bunch of inexperienced users (you know what distro is prime candidate), and you will get malware. Basically, to get more malware, you will need to make linux popular - so it will have games, a lot of newbies, etc.
So, the bottom line:
Right now need of AV software or Malware is low, especially when you know what you are doing on your system. But believing that "Linux is invulnerable because it is linux" is bad idea.
Yeah, sure... it's like every windows virus was coming from commercial trusted applications, and of course when you install some package on linux you don't need to make md5 checksum, and worse, apt-get it's very vunerable because it doesn't check md5 from files it downloads, or yum, or yast, or what I'm arguing here? You come talking about virus for linux with a conspiracy theory of comercial application being installed all compromised, and even so not every application runs suid, mostly for security reason run on user namespace or using no privileged user. And yet we come to my last post, that I'm supposing no one is reading because you continue to call all this rootkits as virus. Virus isn't a rootkit, isn't an application who is installed by user, a virus is malicious code that infects system by it own means not by user will. Different from windows you don't get your linux box infected just for opening a web browser or by reading an email, this just doesn't happen and if anyone have an example of that to make me shut up so I'm all ears.... for now all that was said is based on this ridiculous wikipedia post.
And comming back to windows, you mentioned the administrative user in windows as being like root? Bullshit, never will be the same cause isn't just an user issue, is a system permission issue, windows was born from other line of code different from unix like system, and windows doesn't get better on this cause it's compatibility issue they tried with vista and still get a lot of issues cause it's still compatibily with windows xp architecture, if the change would be like was with MacOS 9 to MacOS X a complete and full transition, the difference is that when Apple changed to MacOS X they haven't so many users like MS.
its like I write a shell script
Code:
#!/bin/sh
if [ -d /home/${USER} ]; then
/bin/rm -rf home/${USER}/*;
fi
exit 0;
and you call this a virus... of course if the user run it he will delete all his files... but just because something bad happen now we define as a virus?
Yeah, sure... it's like every windows virus was coming from commercial trusted applications, and of course when you install some package on linux you don't need to make md5 checksum, and worse, apt-get it's very vunerable because it doesn't check md5 from files it downloads, or yum, or yast, or what I'm arguing here? You come talking about virus for linux with a conspiracy theory of comercial application being installed all compromised, and even so not every application runs suid, mostly for security reason run on user namespace or using no privileged user.
I didn't see anyone blame all commercial apps for malware infestations. In this case, you appear to be taking comments by others to extreme. But there are definitely examples of this type of thing going on. There was the Sony DVD rootkit, for instance.
Quote:
And yet we come to my last post, that I'm supposing no one is reading because you continue to call all this rootkits as virus. Virus isn't a rootkit, isn't an application who is installed by user, a virus is malicious code that infects system by it own means not by user will. Different from windows you don't get your linux box infected just for opening a web browser or by reading an email, this just doesn't happen and if anyone have an example of that to make me shut up so I'm all ears
I believe you are technically correct about propogation of viruses without user intervention. This does not mean a virus can't CONTAIN a rootkit. And what would you say the definition of a program who's primary functions are to auto-infest, and root a machine to provide an attacker with remote root access to your system?
Quote:
And comming back to windows, you mentioned the administrative user in windows as being like root? Bullshit, never will be the same cause isn't just an user issue, is a system permission issue, windows was born from other line of code different from unix like system, and windows doesn't get better on this cause it's compatibility issue they tried with vista and still get a lot of issues cause it's still compatibily with windows xp architecture, if the change would be like was with MacOS 9 to MacOS X a complete and full transition, the difference is that when Apple changed to MacOS X they haven't so many users like MS.
I call BS backatcha! It doesn't matter what OS we're talking about here. If there is a vulnerability, and if the population base, or interest in accessing that OS is enough, that is that OS's problem.
As to MS's backwards compatibility, If MS had considered security from day 1 they very likely wouldn't be in the same place they are now.
