37 replies to this topic

[V.T. Eric Layton]

For years and years now I've been hearing and reading conflicting information regarding viruses and malware threats to the GNU/Linux operating system. I often run across hardcore MS Windows proponents who say that there are threats out there. I see Linux fans saying there are NOT threats of any kind. I see BIG BIZ AV companies that are trying to scare GNU/Linux users into buying their products by exaggerating the threats that are out there. What is the truth?

Here are a couple of not-so-definitive articles, but based in fact, I believe:

https://en.wikipedia...i/Linux_Viruses

http://www.theregist...indows_viruses/

Does anyone know of any truly definitive source for information regarding this topic?

Thanks,

~Eric

[securitybreach]

Interesting stuff although that second link is from 2003 so a lot of things have changed since that time. Here are a few links:
https://www.linux.co...mune-to-viruses
http://cristalinux.b...s-in-linux.html
https://help.ubuntu....unity/Antivirus
http://www.neowin.ne...iruses-on-linux

[ross549]

Do executing viruses under WINE count?

http://blog.opensour...i-can-haz-virus



Adam

[securitybreach]

ross549, on 18 April 2012 - 03:06 PM, said:

Do executing viruses under WINE count?

http://blog.opensour...i-can-haz-virus



Adam

Yeah but it only affects your /home/username/.wine/ folder and is not executable system-wide. So all you have to do is delete you ~/.wine folder and it is gone. Nice proof of concept on the article though

[V.T. Eric Layton]

My understanding, and we've had this discussion in BATL a long while ago (during Bruno's tenure), the ONLY viruses in existence for GNU/Linux operating systems MUST have elevated privileges to activate at all. They're not like Win viruses where just clicking an .exe can initiate the virus. This is one of the reasons that it's not wise to login to your GUI or even your non-X environment as root. At least this has always been my understanding. I most definitely could be wrong about this. That's why I'd like some definitive expert answers regarding this topic.

[Temmu]

which is why microsoft recommends running their os as a user or guest and not an admin.
even in linux it is verboten to run as root.

[V.T. Eric Layton]

That's an outstanding option in MS Windows. Unfortunately, 1 in 10,000 MS Windows users will read their Windows manual or Help files to be made aware of that option. In MS Windows, when you install the OS, you are Admin by default. If people would take the time to learn more about permissions in MS Windows, they would be a bit more secure in their computing. It just ain't gonna' happen, though. This past month I've recovered personal data and wiped/reinstalled Windows for five people. None of them kept their Windows updated, antivirus updated, or made backups of their important data.

In my experience, sadly, the VAST majority of computer users are JUST LIKE THESE PEOPLE. The reason that it is like this is because when computers first became a hot market commodity, they were sold by sales people who made them sound like that were as easy to use as your television. The problem, as you know, is that computers are more closely comparable to your automobile than to your TV. Your TV will never need regular maintenance or data backups. Your automobile, on the other hand, requires regular oil changes, tire rotations, and tune-ups.

And to be honest, most folks don't even maintain their automobiles. We are a lazy, ignorant slug species.

[amenditman]

V.T. Eric Layton, on 18 April 2012 - 09:57 PM, said:

And to be honest, most folks don't even maintain their automobiles. We are a lazy, ignorant slug species.

That is just rude, insulting slugs that way!

[V.T. Eric Layton]

Yeah, that was unfair to slugs, huh? I apologize to the slimey little guys. Hey! That rhymes!

[securitybreach]

Exactly, there is not much you can do if your account does not have Admin privileges. The problem lies when there are exploits to elevate privileges from user/guest to admin which has been know to exist over the years on various OSs. Pretty much there have only been "proof of concept" viruses on Linux although there have been a few in the past:

USN-905-1: sudo vulnerabilities
Local privilege escalation when executed with nohup
http://www.h-online....hed-742541.html
http://www.win.tue.n...x/hh/hh-12.html
Linux root Exploit Vulnerability (CVE-2012-0056)
Granted most of these are due to bugs that were fixed pretty much immediately. Of course, it depends on how fast the distro you use pushes the update out to their users and the when the exploit has been found. Luckily distros that use a rolling release get the patches right away from the upstream package devs so they are usually updated rather quickly although most distro push out major security fixes right away as well.

[ross549]

V.T. Eric Layton, on 18 April 2012 - 09:57 PM, said:

That's an outstanding option in MS Windows. Unfortunately, 1 in 10,000 MS Windows users will read their Windows manual or Help files to be made aware of that option. In MS Windows, when you install the OS, you are Admin by default. If people would take the time to learn more about permissions in MS Windows, they would be a bit more secure in their computing. It just ain't gonna' happen, though. This past month I've recovered personal data and wiped/reinstalled Windows for five people. None of them kept their Windows updated, antivirus updated, or made backups of their important data.

