Linux Virus: A False Sense Of Security
There seems to be a false sense of security among some Linux users. The number of malicious programs specifically written for GNU/Linux has been on the increase in recent years and in the year of 2005 alone has more than doubled: from 422 to 863. Some security consultants will argue that Linux has fewer viruses/malwares because it is less attractive as a target for having a smaller user base (compare ~90.66% Windows vs ~0.93% Linux). You may call me a traitor but I agree with that assessment. There is no reason why we will not see a rise of malware designed for Linux as it becomes more mainstream among ordinary users.
I’ve heard so many times from beginners “do I need an anti-virus?”, “Linux has no viruses”, “There’s no way a virus could infect a Linux box”. This is the false sense of security that many new Linux users are dealing with today. Most are just starting out as Linux users and have no idea about the risks and safe actions to take. Newbie Linux users tends to feel safe with statements they read about how the Linux OS could never be infected and if so could never be executed because of the way files works under Linux.
Linux does have its share of viruses, trojans and worms but would the Linux infected binaries really need to be exclusively executed by root for a major system apocalypse? Although in most cases the system programs are owned by root and the user is just running the program from a non-privileged account. Some people will argue that for a system wide infection, the infected binary would have to be derived exclusively from root and as a non-privileged user, by running an infected program would only effect the users /home directory and not a system wide infection.
There is a method to infect a system wide Linux OS without the need to become root, this procedure is a commonly known as “Privilege escalation” –
“Privilege escalation is the act of exploiting a bug or design fault in a software application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with more privileges than intended by the application developer or system administrator” (Privilege escalation).
Its not very likely that Linux malwares will ever compare to that of the Windows viruses and even more unlikely that Linux will ever see its share of the same issues with malware as the Windows operating system. If you take into consideration the email-borne viruses that Microsoft has, they are all executable and are in most cases executed by the user, whereas with Linux you would have to save the file make the file executable and manually run the file. Windows XP automatically makes the first named user an administrator, with the power to do anything to the system. Linux on the other hand uses the first named user as the root administrator but does not allow root login on boot-up.
As a Linux user, using the repositories, md5 checksums and using root privileges only when necessary are just a few ways to to guard against an intrusion. SSH is often the first point of entry to a Linux system but it’s not the last line of defense. Using a strong password and anti-virus software should always be common practice for any OS and could potentially limit the risk of a system catastrophe.
Safe computing….
Loading ...
Rubbish.
Anti-Virus software is just ineffective.
Being wary about what connections you make to other computers and what programs you install is the real strength of linux security.
Anti-Virus software is just a smoke screen.
If what you are saying was true everyone would have to install every anti-virus software there is because they all find different things.
It just does not work.
What a load of crap, you just mooted your own point.
The only reason you would need anti-virus is to search your samba shares to stop any connecting windows machines from getting a virus stored on the share. Even then the windows machine should have its own anti-virus.
Malware can only affect a users profile, if at all.
The only issue would rise if a user was stupid enough to run as root the whole time, and manually make random executables they find executable and run them.
SSH is an easy way in, but if you don’t use it, turn it off, like with any other services you don’t use. Otherwise choose a strong password.
As Tom said, if you anti-virus software detects a virus, it’s already too late. I wouldn’t trust a machine that had a confirmed virus detection. The key to a virus free existance is to not expose yourself in the first place.
If your anti-virus finds a virus, then its doing its job, duhh, besides, take off your rose colored glasses people, linux is not virus free.
The SSH issue is already commented, but just to add a few things. The security of SSH and any other protocol has very little to do with “Linux virus”. It looks like the title is an aim to get attention.
Good practises for SSH if it needs to run on a regular basis:
- change its port to some high odd number
- add to that either a strong password or in my view preferably a strong key
If so doing SSH is a very safe protocol and difficult to compromise.
Sorry for making another post so soon, but I forgot one thing.
