|
Linux and Viruses
I heard from one of my friends who had used Linux before me that Linux can't get viruses. I was wondering if this were true or if Linux just rarely had viruses. Also, I was wondering why this is the case. If they can't get viruses, why not. And if they just rarely get viruses, why is that. I have an idea of what the case is, but I'd just like to know for sure. Thanks for your time.
|
Windows and Mac viruses can not effect Linux because the malicious program is coded differently. Yes, there are a few viruses for Linux but they only effect old server software that is running. If WINE is installed, viruses that run under Windows can infect Linux in some way. WINE is run in an insecure way, so the virus can do some harm if WINE is run in a stupid manner like from a user such as root. Though one thing to watch out for is rootkits. Use a LIVE Linux distribution and update its rootkit scanner to check for rootkits.
The Linux community finds faults in programs before the faults are used for an attack. |
var ur_linux=free of cost
if(ur_linux==update) { virus=Kick Out } ur_system=100% Virus Free LOL..... well my budy our Windows fellow n me also when I was a window sticky a year ago, we all have such a strong concpet of virus that we got shocked when we hear that Linux is virs free ... :p Simple reason is that IF Microsoft Windows is built by 10000 programmers then Linux is built by 10000000 programmers. So which group will creat the best software .. :D Just get a CD of a mature Linux Distro. Keep it update. Kick out the fear of Virus frm ur mind forever. I'll recommend Fedora 7 Linux. You can Download it FREE of cost frm fedora.redhat.com Chosing an Immature distribution can cause u to run away frm Linux because of little support. Fedora is among the biggest free Distros having the biggest community support. BUT REMEMBER only Viruses are not the problem. There are many things to keep in mind to secure ur system. if u just open ur telnet port with a kiddy administrator password then anyone can control ur system over network no matter u r using windows or Linux...... But it's true that Linux users are really don't know why to use antivirus/anti spyware/anti malware/anti hijakers/anti dialers.....so on ........ on their Linux box.. :) because they didn't ever have to face them..... |
The answer involves a number of ways that windows differs from Linux or bsd based Mac OS 10.
A) Root access: Unix was from the start a multiuser OS. Software is written assuming that the user has limited rights. By comparison, windows began as a single user non-networked OS. It is common for a user to run as a root user with full access to the system. Any program running this way will have write access to the system. In linux, you could use "sudo" to run the package manager as root, for example, and never have to actually log in as root. Ubuntu goes even farther by disabling all root logins. B) Executable bit vs various executable extensions. Unix uses an execute permission bit. Even if you downloaded malware in an email attachment, you would still need to manually change the permissions on the file before you could execute it. This makes it harder for a virus or other malware to be executed. It needs to be executed to be able to drop its payloads. Windows uses a number of file name extensions to determine whether a file is an executable. Since the filename extension is a feature of the source and not of the target, the author of the virus gets to determine if the file is executable. C) Opaqueness of the windows OS: Windows uses a registry which is an opaque database. There are a number of keys that the virus can use to make sure that the system starts it automatically. D) Population density: There are more windows computers. This and the previous defects I've noted make them not only a more popular targets, but the low hanging fruit. Remember how real viruses replicate. One infected person needs to come in contact with a person who isn't immune before the virus can replicate. It isn't just that there are more windows computers. It's also that it is more likely that an infected computer can reach another susceptible computer. This aids in the infection rate. Even if 80 % of windows computers are immune (secured) against this virus, that leaves millions that aren't and allows the virus to propagate. Add to this that the motive of todays malware writers is to own your computer and sell that control to the mob (usually Russian mobsters. This could mean Chechen terrorists, the hackers could care less if anyone gets killed due to their actions). They want to have a large bot army so that they can get a higher bid. E) Tight Coupling: On windows the GUI is tightly coupled to the OS. Even internet explorer and outlook are tightly coupled to the OS. This makes it easier to compromise iexplorer or outlook and thus compromise the system. Microsoft even lowered the barrier in memory between kernel and user resources on the Windows IIs web server in order to improve performance. This is somehow ironic. The windows kernel is a micro kernel, supposedly, one layer communicates with another layer using a server/client model. However