Reply to topic

Linux Virus... does it exist.. will it exist.. why not?

User avatar waldelf
Registered Member
Posts
333
Karma
0
OS
so... whats really about this virus thing... why shouldn't there be hundreds of viruses at the time linux has a market share of ... ähhm.. 10% ... i just want to diskuss this issue.


Kubuntu 12.04 x64 | KDE SC 4.8
Nvidia 8800 GTS | Core2Duo E6600 | 4 GB RAM
TeaAge
Alumni
Posts
55
Karma
0
OS
Well, I'm sure there exist virus for linux. But there will never be such a numerousness like in windows (I think).
First, you are only be loged in as a user. A virus that you start by mistaken can only change/delete your personal files.
That's hard, but not that hard.
Second, the source-code is open. A bug which has to be used to get root access will relatively soon be fixed, because a lot of people have an eye on that.

But what if somebody wants to manipulate an application and distribute it?
Well, he has to pick up an application. Has to understand and manipulate it, get access to a repository and upload it. But then, the keys will be differ and the package-manager will give an warning. If somebody install it regardless, that it is his fault.
And it will soon get fixed.

Well it's possible, yes. But the effort is very high and the effect is very small. It's not very worthwhile I think.
If Linux will ever take a big player on the desktop market, it will also get a lot of more developers which can check the code and it's changes.

That are my personal thoughts of that issue. Linux will never have such big problems with virus like windows, but the biggest risk is user himself.

Regards,
TeaAge


TeaAge, very proud KDE 4 User and to be a member of KDE forums since 2008-Nov.
nethad
Registered Member
Posts
9
Karma
0
OS
I agree with TeaAge,

plus: there is much more diversity in user space programs. On Windows you have Internet Explorer, Outlook, Word, Excel and all that stuff almost on every machine (in the same version even!). On Linux there are several browsers (though Firefox is used the most I think), several email clients and so on...


nethad, proud to be a member of KDE forums since 2008-Oct.
User avatar waldelf
Registered Member
Posts
333
Karma
0
OS
oke.. i am not sure about the argument that the virus has "only" userrights.. so it has no access to important system settings.. thats very good.. so it can not destroy my system .. but everything in my home folder.. i mean.. my rights as a user seem to be enough to start any program that has effect on everything what i am doing.. so a keylogger for example could be run as user and log all my keystrokes and send them to anyone.. or am i wrong? or what about trojans.. if i can start an application to contact the outer world.. or to open ports from the "inside" .. a wormvirustrojanwhatever.. can too... it is also possible to start programs automatically as user.. not at boot time but when the userdesktop starts..
sorry if this is all wrong and dumb.. i just cant understand why there should be no viruses for linux (besides the fact that there is no interest in harming a few free software user) i got asked a lot and had no real good awnser ;-)


Kubuntu 12.04 x64 | KDE SC 4.8
Nvidia 8800 GTS | Core2Duo E6600 | 4 GB RAM
john_hudson
Registered Member
Posts
547
Karma
2
OS
A lot depends on what you mean by a virus for Linux. There is a virus which attacks MS machines by exploiting a vulnerability in certain Linux programs to obtain data passing through the Internet. It hasn't been removed from the Internet because it requires a complete reinstall of any Linux system that is harbouring it and most of them are servers running 24 hours a day to which people did not apply the security patches when they came out and which they are reluctant to take down immediately because of the damage to their businesses. So the virus keeps on attacking MS machines because of a security vulnerability in some Linux machines.

As TeaAge says, it is the users - in the above case sysadmins - who are the cause of most vulnerabilities. If you use strong passwords, remove the anonymous users from mysql, etc. and take regular rotating backups of your data, you make things harder for attackers and, even if you are attacked, you should be able to restore most of your data. On Linux that is much easier than in Windows.


John Hudson, proud to be a member of KDE forums since 2008-Oct.
User avatar Primoz
Moderator
Posts
859
Karma
1
OS
Well I think that viruses for Linux are possible and probably do exist, but you should fear a bad script more than virus.
Bad script is a bash script that supposedly makes your Linux better, but contains rm -rf /* or something similar to it in itself.
But then again why would you use a script that you don't know what it is and more so you can open a script in kate and check it for any bad command.


