A question from LINUX beginner

[Johnson L]

I heard from my friend that LINUX and UNIX was virus-free, but I wasn't sure
why, and he too. Could anybody explain the anti-virus mechanism of LINUX to
me please? Does it mean LINUX users can only use applications that have the
certification? If so the WINDOWS users can also be safe by just using the
software with certification, right? Is it OK for Linux users to download
applications without certification?

Thanks.

Johnson

 

[Beauregard T. Shagnasty]

I heard from my friend that LINUX and UNIX was virus-free,

That's pretty much the case. There are some few dozen Linux viruses
known to man, and about 150,000 Windows viruses with more coming every
day. (By 'viruses', I mean all kinds of exploits.)

but I wasn't sure why, and he too. Could anybody explain the
anti-virus mechanism of LINUX to me please?

Well, one reason is nobody can get those few Linux viruses to propagate.
They exist only in the lab. If for some really rare odd reason, you
actually encountered one, your computer would spring up a "Enter your
password to execute this program." You would then have to shoot yourself
in the foot.

Does it mean LINUX users can only use applications that have the
certification?

What is "the certification?"

If so the WINDOWS users can also be safe by just using the software
with certification, right?

No, a Windows user can get himself infected by just connecting his
unpatched computer to the Internet. Takes about a few minutes until
you're toast.

Is it OK for Linux users to download applications without
certification?

There is no "certification" for either OS. As long as you use software
from a reputable repository, you'll have no problem.

Give it a test drive. Download an .iso, burn to CD, then run it right
from the CD and see for yourself.
http://ubuntu.com/ is a good one.
The Ubuntu repository has about 20,000 free programs, and should cover
just about anything any average user would ever want or need.

 

[Johnson L]

Thank you very much, Beauregard,

I am a very beginner of LINUX, and I have a couple of question.
Case 1: If somebody wrote a device driver software for a new storage device,
while this software has some malicious code inside, that can wipe off some
contents of the storage device. If the guy uploads this free driver and
spread it, will it cause harm for the people who decides to install this
device driver?

Case 2: If somebody wrote an application program which needs to read/write
data to the storage device via LINUX device driver. Inside of this
application software he puts some some malicious code that can wipe off
some contents of the storage device. If the application program is spread
away, will it cause harm?

Both cases comply with the definition of computer virus, so how LINUX deal
with it? In other word, can LINUX users freely download and use software
developed by others?

Johnson

 

[Beauregard T. Shagnasty]

Thank you very much, Beauregard,

I am a very beginner of LINUX, and I have a couple of question.
Case 1: If somebody wrote ...

Both your cases would never occur. All software in the repositories is
examined by many people .. teams of people all around the world. One
person can't place software in there, without approval of many peers.
The source code of all those applications is freely available to examine
by professionals.

Both cases comply with the definition of computer virus, so how LINUX
deal with it? In other word, can LINUX users freely download and use
software developed by others?

Yes. As long as you stick to the known good sources. Read through this
page to get some idea just how difficult it would be to slip something
in.

https://help.ubuntu.com/community/Repositories/Ubuntu

With Windows, anyone can offer up a closed-source program all by
himself, and nobody knows what it does .. until the first person is
infected and reports it.

It may seem confusing at first, but only because it is different than
Windows. It isn't any harder, just different. The first time you saw
Windows, you weren't sure what to do, right?

Please don't top-post. Thanks.

 

[FromTheRafters]

I heard from my friend that LINUX and UNIX was virus-free,
but I wasn't sure why, and he too.

Absolutely untrue. It just seems that way when compared to Windows (for
various reasons, not the least of which is its' sheer popularity).

Could anybody explain the anti-virus mechanism of LINUX to me please?

Ever hear the line 'keep your head down' in a war film? Windows is a
much bigger target.

Does it mean LINUX users can only use applications that have the
certification? If so the WINDOWS users can also be safe by just using
the software with certification, right? Is it OK for Linux users to
download applications without certification?

I don't think certifications have anything to do with viruses. You could
avoid many kinds of "trojans" however.

Although Unix was first for worms, Windows soon left 'em in the dust
with some brain dead OOBE defaults.

 

[FromTheRafters]

Both cases fit the "trojan" definition, not the "virus" definition.

Please don't just dismiss this as semantics - it *is* semantics and is
important to communication.

A "virus" doesn't have to rely on any exploit, it just uses the
environment (the same one the user enjoys) to propagate. So the
treatment is different than the treatment for just avoiding trojans.
Specific payload activity is irrelevant. The reading and writing is, of
course, relevant.

Thank you very much, Beauregard,

I am a very beginner of LINUX, and I have a couple of question.
Case 1: If somebody wrote a device driver software for a new storage
device, while this software has some malicious code inside, that can
wipe off some contents of the storage device. If the guy uploads this
free driver and spread it, will it cause harm for the people who
decides to install this device driver?

Case 2: If somebody wrote an application program which needs to
read/write data to the storage device via LINUX device driver. Inside
of this application software he puts some some malicious code that
can wipe off some contents of the storage device. If the application
program is spread away, will it cause harm?

Both cases comply with the definition of computer virus, so how LINUX
deal with it? In other word, can LINUX users freely download and use
software developed by others?

Johnson

 

[Johnson L]

Very informative. I also hear WINE for LINUX may suffer viruses of both
WINDOWS and LINUX, thus it is even more vulnerable than WINDOWS, is it true?

My friend told me an example how LINUX was affected: Linux.Slapper worm.
Slapper steps to infect Apache server
1. Linux.Slapper worm. Slapper connects itself to the server via Port 80 of
HTTP.
2. Send out GET request, get info about the servers, then choose a target.
3. Connect to Port 443 of the server, then use the buffer oveflow bug to
include the malicious codes.
4. Use gcc to compile the malicious codes.
5. The malicous codes monitors UDP and waits for DDoS
6. Once DDoS, attack ...

 

[Johnson L]

You are absolutely right about the definition. I and my friend were not good
students at the University.

Both cases fit the "trojan" definition, not the "virus" definition.

Please don't just dismiss this as semantics - it *is* semantics and is
important to communication.

A "virus" doesn't have to rely on any exploit, it just uses the
environment (the same one the user enjoys) to propagate. So the treatment
is different than the treatment for just avoiding trojans. Specific
payload activity is irrelevant. The reading and writing is, of course,
relevant.

 

[Johnson L]

"Please don't top-post."

Did I top-post? I didn't notice. If you find it happens again pls let me
know.

 

[David W. Hodgins]

Both cases comply with the definition of computer virus, so how LINUX deal
with it? In other word, can LINUX users freely download and use software
developed by others?

Neither case fits the definition of a virus. A virus infects existing executable programs.
What you have described are trojans. That is, programs that claim to do one thing
but have additional malicious code.

Any computer system, no matter what the os, can run malicious code, if the user
chooses to run it. In the case of linux, the operating system is protected by filesystem
permissions, which prevent the user, or rather any programs run by the user, from
updating the system files, without the user providing the root user's password.
The damage, if any would be limited to files the user has write access to, unless
the user provides the root password.

There is no technological fix for stupidity between the keyboard and the chair, no
matter what os is running.

Regards, Dave Hodgins

 

[Beauregard T. Shagnasty]

Very informative. I also hear WINE for LINUX may suffer viruses of
both WINDOWS and LINUX, thus it is even more vulnerable than WINDOWS,
is it true?

No. Wine is a Windows emulator that is run in Linux. You can then run
Windows applications from within this 'shell.' Yes, you can get some
infections in the emulator (not all of them), but all it will affect is
Wine. Your Linux OS will remain untouched.

My only Windows program is my newsreader, and I am running it in Wine.
Not a problem.

My friend told me an example how LINUX was affected: Linux.Slapper
worm. Slapper steps to infect Apache server

Apache is a web server. The percentage of people running Apache is very
low, probably less than 1 or 2 percent. Windows has a web server as well
- it's called IIS (Internet Information Server) - and it is probably a
lot more vulnerable than Apache. Neither of them is vulnerable if the
owner knows how to secure them.

I'm one of that small percentage running Apache (I write web sites), and
I have never been compromised.

 

[Beauregard T. Shagnasty]

"Please don't top-post."

Did I top-post? I didn't notice. If you find it happens again pls let me
know.

Where did you type your reply? At the top.

Most Usenet groups prefer interleaved posting, in between and just after
the part of the quote you are replying to. As I have been doing when
answering you.

open the front cover and begin reading there?
the back cover and end up at the front or do you
chapter one or do you start somewhere near
When reading a book, do you start at

 

[Johnson L]

Where did you type your reply? At the top.

Most Usenet groups prefer interleaved posting, in between and just after
the part of the quote you are replying to. As I have been doing when
answering you.

open the front cover and begin reading there?
the back cover and end up at the front or do you
chapter one or do you start somewhere near
When reading a book, do you start at

Copy and thanks.

 

[Johnson L]

Neither case fits the definition of a virus. A virus infects existing
executable programs.
What you have described are trojans. That is, programs that claim to do
one thing
but have additional malicious code.

