[SOLVED] Is Unix protected from viruses & malwares?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
It's a silly question, but revolving in my mind for a long time. I have listened many times that Unix i.e. Linux or Solaris OS or other flavors cannot be infected by viruses or malwares? Is it true? Please explain with reasons.
Thanks in advance.
Like in Windows OS, a virus or malware is any program or application, which harm your computer by damaging your personal data and modifies your system configurations & settings, and moreover, it can steal your various login credentials etc. So is this thing possible in Unix based OS ? Can any such "malware" program damage a Unix based OS, or can modify it's configurations?
Okay thanks. But to be honest, I have never seen any such attack on my Solaris or Linux OS. Is shell (command interpreter) in Unix based OS responsible for saving the OS from such attacks? any further explaination is most welcome. Thanks again
consider if I sent you an email with an attachment and asked you to execute it... eg a shell script containing 'rm -rf $HOME'.
That is a trivial example, based around social engineering and naivety of users, but it meets your definition of malware.
...I have never seen any such attack on my Solaris or Linux OS.
Right, well that seems to be a valuable piece of information. In your experience, for however many years, you have never seen such an attack.
That doesn't prove that no such attacks are possible, but it does at least show that, in the current conditions they are rarely seen.
Originally Posted by meninvenus
Is shell (command interpreter) in Unix based OS responsible for saving the OS from such attacks?
There are many factors, but the fact that there is a shell isn't really one of them. Just as an example, Windows has a shell, of sorts, available and that doesn't seem to have protected it, does it?
Originally Posted by meninvenus
...cannot be infected by viruses or malwares? Is it true?
You are asking whether it is impossible to get viruses or malware (why you specified viruses when that is included in malware, I don't know), is whether on a Unixy OS it can ever be possible to suffer from malware by some kind of infection. A simple web search should show you that there are cases out there, so the answer to that question should be obvious.
My understanding is that viruses, malware, etc are possible in Unix, and there are some that do exist. However they aren't the same as those in Windows. As an example, Windows had an issue with the Blaster worm many moons ago. If your computer was connected to the internet, you would probably get it without any action required (I think I reinstalled windows back in the day, and got it within 3 minutes).
This is very difficult to do in Unix. The problem with windows is that you are, or were, administrator by default. There were also many services running by default that the user didn't know about. These also ran as admin. This made it easy for someone to code some malware that took advantage of a flaw (be it in a service, or the user) that would change the entire system. Unless you log in as root, this is difficult to do in Unix. Even your services often run as another user (I have apache run under apache, or something). Therefore, if a piece of malware takes advantage of a flaw in apache, it can only affect those resources that the user apache can access.
Things are better with recent editions of Windows (UAC pops up and tells you when it is going to do something), but most users will click continues anyway.
There were a few cases some time ago about malware affecting Mac OS systems (iChat, I think. You had to enter a password on this), and another one taking advantage of PHP. I can't remember the details though, but they were both patched quickly.
* All of the above might be nonsense. It is almost entirely based on my observations, and no real research.
Generally speaking, Linux does not suffer from the same security vulnerabilities that Windows does. Also, in the basic desktop/laptop user application, Linux systems tend to me significantly more secure than an equivalent Windows system. While there are 'viruses' for Linux, there are none that I know of that would be considered out in the wild.
That being said, yes, it is possible to contract malware on a Linux system, or even have control of your machine taken by an intruder (this is called being PWN'd). Again, in a normal desktop/laptop configuration, unless the user takes deliberate action that enables this, it is a rare and unlikely occurrence.
There are a myriad of reasons why Linux security is inherently better than Windows. Some of the reasons are:
1 - genetic diversity in that there is a lot more difference amongst Linux systems than Windows, making it harder to target a one size fits all application
2 - separation of privileges and using the least privilege approach. In other words, the default is not to have the main user automatically have administrative privilege. Also, the preference is for commands to be executed with elevated privilege as required rather than having the privilege level being tied to the user role
3 - a significantly better permissions system built in and then imrpoved upon by Mandatory Access Control systems, such as SELinux and Apparmor.
4 - defaulting to not having open ports
5 - software obtained through repositories, and using cryptographic signing, with software being available as source code as opposed to a binary executable from Joe's Happy House of Malware.
6 - improved logging, making a forensic analysis more practical
7 - A different in the mindset amongst users, where the average Linux user is more tech savvy than the average Windows user and hence has a more security focused mindset.
Thanks a lot all of you. Although there's no definite answer available for this question, but what I concluded is that it's posible to infact a Unix based system, but it's very rere and ofcourse tough.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
i think another big difference between *Nix and windows is greater separation of executable data (software) and NON executable data, often via the execute bit, which in the case of Internet downloads is per default OFF (thus requiring the execute bit be manually set before the program can run, or the program be forcibly run via some other means) whereas windows, via activex and other similar avenues, programs can be executed WITHOUT first asking the user (or even telling the user for that matter), do that while running as an admin and the entire machine gets compromised, running something as a limited user (as per default in *nix) and the user's home directory gets torched, maybe, but not the system as a whole.
And of course the use of insecure passwords on servers.
I just wanted to pick up on that briefly; If, for example, you set up ssh insecurely (with insecure passwords, allowing root login, not doing anything else to prohibit 'bad' logins) you will have allowed anyone to log in as root access with only a moderate level of difficulty. In that circumstance. the person who logged in could do anything, including installing whatever bad program that they wanted to.
So, if you got that wrong, there is no way that your system could be secure. There is no OS that could overcome that level of bad config, so, if you are going to configure your OS and critical apps badly, it will be vulnerable. (Sort of goes along with Noway's point 7, although competent admins are important too.)
Linux, and the other Unix and like OS have all been under attack for decades. Each day a very serious hole is discovered in code from the OS to the Apps. Apps tend to be the largest security issue. You may be shocked to find that most major break in's to data are not just limited to MS products. Not sure there is any OS connected to the web that is secure by default or can't be hacked.
People (bad people) tend to target industrial or commercial Os's for a reason as opposed to the reasons they attack home users. Kind of like the difference between a jewel thief and a mugger. Both have their ways to attack victims.
Netbsd has claimed to be the least holes I believe but that assumes almost no applications running.
Assume that your data can be compromised because it can.
The biggest vulnerability in any computer system scenario has two ears.
Windows very-wrongly gets nailed for security problems because, quite inexplicably to me, its very fine and well thought out role-based security model is completely turned off for millions of "Home Edition" users. But, don't blame Windows for that. And above all, don't suppose that any computer system or type of computer system is somehow "protected from" exploitation by a clever and determined human.
But I suggest also that you stop using the expression, "virus," which is clearly intended to invoke notions of biology ... of something that will "infect" that biological organism unless its "immune system" (helpfully and continually bought from your favorite 'security' firm...) constantly protects it. These analogies are not appropriate.
Last edited by sundialsvcs; 09-19-2012 at 04:04 PM.