Well, so what?

Story: 2 examples of Linux capable malware, for the scepticsTotal Replies: 11
Author Content

Apr 07, 2009
8:08 AM EDT
Yes, yes, we all agree: computer viruses are indeed possible under linux. Fred Cohen demonstrated this back in '84, after all: http://all.net/books/virus/index.html

We also know that real viruses exist under Linux, and have existed since 1997: http://math-www.uni-paderborn.de/~axel/bliss/

But they just don't constitute an important problem. If you look closely, the kind of "file infectors" represented by Fred Cohen's virus and "Bliss" never got traction anywhere. Under MS-DOS and Windows, boot sector and "Word" macro viruses were the only really wide-spread viruses. And they arose because of peculiarities. MS-DOS got rebooted all the time, everyone rebooted multiple times a day. And PC hardware was almost always set to boot from floppy disk "A:". "Word" keeps macros in the same file as the "document" so "Word" macros can travel with a document.

Failed predictions of the rise of Linux malware have a long and inglorious history. This article is no different.

Apr 07, 2009
1:02 PM EDT
Two Windows viruses, that are actually dangerous, were very likely released into the wild in the time it took me to type in the word 'Two'.

Linux contributors take security seriously and act accordingly.

Linux has similar market share as Windows does in the server space. These servers ar a major target of hackers, and yet Linux does not exhibit the lack of security that Windows does.

The proof of the cook is in the tasting of the pudding, and Linux security pudding tastes great! (I think you are at risk of catching an intestinal disease taste testing Windows security pudding)

Apr 07, 2009
1:18 PM EDT
I do find it funny that both of his examples were only applicable not systems that are not updated.

Yes there are viruses for linux, but it has a very strong immune system that takes care of them. Unlinke windows where it has been on meds for so long that it never developed an immune system.

Apr 07, 2009
3:26 PM EDT
The article is not about Linux lack of security, it's about the possibility of exploits being used on Linux. Therefore there could be some function for a virus/malware scanner like clam av. even if you are not running a mailserver. Everybody knows Linux is more secure than windows. Windows security is a laugh, even windows users know that. But, people should be aware. Keeping your website up to date with patches is not easy for everybody, and some people feel like nothing can harm them because they run Linux. You have to agree, feeling like nothing can harm you is not a very good position when it comes to security. If you run Linux you are pretty safe compared to your windows running neighbor, but no computer system is indestructible. And yes, critical Linux security leaks are patched quickly most of the time as opposed to some known windows flaws (the hole os should be patched with a axe), this doesn't say they don't exist. Security should hold a much bigger place in the people's minds. That would make more people use open source, but that should not make them stop worrying about security.

Using Linux is just the start

Apr 07, 2009
3:36 PM EDT

> the possibility of exploits being used on Linux. Therefore there could be some function for a virus/malware scanner like clam av. even if you are not running a mailserver.

I couldn't agree more. I do occasionally scan my Linux systems. I keep them up-to-date as much as possible, and for the most part (Slackware user here) it's pretty easy.

I'm not worried about a virus, but I'd sure hate to be the first to get hit. It's an OS, so it's guaranteed that at some point there will be a virus that goes somewhere. One of the Shakespeare monkey things.

Apr 07, 2009
3:42 PM EDT
psst, need to differentiate between the OS and software that runs on it. These are software exploits not OS exploits. Thanks for the sensationalist click me headline headline though.

Apr 07, 2009
5:23 PM EDT
No Linux users need a virus scanner. If you run a Windows network then a Linux-based scanner has a place in your security architecture. But bogging down a Linux system to check for Linux viruses is a waste and a false sense of security. The examples given in the article don't even make sense; one cites a vague article about a compromised .htaccess file. Since an intruder gained write access to that server, that server has a whole lot of problems in addition to a bogus .htaccess file.

The other example, running an unpatched Joomla site, is an equally useless example.

Since when is keeping any Linux system up-to-date, whether it's a Website or something else, difficult? Way back in olden times I created cron jobs to update my systems at whatever intervals I felt were appropriate-- daily, several times per day, whatever. Now we have these nice update managers that tell us when updates are available, and I still use cron.

Any admin who knows what they are doing does not depend on virus or malware scanners in place of sound system administration. They keep their systems current, they review logfiles using any of dozens of helpful logfile analysis tools, they use Snort, and these days, as Web servers are popular attack targets, they harden their servers with AppArmor, Grsecurity, or SELinux, which are very effective at preventing intrusions and preventing privilege escalation in the event of a successful intrusion.

Please don't write about Linux security until you learn a whole lot more about it. Linux is not Windows; it is actually secure-able, and unlike Windows you can trust updates.

Apr 08, 2009
1:14 AM EDT
@ azerthoth

Thanks for the sensationalist click me headline headline though.

You make that sound like a bad thing...



Apr 08, 2009
4:39 AM EDT
Quoting:Since when is keeping any Linux system up-to-date, whether it's a Website or something else, difficult?

It's notoriously hard to keep websites and CMSes up-to-date. More often than not you end up having to port your website instead of simply upgrading the CMS you built it with. The problem here is two-fold:

1) A lot of CMSes require code customisations to the framework which will get clobbered the next time you upgrade. 2) CMSes aren't all that faithful about backporting security fixes to older releases, forcing you to choose between porting your website (lots of work) or going without the security fix.

This doesn't apply to all CMSes (Drupal seems to be doing a better job than most) but it's a big problem.

Apr 08, 2009
11:10 AM EDT
Thanks Sander, I didn't know that.

Apr 08, 2009
12:59 PM EDT
This is all good information, but again, So What? We still have the question of why the linux-using population has not and does not see epidemics the way that Windows does.

From an epidemiological standpoint, I guess that a fractured hardware and software base give the population a lot of resiliancy to viruses. Cast your mind back to the Age of Worms, 2002 or so. Some worms for linux existed, Slapper, for example. It had provisions for a number of distros, but not more than 25. If you didn't run a stock Apache server for the distro, your machine had immunity. I wanted to see that worm, so I actually re-compiled Apache with HTTPS in it so I could see probe attempts.

From a sociological standpoint, I would guess that the "Keep 'em in the Dark" attitude that proprietary software vendors (like MSFT) have towards their users, and its subsequent pervasion of the entire Windows-using-culture accounts for a lot of the PEBCAK that current phishing and botnets depend on for transmission. I only run a stock Slackware kernel for a few hours days after I upgrade to a new version, for example: I try to optimize for my hardware (AMD vs Intel, uni- versus multi-processor) and peripherals. I also turn on a lot of run-time tracing information in Apache and sshd and ntpd. A user accustomed to "that's just the way it is" from MSFT and community leaders will not even think of doing that sort of thing, nor will they review event logs every so often.

But have any anti-virus software vendors looked into these sorts of things? Noooooooo!

Apr 08, 2009
1:09 PM EDT
Quoting:a fractured hardware and software base give the population a lot of resiliancy to viruses.
By that reasoning, Windows should have lots of protection (fractured hardware base), or the BSD's should have very little protection (software monoculture).

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!