V.T. Eric Layton Posted April 18, 2012 Share Posted April 18, 2012 For years and years now I've been hearing and reading conflicting information regarding viruses and malware threats to the GNU/Linux operating system. I often run across hardcore MS Windows proponents who say that there are threats out there. I see Linux fans saying there are NOT threats of any kind. I see BIG BIZ AV companies that are trying to scare GNU/Linux users into buying their products by exaggerating the threats that are out there. What is the truth? Here are a couple of not-so-definitive articles, but based in fact, I believe: https://en.wikipedia.org/wiki/Linux_Viruses http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/ Does anyone know of any truly definitive source for information regarding this topic? Thanks, ~Eric Quote Link to comment Share on other sites More sharing options...
securitybreach Posted April 18, 2012 Share Posted April 18, 2012 Interesting stuff although that second link is from 2003 so a lot of things have changed since that time. Here are a few links: https://www.linux.com/learn/tutorials/284124-myth-busting-is-linux-immune-to-viruses http://cristalinux.blogspot.com/2010/03/understanding-viruses-in-linux.html https://help.ubuntu.com/community/Antivirus http://www.neowin.net/news/a-history-of-viruses-on-linux Quote Link to comment Share on other sites More sharing options...
ross549 Posted April 18, 2012 Share Posted April 18, 2012 Do executing viruses under WINE count? http://blog.opensourcenerd.com/i-can-haz-virus Adam Quote Link to comment Share on other sites More sharing options...
securitybreach Posted April 18, 2012 Share Posted April 18, 2012 Do executing viruses under WINE count? http://blog.opensour...i-can-haz-virus Adam Yeah but it only affects your /home/username/.wine/ folder and is not executable system-wide. So all you have to do is delete you ~/.wine folder and it is gone. Nice proof of concept on the article though Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted April 18, 2012 Author Share Posted April 18, 2012 My understanding, and we've had this discussion in BATL a long while ago (during Bruno's tenure), the ONLY viruses in existence for GNU/Linux operating systems MUST have elevated privileges to activate at all. They're not like Win viruses where just clicking an .exe can initiate the virus. This is one of the reasons that it's not wise to login to your GUI or even your non-X environment as root. At least this has always been my understanding. I most definitely could be wrong about this. That's why I'd like some definitive expert answers regarding this topic. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted April 19, 2012 Author Share Posted April 19, 2012 That's an outstanding option in MS Windows. Unfortunately, 1 in 10,000 MS Windows users will read their Windows manual or Help files to be made aware of that option. In MS Windows, when you install the OS, you are Admin by default. If people would take the time to learn more about permissions in MS Windows, they would be a bit more secure in their computing. It just ain't gonna' happen, though. This past month I've recovered personal data and wiped/reinstalled Windows for five people. None of them kept their Windows updated, antivirus updated, or made backups of their important data. In my experience, sadly, the VAST majority of computer users are JUST LIKE THESE PEOPLE. The reason that it is like this is because when computers first became a hot market commodity, they were sold by sales people who made them sound like that were as easy to use as your television. The problem, as you know, is that computers are more closely comparable to your automobile than to your TV. Your TV will never need regular maintenance or data backups. Your automobile, on the other hand, requires regular oil changes, tire rotations, and tune-ups. And to be honest, most folks don't even maintain their automobiles. We are a lazy, ignorant slug species. Quote Link to comment Share on other sites More sharing options...
amenditman Posted April 19, 2012 Share Posted April 19, 2012 And to be honest, most folks don't even maintain their automobiles. We are a lazy, ignorant slug species. That is just rude, insulting slugs that way! Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted April 19, 2012 Author Share Posted April 19, 2012 Yeah, that was unfair to slugs, huh? I apologize to the slimey little guys. Hey! That rhymes! Quote Link to comment Share on other sites More sharing options...
