LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 11-28-2006, 11:11 PM   #1
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,573

Rep: Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244
Tip: Why Linux security avoids "viruses"


Rogue programs ("viruses") are so utterly common in the Windows world that people spend millions of dollars a year on "anti-virus" software ... swatting fruitlessly at a scourge of hundreds of thousands of types of rogues.

It has been said that "Linux does not get viruses," and the same claim is made about Macintosh OS/X. And generally, it is so!

But why? And is there anything that a Windows user can do to obtain the same advantages for his system? (Yes!)

There is one fundamental difference between the "typical situation" in Linux and OS/X, and the "typical situation" in Windows: the Windows user is probably an all-powerful Administrator, and the Linux/OSX user probably is not.

Every modern operating-system has one classification of user that is basically She Who Must Be Obeyed. Windows calls that user an "Administrator." Linux and OS/X call it "root." Anything that such a user orders the computer to do, no matter how destructive or nonsensical, it will do, without question.

This level of user authority is intended for one purpose and one purpose only: to administer the system; to install and remove system-wide software and to configure system-wide, security-related settings. Nothing else! Yet, in the Windows world, everyone routinely has that all-powerful designation. Consequently, any rogue-program that manages to sneak in, finds itself all-powerful, too!

Windows defines the concept of a "Limited User," which is simply anyone that is not Administrator. Your "everyday" user account should be Limited. Even if you know the passwords to become an Administrator or root ... even if the system "belongs to you" ... you should not exercise or hold these powers routinely.

When you are logged on as a Limited user (or a non-root user in Linux), any rogue-program that happens to run in your name ... is also limited. Therefore, it cannot do what it has set out to do: it cannot harm system files.

Remember also that you can set up as many Limited user-accounts for yourself as you wish ... the files and directories owned by each one of them are, or can be, fully protected from one another.

Take the time to learn about the file-protection mechanisms that are available in your system. It can make all the difference. You cannot realistically prevent a rogue-program from trying to execute, but you can prevent it from succeeding.

If the response from the system is permission denied, there is nothing that the rogue program can do about it.

The same ordinary principles of security and common-sense that people use in their offices .. locking the doors and filing-cabinets .. keeping separate offices for separate roles .. apply just the same to computers, and for the same reasons. Effective mechanisms exist! Just use them.
 
Old 11-28-2006, 11:28 PM   #2
vharishankar
Senior Member
 
Registered: Dec 2003
Posts: 3,148
Blog Entries: 4

Rep: Reputation: 122Reputation: 122
This could probably be submitted in our Article section.

http://www.linuxquestions.org/linux/articles/
 
Old 11-29-2006, 12:15 AM   #3
Berticus
Member
 
Registered: Jul 2005
Distribution: Arch
Posts: 159

Rep: Reputation: 31
I tried doing this, since it's a habit from using Linux, but it doesn't really work. At least it didn't work for me. Limited users are too limited, and I soon ran into problems and found myself always going to the administrator account to handle tasks that really limited users should be allowed to do.

Also, even as a limited user, I could still install a few programs on my own.
 
Old 11-29-2006, 08:45 PM   #4
jonwatson
Member
 
Registered: Jun 2004
Location: Nova Scotia, Canada!
Distribution: Ubuntu
Posts: 170

Rep: Reputation: 30
There's an argument out there that the most valuable data on any system is the user's data. Therefore, a piece of malware running as an unprivileged user will still have all the permissions its needs to destroy the most important part of the system.

I don't run as root, but I'm not under any false impression that doing so offers me any real protection. A piece of malware can run just as easily in my userspace and wreak havoc on my data and out in the world through my network connection as it can running as root.

Still, I would wager that I su 50 or more times a day and I still don't consider that a hardship for the added protection it gives me, no matter how minimal. It's been my experience that no one on the planet needs to run as root all the time - they've just decided to because typing su -c or sudo is too much trouble.

Last edited by jonwatson; 11-29-2006 at 08:46 PM.
 
Old 11-29-2006, 11:25 PM   #5
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
The privilege separation is nice, but like heatsink said, the only stuff I really care about is stuff in my user's $HOME, which is not protected from rogue processes.

Personally I think it's more to do with the fact that there's so many different variants of the OS and apps. From the point of view of a malware author, say someone trying to write a worm, it's a nightmare target. Lets say the worm is designed to exploit a vulnerability in CUPS which allows arbitrary remote code execution.

For a given machine to be running the vulnerable version of CUPS, it'll probably need to be some specific distro and/or release to be running CUPS with the config which reveals the vulnerability. Even major distros tend to release several times a year, so it'll probably have to be a current version of the distro... Also, most distros gave a very quick patch system for serious vulnerabilities. I got a gpg patch today - the same day the vulnerability it fixes hit the security alert feeds.

There are a lot of variables. If the malware finds a machine which is vulnerable, the chances are it's neighbors aren't running a version of CUPS which they can use to spread to the next host because they're probably running a different version, or don't use CUPS or whatever.

Also, consider that the types of utilities which a worm might use to propagate itself - SMTP service, curl, ftp, wget... finding a tool-set which is installed an most machines is a problem because different distros carry different tools.

Add to all that the generally more nerdy user community who, I think it's fair to say are, an average more aware of security issues, and it's a pretty difficult target for worms.

Microsoft have made enormous efforts to keep windows backwards compatible with older incarnations of their OS. Good news for third parts s/w vendors, but also for malware authors - the core APIs are installed on every box they find, so their programs can rely on them. Linux is less standardised.

Personally, I think the biggest risk is from email trojans and/or browser exploits. For example, if some commonly used app (e.g. firefox) has a flaw which allows arbitrary code execution, that might be exploited. You still have the diversity problem, but exploits on web sites or in mail don't need the same "critical mass" as a worm to get going.

I suspect such an exploit could be used to deliver a lump of Perl code which runs in user-land. Perl is quite capable of doing all the networking nasties which a malware might need to do, and can be fairly compact (not to mention that it usually doesn't even need obfuscating to hide what it does!). It's also pretty much standard. Such a worm might even be cross-platform. A scary thought.

The privilege separation is a problem for user-land malware when it comes to hiding itself, and getting itself re-started after boot. How should it auto-execute itself? Since the regular user can't write to the init scripts, this is out of the question, and tempering with the kernel to do root-kitty things for the purpose of hiding files effectively also not possible from user-land (these would require a privilege escalation exploit in addition to the initial exploit). It could insert some obfuscated code to ~/.bashrc or put itself in the ~/.kde/Autostart folder, but that's not a very effective disguise.
 
Old 11-30-2006, 12:52 AM   #6
dohpaz
Member
 
Registered: Feb 2006
Location: Edmonton
Distribution: Slackware 12.2, Ubuntu
Posts: 117

Rep: Reputation: 16
I've also tried running windoze without administrative rights and its just too much of a headache. I ran into way too many problems.
You cannot "sudo" or "su" so the alternative is to logoff/logon and then logoff/logon everytime you need to accomplish something that requires an admin account. Major pain in the butt.
 
Old 11-30-2006, 12:57 AM   #7
jonwatson
Member
 
Registered: Jun 2004
Location: Nova Scotia, Canada!
Distribution: Ubuntu
Posts: 170

Rep: Reputation: 30
I agree that in Windows it's not really an option, but that's because Windows isn't designed very well. Or at all, really. My comments were directed at using Linux.

Depending on what version of Windows you're using, there is an equivalent su command. In XP (and possibly other variants), right-click on an executable and you'll see a 'Run as' option. Not sure how well it works, but it's there.
 
Old 11-30-2006, 04:00 AM   #8
AnanthaP
Member
 
Registered: Jul 2004
Location: Chennai, India
Distribution: UBUNTU 5.10 since Jul-18,2006 on Intel 820 DC
Posts: 676

Rep: Reputation: 161Reputation: 161
Linux security avoids viruses? How exactly? Does it have any specific routine to recognise viruses? And then avoid them?

I think the answer is just the user population.

Maximum effect where maximum users (windoze). Maximum exploits where maximum use (mail, outlook).

End
 
Old 11-30-2006, 04:46 AM   #9
soundwave
Member
 
Registered: Nov 2006
Location: israel
Distribution: Fedora Core 6
Posts: 55

Rep: Reputation: 15
I wonder if linux would have the same popularity as windows,
would linux-targeted viruses and worms start to attack..

I mean, the entire linux system is open source... which means that if someone really wanted to, he/she could examine the entire code very closely and find exploits and backdoors.
maybe even a workaround to trick the system into thinking it's in root mode?

Now that would be scary...
 
Old 11-30-2006, 06:06 AM   #10
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Quote:
Originally Posted by AnanthaP
Linux security avoids viruses? How exactly? Does it have any specific routine to recognise viruses? And then avoid them?

I think the answer is just the user population.

Maximum effect where maximum users (windoze). Maximum exploits where maximum use (mail, outlook).
Quote:
Originally Posted by soundwave
I wonder if linux would have the same popularity as windows,
would linux-targeted viruses and worms start to attack..
Probably not. Windows' own suceptibility to worms has dropped dramatically since SP2, mainly because of the "default on" firewall. Policy and design does have a big impact on malware risks.

AnanthaP, while I think there is something to are argument that there needs to be a critical mass of machine for worms to propagate explosively, I believe it's not the main factor. You asked "how" Linux prevents malware. The original post described one mechanism, I proposed another in post above (less intentional, but still effective).

Quote:
Originally Posted by soundwave
I mean, the entire linux system is open source... which means that if someone really wanted to, he/she could examine the entire code very closely and find exploits and backdoors.
maybe even a workaround to trick the system into thinking it's in root mode?

Now that would be scary...
The flip side of that coin is the "many eyes" argument - that with more eyes on the code, bugs and vulnerabilities will be removed before they can be exploited.

That may sound un-convincing to you, but it's an empirical question. Studies have shown that more widely used project have less bugs per 1000 lines of code which supports the man eyes theory.

There's also the matter of fixing the code. With a proprietary code-base what happens when a vulnerability is discovered? You can try wait for a patch from the vendor which can take too long, or try to reverse engineer a solution yourself, or use a third parties' reverse engineered solution. With no access to the source code, reverse engineering a solution is more likely to break under unusual conditions or introduce further vulnerabilities. Not to mention that it will take longer to make without access to source code.

Now about finding vulnerabilities ... looking through source is one way to find them, but it's rarely one used by malware authors. They try things like passing random junk as inputs and seeing what happens. The amount of malware on Windows clearly demonstrates that closing the source doesn't prevent the finding of vulnerabilities, but it does give software vendors a false sense of security, and they get sloppy.

In the world of crypto - the most paranoid and security-conscious bunch around - security through obscurity is considered no substitute for a robust, published mechanism. One reason for this is that for the author of a supposedly secure system, it's not easy to see around the mechanism they've implemented. The author of the system is invested in how it works, and they fail to see simple work-arounds. Analogy might be someone fitting a very good lock to a very strong door in a corridor, but forgetting the false ceiling and that you can just go over the door with much less effort than defeating the lock or breaking the door. It's very hard for someone to see around their own system. Exposing methods to new eyes is more valuable than it is risky - the crypto community has known this for a very long time.
 
Old 11-30-2006, 07:11 AM   #11
soundwave
Member
 
Registered: Nov 2006
Location: israel
Distribution: Fedora Core 6
Posts: 55

Rep: Reputation: 15
I do agree with the "many eyes" argument... I was just making the argument of "malicious eyes"

This is why I believe everything should be open source.
When I download an open source program, I know that if it had any malicious features, it was known to all... because people who are programmers can look at the code and see what it really does under the surface.

In my theory, in 20 years from now, there won't be different platforms, only different operating systems, which will compete over the public... like a new panel and operating system to your cell-phone, which keeps all the contacts, games, screensavers, videos & images that you have on your cell-phone. but that could be achieved only if everything is open source.

Imagine you buy a new computer with Apple's OS on it... intall whatever you usually install, download games, edit documents... and then there's a new Linux OS out.
You install it, and you work on Linux - but you have still all the software, games & everything installed... That would be nice. Off topic, but nice.

Anyways... I feel safer in Linux
 
Old 11-30-2006, 07:42 AM   #12
mikieboy
Member
 
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 12 LXDE
Posts: 555

Rep: Reputation: 33
If I might make an observation about the Windows administrator/limited user issue. I have come across several instances of Windows software that had to be installed as administrator (obviously) but which then wouldn't allow a normal user to run them and which, unlike Unix systems, did not provide any obvious way to change the permissions. I'm not talking about registry cleaners or such like, these were games and media players!

Such software forces a user to run as administrator in order to use it, which of course is dangerous. And one more reason, I think, why Windows users make easier targets. Imagine being on a music file-sharing site as administrator!!
 
Old 11-30-2006, 09:43 PM   #13
cwej
Member
 
Registered: Jul 2006
Location: Washington DC Metro Area
Distribution: Ubuntu 7.10 on a System 76 Pangolin Value laptop - sweeeet!
Posts: 41

Rep: Reputation: 15
Re: "many eyes" (matthewg42) -- just because I find the "many eyes" argument fascinating, please allow me to joint the fray.

While I believe that there is a great deal of merit in the "Many eyes" argument, one should have their eyes wide open to important realities. In a purely voluntary community of developers/users who serve, effectively, as part time evaluators, there must certainly be at least some element of luck as to how and when the "right" instance of "many eyes" reviewing the source code may or may not get around to doing so.

Also, even the most skilled and knowledgeable programmer (volunteer or not) may not be afforded the resources (time and automated analysis tools) to rigorously examine the code. There also may be some element of luck as to when and how many of the right instance of "many eyes" might possess specific security focused knowledge, skills and abilities to recognize subtle vulnerabilities nested as a needle in a haystack many KSLOC high. In contrast, and in an admittedly perfect world, a proprietary project with sufficient resources may (or may not) be able afford (and may or may not be smart enough to plan for and apply) the analysis tools, the rigorous processes, and perhaps even the extra rigor of, say, qualified red-team scrutiny.

Does this invalidate the "many eyes" theory and argue in favor of proprietary? Not at all. In fact, I think that if I were a developer who was considering implementing or integrating off-the-shelf OSS into my product or system, I'd be extremely thankful for the GPL-based opportunity to subject the Open Source to my paid security team's best set of automated tools and processes to test its ability to satisfy my requirements safely and securely.
 
Old 12-01-2006, 06:47 AM   #14
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
cwij: The many eyes argument is an interesting one. The evidence seems to back up the idea, or at least the evidence shows that some large complex projects seem to do surprisingly well using an open source methodology, and the many eyes theory is one way to account for that. It's a surprise to me too. I am staggered almost every day by the quality and variety of the open source projects I find.

The exact truth is probably more complicated than any one idea. I bet there are multiple factors. I have a theory that part of it is peer pressure and nerdy vanity on the part of programmers... If programmers think their code will get reviewed by other nerds, they are more likely to produce well formatted, elegant and secure code than programmers whose code is measured only in terms of delivery of features to a deadline as is often the case in the proprietary world. Lots of proprietary shops do strive for quality, but when it comes to the crunch, there's often a culture that working but potentially insecure code is better than feature-set reduction on release day. I've heard the phrase "it works enough" more than once.

I know for a fact that many programmers of proprietary projects take great pride in the elegance and robustness of their code, and there are some extremely talented coders in the proprietary world, but I've seen how proprietary projects work and it's not always so pretty. A combination of immovable deadlines and inane feature specifications designed by marketing departments with no tech savvy can really kill a programmers love for his or her codebase. I suspect the vanity/peer pressure thing increases the chance of good code a little bit. There are no guarantees.

Another thing. Programmers like to re-arrange their code. Insight gained in the first three implementations can be used to get the fourth one just right. There's almost never time in the proprietary world for this kind of fiddling- if something works, it ships. Granted, there's not always a chance to do this in open source projects either - especially if someone else has used the codebase in their own project, but I think there's a bit more chance of improvements from this.

I think there is something to be said for proprietary projects having access to some good but expensive tools which may not be available to open source devs. My [limited] experience of these sorts of tools is that they tend to be very good at a particular teak, but integrate with other items in the toolchain very poorly - so much so as to limit their usability. I suspect this is just my personal lack of experience, so it should probably be discarded as a real item of note, but I wanted to see if other people have the same experience.

Enough waffle for today!
 
Old 06-04-2007, 09:19 PM   #15
togomanta
LQ Newbie
 
Registered: Jun 2007
Distribution: fedora core 6
Posts: 5

Rep: Reputation: 0
most used: Windows?

In my opinion, the reason windows is hit with most viruses, is because Windows is the most used os out there. This is due to Bill Gates's good marketing strategies (lands him in court every once and a while though). Because of being the most used, virus makers try to hit the biggest target, and get the most attention with the least amount of work (does it depends on the person, or what there doing?). The one thing I don't like about Linux, is one thing do I like about Linux, compatibility. This does not allow me to play my favorite games with out a lot of work, but in my opinion, does not allow Windows virus to work on my machine either.

From what I understand, Windows and Linux have different file systems, require different code structures to run programs and the program must be made for that file system. I have a hard time getting windows designed games to work on my computer. In fact, I can't run any games, due to lack of knowledge.

Bill Gates is the one who started the idea of paying for programs. Microsoft is the biggest name in the software businesses. One can argue that businesses spend most of their time ripping you off to make them rich with out caring about you; unless it is needed to care about you in order to rip you off. This is why I believe that at least a small amount of viruses out there are the work of people that want to get back at the man, for making there life more dismal than it all ready was. Linux provides a different environment around this idea: it is not for money, you get constant upgrades, and lots of free software. Why would anyone target to destroy a good thing. As I mentioned up top, Bill Gates found him self in court more than once for his business strategies. This means that there is a possibility that there is illegal activity with how Microsoft got to where it is. This could have created an environment based on lack of respect toward the company, and could have a role in who is the target.

I would like to point out again that this is all my opinion, and based on limited knowledge. Thanks for reading. If you find that any part of this to be wrong, please correct me where needed (I like to learn).

If what I have written is not the case, it sounds good on paper and the idea would make a good movie.

Thanks to all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tip for non-Power Users: Moving from "less" directly into an editor rickh Linux - General 1 10-11-2006 11:16 AM
apache security for intranet: "listen 80" vs. "listen 127.0.0.1:80" pulper Linux - Software 3 09-27-2006 07:24 AM
Tip: handling "cannot open shared object file..." sundialsvcs Linux - Newbie 1 03-06-2006 01:57 PM
"perl Makefile.PL" complains about cc & gcc (self solved tip) Raptor Ramjet Slackware 2 09-13-2004 03:24 PM


All times are GMT -5. The time now is 04:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration