Story: Increasing number of Linux viruses have Symantec, others offering more solutionsTotal Replies: 8
Author Content

Jun 18, 2004
9:26 AM EDT
What Viruses? Someone please show me the list. And I want to see "viruses", not buffer overflow exploits, not other bugs in applications. Buffer overflow exploit != virus. How do they get away with this false advertising? You do not treat a vulnerability in a service with anti-virus software. You patch the bug in the software. FUD

Jun 18, 2004
11:14 AM EDT
Why is Linux more secure then windows?

1. A user interface that was designed and implemented with security in mind: running untrusted code is a BadThing.

2. A good separation between users and "the system". Sane defaults for file permissions etc.

3. convenient and reliable methods for applying security fixes.

You must understand the "anti-virus" way of thinking. (1) and (2) are not relevant here: they generally help reduce the impact of security holes. But even OpenBSD had a remote root exploit once.

In a Linux distribution there generally isn't too much 3rd-party software. So you only need to keep to-date with the distro, and perhaps with a number of other programs (that you have installed, and thus are aware of them). However this is generally impractical in a typical Windows system.

Also keep in mind that people depend on various 3rd-party suppliers for their computer. It is not enough for MS to supply timely updates: all other software vendors must do the same. And since the software is not free, only its vendor can plug security holes for you.

So it is generally impractical to plug those holes (on a windows system). Workaround: hire a full-time-job guard. AV hopefully knows all the bad code which is not allowed to enter your system. AV gets updated every day or every week. Mr. AV is known to prevent the most obvious problems.

In Linux the "maintinance" of the software is the job of the distributor (a Linux distro, or a local sysadmin that deploys modified systems), and Mr. AV the guard is not needed.

And speaking of AVs: ClamAV is becoming better and better. It is certainly a good option for scanning mail, and can be also used to scan traffic from a proxy, files for samba, etc.

P.S: loved the site's spell checker. Please add OpenBSD to its dictionary?

Jun 18, 2004
11:27 AM EDT
Good post, tzafrir.

Regarding the spell check, see this thread that I just posted:


Jun 18, 2004
11:42 AM EDT
...Spell check...

I think that the browser should handle spell check. It wouldn't be that hard to have text areas automatically be underlined in red just like text in a word processor. Alternatively you could setup something to where you could right-click in a text area and then hit 'spell check'. It seems like this would work a lot better.

Any thoughts on this?

p.s. The auto-spell check feature IS nice though and works great. Until the browser supports it, this is a nice feature.

Jun 18, 2004
12:05 PM EDT
Acutally that's why I like KDE 3.2 I have aspell installed and set at default. It spell checks Kmail, Kopete, Ksirc, Konqueror, and those are the apps thatI have noticed. Not sure if it does none KDE apps but will have to look.

So the Basic OS should do spell checks since that is what opened up the text input windows anyway.


Jun 18, 2004
12:08 PM EDT
But still, it is not (should not) be the job of antivirus software to check for and plug security holes, not to mention that a "security hole" is not a "virus". Keeping your system up to date is the proper solution to fixing security holes. Antivirus software really isn't even a good solution to stopping viruses because in order to stop a virus the antivirus software must be aware that the viruses exist. The viruses that are spreading through the Widows world today spread so fast that the damage will already be done before the virus software vendor can even update their signature files. One of the main ways that viruses do get to all of the Windows machines is through known security holes and through social engineering (email attachments). There are serious security holes in Windows that have been known for years and still no fix. Nonexistent local security by default is another problem for Windows users.

Security and viruses do have to be kept separate issues when it comes to talking about antivirus software because antivirus software is only good on actual viruses, and only for viruses that the software knows about. Antivirus companies would like to lump all of the above into the "Virus" category because if they don't they will be out of business in the Linux world. I have yet to personally witness, or know anyone who has witnessed an actual virus in Linux or even UNIX in general and I have been doing this for 15 years. Again, I'm not talking about a "trojan" or a "buffer overflow". I'm talking about an actual virus by the true definition, not the AV revised version.

As I said, in order for a virus to actually have any chance on a Linux system it would have to work in conjunction with some security hole or be executed directly by someone who is logged on with administrative authority. Any such holes in Linux are plugged very quickly. I have my system set to automatically update itself every night. This is very easy to do and if anyone needs help setting this up just let me know. If for some reason an update wasn't immediately available for a vulnerability in Linux (I can't imagine this ever happening) then of course the source is available and the vulnerability could be fixed by anyone who is capable (unlike in the Microsoft world).

Again, please do not confuse viruses with security vulnerabilities as somehow being equal. They are related, but not the same.

Jun 18, 2004
3:02 PM EDT
peragrin... That's cool. KDE is doing some very nice things. I use XFCE, but I find myself using more and more KDE apps all the time.

Jun 18, 2004
6:44 PM EDT
Void_Main: I generally agree with what you say. But keep in mind that it doesn't take root to mass-mail and run simple TCP portscanning. Neither to connect to a site or an IRC channel and to carry on instructions from there.

Furthermore: while remotly-exploitable (no pun intended) security holes are generally fixed relatively fast, local security holes generally take longer time to be fixed. Thus there is a reasonable chance that the process of gaining root through a local account could be automated.


Jun 18, 2004
9:04 PM EDT
tzafrir, I totally agree with what you say, but again, those are *not* viruses. The title of the article starts off "increasing number of Linux viruses". I'm asking, where are the "viruses"? Root exploits and mass mailings are not viruses. They are not fixed by installing virus software. They are fixed by patching the system. That's like trying to pound in nails with a screw driver. It's the wrong tool. Show me the viruses is all I'm saying. There aren't any.

Speaking of mass mailings. This is something else I have done a lot of personal investigation on. I wouldn't be so quick to blame rooted *NIX machines for SPAM. I tracked every piece of SPAM I got for quite a period of time and over 99% of it came from infected Windows machines. I am pretty sure that not a single piece came from a "rooted" *NIX machine. Here are my analysis:

Oh, and for all you Windows users out there I have some free antivirus software on my site that you are welcome to download: This message was edited Jun 19, 2004 10:19 AM

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!