Any computer system, no matter what the os, can run malicious code, if the
user
chooses to run it. In the case of linux, the operating system is
protected by filesystem
permissions, which prevent the user, or rather any programs run by the
user, from
updating the system files, without the user providing the root user's
password.
The damage, if any would be limited to files the user has write access to,
unless
the user provides the root password.

There is no technological fix for stupidity between the keyboard and the
chair, no
matter what os is running.

Regards, Dave Hodgins

I agree that LINUX is much safer than WINDOWS by separating the root from
the user space.

 

[James Egan]

With Windows, anyone can offer up a closed-source program all by
himself, and nobody knows what it does .. until the first person is
infected and reports it.

You make it sound like there's no such thing as a closed source linux
program.


Jim.

 

[Beauregard T. Shagnasty]

You make it sound like there's no such thing as a closed source linux
program.

Please refer to the parts of my post that you snipped, about getting
Linux programs from the repositories.

"All software in the repositories is examined by many people ..."
"As long as you stick to the known good sources."

 

[Dave Cohen]

If you think Linux is not bullet proof, you have another thing coming.
If the masses get a hold and start using Linux, it's game, set and match
because Linux is Swiss cheese too. The only reason the virus writers are
not after Linux "hard" is due to the masses are not using it.

Linux is Swiss cheese because human beings wrote, and we are not
perfect. So, anything we create or produce is not perfect either.

<http://www.linuxsecurity.com/content/view/127202/171/>
<http://www.desktoplinux.com/articles/AT3307459975.html>
<http://www.linuxtoday.com/news_story.php3?ltsn=2001-09-07-014-20-SC&tbovrmode=1>

<http://lwn.net/Articles/222153/>

You've summed up the chief reasons for lack of malware on linux.
1. It's a much less widely used system, so doesn't present as an
attractive target.
2. Despite statements by earlier posters, once one gets beyond simple
internet access linux requires a higher level of computer savvy to use
than windows and linux users will tend to be less gullible targets.
3. Security although available for windows is more strictly enforced in
the linux world.

I've been running windows for years, follow good (but not paranoid)
procedures and have never had a virus. I guard against hardware failure
by adopting a good backup strategy which also leaves me less concerned
if I should pick up malware. My personal data is protected with truecrypt.
Dave Cohen

 

[Johnson L]

But you see that's the problem for Linux, as it needs those same vast non
computer savvy users to come to Linux in order for Linux to come above a
1% usage on the desktop world wide.

You can say this, that and the other, but the security rest in the hands
of those who use the O/S, sitting behind the wheel. If they point, click,
and approve it not knowing the ramifications of the action, Linux is not
going to save them either. Linux is not bullet-proof, and there are yet
un-discovered holes in that O/S that are not being exposed due to its lack
of usage over all, and the virus writers are not coming after Linux --
*hard*.

And I'll repeat it. As long as human beings are involved with the creation
and usage of something, it's not ever going to be perfect no matter what
it is. If Linux winds-up in the hands of the vast non computer savvy users
as they are on MS, it has got and will have problems as the virus writers
come after it, on a game, set and match.

I don't want to run into philosophy, since it is too smart for me. I already
understand both Windows and Linux can be infected by Virus. Now I want know
if LINUX is better than WINDOWS in security if we put them into the same
situation, say same volume of savvy users. If YES I also want to know the
degree of how LINUX is better than WINDOWS in security, almost the same, or
much better?

Johnson

 

[1PW]

I don't want to run into philosophy, since it is too smart for me. I already
understand both Windows and Linux can be infected by Virus. Now I want know
if LINUX is better than WINDOWS in security if we put them into the same
situation, say same volume of savvy users. If YES I also want to know the
degree of how LINUX is better than WINDOWS in security, almost the same, or
much better?

Johnson

In a special way, this is a comparison of apples and oranges. The bad
folks have mostly chosen the Windows platform for their targets.

Put an unpatched, unprotected Windows system on the internet and in mere
minutes this "Honey Pot" system will have been attacked and infested.
Not nearly so with a similar Linux system.

However, in fairness to Windows users, a very skilled person can have a
Windows system effectively hardened given the proper resources.

Most folks can make a good argument for no antivirus applications on
Linux systems. However, no less than Microsoft themselves says you
should have antivirus applications in place on Windows systems. Many
Linux users will still have antivirus applications in use to keep some
malware from getting to /Windows/ systems.

Ask a knowledgeable Linux user if they are worried about the Conficker
worm...

Pete

 

[kurt wismer]

Please refer to the parts of my post that you snipped, about getting
Linux programs from the repositories.

"All software in the repositories is examined by many people ..."
"As long as you stick to the known good sources."

being examined my many people is no guarantee, unfortunately...

furthermore, just because it's available to be examined doesn't mean it
really and truly is examined...