The basis for the article is a spin on another article using Kaspersky as the source. Besides self-interest it’s good to know that Kaspersky has done the exact same announcement for several years. If you go to Linux.com you find in its archive a nice list of Kaspersky’s announcements.
It would be good if another more reliable source could be found that constructively dealt with the question. We need some real hard evidence on how viruses could affect Linux. As it is now there’s only one virus being successful and still it’s jailed in user space, and if it eventually by user interference could get root access it could only open a back-door which has to be exploited by brute force by a hacker. I don’t say it’s impossible that we’ll see viruses for Linux, but we need some better information than Kaspersky jumping up and down once a year.
Like most Linux users, I engage in unprotected emailing, browsing and downloading. In 8 years of intensive usage, I have had no problem and no close calls. That is not to say that it can’t happen, but the likelihood is so low that I am willing to take the chance.
At best, Linux AV programmes are nuisances. Linux AV is so rudimentary that it is useless. I once tried to get it to scan automatically and decided it was easier to re-build my hard drive from scratch than to get dazuko to work. Since the chance of infection is so low and since you have to be an idiot to get infected in the first place, I am willing to take the chance.
For me it is just a question of playing the odds. The chance of infection is low if you play it smart and the chance of getting Linux AV software to be effective in stopping a virus is equally low. Therefore it is not worth my time.
I used to want to be a good netizen and help Windows users by not spreading their viruses, but I no longer care about that or sympathize with them. Use Windows and you deserve what you get is my philosophy.
Are you the new Linux troll on the block now that LHB is gone?
Your last article want a crappy rant and this one is only semi-factual. Your Linux numbers are not accurate. Ubuntu claims 8 million individual installs and Fedora claims 10 million. That alone puts Linux way above your <%1 (from NetApps, right?) statistic.This doesn’t include the approximately 2 million Linux-based netbooks that have been sold.
Linux OSes are way too diverse to be a big target. There are too many kernel and GCC versions, and too many of the installed systems have varying base components or DEs. Worms have a hard time taking hold in this kind of situation, and that doesn’t count ELF fragility.
The best defense is to keep your system up to date, never install programs outside trusted repositories, and mount your /home directory noexec. If there can be no executable programs in your user area, what chance is there of a drive-by?
Saying that Linux can’t be exploited is silly, but the PWN2OWN contest left only one system standing, and it wasn’t Vista or Mac.
Up your game, dude.
Oh come on.
Don’t scare the newbies.
The one main thing to know about linux viruses and linux is that the linux user environment is very inhospitable to viruses. Also, it hasn’t been very many times since a linux machine has been infected with a linux virus. Maybe it has happened more. But, i’m not going to really worry about linux viruses given the fact that linux is a very good self contained bomb shelter with responsible restricted access.
Anti-virus are useless, once you’re infected you can never be sure your computer is fully secure. I would rather format and reinstall then use a antivirus program to supposedly remove the virus.
That’s what I love about mac’s, everybody is so confident in that they aren’t exploitable. Little do they know, lol.. ;) Same goes for Linux but the true ignorant user is a mac user.
The user is always the biggest problem. When Linux becomes more mainstream, too many stupid Ubuntu users are ready to install any .deb they find in internet. That means trouble.
mikko
[Lightweight Linux
Of course you can’t say Linux is 10000% secure and invincible and can never ever be
exploited, because Linux, like any other man-made invention is not holy, and not
100% complete.
But, the main difference between a Linux and any other system, in my opinion, is
that Linux is open-source, which means that there are millions of people around the
world contributing to it, which makes it evolve faster than any other system.
There are thousands if not millions of Linux developers around the globe, testing,
and debugging, and developing and fixing the Linux kernel.
Unlike Mac and Windows, which are closed systems.
And just like Linus Torvalds had said: “Given enough eyeballs, all bugs become
shallow.”
Erm, interesting article, but showing no proof that GNU/Linux has been infected on a mass scale?
