LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-28-2008, 06:31 AM   #1
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Blog Entries: 14

Rep: Reputation: 35
Linux malware myths and facts


Whenever someone asks about Linux virus protection replies usually say that viruses target Windows mostly, so virus protection on Linux is mostly for protection against transferring Windows viruses to other Windows machines. So far, so good.

Many people, however, seem to believe that there are indeed at least a small number of active viruses for Linux. I have tried to research that topic but with the exception of a worm infecting Linux servers in 2001 I haven't seen anything about actual malware infections on Linux systems (rootkits installed by some attacker or other targeted attacks on individual computers aside, this is just about the untargeted mass malware angle).

You also often find the statement that Linux viruses fail to be successful because they cannot propagate, mostly because if they use mechanisms like worms do, such as sending themselves to everyone in the address book, they end up on Windows computers where they don't work. I find that hard to believe: don't you, as Linux users, have address books with a decent percentage of other Linux users in? I know I do. We're not all islands, are we?

So, is there even a single real in-the-wild Linux virus apart from the above-mentioned worm? Is there a real Linux virus signature in clamAV or whatever? Has anyone of you ever heard of a successful or unsuccessful Linux virus other than proofs-of-concept?

Robin
 
Old 10-28-2008, 08:25 AM   #2
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301
I know that whatever small number of viruses may appear, these use some type of exploit, but the exploit is fixed very quickly unlike in Window$ where development is stagnant and where they cover up exploits as long as possible to delay having to release a fix. That's the main difference that accounts for much of the discrepancy between malware on Linux vs Window$.

The biggest thing you may have to worry about with Linux is rootkits, so using rkhunter and chkrootkit is usually enough to protect yourself from these kinds of things. Of course a firewall is mandatory. Although I do have clamav installed, so far it has only detected one trojan hidden in some sites I saved to disk. From what I saw the trojan was not active and had no means of becoming active. Even trying to run viruses through wine will not work, there was an article on this.
 
Old 10-28-2008, 08:41 AM   #3
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416

Original Poster
Blog Entries: 14

Rep: Reputation: 35
But was that Trojan listed as Linux malware?
 
Old 10-28-2008, 08:52 AM   #4
Spudley
Member
 
Registered: Mar 2003
Location: Berkshire, England.
Distribution: SuSE 10.0
Posts: 299

Rep: Reputation: 32
If you're asking whether you should bother to run antivirus, I would say yes, you should. For a start, just because there's no obvious threat now, doesn't mean there won't be one next week; you need to be prepared. And also, there are reports of some Windows viruses actually working under Linux, using Wine or similar. Granted they probably won't work fully as intended, but they could still do some damage.


Quote:
Originally Posted by bitpicker View Post
...Linux viruses fail to be successful because they cannot propagate, mostly because if they use mechanisms like worms do, such as sending themselves to everyone in the address book, they end up on Windows computers where they don't work. I find that hard to believe: don't you, as Linux users, have address books with a decent percentage of other Linux users in? I know I do. We're not all islands, are we?
I suspect one of the main reasons this sort of technique works less well on Linux than on Windows is due to the larger variety of software in use on Linux.

For example, pretty much every Windows user I know runs some version of Outlook as their mail client. The Linux users I know are split between KMail, Evolution, Thunderbird, and others, each of which has significantly different addressbook modules. Having to cater for so many possible configurations means a virus is less likely to succeed.

Secondly, think of it from the virus writer's perspective: assume takes them the same amount of effort to write a Linux virus or a Windows virus. Which would you write?
 
Old 10-28-2008, 09:02 AM   #5
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301
Quote:
Originally Posted by bitpicker View Post
But was that Trojan listed as Linux malware?
I don't think it was.
 
Old 10-28-2008, 09:18 AM   #6
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416

Original Poster
Blog Entries: 14

Rep: Reputation: 35
Quote:
Originally Posted by Spudley View Post
If you're asking whether you should bother to run antivirus, I would say yes, you should. For a start, just because there's no obvious threat now, doesn't mean there won't be one next week; you need to be prepared.
I myself am not asking, in fact I haven't bothered to run antivirus software since I switched to Linux five years ago. I doubt, at the rate I devour Linux news, that any virus signature file will be updated to include a genuine Linux virus before I get to hear about it. And heuristics suck in Windows alone already; I doubt that current antivirus software even has heuristics and behavior analysis valid on Linux systems.

I personally am quite convinced that Linux antivirus software is a waste of time and resources, at least for the time being. And with Linux user and permission management being far more sensible than what you find in Windows I believe that this will remain to be so in the foreseeable future.

Quote:
And also, there are reports of some Windows viruses actually working under Linux, using Wine or similar. Granted they probably won't work fully as intended, but they could still do some damage.
That is something to keep in mind when you run Windows software from questionable sources using Wine. As an automatism (infection because you get an e-mail attachment or a drive-by download and you happen to have Wine installed) I think it is rather less likely.

Quote:
I suspect one of the main reasons this sort of technique works less well on Linux than on Windows is due to the larger variety of software in use on Linux. (...)
Having to cater for so many possible configurations means a virus is less likely to succeed.
That's true, even on a more fundamental level than applications. I mean, you just have to look at legit binary-only non-open-source software for Linux to see how hard it apparently is to make something that actually works on more than a couple of distros.

Quote:
Secondly, think of it from the virus writer's perspective: assume takes them the same amount of effort to write a Linux virus or a Windows virus. Which would you write?
That's true, too. I don't think Linux will ever have an interesting market share unless MS keels over and dies. Then again, people used to be in this for the challenge.

Robin
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 22 08-17-2008 01:05 PM
LXer: Some VistA Myths and Facts LXer Syndicated Linux News 0 07-14-2007 07:31 AM
LXer: <em>Get the Facts:</em> Microsoft Says Recovery from Malware Becoming Impossible LXer Syndicated Linux News 0 04-04-2006 05:03 PM
FYI: Malware Myths and Misinformation (SF article) unSpawn Linux - General 5 06-03-2003 12:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration