FUD taken to a new level?

Story: Grisoft predicts Linux virus plagueTotal Replies: 13
Author Content
helios

Oct 12, 2005
7:06 AM EDT
As the page loads, the sidebar contains this statement: Linux will soon be widely targeted by virus and malware writers Click Here!

The "article" falls under sales blurb status and is completely devoid of fact. HOW are malware writers going to execute their evil warez in LInux? I want to know specifics here...are they going to attack the Linux registry? Oh that's right...Linux does not depend on a registry, The Linux file system is a bit more secure than that.

This is just fodder for the Windoze sites to make them feel better. Let me get my facts straight on this and I will address it personally and publically to the author.

whaddaya think about it?

helios
tadelste

Oct 12, 2005
7:23 AM EDT
Generally, I think of Grisoft as a pretty decent bunch. I had a lot of considerations when I found this article in the pending queue. I wondered if they knew something I didn't. I'm hoping for a thread from "experts" in Linux virus matters.

If Linux virii start showing up, they would have to be pretty nasty. I have only encountered one and it didn't hit my computers. I helped the ISP recover his server and that was seven years ago. Even at the time, I suspected an exploit via root kit or back door. I didn't find the root kit.

The Microsoft virus problem lives in the design of Windows: Netbios ports, object linking and embedding, client-server dll's locked so non-Microsoft software can't get hold of API's.

With the large percentage of Apache servers running on Linux, you think people who want to "own" a website would have come up with something already. Sun claims they have never had a virus.

Grisoft is in the anti-virus business, so I wonder what they have uncovered about which we don't know.
PaulFerris

Oct 12, 2005
7:37 AM EDT
It's true, I just encountered a real-live Linux malware virus in a FireFox session!

The thing executed a java program, which prompted me for extended priviliges. I clicked the "Okay, you may have God-like root access to my system" button. Then the thing prompted me for my root password.

This took several tries, as I had forgotten what it was, but finally, there it was -- executing an Ubuntu-specific root-kit install on my box!

Wow! I thought, I need to go out and purchase some new malware package to avoid this in the future!! The world is coming to an end, my Linux box is no where near as secure as I thought it was...

I scoured the net, and couldn't really find anything that seemed to have all of the bells and whistles I'd expect (you know, stuff that has maybe a robotic arm attachment to prevent me from being stupid enough to key in the root password so the exploit will run properly).

Too bad it was a live CD. Maybe next time I'll be able to keep the thing permanently on my computer. If the malware doesn't get installed properly, no good market is going to exist for stuff like off-the-shelf commodity anti-virus software.

--FeriCyde
dinotrac

Oct 12, 2005
7:41 AM EDT
Paulie, Paulie, Paulie...

You, in your sweet, childlike way, fail to appreciate the danger of Linux viruses. I mean, one good avian flu, ebola, or some such thing, and poor Linux will live to program no more.

Oh! Wait a minute!!

He spells it LinuS, doesn't he?

Never mind.
jabby

Oct 12, 2005
7:46 AM EDT
I agree. There is just no way that viruses can proliferate in the heterogeneous and hostile environment of Linux. The only potential here is for application-specific malware and worms that exploit flaws in network-aware applications. This has nothing to do with Linux security. It is a red herring. The real problem at that point is design, software coding practices, languages and validation tools. As those steadily improve, even these worms will become more and more rare.

Even if viruses were written for Linux, there wouldn't be enough money in it. If the real crackers are really in it for the payoff that comes from controlling enormous numbers of victimized systems, the fact that there are so many different versions of Linux will prevent that number from ever being large enough.
tadelste

Oct 12, 2005
7:56 AM EDT
I have a thought that anti-virus software makers are behind the virus plague in the first place. Without virus, they would cease to exist.

It's like hunger in the US. If you dismantled the majority of NGO's and government organizations that provide food for the hungry, took the funds and just gave people vouchers, the cost of feeding people would go down dramatically (according to many organizations like the Hunger Project). The organizations that exist to fix the problem perpetuate the problem.

So, did some Scottsman (sic) invent the first computer virus?
phsolide

Oct 12, 2005
9:27 AM EDT
Suspecting anti-virus vendors of fostering the plague is nothing new: that's gone on almost from the time of the Michelangelo virus panic, that got McAfee into the big time. The AV people get so defensive about these accusations so consistenly, you really have to wonder.

The first virus, chronologically, may have been Elk Cloner http://www.skrenta.com/cloner/ although Fred Cohen's work ( http://all.net/books/virus/index.html ) appears totally independent of it, and the first widespread Pee Cee virus, "Brain" seems independent, too.

