Linux vs Windows Viruses

[Owyn]

From The Register.Interesting talk with my son on Sunday. He does tier-3 support for a living for a large tele-support organization and now starts of every day by reading CERT. Almost all of the major problems that end up on his desk are MS virus/adware/malware related. And almost all of them are something new.By the time something is in the wild for a month they are usually caught at tier-1/2. It takes 1-2 weeks for knowledge base updates to be processed.

[nlinecomputers]

I've seen the article. It is the usual anti-MS stuff almost a FUD. Linux is harder for viruses to infect but I can see it being just as easy for spyware and malware to be installed. If the average Joe will install any FREE program then even with a prompt for a root password he may install somekind of trojan malware on the system. (i.e. a rootkit.) Most spyware tells you in the EULA what it does but do people read EULAs?

[linuxdude32]

I've seen the article.  It is the usual anti-MS stuff almost a FUD.  Linux is harder for viruses to infect but I can see it being just as easy for spyware and malware to be installed.  If the average Joe will install any FREE program then even with a prompt for a root password he may install somekind of trojan malware on the system.  (i.e. a rootkit.)  Most spyware tells you in the EULA what it does but do people read EULAs?

Granted that it's anti-Microsoft, but I don't think it's FUD. The author makes some extremely valid points. I think the average joe is going to install programs provided by his distro maker under Linux or well-known programs more often than not. Trojans or Malware is still possible, but it's doubtful that it would spread as fast in the Linux world.

[nlinecomputers]

I think the average joe is going to install programs provided by his distro maker under Linux or well-known programs more often than not. Trojans or Malware is still possible, but it's doubtful that it would spread as fast in the Linux world.

You're thinking to much like a die hard Linux user. If Linux goes mainstream then scumware authors will write programs for it and end users being the dumb sheep they are will install anything they think sounds cool. Screensavers, porn, you name it and Joe Six Pack will install it.

[linuxdude32]

You're thinking to much like a die hard Linux user.  If Linux goes mainstream then scumware authors will write programs for it and end users being the dumb sheep they are will install anything they think sounds cool.  Screensavers, porn, you name it and Joe Six Pack will install it.

I think a die-hard Linux user is more likely to use programs not provided by the distributor than a novice Linux user. I don't have a problem getting something outside my distro and installing it but Joe Six Pack may not even know *how* to install something his distro doesn't provide. A novice is more likely to use kpackage or whatever comes with the distro than go online, download and install stuff. A Linux distro provides almost everything a novice user would need, unlike the Windows world, where you have to go and find free stuff to complete your system because it doesn't come with the utilities you need most of the time.Maybe we'll know in a few years, but I doubt Linux will ever become mainstream.

[Guest genaldar]

The plus side to linux is that a virus can't really damage the system itself, but it can still damage user files. So a virus caught in email may not be able to damage the config files and what not but since it can destroy all of your personal files (documents, calendars, tasks, emails, etc.) then isn't it just as bad? Sure you don't have to reinstall linux, but all of your personal stuff, the stuff that really matters is destroyed. I can reinstall windows (or linux) in under 4 hours. But I can't rewrite all of my papers for school, or recreate all of my pictures.btw I was wondering what programs a new windows user needs to download? If some competitors had their way they'd have to track down a browser, media player, mail program, etc. But as windows currently ships. What does the average user need that isn't included, but is included in major linux distros?

[linuxdude32]

What does the average user need that isn't included, but is included in major linux distros?

It's true that a virus could wreak havoc in your /home directory, but the real problem with Windows viruses is how fast they spread, and that's because of how it can infect program files which it then uses to send viruses to others without your knowledge. In other words, you'd be less likely to get the virus in the first place in the Linux environment.Regarding what Windows doesn't include as it ships, first off, is a virus checker, which just isn't needed under Linux (and would be included if it were). It's amazing to me that Windows includes other utilities but doesn't include the number #1 thing that would fight what it perpetuates, an anti-virus program. Linux distros also commonly include a office suite (or several), an alternative browser (or several), a cd burner (or several), an image editor (or several), xmms, Adobe Acrobat Reader, Klipper (if KDE), a PIM, etc, etc. There's lots more but you said "average user" so I thought I'd stop there. There are usually lots of other programs included in a Linux distro that an average user may not need to use, but because they're there, a user is less likely to go out looking for them.