Primoz, proud to be a member of KDE forums since 2008-Nov.
User avatar TheBlackCat
Registered Member
Posts
2945
Karma
8
OS
One issue is that although Linux is not that popular on the desktop market, it is extremely popular for servers, and having server viruses probably has an even larger benefit than desktop viruses. So the argument from popularity is not that big a benefit.

Although it is possible that you could accidentally install a keylogger, there are two issues. One is getting itself executable. Unlike windows files do not by default have executable permission. So you have to download the file, change the access permissions, and then run it. Ideally most people who know enough to be able to do this also know enough not to. Second, just having the virus isn't enough, it needs some way to spread. Even if you agree to install the program, it won't be able to easily spread itself to other computers because non-root users don't have control over the firewall. Sure you could accidentally install a keylogger, but if the keylogger can't send out your keystrokes because the necessary ports on your firewall are closed it isn't going to do any damage. So having the virus spread in the wild is hard.


Man is the lowest-cost, 150-pound, nonlinear, all-purpose computer system which can be mass-produced by unskilled labor.
-NASA in 1965
Kryten2X4B
Registered Member
Posts
911
Karma
4
OS
TheBlackCat wrote:Sure you could accidentally install a keylogger, but if the keylogger can't send out your keystrokes because the necessary ports on your firewall are closed it isn't going to do any damage. So having the virus spread in the wild is hard.


Ḯm not sure the ports argument is necessarily valid. I mean, most systems are (by default at least) configured to allow outbound traffic if it was initiated from within. And if the response (if any) looks like say standard web-traffic it is often permitted by firewalls too.

Actually, that's one reason I prefer to have /home mounted as noexec and nosuid (and I HATE programs that wants or require the suid flag set!)


OpenSUSE 11.4, 64-bit with KDE 4.6.4
Proud to be a member of KDE forums since 2008-Oct.
pansz
Registered Member
Posts
113
Karma
0
OS
waldelf wrote:so... whats really about this virus thing... why shouldn't there be hundreds of viruses at the time linux has a market share of ... ähhm.. 10% ... i just want to diskuss this issue.


virus is a program, it must have previledge to do nasty stuffs.

It is no doubt linux has virus, but when you running your linux as a normal user the virus cannot do anything bad.

If you run Linux as root (the equivaleng to Windows administrator), linux will be vulnerable to virus too.

By default installation, Windows XP creates a user which has administrator previledge, while Linux creates a user which has a normal (restricted) user previledge. This is the fundamental differences, since many Windows applications expect administrator previledge it is very hard to use Windows as a normal user. While most Linux applications are designed to run under normal user.
pansz
Registered Member
Posts
113
Karma
0
OS
Kryten2X4B wrote:Actually, that's one reason I prefer to have /home mounted as noexec and nosuid (and I HATE programs that wants or require the suid flag set!)


a trojan is always able to write to /tmp and have executable bit set, so IMO there isn't too much benefit mount /home as noexec.

the executable bit can be inside a tar.gz file, if you make you /home as noexec, you will have to extract the tar.gz file into somewhere else in order to install them. and in that way you'll often use /tmp or alike...
Kryten2X4B
Registered Member
Posts
911
Karma
4
OS
pansz wrote:
a trojan is always able to write to /tmp and have executable bit set, so IMO there isn't too much benefit mount /home as noexec.


Well, that depends. True, a trojan would be able to exploit /tmp but mounting /home as noexec has one benefit (albeit depending of the organization, the users, and the software in question): it makes it it, at least somewhat, less likely that a novice/semi-novice user would just save and/or cut-paste a potentially dangerous shell-script to ~/ and run it.

Is it enough for security? Certainly not. However, I'm off the school that thinks "the more obstacles to stop potentially dangerous scripts/executables from running the better". A bit excessive on home-systems where the user most likely knows the root/su password anyway, but still. On non-home systems, I also prefer to make non-admin users to have as little access to the system as possible (as one other example, making sure their shell is set to /bin/false whenever possible).

