Linux, Mac viruses on the rise

Seeruk

Senior member
Nov 16, 2003
986
0
0
'Popularity breeds contempt'

A succinct summary of many people's arguments that a greater surface area becomes more attractive to attack?

or....

Kapersky about to release a Linux/Mac AV program? :)

CNN

errr screw the CNN link ... this is better
 

doornail

Senior member
Oct 10, 1999
333
0
0
The source is extremely dubious here. A russian company that makes anti-virus software warning about viruses? Hey, I bet insurance companies report that many people need to buy more insurance. I'd like to announce that Doornail Lab's exhaustive study for 2004 through 2005 saw exactly 0.00 Linux targeted viruses and malware. A complete text of the report is available for $10,000.

There were only 863 cases of Linux attacks last year, while Symantec (Research) found 11,000 viruses and worms in Windows.

That's like saying 7 people got shot in Sweden and only 7 kinds of guns are used in Iraq so it's evensies!
 

unikuser

Junior Member
Apr 23, 2006
1
0
0
Those antivirus companies want to enter into linux/mac. Thats why they are generating these news.
 

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
A lot of the "security software" companies out there thrive on doom and gloom.

Security software is not an excuse for proper administration. At best all it can do is let you know some of the time if you've been infected (in which case it's probably time for a wipe). This is the case under pretty much every OS.

See my signature.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
Yes, no firewall/AV/Spyware blocker can counter being stupid...some OS's take it better (harder to totally hose a linux box as a normal user, harder to use a windows box as a normal user, so most are admin)
 

ForumMaster

Diamond Member
Feb 24, 2005
7,792
1
0
biggest problem with security apps today, is that the companies make the app very good at finding malcious content, but don't make the app itself resisten to these things. i doubt that viruses are on the rise for linux for one reason: not many noobs use linux and only noobs fall for the email viruses. therefor i doubt that that report is accurate. Mac viruses, OTOH, might be. i remember that my dad's mac back in what 1995? had antivirus software. and my friend's family only uses macintoshs and they use anti virus software. so i doubt that this report is accurate.
 

pcthuglife

Member
May 3, 2005
173
0
0
Could somebody clear up the whole "viruses on linux" issue? I remember reading somewhere that there are no true "viruses" for linux. The worst thing that could happen is the user launches a script to harm the machine, but the script will be limited to the same permissions as the user that launched it. Meaning that unless you launced the virus as root, the worst that could happen is your home directory gets deleted.

Is any of this accurate or am I way off?
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
That's pretty accurate. But the worst part is that most people only care about their personal data so a virus that deletes all of their MP3s is much worse than one that blasts /usr. Reinstalling Linux is much quicker than Windows too, so it's less of a burden to have to reinstall everything. There are some worms out there for Linux that attack BIND, sendmail, MySQL, etc but they're pretty uncommon.
 

xtknight

Elite Member
Oct 15, 2004
12,974
0
71
If you don't run under root you're a lot safer. Linux has lots of (hideable) dialogs telling you you shouldn't use root and lots of distros disable the account in the greeter. Windows' default power user mode is an invitation for viruses if combined with user incompetence. And now a Limited User might not be safe either: http://www.sysinternals.com/blog/2005/1...umventing-group-policy-as-limited.html

Lots of Linux distros automatically configure an iptables at high security as well (and this is an inbound and outbound firewall).

Linux also doesn't have IE by default. I don't think I even have to begin on that one. :)

It will be a lot harder for viruses to do damage in a typical Linux system than it will be in a typical Windows XP system today ("power user" from moment of installation/setup). Now, with Linux, you do have to enter a super-user mode to install some things, but this is like a 'Run As' with Windows. Slightly more time-consuming, but I'll take it any day for the security it gives me. Unfortunately documents can still be deleted in user-mode. But fortunately other user-mode things will prohibit viruses from getting even to that point.
 

drag

Elite Member
Jul 4, 2002
8,708
0
0
Originally posted by: pcthuglife
Could somebody clear up the whole "viruses on linux" issue? I remember reading somewhere that there are no true "viruses" for linux. The worst thing that could happen is the user launches a script to harm the machine, but the script will be limited to the same permissions as the user that launched it. Meaning that unless you launced the virus as root, the worst that could happen is your home directory gets deleted.

Is any of this accurate or am I way off?

Na.

In Linux it's very easy to make a virus.

If your a programmer and you want to write a virus for Linux it's not that difficult. There is even a detailed howto on it.
http://www.linuxsecurity.com/resource_f...n/virus-writing-HOWTO/_html/index.html

Seriously, that howto will teach you how to write a virus for Linux.