securitybreach Posted April 19, 2012 Share Posted April 19, 2012 Exactly, there is not much you can do if your account does not have Admin privileges. The problem lies when there are exploits to elevate privileges from user/guest to admin which has been know to exist over the years on various OSs. Pretty much there have only been "proof of concept" viruses on Linux although there have been a few in the past: USN-905-1: sudo vulnerabilities Local privilege escalation when executed with nohup http://www.h-online....hed-742541.html http://www.win.tue.n...x/hh/hh-12.html Linux root Exploit Vulnerability (CVE-2012-0056) Granted most of these are due to bugs that were fixed pretty much immediately. Of course, it depends on how fast the distro you use pushes the update out to their users and the when the exploit has been found. Luckily distros that use a rolling release get the patches right away from the upstream package devs so they are usually updated rather quickly although most distro push out major security fixes right away as well. Quote Link to comment Share on other sites More sharing options...
ross549 Posted April 19, 2012 Share Posted April 19, 2012 That's an outstanding option in MS Windows. Unfortunately, 1 in 10,000 MS Windows users will read their Windows manual or Help files to be made aware of that option. In MS Windows, when you install the OS, you are Admin by default. If people would take the time to learn more about permissions in MS Windows, they would be a bit more secure in their computing. It just ain't gonna' happen, though. This past month I've recovered personal data and wiped/reinstalled Windows for five people. None of them kept their Windows updated, antivirus updated, or made backups of their important data. Actually, I think this problem was mostly corrected in Vista and 7. Users areno longer Administrator by default, and in order for a system level task to be run, the software requires explicit permission from the user (via UAC). Please correct me if I am wrong. Adam Quote Link to comment Share on other sites More sharing options...
sunrat Posted April 19, 2012 Share Posted April 19, 2012 Actually, I think this problem was mostly corrected in Vista and 7. Users are no longer Administrator by default, and in order for a system level task to be run, the software requires explicit permission from the user (via UAC). Please correct me if I am wrong. Not wrong there Adam, but it still doesn't seem very secure. I you want to run an executable file in the default user account, the UAC box pops up asking if you wish to Allow it. I'm sure many users will just click "Allow" without giving it a second thought or understanding the possible consequences. Quote Link to comment Share on other sites More sharing options...
ross549 Posted April 19, 2012 Share Posted April 19, 2012 Not wrong there Adam, but it still doesn't seem very secure. I you want to run an executable file in the default user account, the UAC box pops up asking if you wish to Allow it. I'm sure many users will just click "Allow" without giving it a second thought or understanding the possible consequences. That is simply a problem with the user, not the OS. Mac OSX doe s a similar thing where somehting that needs elevated permission prompts the user for a pass word. Same problem there, if the user does not pay attention to what they are doing. Adam Quote Link to comment Share on other sites More sharing options...
amenditman Posted April 19, 2012 Share Posted April 19, 2012 (edited) I run Win7 on my school laptop and the UAC pops up for every executable and needs elevated permissions. The only thing the user can do is determine if they have asked the computer to do something and is the process the one they started, and if yes, then allow the process to run. The problem is still more than user level. It's a constant nag at the user with no attempt to enlighten them. Edited April 25, 2012 by amenditman Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 I run as a standard user on my Mac and have an admin user where I do updates to the system and run some tools. I can install software with no problem by giving the admin uname/password in my standard account. It is annoying at times though. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 PoC exploits for Linux privilege escalation bug published (January 12, 2012) The publication of proof-of-concept exploit code for a recently spotted privilege escalation flaw (CVE-2012-0056 ) in the Linux kernel has left Linux vendors scrambling to push out a patch. The flaw affects versions 2.6.39 and above of the Linux kernel code, and the OS' creator Linus Torvalds published a patch on the official Linux kernel repository more than a week ago. Unfortunately, only RedHat and Ubuntu managed to push out patches for it before PoC attack code began popping up online, TechWorld reports. More in the article including links. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 /. also picked up on that one btw Quote Link to comment Share on other sites More sharing options...
