Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: Can someone explain linux viruses to me!

  1. #1

    Default Can someone explain linux viruses to me!

    Hi all. First post and just started using Linux hence the confusion. Been a long time MS fan but Vista is a step too far and I refuse to use it after trying to get used to it for months.

    Basically it seems a lot of the linux community I've found via google seem to be on a really high horse and state its impossible for linux to get a virus so no need for Antivirus software at all if you use Linux - how is this the case though?

    From what I see people base this purely on the fact that linux requires you to enter root details to install a virus and if you dont install a package from an unknown source you're fine. Well... I never had a virus in windows XP using the same principal. I never ran a package from an unknown source and only logged in as a basic user unless I needed admin access! So surely I could state the same thing and say Windows cant get a virus either?!

    For a "noob" like me coming over to Linux, I dont know what's a good file and a bad file so for all I know I could be trying to install what I think is a legit package yet it is malicious code opening a back door. So this is where my questions begin...

    1. Can people piggy back malicious code onto legit files like they can in Windows?
    2. The whole argument about having to provide root details wont hold up in this case as I may run it without knowing
    3. To stop me making mistakes whilst learning linux, what points can people give me to make sure the files I open are legit.
    4. Does AV exist for file scanning in linux or does the signature scan like in Windows not act the same in Linux because of the way files work?

    From what I can see there are currently very few viruses for linux because it's not as popular as windows so few have been written - but thats completely different from people on the net claming viruses DONT exist for linux. Surely if linux takes off then more viruses will be made and new users will make mistakes and get infected? If no AV solution exists then Linux wont take off?

    Cheers for any info!

  2. #2
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,733
    Blog Entries
    20

    Default Re: Can someone explain linux viruses to me!

    Basically it's not a problem. Not that there are none, but the principle modus operandi of Linux is so different from Windows.

    1. Run a system with separate root and home partitions.
    2. Never run your system as root.
    3. Use only known and trusted sources/repositories.
    4. Use a hardware firewall if possible and keep Suse firewall enabled.
    5. Use common sense online.

    Some of us use a program like 'rkhunter' to check for rootkit exploits - This is a more likely problem in lInux that Virus'.
    Leap 15.1_KDE
    My Articles Was I any help? If yes: Click the star below

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Can someone explain linux viruses to me!

    It's harder to get a virus installed in Linux for various reasons:

    1. Linux repositories are hosted by trustworthy parties, either vendors or well-known groups. It takes more effort and a lot of determination to deliberately set up a repository with malware. First you would have to win the trust of the community over time, then you would have to build the malware packages (and in different formats and for different architectures, for wider coverage). At the end you may catch some people unaware but then once exposed, you're out. And for very little gain. So malefactors tend to go for the easier target, just provide some tempting Windows dodads that contain malware on some random site or through P2P sharing. Once I did get one (spam) email to root on a server claiming that I should install an attached Redhat RPM. On a SUSE machine. I just had a good laugh and consigned it to the trash.

    2. Linux apps are careful not to execute attachments. You would have to do some social engineering to convince the user that an attachment should be made executable and then to execute it. By this time the user would have gotten suspicious or lost interest. In Windows it's as easy as a click, or worse still, via drive-by with a vulnerable web browser.

    3. Linux runs on various architectures and has various vintages, and a malware writer would need to cover more bases than Windows, where just targetting i386 will effectively get him all the Windows users (including the W64 ones).

    4. Linux users tend to be more savvy and more careful.

    I'm sure there are others, but it's getting late.

    Anyway none of these objections are fatal to viruses but each one raises the bar so that the survival rate of a virus is much reduced.

    I haven't put the need root permission objection because these days it's bad enough if malware can send out spam as you without needing root permission.

    So if you take the basic precautions: use only official repositories, keep your software updated, don't visit dodgy sites (in case of holes in Flash or Acrobat or other proprietary apps where the FLOSS people have no way of checking the safety of the code), you should be fine.

  4. #4

    Default Re: Can someone explain linux viruses to me!

