why doesnt linux have antivirus/detection for java exploits and other flaws?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
why doesnt linux have antivirus/detection for java exploits and other flaws?
Recently I had a Java exploit on Windows. Luckily Microsoft Security Essentials identified and removed it. Such things can happen on Linux as well, from what I've heard. Why does Linux offer no such detection?
Click here to see the post LQ members have rated as the most helpful post in this thread.
They are all over. There is a stickie with "Firefox vulnerabilities" in this section, and if you Google this subject you can get many examples. Here is just one that pertains directly to what I'm talking about http://www.linux-tutorial.info/modul...icle&sid=11229
Also, how is one to know about a java exploit without any software that would alert the person to it?
Last edited by penguinquack; 12-09-2010 at 04:35 PM.
There's several virus scanners available for GNU/Linux. Have you run the malicious code through any of these scanners to see if it's detected? It might be interesting to see the results of such experiments, if you're able and willing to share with us.
That said, keep in mind that if you're running software with publicly-known vulnerabilities in it, your best bet is to follow the manufacturer's (or the expert community's) recommended mitigation steps immediately, rather than waiting for some third-party tool to update its signature database and save you if you're lucky enough to get hit with an exploit it recognizes.
One of the biggest differences between most Windows installations and most linux installations is difference in administrator privilege. The Windows concept of administrator is such that the primary account by default is an administrator account. Additionally, as has been demonstrated on several past occasions, Windows fails at encapsulating the OS kernel from user applications. Consequently, if malware is able to get ANY code to run, including java code or an Office macro, it is possible to completely hijack control of the OS itself. Consequently an infection can wreak a lot more damage than it can in a Linux system. Typically such an infection on a Linux system would be limited in its scope to the user's account and would be unable to acquire access to most critical resources.
Add to this that the average Linux user is more technically sophisticated than the average Windows user and hence is likely more aware of the signs of infection, more likely to avoid infections in the first place, and more likely to know how to deal with it effectively in the first place.
In essence, the issue isn't so much as Linux is immune to such exploits, it is that they are far less likely to spread and cause significant damaging.
win32sux: the exploit that I experienced personally was on Windows, not Linux. The link in my 2nd post is to give an example of exploits that exist for Linux. Also I'm focusing more on exploits, in particular java and browser exploits.
Noway2: Thank you that was informative. My biggest remaining problem with this whole concept is that windows would be able to spot a java exploit quicker than Linux, even though more damage may be caused in windows. However, as you seem to suggest, this may be less severe with Linux distros that have regular security updates, and will be patched before the exploit can occur. Is this a good assumption?
edit--- sorry that was win32sux that suggested that last bit.
Last edited by penguinquack; 12-09-2010 at 06:58 PM.
There is one other aspect effecting the majority of Linux installations that I forgot to mention and that I think helps to address your last question. In Linux, the vast majority of the installed software comes from designated repositories where the software has been examined by a team of people as well as cryptographically 'signed'. As a result, the need to install various applications from unknown sources is dramatically reduced. The net effect is that as long as one installs software only from the known repositories that the chance of acquiring 'infected' code is near negligible because the code base is more tightly controlled and its authenticity is verified before it is installed (the signing). Furthermore, in order to install such software, the user must knowingly grant privilege to do so making it much harder to slip something in on the sly.
win32sux: the exploit that I experienced personally was on Windows, not Linux.
Yes, I know.
Quote:
The link in my 2nd post is to give an example of exploits that exist for Linux. Also I'm focusing more on exploits, in particular java and browser exploits.
I understand that, but virus scanners will typically look for more than just viruses. I know that ClamAV, for example, has exploit signatures in its database, some of which are browser exploits which work (or have worked) on GNU/Linux.
Quote:
Noway2: Thank you that was informative. My biggest remaining problem with this whole concept is that windows would be able to spot a java exploit quicker than Linux, even though more damage may be caused in windows. However, as you seem to suggest, this may be less severe with Linux distros that have regular security updates, and will be patched before the exploit can occur. Is this a good assumption?
That's a terrible assumption, IMHO.
There's really no guarantees that you won't be exploited before a patch has been released. In fact, there's no guarantees that you won't be exploited before a patch has even been created (or worse, before the manufacturer even suspects the vulnerability exists). Reducing your attack surface and implementing multiple layers of security will do much more for you on any OS than simply using GNU/Linux ever would.