[Guest LilBambi]

For the most part in today's OSes, the two biggest keys to keeping any OS secure are a firewall (hardware and/or software, preferably both) and AV software.In Windows, at this point, you really need to add to these two items Spyware detection because the spyware code writers do such a crappy job of coding that they can ruin a system in a heartbeat.

[nlinecomputers]

In Linux I don't even run a AV program. I have F-Prot installed for on demand scans but that is only because my main Linux box is a SaMBa server. I'm more worried about root kits but with a firewall and Mandrake's security tool I feel pretty good about that.

[Guest LilBambi]

F-Prot for Linux is what we use as well.Yes, a well configured firewall -- as long as all the updates are in place as they come out for your firewall appliance -- will keep out most things on Linux.Of course, rootkits are not restricted to the Linux/UNIX world these days.

[Guest genaldar]

The thing is if ms adds a virus program (which I read somewhere online they're looking into) they get to face another round of court. Thats why I think most of the cases against ms have been bad for consumers.

[epp_b]

Albeit the article does make many interesting and some valid points, I still have to side with "Bill" on this one...

How ridiculous! The only reason Microsoft software is the target of so many viruses is because it is so widely used! Why, if Linux or Mac OS X was as popular as Windows, there would be just as many viruses written for those platforms

Think of it from a virus-writer's point of view (you know, you weigh 120-pounds, your eye's are almost as big as saucers buldging out of their sockets, you have a hyper-caffinated mug of coffee at any given time, you'll developed carpal-tunnel syndrome by age 21....wait a second -- that's me ) Virus writing is about what to the author...to see how many computers s/he can infect. I don't see anything else that might drive one to write a virus.If Linux or Mac OS's were the top of the market, and Windows was at 5%, would malicious users really continue write virri for Windows systems?It's a balance between ease-of-use and security. The procedure outlined in the article about executing an e-mail attachment in Linux ("...a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable...") would require that a Linux expert be in an office at all times, just so that someone can open an attachment (not to mention, perform several other every-day tasks).Either way, people have to learn that computing risks data and security if you're not careful -- regardless of what OS you use -- and then learn how to work with it accordingly.As of now, if you're using Windows, it will be simple to perform many everyday tasks, but you have to be careful and knowledgable about working with the OS. With Linux, you don't have to be so careful, you just need to have a 5000-page manual crammed into your brain.

[linuxdude32]

It's a balance between ease-of-use and security.  The procedure outlined in the article about executing an e-mail attachment in Linux ("...a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable...") would require that a Linux expert be in an office at all times, just so that someone can open an attachment (not to mention, perform several other every-day tasks).

I think you're confusing viewing with executing. I use Kmail and I can view attachments just as easily as under Windows by clicking on them. I know, I use Windows XP and SuSE Linux every day. There are very few situations where someone would need to execute an attachment as opposed to simply viewing it.If popularity was the reason there are so many viruses for Windows, then you would think still that 5%, even 2% or 1% of the viruses would be for the Mac since it has about 7-8% marketshare, but that's not the case. Linux on the desktop is believe to have a smaller share but should still have 1% of the viruses, but there are only a handful. Last I heard, and I'm sure I'm undestimating it, is 40,000+ viruses for Windows, many of which are so damaging that they can completely bring a machine to its knees. And don't forget Linux and FreeBSD are very popular for web servers, which together have a majority presence online, so you'd think they would make a great target.I admit, it's a great theory and I believed it, too, but there's no evidence to prove it. My theory is that writing and spreading viruses under Windows is just easier because the administrator role isn't separated from the user role. Windows XP does this to some extent with programs designed for XP, but programs before that (and most free programs on the Internet) will not run at all or properly without administrative privileges.Unix has been around for 40 years and before the desktop PC arrived, it was the main OS and a huge target for would-be script kiddies and virus writers. The safeguards in the Unix system which Linux inherited make virus-writing and more importantly virus-spreading, difficult.

[linuxdude32]

The thing is if ms adds a virus program (which I read somewhere online they're looking into) they get to face another round of court.  Thats why I think most of the cases against ms have been bad for consumers.

Maybe. But it hasn't changed Microsoft's approach. IE, MSN, Outlook Express are still bundled with the OS. It's doubtful that Microsoft would even get so much as a dirty look for including a virus program.I think the outcome was bad for consumers because it didn't accomplish anything. The settlement with Microsoft pretty much established that a monopoly has no responsibility to its customers, customers should continue to pay the Microsoft tax on every computer sold and that fair competition in the OS market isn't necessary. In addition to this if Outlook Express alone was removed from every computer and computer users replaced it with Eudora, most viruses would all but disappear overnight.

