• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

are there linux viruses?

S

supernova87a

Senior member
I've always heard that linux is less susceptible to virus infection because usually individual users can't perform many commands that would require root. But can't users still initiate network connections and run programs? Do we just not hear about linux viruses b/c there are fewer linux users? Or do people even write linux viruses?
 
There have been a couple of Linux viruses, yet all rather harmless.

One reason why it's so hard to write a good virus for Linux is its strong security (that is, compared to Windows): if a virus happens to infect the system, it does not have the necessary permissions to perform 'root'-actions, unless it's activated by the root itself (so don't open email-attachments while you're 'root'. But why should you, eh?).

A nice thing about Open Source OS's is that exploits are quickly discovered (bugs in the kernel are usually detected within a couple of days, till around a week) and fixed (if possible, the next hour/day a fix or update is available). This gives viruses little chance to do anything harmful aside from deleting the user's 'home'-folder.
 
Second factor would be user behavior. Going out on a limb a bit, but I would venture to say that the vast majority of Linux users are more technically savvy than the vast majority of Windows users, and so are less likely to behave in such a way as to infect themselves.

The OS also helps their own protection, by providing the tools to control access on a very granular level.

--Woodie
 
One of the worst "viruses" ever to have hit the internet was the original Internet Worm from 1988. Although it primarily affected Sun boxes, it certain disproves the idea that such problems do not exist on the Unix side.

Linux (or any other Unix for that matter) offers NOTHING that would prevent the spread of viruses better than what NT offers. The secure filesystem is the key.

This assumes, of course, that you do not run infected programs as Administrator (or Root). I'm ashamed to say that most people I know log into their NT/Win2k/XP computers as Administrator on a daily basis. This is the Unix equivalent of leaving yourself logged in as Root on a daily basis. It's asking for trouble.

If you only log in as a regular user on the NT side, you do not have write permission to system files (as of NT 4 Sp3, and ONLY if you are running NTFS). Then, even if you ran a virus infected program or trojan horse, you could only trash your own files. But if you're running Win9x or NT on FAT32, you're out of luck.

 
People are probably less likely to target Linux with a virus, though, because of the smaller user base (and the fact that the coders probably think Windows users deserve to get one more than Linux users).
 
I've been programing for linux for several years now, from the simplest hello world too a keyboard sniffer. There is nothing that makes Linux less suseptable to viruses than any Windows NT other than the fact that people arn't trying to write Linux Viruses... Fact is there isn't really a point to for these "hackers", they're out to cause as much greif as they can to as many people as they can, this means writing Windows viruses. There are a lot of people who beleive exactly what you do, there are even people out there who will swear all up and down that it is litterly impossible to write a viruse for Linux. Fact is the only thing that's keeping Linux users safe is lack of intereste.



<< There have been a couple of Linux viruses, yet all rather harmless.

One reason why it's so hard to write a good virus for Linux is its strong security (that is, compared to Windows): if a virus happens to infect the system, it does not have the necessary permissions to perform 'root'-actions, unless it's activated by the root itself (so don't open email-attachments while you're 'root'. But why should you, eh?).

A nice thing about Open Source OS's is that exploits are quickly discovered (bugs in the kernel are usually detected within a couple of days, till around a week) and fixed (if possible, the next hour/day a fix or update is available). This gives viruses little chance to do anything harmful aside from deleting the user's 'home'-folder. >>

 
If you only log in as a regular user on the NT side, you do not have write permission to system files (as of NT 4 Sp3, and ONLY if you are running NTFS). Then, even if you ran a virus infected program or trojan horse, you could only trash your own files. But if you're running Win9x or NT on FAT32, you're out of luck.

wow that's the same for Linux.. I can't edit/delete system files when logged in as someone else besides root.. Linux offers multiple filesystem types too (even NTFS).. I don't know if it can use secure filesystems or not (most likely it can), but I doubt that's really the problem.. if the programmer for this virus is clever enough, he/she can get around all this 'root/admin' bullsh!t somehow.

on an interesting note, I know a virus for Linux existed that was created to FIX a security hole that was found.. lol, neat concept eh?
 


<< I don't know if it can use secure filesystems or not (most likely it can), but I doubt that's really the problem.. >>



When I said secure filesystem I MEANT that it has strict permissions for each and every file, and that the operating system will not allow just any user to access/modify files to which they do not have permission.

My point was simply that ANY operating system that has such a filesystem (NT,Linux,*BSD,etc) will be much less susceptible to viruses than traditional Windows (3.0,3.1,W95,W98,Wme).

BUT, of course once a program gains superuser access, it can fly right by these permissions anyway. That's how most Internet network-based security exploits (worms) seem to work today. And there are just as many of those for the Unix side of things as for the Windows side, if not more. We just had a RedHat 7.0 box hacked the other day. The stupid admin hadn't even installed the LPRng patches to fix the notorious Ramen worm... The funny thing was that the hacker left the bash shell history file intact, so we were able to see EXACTLY what he had been doing... 😛
 
I think it comes down to the file permissions for the most part.

On a Linux system a virus cannot install itself into binaries used by other users on the system. Even though Windows NT/2000/XP have NTFS, the security model is different. Windows programs generally require installing DLL's and such into system directories. This is actually not the fault of Microsoft's OS team as much as the software developers (including Microsoft). Linux users can install and run programs out of their home directory just fine, most Windows programs do not allow this.

I have come across very few Windows NT/2000 machines where the system directory and all the DLL files were secured. I actually spent about a day and half securing all the permissions on a NT machine as tight as possible. (I had two copies of NT on the machine, so if I tightened something too much I could fix it). Does anyone know if Windows XP is improved in this regard? On a Windows XP install, are the only directories a user can write to their home profile directory structure and the temp directory? I kind of doubt it.

All that said, someone still could write a dangerous Linux worm or virus. It would just have to exploit a security hole. Someone could easily write a worm that attacked the next sendmail or bind security hole (I run qmail and djbdns on my Linux box). Someone could write a worm that attacked the next pine security hole and grabbed the list of users on the system and e-mailed it to everyone else on the system and everyone in the address book. Pine has less security problems than Microsoft. My guess is there are on average 1 such exploitable holes in pine a year, 1 in sendmail, 2 or 3 a year in bind. So the only reason I can say that there aren't any Linux worms circulating is that those people writing worms do not feel like targeting Linux. If Linux ever becomes as popular as Windows I could see a half dozen worms circulating a year. That would still be an improvement over Microsoft. In addition, the patches would be available a lot faster.
 
Computer viruses arent any different then real viruses. They need a host. The more hosts present, the more oppurtunity to infect/reproduce. By leaps and bounds, the most widely used OS (host) is a Windows flavour. It makes sense that the majority of viruses are coded for Windows.
The majority of viruses these days, seem geared toward one of two things

1) Making a big splash/sensation (email worms like Gonner), usually set loose with the only real goal being to "See how far/how fast" it will go.

2) DDoS trojan/virus. Goal is to control as many high bandwith home boxes as possible.

Either way, Windows provides the best means to the ends.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top