securitybreach Posted April 19, 2012 Share Posted April 19, 2012 PoC exploits for Linux privilege escalation bug published (January 12, 2012) More in the article including links. Yup that was the last link I posted on #10. That said, Arch fixed the issue rather quickly so RedHat and Ubuntu were not the only ones: https://bbs.archlinu...c.php?id=134219 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 [quote]Sure, there are Linux viruses. But let's compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell's [url="http://www.govtalk.gov.uk/documents/QinetiQ_OSS_rep.pdf"]Analysis of the Impact of Open Source Software[/url] (note: the link is to a 135 kb PDF file): "There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory." So there are far fewer viruses for Mac OS X and Linux. It's true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS's will never experience all of the problems we're seeing now with email-borne viruses and worms in the Microsoft world. Why? [/quote] So true, that! And so true about not being able to run stuff in email in Linux email clients. Or in Thunderbird if set correctly even in Windows. Browsers on the other hand, may still be problematic in all OSes with the way driveby downloads can be accomplished regardless of the OS you run, particularly if you have Java or Flash, etc. installed and active in the browser. Mainly Java and Flash more than other Plugins in Linux. And no one is talking about the potential risk to all OSes with the much more versatile HTML5 renderings in browsers. I think we may yet find something that can be called for every OS out there. Even Android has been hit and it's based on Linux. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 Yep, just thought it was interesting article on it. I think many of the distros were pretty quick about correcting the issue. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted April 19, 2012 Share Posted April 19, 2012 Yep, just thought it was interesting article on it. I think many of the distros were pretty quick about correcting the issue. It was very interesting, I did not mean that. I just figured you did not see my link above. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 Nope, I saw it. Very nice explanation too. Quote Link to comment Share on other sites More sharing options...
sunrat Posted April 19, 2012 Share Posted April 19, 2012 How to write a Linux virus in 5 easy steps. Food for thought, and lots of reading including the comments, but worth the effort. Also read the follow-up article. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 Thanks! Very good article, Sunrat! Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted April 19, 2012 Author Share Posted April 19, 2012 And the debate continues... Read the comments to this blog article from Linux.com: https://www.linux.com/news/software/applications/8261-note-to-new-linux-users-no-antivirus-needed Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted April 19, 2012 Author Share Posted April 19, 2012 Read this definitive (tongue-in-cheek) article about 2005 Linux virus threats: http://lxer.com/module/newswire/view/31417/index.html Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted April 19, 2012 Author Share Posted April 19, 2012 From Linux News: Linux Security: A Big Edge Over Windows Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted April 19, 2012 Author Share Posted April 19, 2012 I still see the same old trend online... MS Windows proponents and AV companies warn Linux users not to be too confident because evil does lurk out there and Linux is vulnerable according to these experts. On the other hand, the vast majority of the Linux oriented sites online are of the opposite opinion; claiming that Linux is secure and not at all vulnerable, with the exception of a few minor malware-type issues. I sure would like to know the the REAL TRUTH! Am I going to have to study virii and malware for the next ten years to form my own expert opinions about this? Doen't anyone have definitive answers? Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 19, 2012 Share Posted April 19, 2012 Linux certainly has security baked in that is very good and by nature. But when you have folks moving to Linux from Windows thinking they will be safer no matter what they do there; that's a true danger to all Linux users. Veteran Linux users now better than to do some of the stupid human tricks or social engineering tricks that often snag Windows users, but some of those same people got burnt and figured they would go to the invincible Linux or nearly so Mac. It's just not a good thing to say that Linux can't be had. It can. Any computer, on any OS can be had, if it gets personal. We've heard that with Security 101 forever. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted April 20, 2012 Share Posted April 20, 2012 Any computer, on any OS can be had, if it gets personal. We've heard that with Security 101 forever. Exactly, there is no OS out there that is secure from physical access. A simple livecd or loading up runlevel 1 (using grub) can access any and all data on your harddrives. Once you have root access, which is easily done by booting into runlevel 1 and changing the root password, you can simply load up a startup script to capture your keystrokes or browser info (logins, etc) and then email the info using sendmail. Unless you watch your logs very closely or use Snort (or an alternative IDS), you would never know..... Pretty much there is not very much you can do once physical access is achieved, your machine can and will be 0wned. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 20, 2012 Share Posted April 20, 2012 (edited) Granted. Physical access is one way, but there are others. There have been servers and home users that have been had as well. Mainly due to some foolish stunt, phishing attempt that looked like the real thing, or answering a question incorrectly because one didn't read it right, or any number of silly things, but they have been had, even remotely. It's not just physical access. Most veteran Linux users wouldn't fall for the types of things I am talking about, but new users might. It just depends on their background and the circumstances. Like on other OSes. Certainly it doesn't happen as often with Linux users as with Windows users, or even Mac users these days, but it does happen. Edited April 20, 2012 by LilBambi Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.