this effects performance, and so shortcuts were made bypassing this. So instead of a highly structured heirarchal os, they ended up with with spaghetti while this isn't an example of the kernel, take a look at the differences between a Windows IIs and Linux Apache server serving up a web page: http://www.visualcomplexity.com/vc/p...id=392&domain= . F) COM: Documents can contain COM components. They cause binary (compiled) code to run inside a document. ( ActiveX you may have heard of in iexplorer is another word for a COM component in a web document.) If the com control isn't installed on the local machine, it will get it from another computer on the network. Running code in a document is bad enough. Even scripting can be dangerous. Running binary code is even harder to control. Here you are running code that is installed on a 3rd party computer that might be compromised, even if yours isn't. G) One eye vs many, or Open Source vs freeware or shareware: Consider the difference in the software running on Windows vs Linux. In windows, it is common to browse the web looking for an application that will do something like mass renaming of files, or installing a codec to play xvid files. The windows application will have a binary installer. You almost always need to be root to install it, but you really don't know if you can trust it. Steve Gibson discovered and coined the term "Spy Ware". He installed some shareware software from a seemingly reputable source, but it turned out that it was dialing home. Look at the Sony root kit debacle. A root kit is far worse than most traditional viruses because it completely disappears from the system. Typically on Linux you install Open Source packages. You might get them from sourceforge or you might use a debian or rpm package supplied by your distro. Because the source is in the open, it can be vetted. Even if you can't understand the code, there are plenty of people who can. Also because Open Source is written by a collaboration of users it is less likely that any one user will get away with inserting something harmful. --- This isn't to say that running Linux is worry free. The term virus is almost an obsolete term. It might describe a virus or worm that is attached to an email. This is the type that windows is vulnerable to. However another threat is from exploiting applications. Hackers will bang on an application and see if they can get it to crash. Usually this is due to the application not checking its input. Such as a video player downloading and playing a video on the web. Or an mp3 player playing a song. The hacker will try to create a file that will crash the program and overflow the stack. If done correctly the stack pointer will start running a program contained in the file. Once this is done, the program has to escalate itself to root. A windows user will often run as the root user, so the job is done. Both windows and linux users need to keep there systems updated to patch any known vulnerabilities that would allow a program to escalate to root. Another defense is to start programs at random locations. Linux has been doing this for a long time. Windows Vista does it as well. This means that if a program has a stack overflow vulnerability that the hacker has to depend on luck in deciding the location of the code in the file. ---- The single best thing you can do to secure your computer is use a NAT router. You still want to regularly update your computer, be careful which websites you visit, never click on links in emails, hover over links before clicking on them on webpages. And avoid stupid things like downloading screensavers ( a screen saver is a program, about 66% of them are viruses.) |
Another consideration is that Windows NT systems typically do not "firewall" admin processes from one another (Might have changed in Vista?!). If a virus can "get a foot in the door", so to speak, then it has access to virtually all of the admin process space...i.e. spread rapidly and do nefarious things.
Unix from the start was designed to "firewall" ALL processes from one another (exception is that parent processes can "see" child processes' space). A virus in Unix would be hardly effective as it would only be able to affect the individual process that it attached to, and permissions would keep it from spreading much (and use of a serious access control mechanism would really make it tough). In other words, it's harder to make a virus DO stuff in Unix. I heard of a weird series of assembler instructions a while back that could "infect" both a Windows machine and a Linux machine, but the extent of damage (theoretically, I don't believe it was ever seriously pursued as a Unix "virus") it could do to Unix was delete a few files in the current directory. http://software.newsforge.com/articl.../04/18/1941251 And I have to highlight my favorite line from that article: Leave it to open source hackers to debug and fix aging viral code so that it works correctly. And shame on the anti-viral industry, Kaspersky Lab in particular, for its attempts to deceive the public by passing off old code as something new. |
Quote:
|
| All times are GMT -5. The time now is 11:55 PM. |