Actually, I think this problem was mostly corrected in Vista and 7. Users areno longer Administrator by default, and in order for a system level task to be run, the software requires explicit permission from the user (via UAC).

Please correct me if I am wrong.

Adam

[sunrat]

ross549, on 19 April 2012 - 04:42 AM, said:

Actually, I think this problem was mostly corrected in Vista and 7. Users are no longer Administrator by default, and in order for a system level task to be run, the software requires explicit permission from the user (via UAC).
Please correct me if I am wrong.

Not wrong there Adam, but it still doesn't seem very secure. I you want to run an executable file in the default user account, the UAC box pops up asking if you wish to Allow it. I'm sure many users will just click "Allow" without giving it a second thought or understanding the possible consequences.

[ross549]

sunrat, on 19 April 2012 - 07:08 AM, said:

Not wrong there Adam, but it still doesn't seem very secure. I you want to run an executable file in the default user account, the UAC box pops up asking if you wish to Allow it. I'm sure many users will just click "Allow" without giving it a second thought or understanding the possible consequences.

That is simply a problem with the user, not the OS. Mac OSX doe s a similar thing where somehting that needs elevated permission prompts the user for a pass word. Same problem there, if the user does not pay attention to what they are doing.

Adam

[amenditman]

I run Win7 on my school laptop and the UAC pops up for every executable and needs elevated permissions. The only thing the user can do is determine if they have asked the computer to do something and is the process the one they started, and if yes, then allow the process to run. The problem is still more than user level. It's a constant nag at the user with no attempt to enlighten them.

Edited by amenditman, 24 April 2012 - 08:55 PM.

[LilBambi]

I run as a standard user on my Mac and have an admin user where I do updates to the system and run some tools.

I can install software with no problem by giving the admin uname/password in my standard account.

It is annoying at times though.

[LilBambi]

PoC exploits for Linux privilege escalation bug published (January 12, 2012)

Quote

The publication of proof-of-concept exploit code for a recently spotted privilege escalation flaw (CVE-2012-0056 ) in the Linux kernel has left Linux vendors scrambling to push out a patch.

The flaw affects versions 2.6.39 and above of the Linux kernel code, and the OS' creator Linus Torvalds published a patch on the official Linux kernel repository more than a week ago.

Unfortunately, only RedHat and Ubuntu managed to push out patches for it before PoC attack code began popping up online, TechWorld reports.

More in the article including links.

[LilBambi]

/. also picked up on that one btw

[securitybreach]

LilBambi, on 19 April 2012 - 09:16 AM, said:

PoC exploits for Linux privilege escalation bug published (January 12, 2012)



More in the article including links.

Yup that was the last link I posted on #10. That said, Arch fixed the issue rather quickly so RedHat and Ubuntu were not the only ones: https://bbs.archlinu...c.php?id=134219

[LilBambi]

Quote

Sure, there are Linux viruses. But let's compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell's Analysis of the Impact of Open Source Software (note: the link is to a 135 kb PDF file):

"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."

So there are far fewer viruses for Mac OS X and Linux. It's true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS's will never experience all of the problems we're seeing now with email-borne viruses and worms in the Microsoft world. Why?

So true, that!


And so true about not being able to run stuff in email in Linux email clients. Or in Thunderbird if set correctly even in Windows.

Browsers on the other hand, may still be problematic in all OSes with the way driveby downloads can be accomplished regardless of the OS you run, particularly if you have Java or Flash, etc. installed and active in the browser. Mainly Java and Flash more than other Plugins in Linux.

And no one is talking about the potential risk to all OSes with the much more versatile HTML5 renderings in browsers. I think we may yet find something that can be called for every OS out there. Even Android has been hit and it's based on Linux.

[LilBambi]

Yep, just thought it was interesting article on it.

I think many of the distros were pretty quick about correcting the issue.

[securitybreach]

LilBambi, on 19 April 2012 - 10:19 AM, said:

Yep, just thought it was interesting article on it.

I think many of the distros were pretty quick about correcting the issue.

It was very interesting, I did not mean that. I just figured you did not see my link above.

[LilBambi]

Nope, I saw it.  Very nice explanation too.

[sunrat]

How to write a Linux virus in 5 easy steps.
Food for thought, and lots of reading including the comments, but worth the effort. Also read the follow-up article.

[LilBambi]

Thanks! Very good article, Sunrat!

[V.T. Eric Layton]

And the debate continues...

Read the comments to this blog article from Linux.com:

https://www.linux.co...ntivirus-needed