I say “on a mass scale” since no operating system is completely safe. Ever. But no doubt that n00bs will run anything that pops up over the internet or compromise their system via human error. But _D_A_M_N_ I would find it hard to believe that GNU/Linux could become infected system wide, and Daeng Bo’s suggestion of disabling execution in the home folder/partition is excellent.
Its not very likely that Linux malwares will ever compare to that of the Windows viruses and even more unlikely that Linux will ever see its share of the same issues with malware as the Windows operating system.
http://newblogtopic.blogspot.com/
only FUD..
Ok as a newbie and risking the odds of not running any anti virus, how will i know i have a virus- besides maybe bugs crawling across my screen.
Also Daeng Bo you mentioned something about mounting your /home directory no excec, as a “icon” baby I am not familiar with this and was wondering if you can point me in a direction to further explain this
Thanks
pdho,
There’s no certain way to determine if you have a virus or not. Signs can include sudden application instability and/or system slowdown, but these are neither indicative of nor exclusively from viruses (though your average Linux-based OS should be extremely stable and consistent in speed). Running Clamwin once every couple of weeks should be enough to determine, but I run it on my USB key as often as possible so that I don’t spread Windows viruses.
To mount /home noexec, you’ll first need to put your /home on a separate partition, something I recommend anyway since it makes switching systems, running multiple versions of Linux, and reinstalling instead of upgrading really easy. Then, you’ll need to install and run a program called Mount Manager (using sudo or as root), find your /home directory, and uncheck the box which says “Permit execution of binaries.” If you’re unafraid of the command line, it’s a lot easier just to edit /etc/fstab directly (using sudo or as root) to add “noexec” on the /home line, looking something like this:
UUID=d13e2ec1-5983-4581-b0c8-d3d5efd44b8b /home ext3 relatime,noexec 0 1
I wish that Ubuntu offered this as the standard install option. It’s a lot safer and easier to recover from.
Hope that helps.
Daeng
Dude, you are so clueless.. the chances of getting a virus on
a linux computer by browsing the web and reading email
is so close to zero that it might as well be zero. Its not even
in the same universe as the Windows insecurity issues.
As far as “Dude, you are so clueless..” if this is directed towards me what makes you god that can judge others on what they wish to learn more about. I choose to learn about something and have chosen this forum to learn, why do have to bash others. According to you every time I get on line I am guaranteed not to get any virus what so every. Right?
Well I am in the process of learning and as a disgruntled MS individual i have heard how helpful Linux users are in the forums only to find that the so called “strong” will feed on the weak even in the Linux universe. Why don’t you start a hobby you known nothing about and learn how it feels to be humbled by what you don’t know. Once you have tried this a few times maybe the term “clueless” will have a whole new meaning and you will grow up to learn that everyone has knowledge but no one knows everything.
Thank you Daeng for your response
Well, I must be clueless. I have used Fedora for 7 years without an issue. Last week I was looking for a software on Sourceforge to help a 501c3 with volunteers. I found one called “VMOSS” and another caller “iVolunteer” Both are cross platform. I think iVolunteer was the culprit because it was labeled as faith based as well. (I think someone booby-trapped it because of the faith based part.). My box is destroyed I am talking on an M$ right now. So far I have been unable to even boot the box on a recovery CD. Yep, I must be clueless. It can’t ever happen to me, not on my Linux box, it only happens to dweebs using windows…
How can a web application hose your system? That doesn’t make any sense.
Linux is too difficult. Always getting errors when I try to install programs and you have to do everything from the terminal.
I am surprised the windows fanboys haven’t tried to write
linux viruses just to shut up the linux fanboys about viruses.
…..this is beyond user base…it would be bragging
rights and we know how people are about this……..
I hate ruin your argument girls but nothing is completely secure and I mean nothing… Also why in every forum I end up on do I see trolls trolling trolls?