What the truth of the matter is is that although it's not difficult to write a virus for Linux it is very difficult to get one to spread. There was one virus a few years ago that made it around for Linux. It was around the Redhat 6.0-7.0 days.

This was due to the fact that Redhat was concentrating on making Linux 'easy to use' rather then being secure. It shipped in a configuration similar to Windows 2000. That is everything on, everything activated, everything installed by default.

Since then Redhat has learned a lot and now understands the value of 'secure by default' approach.

Even though since then Linux is much much more popular then it used to be there haven't had any more viruses detected in the wild.

Most of these viruses that you see are 'proof of concepts'. Academic excersises that never get into any end-user's computer.

Why does this happen?

Well I could go into the different security models in Linux vs Windows. How stuff is more compartmentalized, how in Linux things are setup in a more 'correct manner'. How even though the security model is very simple, it's very strong. Then the differences between having a monoculture or having very custom setups. Secure by default principals. Compiler tricks and all sorts of stuff. Something designed to be a multi-user environment from the get-go versus having to deal with the legacy of applications originally designed for a single user environment on Win9x.

So on and so forth.

Of course I can't say anything like that because somebody will say that it's just because Linux isn't popular.

Kapersky about to release a Linux/Mac AV program?

Anti-virus companies are the used car salesmen of the computer industry.
They perform a nessicary service, but anything they say should be held in suspicion and even contempt.

The truth of the matter there are some factors to think about when dealing with anti-virus in Linux.

1. Commercial anti-virus programs are badly written and often want more rights then they need. There have been a number of commercial anti-virus vendors that support Linux. Historicly they have openned up many more security holes in Linux servers and desktops then they closed. (problems they've solved so far are pretty much zero)

2. Anti-virus is worthless against rootkits. If somebody has gotten root, either through manual attack or automated attack such as worms, then your server is toast. The correct action 99% of the time is to format and reinstall. Nothing that anti-virus provides can change that.

3. One of the current major threats to Linux systems are badly written 'LAMP' applications using not-up-to-date versions of PHP language that have numerious flaws and vunerabilities. Also to a lesser extent other outdated services facing the internet or other insecure network. Apt-get update, apt-get upgrade will solve that problem a hell of a lot better then anti-virus company can do.

This is were Linux is most vunerable to worms and human attacks. Anti-virus isn't going to help much, if at all.

4. The other major threat, at this time, other then out of date software is people using weak passwords on Linux distros that install and configure OpenSSH services to run by default. This is a common attack vector. Disabiling password authentication, using strong passwords, or just turning off sshd altogether is much better.

5. Anti-virus is useless against 0-Day attacks by experianced hackers. The only defense against that in any OS is to have smart security policies and pay attention.

6. If you still feel that you need anti-virus protections use clamav. Open source anti-virus protection supported by most major distros. http://www.clamav.net/ Most propriatory software is trash.

That's about all I can think of now.

The major thing is about anti-virus is that it's largely passive. The only real service it can provide is scanning and detecting viruses on incoming mail or other files. If you found out that you've been successfully comprimised by a virus you've already lost.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
and if you want to get very technical, most of the "targets" in linux are actually apps/services, not part of the core OS. Apache is much less integrated then IIS on windows, for example. If apache has a vunerability, it's more comparable to an MS Office exploit then a core OS component, such as IE/IIS/ActiveX
 

P0ldy

Senior member
Dec 13, 2004
420
0
0
Originally posted by: nweaver
and if you want to get very technical, most of the "targets" in linux are actually apps/services, not part of the core OS. Apache is much less integrated then IIS on windows, for example. If apache has a vunerability, it's more comparable to an MS Office exploit then a core OS component, such as IE/IIS/ActiveX
What's more, you can run potentially dangerous apps like Apache in a chroot jail that keep the rest of the box safe from /var/www.
 

Seeruk

Senior member
Nov 16, 2003
986
0
0
Originally posted by: xtknight
If you don't run under root you're a lot safer.

You see that's why I don't like the whole sudo idea. We all know the weakest point of any system regardless of OS is the user.

Sudo is just a more complicated OK button to the average home desktop user. Think I mentioned a few weeks back, a guy who got rooted from a script on a website. When quizzing him to find this cause... he was surfing a site of questionable morales, and thought it was strange that he was prompted for his password, but entered it anyway. It was of course a script of questionable morales :)

Its a fine balance though, I understand it's convenience for distros like Ubuntu that are so targeted at the home user, but at the end of the day it makes it far to easy for the naive to stupid things.