[Guest genaldar]

The market share resoning does hold up. With windows on 90+% of desktops that means that you would get the most attention for infecting it. And since most of those types of people want attention they focus on it. Infecting mac or linux wouldn't bring wide spread attention, which is what they want. Sure the geek community would pay attention, but to be blunt they want to be thought of by the opposite sex. Which lets face it, isn't exactly a majority in the geek community. The type of geeks who want geeks attention are the ones who going into serious cracking (like the openssh and apache problems of late) not virus hacking.How could the lawsuits benefit consumers? Lets say the anti-ms side got everything they wanted, ie, oe and media player removed from windows. The courts couldn't have made ms include competitors products (would've violated their constitutional rights). So now people have to get their browsers some other way. Ms starts a new ad campaign, call 1800Internet and receive a cd with the latest Internet explorer, outlook express and media player absolutely free. And since those are the names most people know, guess what they end up with anyway? Thats right ms. Only now you made them wait for it. Gee thank you anti-ms people, I had to wait an additional 4 to 6 weeks to finally use the internet. The suits weren't designed for consumers, they were designed to help sun, aol, real and apple. And if they include anti-virus the lawsuits against it wouldn't help consumers, they would help norton, network associates, f-prot, etc.First off you can remove outlook express from any version of windows. Unless you use Outlook, since it needs oe (no idea why it does, but it does). Secondly how does linux make it hard to spread a virus? Most windows virus' spread through oe, right? So if you implement an unsecure email program that allows attachments to be "viewed" they can self replicate. Since the address book and the program itself are available to the user currently using them there are no system safe guards in place. Let me create an example. Linux takes off tomorrow. Everyone switches to it. There is a new email program that comes out Saturday, insecure, but fast and easy. It becomes the most popular email client in linux (thanks to the hundreds of millions of new users). This client allows you to view any attachment. Some guy over in Europe makes a viurs but disguises it as a new version of solitare (since most people love solitaire). While you try to view this crappy solitaire the actual script runs. Destroying all of your personal files. It could also replicate itself since all it would be doing is sending out an email to everyone in your list and attaching itself. If there are flaws in my scenario please point them out, I'm no security expert so I'm sure there are many.Just like you can have a secure program running on top of an insecure os you can have an insecure program running on top of a secure os. Both have problems. The secure program in an unsecure environment can get knocked over from "below". The insecure program in the secure environment can't damage the system, but it can damage any files the current user has privlages with. Including system files if they logged in as root. Or the malicious code convinced them to run it as root. While that isn't likely with the current linux users, since they tend to be savy geeks, it would be quite possible with many of the windows users. Think of how many windows users don't run firewalls on broadband, or anti-virus on machines on the net. Or even system admins who don't keep patches up to date. Those people would all be targets.

[Guest LilBambi]

The differences between Outlook Express/Outlook from the Eudora/Mozilla type email programs go much deeper than viewing attachments inline.Eudora allows you to view picture attachments inline as well but it doesn't execute scripts, video and/or audio automatically.You would have to literally open the attachment. This is an extra step and many folks have finally gotten a grasp on ... don't open attachments, or at least save attachments and run a virus scanner on them before opening/running the file.Mozilla mail and Thunderbird view files without running executables/scripts so this is not a problem.I do not know of ANY email program made for Linux that will execute programs or code within an email, and because of the inherent problems with doing this, I don't believe they ever will.

[Owyn]

Time I threw my 2cents back into this thread.The market/opportunity argument does have some weight. Unfortunately, from what I have seen (and I am still a novice with Linux), the Microsoft family of software is just easier to hack. Personally I am paranoid and cower behind hardware and software firewalls. I refuse to open ports. I don't use applications which require me to open a DMZ. I have my windows AV set to update daily. I use custom configured security zones in IE. I have my XP systems check nightly for new adware. I regulary revisit Steve Gibson's site to find out about new hacks. I only install controls when I know I need them and can validate their certificates. I never blanket authorize updates. I don't accept 3rd party cookies. And, I know how to do all this.Unfortunately, MS has decided to deliver it's software in about as vulnerable a condition as possible out of the box. And, they have a really bad track record of breaking things with their updates. As a policy, I don't apply MS updates until they have been in the wild for at least a week (unless I have a known problem to fix). Sometimes I feel that updates are MS's are own version of viruses. I spent a lot of time educating myself so that I understood the issues and fixes for Microsoft. I am doing the same thing inside my firewall as I learn about server processes in Linux.I do read a lot about attacks against servers. Many of these are in the denial of service class. Many more seem to succeed against MS/IIS than against the equivalent Linux servers. And, Linux has the market share in this market.I think part of the Linux solution is that the average user is better educated compared to the average MS user. They are just more aware of the issues involved. Perhaps, because using Linux at this time requires it. This may change as Linux provides more widely accepted desktop offerings. I hope not. I also don't think it will occur with the same frequency, the Linux developer community is just to sensitive the underlying problem.What I do see is the spill over onto Linux, particularly in email. The cost to control spam is getting ridiculous.My 2cents.

