Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-28-2008, 06:31 AM
|
#1
|
Member
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Rep:
|
Linux malware myths and facts
Whenever someone asks about Linux virus protection replies usually say that viruses target Windows mostly, so virus protection on Linux is mostly for protection against transferring Windows viruses to other Windows machines. So far, so good.
Many people, however, seem to believe that there are indeed at least a small number of active viruses for Linux. I have tried to research that topic but with the exception of a worm infecting Linux servers in 2001 I haven't seen anything about actual malware infections on Linux systems (rootkits installed by some attacker or other targeted attacks on individual computers aside, this is just about the untargeted mass malware angle).
You also often find the statement that Linux viruses fail to be successful because they cannot propagate, mostly because if they use mechanisms like worms do, such as sending themselves to everyone in the address book, they end up on Windows computers where they don't work. I find that hard to believe: don't you, as Linux users, have address books with a decent percentage of other Linux users in? I know I do. We're not all islands, are we?
So, is there even a single real in-the-wild Linux virus apart from the above-mentioned worm? Is there a real Linux virus signature in clamAV or whatever? Has anyone of you ever heard of a successful or unsuccessful Linux virus other than proofs-of-concept?
Robin
|
|
|
10-28-2008, 08:25 AM
|
#2
|
LQ Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
|
I know that whatever small number of viruses may appear, these use some type of exploit, but the exploit is fixed very quickly unlike in Window$ where development is stagnant and where they cover up exploits as long as possible to delay having to release a fix. That's the main difference that accounts for much of the discrepancy between malware on Linux vs Window$.
The biggest thing you may have to worry about with Linux is rootkits, so using rkhunter and chkrootkit is usually enough to protect yourself from these kinds of things. Of course a firewall is mandatory. Although I do have clamav installed, so far it has only detected one trojan hidden in some sites I saved to disk. From what I saw the trojan was not active and had no means of becoming active. Even trying to run viruses through wine will not work, there was an article on this.
|
|
|
10-28-2008, 08:41 AM
|
#3
|
Member
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Original Poster
Rep:
|
But was that Trojan listed as Linux malware?
|
|
|
10-28-2008, 08:52 AM
|
#4
|
Member
Registered: Mar 2003
Location: Berkshire, England.
Distribution: SuSE 10.0
Posts: 299
Rep:
|
If you're asking whether you should bother to run antivirus, I would say yes, you should. For a start, just because there's no obvious threat now, doesn't mean there won't be one next week; you need to be prepared. And also, there are reports of some Windows viruses actually working under Linux, using Wine or similar. Granted they probably won't work fully as intended, but they could still do some damage.
Quote:
Originally Posted by bitpicker
...Linux viruses fail to be successful because they cannot propagate, mostly because if they use mechanisms like worms do, such as sending themselves to everyone in the address book, they end up on Windows computers where they don't work. I find that hard to believe: don't you, as Linux users, have address books with a decent percentage of other Linux users in? I know I do. We're not all islands, are we?
|
I suspect one of the main reasons this sort of technique works less well on Linux than on Windows is due to the larger variety of software in use on Linux.
For example, pretty much every Windows user I know runs some version of Outlook as their mail client. The Linux users I know are split between KMail, Evolution, Thunderbird, and others, each of which has significantly different addressbook modules. Having to cater for so many possible configurations means a virus is less likely to succeed.
Secondly, think of it from the virus writer's perspective: assume takes them the same amount of effort to write a Linux virus or a Windows virus. Which would you write?
|
|
|
10-28-2008, 09:02 AM
|
#5
|
LQ Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
|
Quote:
Originally Posted by bitpicker
But was that Trojan listed as Linux malware?
|
I don't think it was.
|
|
|
10-28-2008, 09:18 AM
|
#6
|
Member
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Original Poster
Rep:
|
Quote:
Originally Posted by Spudley
If you're asking whether you should bother to run antivirus, I would say yes, you should. For a start, just because there's no obvious threat now, doesn't mean there won't be one next week; you need to be prepared.
|
I myself am not asking, in fact I haven't bothered to run antivirus software since I switched to Linux five years ago. I doubt, at the rate I devour Linux news, that any virus signature file will be updated to include a genuine Linux virus before I get to hear about it. And heuristics suck in Windows alone already; I doubt that current antivirus software even has heuristics and behavior analysis valid on Linux systems.
I personally am quite convinced that Linux antivirus software is a waste of time and resources, at least for the time being. And with Linux user and permission management being far more sensible than what you find in Windows I believe that this will remain to be so in the foreseeable future.
Quote:
And also, there are reports of some Windows viruses actually working under Linux, using Wine or similar. Granted they probably won't work fully as intended, but they could still do some damage.
|
That is something to keep in mind when you run Windows software from questionable sources using Wine. As an automatism (infection because you get an e-mail attachment or a drive-by download and you happen to have Wine installed) I think it is rather less likely.
Quote:
I suspect one of the main reasons this sort of technique works less well on Linux than on Windows is due to the larger variety of software in use on Linux. (...)
Having to cater for so many possible configurations means a virus is less likely to succeed.
|
That's true, even on a more fundamental level than applications. I mean, you just have to look at legit binary-only non-open-source software for Linux to see how hard it apparently is to make something that actually works on more than a couple of distros.
Quote:
Secondly, think of it from the virus writer's perspective: assume takes them the same amount of effort to write a Linux virus or a Windows virus. Which would you write?
|
That's true, too. I don't think Linux will ever have an interesting market share unless MS keels over and dies. Then again, people used to be in this for the challenge.
Robin
|
|
|
All times are GMT -5. The time now is 07:14 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|