Linux viruses do exist:

http://virus.enemy.org/virus-writing-HOWTO/_html/index.html http://www.f-secure.com/v-descs/staog.shtml http://math-www.uni-paderborn.de/~axel/bliss/

Heck, even shell script viruses exist: http://cm.bell-labs.com/cm/cs/who/doug/v101.ps

I agree that Windows design and complexity has more than a little to do with its plague of viruses. I'm reading Peter Szor's book "The Art of Computer Virus Research and Defense", and I'm continuously amazed at the ultra-byzantine nature of Windows programming. Chapter 12, "Memory Scanning and Disinfection" illustrates the baroque Windows architecture. The book constantly reminds me that every bizarre hack and sloppy trick in existance, from self-modifying code to allocating from a specific end of the head has been made into an institution, enshrined in a particular Win32 function.

There's also an enormous (for computer stuff, anyway) history of predicting that viruses will show up Real Soon Now for Linux, or Unix, or ______ (fill in the blank). Strangely, the threat never materializes, and the AV people who got the PR Hit never acknowledge the failure of the predictions.
tuxchick

Oct 12, 2005
9:27 AM EDT
I agree with Helios- let's see some specifics.
sbergman27

Oct 12, 2005
10:05 AM EDT
Paul,

The same thing happened to me... and it did not even require the root password!

I went to a site ( http://www.zombo.com ), and a bar popped up at the top of the browser screen that said that I needed a plugin to view the content on the site. It asked if I wanted to install it. Well, not wanting to be deprived, I said "yes" of course. It then asked if I wanted to install something called "flash". Well, that's an exciting sounding name. So I said "yes".

I went back to the site ( http://www.zombo.com ) and it was great!!! If you've never been there, it is a site that is "full of promise".

But ever since then, all manner of nasty things have been happening on my computer. I go to sites that used to be quite viewable and informative, but can't read the content because I never know when a window is going to pop up with absolutely the most obnoxious and distracting animated content... with *sound* even! Often, both sidebars are totally infested with these aggravating, animated, noisy pests all vying for control of the sound card.

So... I've stopped going to those sites. But most of all, I've stopped going to that first site ( http://www.zombo.com ) because I just don't think that their content, interesting and informative as it might be, was really worth them giving my Linux box this nasty virus.

-Steve

PaulFerris

Oct 12, 2005
12:06 PM EDT
Steve: you need to go to special sites for this functionality? Didn't you get annoying enough graphics right here on LXer.com when dean and I did the Penguin/Counter/Penguin thing?!?
sbergman27

Oct 12, 2005
12:37 PM EDT
Paul, you ignorant slut,

I thought those were family photos that you two had sent in.

Oh, well... never mind!

-Steve

peragrin

Oct 12, 2005
12:54 PM EDT
Actually I think virus writers have taken advantage of the massive design flaws in Windows and used them to promote/hype themselves. Active X Had known model security flaws the day it was released. 2-3 years later those flaws were taking over the Net.

It is kind of why I hope Vista would of been a complete clean room re-write. with Virtual PC providing the old style software the ability to run. Sort of like Classic for OS X, or wine for Linux A secure enviroment.

of course MSFT is gonna fsck it all up. But hey that only makes more room for Linux nd the BSD's to step in.

With 13 flavors of Vista, each being unique MSFT has taken the one thing that has slowed down linux. a lot of different distro's. That aren't always easily compatible.
tadelste

Oct 12, 2005
1:01 PM EDT
Guys: We turned phsolide's comment into the "comment of the day". The traffic is high. Anything you might add like links, etc. might better serve us posted there:

http://lxer.com/module/newswire/view/45145/index.html
MESMERIC

Oct 12, 2005
2:21 PM EDT
My sister will never be infected by such malware. Why?

She doesn't know her own root password - only me!

If only I could hide the root password of everyone I install Linux - that'd be pretty sweet.

There won't be a Linux Virus plague. I bet my money on it It is nothing but a publicity stunt to come up with such statements Self-Advertising for web hits.

Firstly, most services (virus-spreading services) are switched off by default. If they are not - most Linux users get round doing it sooner or later.

Linux comes with a firewall (IP tables) enabled by default. It has priviledges control. And SELinux hardens that pretty much more.

Then how would a Linux virus spread? from machine to machine?

If by email - well there are N mail clients to choose from. So it can't be a virus but a worm (spread by itself rather then user intervention)

Of course, you have to think hard like a virus-writer to stipulate how such feat could be achieved.

Maybe one way would be to infect the kernel itself. The kernel itself (now infected) would have to spew out buffer-overflow noise out on the net targetting random IPs @ some popular port - then the newly infected kernel would repeat the procedure.

Kernel image is kept at /boot .. that has a lot of lock downs. So you probably have to change the priviledges of /boot and the kernel first before you are free to infect it a-la ELF style.

Please don't get concerned, I never wrote a virus in my entire life. I am just entertaining fiction here.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!