Originally posted by: pcthuglife
Could somebody clear up the whole "viruses on linux" issue? I remember reading somewhere that there are no true "viruses" for linux. The worst thing that could happen is the user launches a script to harm the machine, but the script will be limited to the same permissions as the user that launched it. Meaning that unless you launced the virus as root, the worst that could happen is your home directory gets deleted.
Is any of this accurate or am I way off?
Na.
In Linux it's very easy to make a virus.
If your a programmer and you want to write a virus for Linux it's not that difficult. There is even a detailed howto on it.
http://www.linuxsecurity.com/resource_f...n/virus-writing-HOWTO/_html/index.html
Seriously, that howto will teach you how to write a virus for Linux.
What the truth of the matter is is that although it's not difficult to write a virus for Linux it is very difficult to get one to spread. There was one virus a few years ago that made it around for Linux. It was around the Redhat 6.0-7.0 days.
This was due to the fact that Redhat was concentrating on making Linux 'easy to use' rather then being secure. It shipped in a configuration similar to Windows 2000. That is everything on, everything activated, everything installed by default.
Since then Redhat has learned a lot and now understands the value of 'secure by default' approach.
Even though since then Linux is much much more popular then it used to be there haven't had any more viruses detected in the wild.
Most of these viruses that you see are 'proof of concepts'. Academic excersises that never get into any end-user's computer.
Why does this happen?
Well I could go into the different security models in Linux vs Windows. How stuff is more compartmentalized, how in Linux things are setup in a more 'correct manner'. How even though the security model is very simple, it's very strong. Then the differences between having a monoculture or having very custom setups. Secure by default principals. Compiler tricks and all sorts of stuff. Something designed to be a multi-user environment from the get-go versus having to deal with the legacy of applications originally designed for a single user environment on Win9x.
So on and so forth.
Of course I can't say anything like that because somebody will say that it's just because Linux isn't popular.
Kapersky about to release a Linux/Mac AV program?
Anti-virus companies are the used car salesmen of the computer industry.
They perform a nessicary service, but anything they say should be held in suspicion and even contempt.
The truth of the matter there are some factors to think about when dealing with anti-virus in Linux.
1. Commercial anti-virus programs are badly written and often want more rights then they need. There have been a number of commercial anti-virus vendors that support Linux. Historicly they have openned up many more security holes in Linux servers and desktops then they closed. (problems they've solved so far are pretty much zero)
2. Anti-virus is worthless against rootkits. If somebody has gotten root, either through manual attack or automated attack such as worms, then your server is toast. The correct action 99% of the time is to format and reinstall. Nothing that anti-virus provides can change that.
3. One of the current major threats to Linux systems are badly written 'LAMP' applications using not-up-to-date versions of PHP language that have numerious flaws and vunerabilities. Also to a lesser extent other outdated services facing the internet or other insecure network. Apt-get update, apt-get upgrade will solve that problem a hell of a lot better then anti-virus company can do.
This is were Linux is most vunerable to worms and human attacks. Anti-virus isn't going to help much, if at all.
4. The other major threat, at this time, other then out of date software is people using weak passwords on Linux distros that install and configure OpenSSH services to run by default. This is a common attack vector. Disabiling password authentication, using strong passwords, or just turning off sshd altogether is much better.
5. Anti-virus is useless against 0-Day attacks by experianced hackers. The only defense against that in any OS is to have smart security policies and pay attention.
6. If you still feel that you need anti-virus protections use clamav. Open source anti-virus protection supported by most major distros.
http://www.clamav.net/ Most propriatory software is trash.
That's about all I can think of now.
The major thing is about anti-virus is that it's largely passive. The only real service it can provide is scanning and detecting viruses on incoming mail or other files. If you found out that you've been successfully comprimised by a virus you've already lost.