    OK thanks all. So on the off chance that I'm not paying attention and stupidly manage to get a keylogger, trojan, etc installed by mistake how can I remove it easily? Are there any good programs out there for removing rootkits or scanning for keyloggers, etc? Thats my main concern for now!

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Can someone explain linux viruses to me!

    rkhunter has been suggested.

    But really, best practice requires that you never get into this situation because a compromised machine cannot be trusted and should be reinstalled with system software and then user data restored.

  6. #6
    Join Date
    Jun 2008
    Location
    Berlin
    Posts
    2,061

    Default Re: Can someone explain linux viruses to me!

    Generally it is pretty save to run a Linux-maschine, simply because viruses are .exes = Windows-executables. It has been explained why it simply is not worth the time figuring out a Linux-compatible virus.

    I never had Win or any other systems than Linuxes, and even though I started as a n00b (Linux-wise and www-wise), I never ever caught anything malicious. Never.

    But since there are more ways to attack than using a virus, brain1.0 should always be mounted before starting the system. Since you seem to be aware and trained, chances are pretty good that you'll be safe.

    A little OT, but this thread about running viruses with wine is pretty informative and d@mn funny, give it a read, it might give you a better idea about security-issues under Linux: → What would happen if you ran a windows virus using Wine?

  7. #7
    ab@novell.com NNTP User

    Default Re: Can someone explain linux viruses to me!

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Agreed.... don't get viruses. There are other options of
    virus-detecting software that will work in Linux like ClamAV (Google for
    others if needed) but all of those technologies work after it's possibly
    too late. Along with what ken yap wrote already keep in mind that in
    windows malware "takes over" because it runs as Administrator and
    windows has made it very difficult to run a system without at least
    Power User privileges, which are very strong indeed. I'm generalizing
    slightly, but to make my point go to your non-technical friend and make
    them ONLY a regular 'User' in a new windows system that you haven't
    configured for them and see if you make it one day without a phone call
    demanding more privileges. You mentioned that you can run safely in
    windows by doing the same things, which is just as true there. Running
    Linux as 'root' is safer than running windows as Administrator, but it's
    still insanely stupid to do on a day-by-day basis. The well-established
    and proven concepts of least-privilege apply to any environment where
    some kind of "infection" can take place.... computers, human bodies,
    private organizations.... you give permissions when needed, but the
    problem is that to do anything in windows you regularly need to be
    privileged. When you run Firefox or (worse) IE as Administrator every
    bug not only in windows is opening up you to attack, but now every bug
    in the software you run that goes out onto the malware-infested Internet
    is opening you up. Every plugin in the browsers are the same way.
    Every component of the OS that doesn't listen for incoming connections
    but now helps the browser render content is suddenly open for attack.
    While these attacks may be possible when running as a regular user the
    impact of a successful exploitation is completely different since it
    might ruin your user account as a whole but with 'root' privileges it
    ruins your account, your system, every other account on the box, and if
    you are sharing files between boxes it could potentially infect other boxes.

    So, does running as non-root protect you from Viruses completely? No...
    anybody who says any system (technical or other) is fool-proof is
    incompetent, but does it prevent the damage that happens during an
    infection? Definitely.

    Adding to that the way windows determines it should "execute" an
    application is by the file extension, which is crazy. In Linux you need
    to set the 'execute' bit on a file to have it be executed by the system
    (even if the system only executes it as a plain old user). Files may be
    double-clickable in the GUI and then loaded by an application, but they
    are never just arbitrarily run, and if something looks suspicious you'll
    often be prompted to either open the file, display it, or run it, so you
    can tell you are potentially being silly. This is all, still, as a
    regular old user. So an attacker needs to either lure you to a site
    which exploits weaknesses in your browser and OS, or they need to get
    you to run files after making them executable. Both rely on users being
    halfway intelligent to successfully carry out, but the biggest weakness
    in computer security has always been us mere mortals. When was the last
    time you saw a virus-free and completely firewalled computer go and
    download an application from the Internet for fun that turned out to be
    a virus instead of a screensaver because it was "cute" or "fun" or
    "looked interesting"? When was the last time a human did so?