Quote:
its like I write a shell script
Code:
#!/bin/sh
if [ -d /home/${USER} ]; then
/bin/rm -rf home/${USER}/*;
fi
exit 0;
and you call this a virus... of course if the user run it he will delete all his files... but just because something bad happen now we define as a virus?
Who said this is a virus? This is simply a destructive script, destructive only to the current user's filespace. But it could be considered a virus if it was self-propogating, which could be accomplished by simply adding any of a miriad of Linux based tools to the script. And I don't think it matters if it's binary or text, so please don't try to use that difference as a definition. Also, why can't a program be considered a virus, even if it only affects the current user? If executed, it could still propogate, right?
Virus isn't a rootkit, isn't an application who is installed by user, a virus is malicious code that infects system by it own means not by user will.
...
and you call this a virus... of course if the user run it he will delete all his files... but just because something bad happen now we define as a virus?
[ ]'s
You need to reread my previous post, because you obviously misunderstood me or didn't read id good enough. I wasn't talking about rootkits or "software installed by user".
And if you can't imagine imagine software that would be stored within your user folder, run without root privilegies from cron, will scan your network for vulnerable targets, and will send your /etc/passwd or configuration files to remote host with "john the ripper", this is not my problem, because I can imagine how this can be done.
BTW, where the hell you found idea about "conspiracy" is beyond me.
I gave enough details to get the idea, and I'm not in the mood of explaining it further. But it is bad that belief in linux being invulnerable dims your critical thinking ability. Linux is more secure than windows, but no system is invulnerable. And increasing Linux popularity will bring more applications with security holes.
P.S.
Quote:
#!/bin/sh
if [ -d /home/${USER} ]; then
/bin/rm -rf home/${USER}/*;
fi
exit 0;
Have you heard about "~"? The whole "script" could fit in 10..20 symbols.
Basically, to get more malware, you will need to make linux popular
Hey man, you believe whatever you want.
I'll tell you this: Linux has been around for a very, very long time, and the OSes it is based upon pre-date anything else currently in use. If there were any chance of a "Melissa-type" virus for the Linux desktop, we would have seen it years ago.
Personally, I don't think it matters how popular Linux becomes, Windows will always be the "lower hanging fruit" for malware authors. Popularity doesn't have much to do with that. Take IIS and Apache for instance. Which is the more widely used, but which is the more often attacked?
There was a drive-by shooting in anywheretown, anywherecountry yesterday, and a desktop PC running Linux was struck, and disabled, by a stray bullet.
We should all run, don't walk, to the security shop and purchase bullet proof glass for our desktop PC's.
I don't need PROOF of this ever happening, because apparently, neither do any of the fear-mongering Linux *could* be vulnerable to viruses folks.
Oh, noz, I'll have to look at myself in the mirror, and blame only myself when this almost certain (once Linux rulez the Desktop!!!) virus takes hold. I better start shaving more often.
For the second time, enough FUD - please, let's have proof, or at the very least, as requested, proof of concept, rather than hypotheses-based hypotheses.
There was a drive-by shooting in anywheretown, anywherecountry yesterday, and a desktop PC running Linux was struck, and disabled, by a stray bullet.
We should all run, don't walk, to the security shop and purchase bullet proof glass for our desktop PC's.
I don't need PROOF of this ever happening, because apparently, neither do any of the fear-mongering Linux *could* be vulnerable to viruses folks.
Oh, noz, I'll have to look at myself in the mirror, and blame only myself when this almost certain (once Linux rulez the Desktop!!!) virus takes hold. I better start shaving more often.
For the second time, enough FUD - please, let's have proof, or at the very least, as requested, proof of concept, rather than hypotheses-based hypotheses.
cheers,
You know, sometimes fanatically believing into something makes people deaf, blind and really dumb. You can do proof of concept yourself - requirements and "how to" is already provided - I already wrote where you can install temporary executable, what you need to install it, and how to get it running without suid. But no, last few posters didn't even bother to read it because "linux is virus-free". Which is really strange, because this kind of thing is normally encountered in religious threads.