 

pcthuglife

Member
May 3, 2005
173
0
0
I know a few people that complain about the Ubuntu sudo password prompt but I actually think it's a great idea. It really just acts as a big sign that says "what you are about to do requires administrative priviledges, so be careful!". Some will call it an inconvenience, but I'm a fast typer so I don't mind typing an extra word or phrase every once in a while.
 

drag

Elite Member
Jul 4, 2002
8,708
0
0
Giving 'sudo' rights to a user is basicly the Linux equivelent to Window's 'administrator' user. (I don't beleive there is a Windows equivelent to 'root')

It's probably ok that it's on for the first user setup during the install, but I beleive it's more proper to have no sudo users by default. That it's better just to have to use 'su -' to become root. This is because having 2 seperate passwords for root access and user access is just safer. It adds another layer of difficulty for a attacker. With sudo on by default then it's only one password/user account.

This is because in Linux distros/software authors should be able to set things up well enough that no user will ever have to gain root rights to do anything. That the only time you need to become root, for normal desktop tasks, is during install, when installing software, and when updating the system. Otherwise something is broken.

Of course we don't live in a ideal world. So I can understand why Ubuntu and such give users sudo access by default. Don't think it's the wisest move though.
 

pcthuglife

Member
May 3, 2005
173
0
0
So I can understand why Ubuntu and such give users sudo access by default. Don't think it's the wisest move though.
Ubuntu is targeted at the desktop market. I think sudo is a fine balance between convenience and security. Is it the ideal setup for a server? probably not. But it's more secure than a standard windows pc where the user has administrative rights, and more convenient than a fully locked down linux server where you have to have a completely separate root password.

 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: pcthuglife
So I can understand why Ubuntu and such give users sudo access by default. Don't think it's the wisest move though.
Ubuntu is targeted at the desktop market. I think sudo is a fine balance between convenience and security. Is it the ideal setup for a server? probably not. But it's more secure than a standard windows pc where the user has administrative rights, and more convenient than a fully locked down linux server where you have to have a completely separate root password.

I'd think there should be fewer things to be done on a server as root, since a lot of servers are fairly static in configuration.
 

pcthuglife

Member
May 3, 2005
173
0
0
eh it all depends on the user. my desktop ubuntu machine is pretty darn static. I browse the web, check, email, chat, and use gimp. I only use sudo to periodically install some updates, or to install some new programs from synaptic.
 

Seeruk

Senior member
Nov 16, 2003
986
0
0
Originally posted by: pcthuglife
eh it all depends on the user

That's my point, as it stands now the majority of *nix users are fairly savvy people.

Release sudo on the same kind of population as the Windows userbase and its a whole different ballgame

 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Release sudo on the same kind of population as the Windows userbase and its a whole different ballgame

Apple has already done that in OS X, everything that requires a priviledged operation presents a dialog similar to that of gksu. It's a little bit better in that things can't just run with admin rights without the user knowing, but at the same time it just trains them to enter their password when prompted even if they don't know why it's necessary.
 

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
Vista is going to be pretty much the same way. Just another dialog for them to click on through.
 

Robor

Elite Member
Oct 9, 1999
16,979
0
76
Originally posted by: spyordie007
Vista is going to be pretty much the same way. Just another dialog for them to click on through.

Yep, and once they get used to doing it for every routine task they're probably not going to question it when they're prompted for something harmful. It's like a disclaimer when installing software. Who actually reads them? We just trust the maker, check the 'I agree' box, and hit 'Next'. ;)
 

pcthuglife

Member
May 3, 2005
173
0
0
I disagree. I think a majority of pc users these days understand the risks of browsing the web. If anything I'd say that users are being conditioned to reject everything, even the valid installation prompts. A few weeks ago I got a call from my dad because his web browser prompted him to install an updated flash player.

You can't make the EULA analogy becuase those things are like 20 pages long and filled with boring legal text. A password/installation prompt would probably just say "would you like to install and run this application". Windows already has that but you could accidently hit the enter key and then you're screwed. Asking the user to enter their password forces them to make a conscious decision for what they're about to do. And again, it just acts as a flashing sign that says "be careful, what you're about to do could have consequences".

Honestly power users could argue back and forth all day about "what are the best security measures for computer noobs". But look at Ubuntu, look how fast it's gained/ is gaining popularity. A lot of linux discussion boards are full of threads about users that are new to linux and are deciding to go with Ubuntu. I can't remember the last time a linux distro has created as much buzz as Ubuntu in the near mainstream market. By near main stream I mean people who know how to use computers, but wouldn't necessarily be considered experts.