    Well I've gone off... feel free to ask follow-up questions but in
    general Linux was designed to be secure... designed to be multi-user....
    designed with more in mind than blindly making a user able to do
    anything they wanted to on the slightest whim.

    Good luck.




    ken yap wrote:
    > rkhunter has been suggested.
    >
    > But really, best practice requires that you never get into this
    > situation because a compromised machine cannot be trusted and should be
    > reinstalled with system software and then user data restored.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFI9gTl3s42bA80+9kRAh4cAJ9jaOZzuv8WBHjm5T45f/dZmIwLiwCfRyj4
    4gSBA0Cv4Jm8muikwA1pU9E=
    =P8zU
    -----END PGP SIGNATURE-----

  8. #8
    Join Date
    Sep 2008
    Location
    Belgium
    Posts
    52

    Default Re: Can someone explain linux viruses to me!

    What is a virus? A general definition of a virus is that it's a piece of code that when executed does something harmful to your computer. This can go from deleting your personal files to messing up your kernel.

    The claim that viruses don't exist for linux is false. There are viruses but not nearly as much as there are for windows. So the odds of you getting one are tiny at best. But if you get one and you let it run, it can surely do some nasty damage. If you execute a suspicious file with root privileges it's your responsibility.

    There are other elements that make linux into a safer environment than other operating systems as well. The fact that it needs a root password for anything sensitive and that your default account will not be the root account is the best example of this (unlike in windows). The practice followed in linux is that it never allows you to work outside of your user space without asking for a password.

    Things like malicious code in office and multimedia files also don't exist in linux. Opening a word file is a risk in MS office.

    1. Can people piggy back malicious code onto legit files like they can in Windows?

    As long as you stick to your packet manager you're packages are authenticated and the integrity is checked with a security key (in windows there is no such thing as a packet manager). If it does occur that you need to get your code from somewhere else it's your call whether you trust it or not. The fact is that most of your linux programs will be installed with your packet manager thus eliminating any danger.

    2. The whole argument about having to provide root details wont hold up in this case as I may run it without knowing.

    True but as long as you don't enter a root password something can't run with root privileges. In a desktop environment you'll always get a popup window. In a shell you might just forget from time to time that you're working as root but someone doing fancy root-stuff in a shell should be smart enough to know that.

    3. To stop me making mistakes whilst learning linux, what points can people give me to make sure the files I open are legit.

    Stick to your packet manager and sources you trust.

    4. Does AV exist for file scanning in linux or does the signature scan like in Windows not act the same in Linux because of the way files work?

    I don't know any anti-virus scanner for linux. If there are they will be scarce. It's just not economical to invest in virus scanners if you hardly have any.

    You can never dismiss the possibility that users will execute something they shouldn't in any operating system but linux diminishes the odds of that greatly.

  9. #9
    Join Date
    Jun 2008
    Location
    Berlin
    Posts
    2,061

    Default Re: Can someone explain linux viruses to me!

    In a shell you might just forget from time to time that you're working as root but someone doing fancy root-stuff in a shell should be smart enough to know that.
    That actually happened to me all the time when I started using computers, more precisely: working in a root-shell, then doing something else, then coming back to the shell and forgetting it has root-privileges. Putting the following lines in bashrc solved it:

    Code:
    if [ "`id -u`" -eq 0 ]; then
      IDLELOGOUT=300
      echo "root will be logged out after 5 minutes without input or job"
      export TMOUT=$IDLELOGOUT
    fi
    I don't know any anti-virus scanner for linux.
    ClamAV has been mentioned, also there is a Linux-Version of AntiVir (even with GUI!), but that of course only makes sense when a system works as a server for Windows-clients, since they will only scan for known Win-viruses.

  10. #10
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Can someone explain linux viruses to me!

    Yes, the bit about not working as root unnecessarily is more for one's own protection than anything else. Who among us has not encountered or had a close shave with the dreaded onosecond, which is the shortest interval of time known to man, that between hitting return on a unintended command and realising the mistake?

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •