Linux and Viruses (again) - Security

This is a discussion on Linux and Viruses (again) - Security ; I have always believed that there are no viruses for Linux because nobody can be bothered writing one. The RUTE page ( http://linuxcourse.rutgers.edu/rute/node51.html ) says that a virus could not do any harm on a vLinux xsystenm anyway, unless the ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: Linux and Viruses (again)

  1. Linux and Viruses (again)

    I have always believed that there are no viruses for Linux because nobody
    can be bothered writing one. The RUTE page
    (http://linuxcourse.rutgers.edu/rute/node51.html) says that a virus could
    not do any harm on a vLinux xsystenm anyway, unless the user operates as
    root all the time, because a virus in the user's space could not get into
    the system:

    "Because a UNIX system does not allow this kind of flexibility in the first
    place, there is categorically no such thing as a virus for it. For example,
    UNIX inherently restricts access to files outside the user's privilege
    space, so a virus would have nothing to infect."

    Surely the same could be said about Windows XP which has a separate
    "administrator" account? Yet viruses for Windows seem to be constantly
    created. Or are they only worms, which can exist on a Linux server?

    Just curious.

    Doug L.
    --
    Saw a wedding in the church...and strange to see what delight we married
    people have to see these poor fools decoyed into our condition.
    -- Samuel Pepys, diarist.


  2. Re: Linux and Viruses (again)

    Doug Laidlaw (06-02-28 21:40:19):

    > I have always believed that there are no viruses for Linux because
    > nobody can be bothered writing one. The RUTE page
    > (http://linuxcourse.rutgers.edu/rute/node51.html) says that a virus
    > could not do any harm on a vLinux xsystenm anyway, unless the user
    > operates as root all the time, because a virus in the user's space
    > could not get into the system:
    >
    > "Because a UNIX system does not allow this kind of flexibility in the
    > first place, there is categorically no such thing as a virus for
    > it. For example, UNIX inherently restricts access to files outside the
    > user's privilege space, so a virus would have nothing to infect."
    >
    > Surely the same could be said about Windows XP which has a separate
    > "administrator" account? Yet viruses for Windows seem to be constantly
    > created. Or are they only worms, which can exist on a Linux server?


    There are as well "viruses" for Linux systems. They spread by
    exploiting known vulnerabilities in server packages. Most desktop and
    workstation environments wouldn't be affected by this. However, there
    have also been flaws in email-clients and browsers.

    The problem, which viruses under Linux are facing, is that there are
    very few such known vulnerabilities (compared to, say, Windows). If a
    security flaw gets known, then it also gets fixed in no time, mostly.
    So the chance for a Linux virus to survive is pretty low, though it's
    not impossible.


    Regards.

  3. Re: Linux and Viruses (again)

    On Tue, 28 Feb 2006 21:40:19 +1100, Doug Laidlaw wrote:
    >
    > Surely the same could be said about Windows XP which has a separate
    > "administrator" account? Yet viruses for Windows seem to be constantly
    > created.


    That is because user apps still need access to system files that can
    be exploited. IE and Outlook being so deeply entangled with the OS itself
    are both prime examples. If the malware exploits a weakness in IE or
    Outlook, it then has access to core OS files with the usual results. And
    the bozo that dreamed up ActiveX made it that much easier for the malware
    authors.

  4. Re: Linux and Viruses (again)

    Doug Laidlaw wrote:

    > I have always believed that there are no viruses for Linux because nobody
    > can be bothered writing one. The RUTE page
    > (http://linuxcourse.rutgers.edu/rute/node51.html) says that a virus could
    > not do any harm on a vLinux xsystenm anyway, unless the user operates as
    > root all the time, because a virus in the user's space could not get into
    > the system:
    >
    > "Because a UNIX system does not allow this kind of flexibility in the
    > first place, there is categorically no such thing as a virus for it. For
    > example, UNIX inherently restricts access to files outside the user's
    > privilege space, so a virus would have nothing to infect."
    >
    > Surely the same could be said about Windows XP which has a separate
    > "administrator" account? Yet viruses for Windows seem to be constantly
    > created. Or are they only worms, which can exist on a Linux server?
    >
    > Just curious.
    >
    > Doug L.


    Here is another reason. Linux is not mainstream. I don't know the exact
    figure but if MS Windows has 90% of the desktop users and MAC has a number,
    what does that leave?
    A prankster isn't going to get much of a bang out of screwing with Linux or
    Unix. If the majority were running Linux the virus writing idiots would try
    harder but even they know it's almost useless if you don't have root
    access. And the more they try the more they will harden the system against
    attacks as should be happening with MS Windows but is not for some reason.


  5. Re: Linux and Viruses (again)

    On 2006-02-28, Doug Laidlaw wrote:
    >
    > "Because a UNIX system does not allow this kind of flexibility in the first
    > place, there is categorically no such thing as a virus for it. For example,
    > UNIX inherently restricts access to files outside the user's privilege
    > space, so a virus would have nothing to infect."
    >
    > Surely the same could be said about Windows XP which has a separate
    > "administrator" account? Yet viruses for Windows seem to be constantly
    > created. Or are they only worms, which can exist on a Linux server?


    Another perspective: in my lab, at least on the W2k machines, the
    primary user is generally in the administrators group, to permit him to
    change settings, install software, maybe a few other things (I'm not a
    Windows admin). So, while there's a separate Administrator account, the
    user is effectively running as administrator, even if not logged in
    explicitly as such. I don't know if XP fixed these issues or not, but
    as another poster wrote, various user apps in XP also require effective
    admin rights, oftentimes granted without the end user's knowledge.

    I know of few programs in the linux/BSD/other free POSIX world which
    indiscriminately grant root to a user (most seem to prompt for a root
    password before allowing any changes). But note that the few linux
    distros which operated on this user-security model were ridiculed
    in the linux community for doing so.

    --keith

    --
    kkeller-usenet@wombat.san-francisco.ca.us
    (try just my userid to email me)
    AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
    see X- headers for PGP signature information


  6. Re: Linux and Viruses (again)

    * Nog
    | If the majority were running Linux the virus writing idiots would
    | try harder but even they know it's almost useless if you don't have
    | root access.

    Searching for email addresses and sending spam to those found does not
    require root access. Using the machine for a crack-attack on some
    other machine's ssh port does not require root access either.

    R'

  7. Re: Linux and Viruses (again)

    Ralf Fassel wrote:

    > * Nog
    > | If the majority were running Linux the virus writing idiots would
    > | try harder but even they know it's almost useless if you don't have
    > | root access.
    >
    > Searching for email addresses and sending spam to those found does not
    > require root access. Using the machine for a crack-attack on some
    > other machine's ssh port does not require root access either.
    >
    > R'


    System Administrator (Root) can reassign ports to thwart remote attacks. I
    block entire domains of spammers and phishers.

  8. Re: Linux and Viruses (again)

    only OpenVMS can not and never has had a virus ... all other OSs are
    vulnerable ...


  9. Re: Linux and Viruses (again)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    bob@instantwhip.com wrote:
    > only OpenVMS can not and never has had a virus ... all other OSs are
    > vulnerable ...


    I'm curious. Can you list some of the viruses that have infected
    - MVS,
    - z/OS
    - VSE
    - VM/CMS
    - TOPS/10
    - TOPS/20
    - RSTS/E
    - RSX-11M
    - CP/M
    - LinC
    - Wang
    - GECOS
    - OS/2
    - Series 1
    ?

    - --
    Lew Pitcher

    Master Codewright & JOAT-in-training | GPG public key available on request
    Registered Linux User #112576 (http://counter.li.org/)
    Slackware - Because I know what I'm doing.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.7 (GNU/Linux)

    iD8DBQFEFDvNagVFX4UWr64RAhq6AKCinedllkiWCNv+cxwDPH t+UqOByACfU/vA
    3fUeap+Om2u0uRdETogNO6w=
    =MhIp
    -----END PGP SIGNATURE-----

  10. Re: Linux and Viruses (again)

    Doug Laidlaw wrote:
    > I have always believed that there are no viruses for Linux because nobody
    > can be bothered writing one.


    A number of people have bothered writing Linux viruses, worms, and
    trojan horses. They've not been very successful. The reasons are
    complex.

    > The RUTE page (http://linuxcourse.rutgers.edu/rute/node51.html) says
    > that a virus could not do any harm on a vLinux xsystenm anyway, unless
    > the user operates as root all the time, because a virus in the user's
    > space could not get into the system:


    It turns out it's surprisingly difficult to wrote comprehensive analysis
    of Linux/Unix malware, to identify under what circumstances they could
    have some effect, and to show through such analysis why in general
    they're harmless trivia and that you probably have much more serious
    security concerns.

    I know this because I _maintain_ one such effort, at
    http://linuxmafia.com/~rick/faq/index.php?page=virus , which has become
    somewhat misshapen and meandering over time, in part because it starts
    with statements _somewhat_ like Paul Sheer's (which you cited) to the
    effect that you don't have a lot to worry about provided you don't take
    unwise actions as root.

    It turns out that there are a number of diverse threat models, and a
    number of separate reasons why attacks based on each of them tend to not
    work very well, provided the local admin maintains his/her system and
    doesn't carry out flamboyantly insane actions. Part of the task of the
    Linux/Unix culture has always been to make it easy for even novice
    admins to detect that an action is security-risky before doing it. The
    culture has been mostly successful in that regard -- certainly good
    enough that malware has been not a serious threat to production systems
    compared to, say, novice sysadmins themselves. ;->

    My page (cited two paragraphs up) tries to include sufficient analysis
    of every known piece of Linux malware, to date. I'm missing (to my
    knowledge) only the latest (and rather feeble) "worm" aimed at developed
    PHP apps with incompetent security. Will write up that one, soon.

    [Snip Sheer's claim.]

    > Surely the same could be said about Windows XP which has a separate
    > "administrator" account?


    Well, not entirely. Escalation paths to the MS-Windows NT/W2k/XP
    "Administrator" account and other privileged accounts are, sadly,
    entirely too common and pervasive. And a number of other criminally
    negligent practices are commonplace. But you're asking on the wrong
    newsgroup about details. You know where to go, for that. ;->

    --
    Cheers,
    Rick Moen Support your local medical examiner: Die strangely.
    rick@linuxmafia.com

  11. Re: Linux and Viruses (again)

    Nog wrote:

    > Here is another reason. Linux is not mainstream. I don't know the exact
    > figure but if MS Windows has 90% of the desktop users and MAC has a number,
    > what does that leave?
    > A prankster isn't going to get much of a bang out of screwing with Linux or
    > Unix.


    This is both a FAQ and an obvious misconception. E.g., imagine how both
    famous _and_ instantly successful a remote, automated compromise of all
    Linux Apache Web servers would be.

    Also answered, rather acidly, here:
    http://linuxmafia.com/~rick/faq/inde...e=virus#virus4


  12. Re: Linux and Viruses (again)

    how many of those OSs are still in use, being maintained today?
    None of those provide the security and clustering power of VMS ...
    VMS took over the RSTS market because of that very reason ...
    OS2 virus free? You better go count the CERTS over the years ...


+ Reply to Thread