[Marsden11]

How many out there have installed a linux distro and do not secure it and lo and behold sendmail is a spam relay?Happens all the time."Despite a rash of gushing news stories about the successes of Apple Computer's Mac OS X (on the client) and Linux (on the server), Windows not only continues to dominate its rivals in both markets but also is growing in both markets. Market researchers at IDC say that various versions of the Windows desktop and server OSs currently dominate their respective markets and will continue to do so for at least the next 4 years. IDC credits Microsoft's volume-licensing programs for the company's ability to grow its share when it's already the dominant player.According to the report, "Worldwide Client and Server Operating Environment Market Forecast and Analysis, 2002-2007," Windows desktop OS sales worldwide increased from 93.2 percent of the market in 2001 to 93.8 percent in 2002, accounting for more than $9.75 billion in sales. Various Mac OS versions stalled in second place, with just 2.9 percent of the market (and 2.2 percent of the revenues), although IDC noted that Apple will soon relinquish second place to Linux, which saw desktop growth in 2002 to 2.3 percent of the market. All told, 121 million client OSs shipped in 2002, IDC says; about 113 million were XP, 3.5 million were Mac OS, and 2.9 million were Linux.The server side of the equation also has an interesting breakdown. In 2002, Windows Server products owned 55.1 percent of the market, from a unit-shipment standpoint, up from 50.5 percent in 2001. Second-place Linux accounted for 23.1 percent of new shipments, up from 22.4 percent in 2001. Only Windows and Linux saw growth in 2002.Combined, all UNIX OS versions declined 8.9 percent year over year; Novell NetWare fell 12.4 percent."Microsoft generates about the same amount of OS revenue in 3 days as the entire Linux industry generates in 1 year," IDC notes."source

[Owyn]

According to the Netcraft Web Server Survey, in May 2003, Apache was running on 62.5% of the world's web servers, Microsoft products on 27%, Zeus on 2%, and Sun One on 1%.

Some alternate statistics. From Computer Weekly

[nlinecomputers]

How many out there have installed a linux distro and do not secure it and lo and behold sendmail is a spam relay?Happens all the time.

Well to be fair lots of Linux distros turn that OFF by default This isn't RedHat 6 days anymore. But OTOH their are lots of distros too. This is one of the reasons that I'm an advacate of forcing ISPs to lockdown the ports. Most users don't need most of the port services that are installed/open in ANY operating system. If you need a port ask to have in opened. Perhaps even pay for the use of it. We don't allow our other networks(telephone, electric, gas) to be this easy to abuse why do we permit this? The interent is no longer a co-op of mostly equal users/partners. It is now a utility and it should be regulated as such.

[Guest LilBambi]

"Microsoft generates about the same amount of OS revenue in 3 days as the entire Linux industry generates in 1 year," IDC notes."

Marsden11,Yes, we know Microsoft is alive and doing very well financially. That was not the issue.Linux vs Windows Viruses is the issue.---There is a very good and objective report done by SANS.org here on the Top 20 vulnerabilities in both OSes. There are issues on both sides of the fence. Of that there is no doubt.SANS Top 20 Vulnerabilities - The Experts ConsensusI think this report speaks for itself and it has many well known and widely used consumer programs on the list (ones we should all be taking a good hard look at), as well as server services as well.NOTE: The URL listed for the SANS Top 20 is the exact same link used in the SANS NewsBites. If you want to go to the entire page starting at the top, here's the main link: SANS Top 20 Vulnerabilities - The Experts Consensus (top of the page) Edited October 16, 2003 by LilBambi

[Owyn]

Thinking off the top of my head.Seems like a best practice for the major distributions could be:1)Make the default of all distros to install with as tightly secured a profile as possible.2)Make initializing server processes easy and standard. The install could get all the pieces in place, but, make the user go through an explicit authorization/first time process for each server process which could open security holes.3)Implement a portable standard to audit Linux installations for security violations.4)Merge a notification of new exposures into the standard desktop logins. By definition a first time login with exposure would be a new exposure. Allow the notification to be unchecked a la tips of the day but easily rechecked from the standard menus.Some of the pieces are probably around already.