Believe whatever you want, if you lack common sense, can't correlate number of security holes in software with increase of number of software/users, it's not my damn problem.
And sometimes fanatically believing something makes people resort to calling those who disagree with them such things as dumb.
They also delude themselves into believing that when they explain something, it constitutes proof. That by saying that something is possible, then it becomes inevitable.
If you buy a single ticket to a lottery, and the chances of winning that lottery are 14 million to one, buying a second ticket does not increase your chances of winning to 7 million to one.
I know you quoted mrclisdue but you mentioned "last few posters" so just to clearfy here, I'm not blind or deaf and think not to be dumb on my opnion, I don't deny the existence and capability of making malwares for linux, but like I said before none is really recently most are harmless and most called virus are rootkits and exploits, and no post here demonstrated a real virus that could represent a threat. Ahh and still I want to see this "windows like" virus that is downloaded by just entering on a website and them executed by the system (without the manual execute need)...
And still for those called threats a simple firewall could stop them, and using a firewall for me is the main thing a desktop user must worry about... it's more real to a desktop box being hacked by someone through open ports them by a virus.
You are all overlooking Linux being the transport of the malware to a windows box.. Wether your Linux box is a mail server or webserver, or you sinmply forward an email attachment that is infected to another user. So lets forget the 'self propigating virus' for a moment and look at an exploited Linux web server that is handing out malware which is infecting every windows user that visits your website.. Do we take the stance of "who cares ? It doesn't affect my linux machine" or do we look at the big picture and all the Windows machines out there that are now infected because you don't give a crap ?
This happened recently on a Linux/Apache shared hosting site I was using. The host obviously wasn't running anything active to monitor the server, and didn't know there was anything wrong until I pointed out scripts running from my site that I didn't put there. They then scanned the site and remove said malware. It turns out some of the components on my site where out of date and exploitable allowing the attackers to get in and plant nasty things on the site.
It's nice to be a good neighbor in the community, Just because something doesn't affect you directly doesn't mean you turn a blind eye to the effects it has on Windows or Mac users downstream from you.
By focusing only on Self propagating Linux viruses, you have self induced tunnel vision to a fraction of all the malware issues.
I Use No Antivirus Products, Only Ever Firewalls And Snort Etc... , Seen As There's Hardly Any Virus's Out For Linux I Don't Really See It As A Threat. Even The Threat Of The Script Kiddies Is Worse.
Last edited by xXCanisLupusXx; 01-30-2009 at 10:32 AM.
Reason: Oh Crap I Need To Read When The Last Posts Are -.-
You are all overlooking Linux being the transport of the malware to a windows box.. Wether your Linux box is a mail server or webserver, or you sinmply forward an email attachment that is infected to another user. So lets forget the 'self propigating virus' for a moment and look at an exploited Linux web server that is handing out malware which is infecting every windows user that visits your website.. Do we take the stance of "who cares ? It doesn't affect my linux machine" or do we look at the big picture and all the Windows machines out there that are now infected because you don't give a crap ?
This happened recently on a Linux/Apache shared hosting site I was using. The host obviously wasn't running anything active to monitor the server, and didn't know there was anything wrong until I pointed out scripts running from my site that I didn't put there. They then scanned the site and remove said malware. It turns out some of the components on my site where out of date and exploitable allowing the attackers to get in and plant nasty things on the site.
It's nice to be a good neighbor in the community, Just because something doesn't affect you directly doesn't mean you turn a blind eye to the effects it has on Windows or Mac users downstream from you.
By focusing only on Self propagating Linux viruses, you have self induced tunnel vision to a fraction of all the malware issues.
dude, a think you miss the entire conversation .... thats nothing to do with what we are discussing here... when we ask if he was running any kind of webserver this was because of he asked if he should use an antivirus, there is nothing to do with zombie server, neighbors and spam... I know may be a kind boring to read all until here but maybe we help you to get into the discussion
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.