Would someone knowledgable and determined enough be able to get around it? No doubt. A ordinary user, however, would in my experience not be able to. And that, in my opinion, makes it a worthwhile addition to the "make the system as secure as possible without compromising the usablity of it" toolkit, since IMO a regular user does not need to be able to treat arbitrary files in their home-dir as executables.


OpenSUSE 11.4, 64-bit with KDE 4.6.4
Proud to be a member of KDE forums since 2008-Oct.
User avatar waldelf
Registered Member
Posts
333
Karma
0
OS
pansz wrote:It is no doubt linux has virus, but when you running your linux as a normal user the virus cannot do anything bad.



oke.. no linux virus would be able to harm your system.. but for the normal desktop user the second most important thing is his privacy.. his passwords.. his netbanking account..
so a simple keylogging tool sending all his collected information to someone.. installed in some directory in /home/user/.myowndirthatlookslikeaconfigfolder and a link in ~/.kde/Autostart
would be the most dangerous thing for the linux world??

btw. this program has to be executable.. oke.. so a chmod +x is needed.. every user can do this.. so a harmful program can do this too.. this is not a big hurdle

Last edited by waldelf on Mon Jan 19, 2009 8:44 am, edited 1 time in total.


Kubuntu 12.04 x64 | KDE SC 4.8
Nvidia 8800 GTS | Core2Duo E6600 | 4 GB RAM
TeaAge
Alumni
Posts
55
Karma
0
OS
btw. this program has to be executable.. oke.. so a chmod +x is needed.. every user can do this.. so a harmful program can do this too.. this is not a big hurdle


But how could a harmful program do "chmod +x" if it's not executable?
A user has to enter it with the keyboard.

An important question is, where to get this virus from?
Almost all distributions has a package manager, nearly 99% of the programs came from save repositories. If you get it somewhere else, than you should be careful. Is the site trustful? Do I really need this program? Is the source-code free?
And bring a harmful package to the repositories is a very hard thing, although it's not impossible!
There will never be a 100% security but linux has some advantage over windows and does it's best.

Regards,
TeaAge


TeaAge, very proud KDE 4 User and to be a member of KDE forums since 2008-Nov.
User avatar waldelf
Registered Member
Posts
333
Karma
0
OS
"But how could a harmful program do "chmod +x" if it's not executable?" hehe.. thats a good point.. thx


so you should always stay in your perfect virusfree distro repository.. but if there is a big market for linux software (if there would be one) there would be thousands of people offering their software over thousands of webbpages (like it is now for windows) so there will be always people downloading from webbpages and manually installing software they think its worth to trust..
but thats indeed no real security problem of linux anymore..
the greatest security leak.. sitting 60 cm infront of the display.. will ever exist.

and still.. network viruses (worms) .. the most important viruses in my opinion... would not be existant because there is no automatic replcation possible...


Kubuntu 12.04 x64 | KDE SC 4.8
Nvidia 8800 GTS | Core2Duo E6600 | 4 GB RAM
User avatar Cader
Registered Member
Posts
40
Karma
0
OS
pansz wrote:virus is a program, it must have previledge to do nasty stuffs.

It is no doubt linux has virus, but when you running your linux as a normal user the virus cannot do anything bad.


It depends on what you call nasty.
Say something isn't working and a user googles on how to get it working.
They find a web site that says this is how you do it:
Download program X from badsite.com
chmod 755 badprogram
./badprogram

This badprogram could put stuff in the users Autostart or login scripts and they wouldn't know it.
A keylogger, a spambot, popups.

Just because Linux is open source doesn't mean everything everyone can install is.

Also the viruses I have been cleaning in Windows are not security flaws, they are trojans and are installed due to social engineering. Storm, Vundo, etc are not worms spread automatically, they are installed by the user. There is nothing stopping the same thing from happening in linux for the average user.

 
Reply to topic

Bookmarks



Who is online

Registered users: alake, Baidu [Spider], bcooksley, Bing [Bot], colomar, dehnhardt, einar, Exabot [Bot], garthecho, ggael, Google [Bot], google01103, GreatEmerald, industrie13, inhiway, ivan, jensreuterberg, koriun, lazyit, Majestic-12 [Bot], nezumi, private_lock, SecretCode, tknight, urgo, valoriez, wolfi323, Yahoo [Bot]