[Owyn]

There is a very good and objective report done by SANS.org here on the Top 20 vulnerabilities in both OSes. There are issues on both sides of the fence. Of that there is no doubt.SANS Top 20 Vulnerabilities - The Experts ConsensusI think this report speaks for itself and it has many well known and widely used consumer programs on the list (ones we should all be taking a good hard look at), as well as server services as well.

That is one great report. I have just skimmed it for now, but, bookmarked and I will be back for a very serious review.

[Guest genaldar]

According to the Netcraft Web Server Survey, in May 2003, Apache was running on 62.5% of the world's web servers, Microsoft products on 27%, Zeus on 2%, and Sun One on 1%.

Some alternate statistics. From Computer Weekly

To be fair the netcraft survey probably isn't very scientific. But we're getting away from the subject at hand which is viruses. Windows has them and linux isn't immune. There that about sums that up. Oh wait I wanted to say something about mail clients in linux. Let me do this quick

I do not know of ANY email program made for Linux that will execute programs or code within an email, and because of the inherent problems with doing this, I don't believe they ever will.

There won't ever be either, if linux continues to be a niche os used by informed geeks. But if it goes mainstream I could easily see a security addled mail program emerge. All it would have to do is include better smiley faces and it would become the top program within a year.

[GolfProRM]

But if it goes mainstream I could easily see a security addled mail program emerge.  All it would have to do is include better smiley faces and it would become the top program within a year.

Can we say Incredimail for Linux?

[ross549]

*ross549 shudders*

[Guest LilBambi]

(genaldar @ Oct 17 2003, 12:48 AM)There won't ever be either, if linux continues to be a niche os used by informed geeks. But if it goes mainstream I could easily see a security addled mail program emerge. All it would have to do is include better smiley faces and it would become the top program within a year.

Sadly, you may be more prophetic with that statement than most of us would like to admit.If we continue to have developers that are more dedicated to making sure their code works well and security is still their main goal because Linux was developed to be Network and thereby Internet capable by default and from the start, then we may not see this.But, and here's the clincher, if more marketers get their hands in the development, and some developers do not see clean/well behaved code and security as their priorities, what you said may well come to pass. In fact, we have begun to see the writing on the wall unfortunately,Here are a couple that I thought of that might fit into this scenario, besides Ryan's Incredimail (good one LOL!):[*] Lindows (root out of the box .... shudder! Lindows CEO will rue the day they started that!)[*] MS Office compatibility (macro viruses ... f-prot has a complement of macro virus definitions added to their regular arsenal of virus defs (mainly for Windows viruses btw) .. is this why?)I am sure we can come up with many, many more. I sure hope this doesn't come to pass! I hope Linux developers will have taken the lessons that can be learned by watching closely the pitfalls other OSes.Some links that might prove interesting (check out the dates on some of these as well):http://linux.umbc.edu/lug-mailing-list/199...1/msg00311.htmlhttp://isp-lists.isp-planet.com/isp-unix/0...5/msg00162.htmlhttp://lists.ulv.edu/pipermail/route66lug/...une/000372.htmlYou can find much more on this subject on Google, these are just a few on the returns from a search of:

viruses on Linux?

[epp_b]

In addition to this if Outlook Express alone was removed from every computer and computer users replaced it with Eudora, most viruses would all but disappear overnight.

How true

[Guest LilBambi]

Yep ... Eudora, as well as Thunderbird, Mozilla Mail, and a bunch of others that handle email in a safer manner than OE

[Guest genaldar]

Oulook isn't as bad as many of you are saying it is. I've used it the entire time I've used a pc (also tried evolution in linux, eudora, the bat, incredimail, netscape mail, mozilla mail, etc.) and I have yet to have gotten a single virus. I just run an antivirus, set the security level to restricted and kept it almost up to date. I didn't download sp2 or 3 for office 2000 for the longest time because it blocks exe and I know how to deal with those safely so I didn't want to lose the ability to receive them. I finally cracked when I saw the only way to update other security was to download sp3. If only they'd allow root accounts to set the security level in that respect, but set it to block by default.btw anyone know a way to allow them? I think I used to know of a reg hack that did it, but I can't think of it now and its not in my database (i.e. my txt file of reg hacks).