how security is imlemented in linux i.e. how do we say that it is virus free
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
how security is imlemented in linux i.e. how do we say that it is virus free
[EMAIL=vinaymudgil007@yahoo.com]
im very much new to linux i.e. in early days !
i had been using windows for a long time but when i first came in contact with LINUX , i was a fan of its virus free abilities.
I want to know that how LINUX is said to be so secure?
im a student and my teachers call it 99.99% virus free BUT with no reason which could satisfy me
that how it's that much virus free .
I had lots of ideas like
(1) it uses mount point
(2) data is encrypted when sent over network
etc. etc. etc.
BUT nothing confirmed
" whatever anybody tells me will be a help "
" plz get me correct reasons and set the corect path for me "
MSWin can automatically execute a file based on the file extension. The user can thus inadvertantly install a virus by doing something like previewing an e-mail in MSOutlook.
Linux/Unix will only execute a file if the file permission has been set to be executable. Thus, to install a e-mail virus in linux, the user would have to download the file, change the permissions, and then execute it. So it is still possible to have a virus infect a Linux/Unix box - just a lot less likely.
It is also typical for a MSWin user to be running with full administration privileges. It is much less typical for a Linux/Unix user to be running with full root privileges. Thus, even if a Linux/Unix user manages to install a virus, the impact of the virus on the system is limited to the rights of the user.
Bear in mind that Linux/Unix boxes may be used as file or mail servers for MSWin machines. Such servers may still pass on viruses to the MSWin clients - but the Linux/Unix servers will not be infected.
Re: how security is imlemented in linux i.e. how do we say that it is virus free
Quote:
Originally posted by vinaymudgil007 [EMAIL=vinaymudgil007@yahoo.com]
I want to know that how LINUX is said to be so secure?
im a student and my teachers call it 99.99% virus free BUT with no reason which could satisfy me
that how it's that much virus free .
THANX !
Linux is not free from possible virus infection. It is very possible to infect any version of linux with a virus. What seperates you and infection is your login account. Execute a virus as root and your infected. There seems to be a myth that Linux is some magical OS that is bullet proof. While in the case of a secured install that is true. But as Vectordrake said, its only as secure as the weakest link.
You can have the most elaborate lock on the doors at your house. Leave one unlock, or the window unlock, or the keys under a rock in front, and well, your security is worthless.
While Linux has the potential of being a harden target, it can also be as vunlerable as Windows. It all depends on what you do with it.
What everyone hear is saying can be boiled down to three words: Unix File Permissions. Users, Groups, permissions, etc. It is much harder to attack *nix with a virus because (as has been metioned already), no sane linux user runs as root all the time, therefore a virus won't be able to attack key system files unless it is executed as root (due to the permissions of those files). Hope that satisfies your question.
Originally posted by idaho MSWin can automatically execute a file based on the file extension. The user can thus inadvertantly install a virus by doing something like previewing an e-mail in MSOutlook.
Linux/Unix will only execute a file if the file permission has been set to be executable. Thus, to install a e-mail virus in linux, the user would have to download the file, change the permissions, and then execute it. So it is still possible to have a virus infect a Linux/Unix box - just a lot less likely.
It is also typical for a MSWin user to be running with full administration privileges. It is much less typical for a Linux/Unix user to be running with full root privileges. Thus, even if a Linux/Unix user manages to install a virus, the impact of the virus on the system is limited to the rights of the user.
Bear in mind that Linux/Unix boxes may be used as file or mail servers for MSWin machines. Such servers may still pass on viruses to the MSWin clients - but the Linux/Unix servers will not be infected.
Hope this helps.
THANX, I LIKED THE WAY U EXPLAINED TO ME S0 PATIENTLY
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally posted by TruckStuff What everyone hear is saying can be boiled down to three words: Unix File Permissions. Users, Groups, permissions, etc. It is much harder to attack *nix with a virus because (as has been metioned already), no sane linux user runs as root all the time, therefore a virus won't be able to attack key system files unless it is executed as root (due to the permissions of those files). Hope that satisfies your question.
This is a silly argument, you can do far more with NTFS file permissions than you can with stock UNIX file permissions. Granted on ext2fs, UFS2, etc, you can set extended attributes, but again NTFS has most of those.
idaho had a pretty good answer, which is basically that on Windows a file will automatically be executable based on it's extension (unless you change the permissions to restrict it), while on *n*x files are not executable by default.
Another very good reason is that most of the *n*x e-mail clients don't (currently) support active scripting, which is the source of many, many Windows exploits.
Originally posted by chort This is a silly argument, you can do far more with NTFS file permissions than you can with stock UNIX file permissions. Granted on ext2fs, UFS2, etc, you can set extended attributes, but again NTFS has most of those.
But the difference is that Windows doesn't take advantage of these extended attributes "out of the box." They have to be implemented quite specifically and intentionally because (as previously mentioned) most windows users have admin rights, whether they know it or not. *nix, on the other hand, implements much are sophisticated file permissions out of the box (which is not to say that those permissions ultimately don't have their own shortcomings).
This is a really silly argument. All it takes is common sense from the user no matter if it's Windows, BSD, Solaris, or Linux.
Yes, in Windows you need to be more of a security expert, but if you take those measures, then you have nothing to worry about.
1. Dont use IE (Internet Explorer)
2. Do not open attachments
3. Read email messages in PlainText format and don't even use MS Outlook or Outlook Express when using Windows
4. Do not visit suspicious webpages and turn ActiveX OFF
5. Download Windows Updates periodically.
6. Use an Antivirus/Firewall
But still, even if you have the BEST AV software out there for Windows or Linux, you should be using your common sense. Thats it. Enough said.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well in fact, when Windows is implemented in an enterprise environment you can apply policies through Active Directory and you can actually take permissions away from local admin (and usually the user isn't made local admin in that case, any way). You absolutely can make the system read-only through policy. I'll say it again, this has absolutely nothing to do with any difference in the file permissions available. You can do all the same things, plus more things with NTFS.
As for the discussion about default permissions, well non-Administrator users can't modify shared parts of the system on Windows, so I'm unclear how not being able to modify /bin/login is relevant. If you're root, you can do that, if you're not, you can't. The same thing is true on Windows, just substitute Administrator for root.
On the issue of default privileges, you could take issue that Windows Home sets you up as an administrator by default, while on most Linices this is not the case, but that's a default configuration choice, not an inherent advantage of one system over the other.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.