There is one other aspect effecting the majority of Linux installations that I forgot to mention and that I think helps to address your last question. In Linux, the vast majority of the installed software comes from designated repositories where the software has been examined by a team of people as well as cryptographically 'signed'. As a result, the need to install various applications from unknown sources is dramatically reduced. The net effect is that as long as one installs software only from the known repositories that the chance of acquiring 'infected' code is near negligible because the code base is more tightly controlled and its authenticity is verified before it is installed (the signing). Furthermore, in order to install such software, the user must knowingly grant privilege to do so making it much harder to slip something in on the sly.
Thank you Noway2 and everyone else. This may sound like a silly question but, is a software package that is older and more "controlled" more safe than a software package that is newer and may therefore have less bugs?
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
Quote:
Originally Posted by penguinquack
Thank you Noway2 and everyone else. This may sound like a silly question but, is a software package that is older and more "controlled" more safe than a software package that is newer and may therefore have less bugs?
depends, take the php CMS script drupal for instance, currently there is version 5.x, version 6.x and a beta of version 7.x
despite the fact that 6.x has been out for a while and a beta of 7.x, version, 5.x still recieves minor revisions (no new features just security/bug fixes)
another example would be the linux kernel itself, there is still maintenance being done on the 2.4 kernel despite the fact that the 2.6 kernel is up to minor revision 37
so ultimately it depends on the package, whether older versions are still maintained with minor revisions or not and how well maintained they are, since otherwise older versions will have known exploits and will take less effort to crack since the exploits are already known, either way as long as you stay away from the most bleeding edge versions with potentially incomplete features, any revision marked 'stable' should be adequately secure, that being said no software is 100% secure
If you want to stop these java exploits, there is an add-on for firefox for it, called "no script" that is supposed to stop every script, but the ones you enable.
If you want to stop these java exploits, there is an add-on for firefox for it, called "no script" that is supposed to stop every script, but the ones you enable.
I think that is for javascript, not Java. They are different things.
And after reading the link the OP posted, there was no specific threat mentioned, only that it may be possible.
I also read the sticky thread and could find no mention of Java exploits either in the first 5 pages or the last 3 pages.
Do you realise that java and javascript are completely different things ?
I think that is for javascript, not Java. They are different things.
And after reading the link the OP posted, there was no specific threat mentioned, only that it may be possible.
I also read the sticky thread and could find no mention of Java exploits either in the first 5 pages or the last 3 pages.
Do you realise that java and javascript are completely different things ?
Maybe I'm confused too. I thought Java was a subtype of Javascript. A quick Google scan-over reveals that the two have a close relationship, though I had trouble making sense of just what that relationship was, so I'll be doing more reading (hopefully). Also, the addon he mentioned also blocks Java, optionally.
The reason I mentioned "it may be possible" is because, if there is no reliable software to check for such things, I thought it could be a threat that no one would see if they became infected. However, it now appears to me that there is some anti-virus and anti-rootkit software that *may* be able to identify these things.
depends, take the php CMS script drupal for instance, currently there is version 5.x, version 6.x and a beta of version 7.x
despite the fact that 6.x has been out for a while and a beta of 7.x, version, 5.x still recieves minor revisions (no new features just security/bug fixes)
another example would be the linux kernel itself, there is still maintenance being done on the 2.4 kernel despite the fact that the 2.6 kernel is up to minor revision 37
so ultimately it depends on the package, whether older versions are still maintained with minor revisions or not and how well maintained they are, since otherwise older versions will have known exploits and will take less effort to crack since the exploits are already known, either way as long as you stay away from the most bleeding edge versions with potentially incomplete features, any revision marked 'stable' should be adequately secure, that being said no software is 100% secure
Thanks for your reply.
What is the purpose of these repositories with software several years old (for example, in Ubuntu) if any stable software is going to be as secure?
Maybe I'm confused too. I thought Java was a subtype of Javascript. A quick Google scan-over reveals that the two have a close relationship, though I had trouble making sense of just what that relationship was, so I'll be doing more reading (hopefully). Also, the addon he mentioned also blocks Java, optionally.
Actually Java and Javascript have nothing to do with each other beyond the fact that both are used in web-based applications. Their roots as programming languages are light-years apart. This is a nice comparison.
Quote:
What is the purpose of these repositories with software several years old (for example, in Ubuntu) if any stable software is going to be as secure?
At least in my opinion, keeping older software stems from a "if it ain't broke" philosophy. A lot of people (me included) tend to view new stuff as untested and would prefer to rely on software that has been through the mill for a bit rather than jump on the latest stuff which may have undiscovered problems. Stable != secure in all cases. As long as the older stuff does what you need it to do and is maintained and patched, why switch?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.