Jump to content

Virus Threats to the GNU/Linux Operating System


V.T. Eric Layton

Recommended Posts

V.T. Eric Layton

For years and years now I've been hearing and reading conflicting information regarding viruses and malware threats to the GNU/Linux operating system. I often run across hardcore MS Windows proponents who say that there are threats out there. I see Linux fans saying there are NOT threats of any kind. I see BIG BIZ AV companies that are trying to scare GNU/Linux users into buying their products by exaggerating the threats that are out there. What is the truth?

 

Here are a couple of not-so-definitive articles, but based in fact, I believe:

 

https://en.wikipedia.org/wiki/Linux_Viruses

 

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

 

Does anyone know of any truly definitive source for information regarding this topic?

 

Thanks,

 

~Eric

Link to post
Share on other sites
securitybreach
securitybreach

Do executing viruses under WINE count?

 

http://blog.opensour...i-can-haz-virus

 

;)

 

Adam

 

Yeah but it only affects your /home/username/.wine/ folder and is not executable system-wide. So all you have to do is delete you ~/.wine folder and it is gone. Nice proof of concept on the article though :thumbsup:

Link to post
Share on other sites
V.T. Eric Layton

My understanding, and we've had this discussion in BATL a long while ago (during Bruno's tenure), the ONLY viruses in existence for GNU/Linux operating systems MUST have elevated privileges to activate at all. They're not like Win viruses where just clicking an .exe can initiate the virus. This is one of the reasons that it's not wise to login to your GUI or even your non-X environment as root. At least this has always been my understanding. I most definitely could be wrong about this. That's why I'd like some definitive expert answers regarding this topic.

Link to post
Share on other sites
Temmu

which is why microsoft recommends running their os as a user or guest and not an admin.

even in linux it is verboten to run as root.

Link to post
Share on other sites
V.T. Eric Layton

That's an outstanding option in MS Windows. Unfortunately, 1 in 10,000 MS Windows users will read their Windows manual or Help files to be made aware of that option. In MS Windows, when you install the OS, you are Admin by default. If people would take the time to learn more about permissions in MS Windows, they would be a bit more secure in their computing. It just ain't gonna' happen, though. This past month I've recovered personal data and wiped/reinstalled Windows for five people. None of them kept their Windows updated, antivirus updated, or made backups of their important data.

 

In my experience, sadly, the VAST majority of computer users are JUST LIKE THESE PEOPLE. The reason that it is like this is because when computers first became a hot market commodity, they were sold by sales people who made them sound like that were as easy to use as your television. The problem, as you know, is that computers are more closely comparable to your automobile than to your TV. Your TV will never need regular maintenance or data backups. Your automobile, on the other hand, requires regular oil changes, tire rotations, and tune-ups.

 

And to be honest, most folks don't even maintain their automobiles. We are a lazy, ignorant slug species. :ohmy:

Link to post
Share on other sites
amenditman

And to be honest, most folks don't even maintain their automobiles. We are a lazy, ignorant slug species. :ohmy:

That is just rude, insulting slugs that way! :w00tx100:

Link to post
Share on other sites
V.T. Eric Layton

Yeah, that was unfair to slugs, huh? I apologize to the slimey little guys. Hey! That rhymes! ;)

Link to post
Share on other sites
securitybreach

Exactly, there is not much you can do if your account does not have Admin privileges. The problem lies when there are exploits to elevate privileges from user/guest to admin which has been know to exist over the years on various OSs. Pretty much there have only been "proof of concept" viruses on Linux although there have been a few in the past:

 

USN-905-1: sudo vulnerabilities

Local privilege escalation when executed with nohup

http://www.h-online....hed-742541.html

http://www.win.tue.n...x/hh/hh-12.html

Linux root Exploit Vulnerability (CVE-2012-0056)

Granted most of these are due to bugs that were fixed pretty much immediately. Of course, it depends on how fast the distro you use pushes the update out to their users and the when the exploit has been found. Luckily distros that use a rolling release get the patches right away from the upstream package devs so they are usually updated rather quickly although most distro push out major security fixes right away as well.

Link to post
Share on other sites
ross549

That's an outstanding option in MS Windows. Unfortunately, 1 in 10,000 MS Windows users will read their Windows manual or Help files to be made aware of that option. In MS Windows, when you install the OS, you are Admin by default. If people would take the time to learn more about permissions in MS Windows, they would be a bit more secure in their computing. It just ain't gonna' happen, though. This past month I've recovered personal data and wiped/reinstalled Windows for five people. None of them kept their Windows updated, antivirus updated, or made backups of their important data.

 

Actually, I think this problem was mostly corrected in Vista and 7. Users areno longer Administrator by default, and in order for a system level task to be run, the software requires explicit permission from the user (via UAC).

 

Please correct me if I am wrong. ;)

 

Adam

Link to post
Share on other sites
sunrat

Actually, I think this problem was mostly corrected in Vista and 7. Users are no longer Administrator by default, and in order for a system level task to be run, the software requires explicit permission from the user (via UAC).

Please correct me if I am wrong. ;)

Not wrong there Adam, but it still doesn't seem very secure. I you want to run an executable file in the default user account, the UAC box pops up asking if you wish to Allow it. I'm sure many users will just click "Allow" without giving it a second thought or understanding the possible consequences.

Link to post
Share on other sites
ross549

Not wrong there Adam, but it still doesn't seem very secure. I you want to run an executable file in the default user account, the UAC box pops up asking if you wish to Allow it. I'm sure many users will just click "Allow" without giving it a second thought or understanding the possible consequences.

 

That is simply a problem with the user, not the OS. Mac OSX doe s a similar thing where somehting that needs elevated permission prompts the user for a pass word. Same problem there, if the user does not pay attention to what they are doing.

 

Adam

Link to post
Share on other sites
amenditman

I run Win7 on my school laptop and the UAC pops up for every executable and needs elevated permissions. The only thing the user can do is determine if they have asked the computer to do something and is the process the one they started, and if yes, then allow the process to run. The problem is still more than user level. It's a constant nag at the user with no attempt to enlighten them.

Edited by amenditman
Link to post
Share on other sites
Guest LilBambi

I run as a standard user on my Mac and have an admin user where I do updates to the system and run some tools.

 

I can install software with no problem by giving the admin uname/password in my standard account.

 

It is annoying at times though. ;)

Link to post
Share on other sites
Guest LilBambi

PoC exploits for Linux privilege escalation bug published (January 12, 2012)

 

The publication of proof-of-concept exploit code for a recently spotted privilege escalation flaw (CVE-2012-0056 ) in the Linux kernel has left Linux vendors scrambling to push out a patch.

 

The flaw affects versions 2.6.39 and above of the Linux kernel code, and the OS' creator Linus Torvalds published a patch on the official Linux kernel repository more than a week ago.

 

Unfortunately, only RedHat and Ubuntu managed to push out patches for it before PoC attack code began popping up online, TechWorld reports.

 

More in the article including links.

Link to post
Share on other sites
Guest LilBambi
[quote]Sure, there are Linux viruses. But let's compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell's [url="http://www.govtalk.gov.uk/documents/QinetiQ_OSS_rep.pdf"]Analysis of the Impact of Open Source Software[/url] (note: the link is to a 135 kb PDF file):

"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."

So there are far fewer viruses for Mac OS X and Linux. It's true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS's will never experience all of the problems we're seeing now with email-borne viruses and worms in the Microsoft world. Why?
[/quote]

So true, that!


And so true about not being able to run stuff in email in Linux email clients. Or in Thunderbird if set correctly even in Windows.

Browsers on the other hand, may still be problematic in all OSes with the way driveby downloads can be accomplished regardless of the OS you run, particularly if you have Java or Flash, etc. installed and active in the browser. Mainly Java and Flash more than other Plugins in Linux.

And no one is talking about the potential risk to all OSes with the much more versatile HTML5 renderings in browsers. I think we may yet find something that can be called for every OS out there. Even Android has been hit and it's based on Linux.
Link to post
Share on other sites
securitybreach

Yep, just thought it was interesting article on it.

 

I think many of the distros were pretty quick about correcting the issue.

It was very interesting, I did not mean that. I just figured you did not see my link above. :thumbsup:

Link to post
Share on other sites
V.T. Eric Layton

I still see the same old trend online... MS Windows proponents and AV companies warn Linux users not to be too confident because evil does lurk out there and Linux is vulnerable according to these experts. On the other hand, the vast majority of the Linux oriented sites online are of the opposite opinion; claiming that Linux is secure and not at all vulnerable, with the exception of a few minor malware-type issues.

 

I sure would like to know the the REAL TRUTH! Am I going to have to study virii and malware for the next ten years to form my own expert opinions about this? Doen't anyone have definitive answers? :(

Link to post
Share on other sites
Guest LilBambi

Linux certainly has security baked in that is very good and by nature.

 

But when you have folks moving to Linux from Windows thinking they will be safer no matter what they do there; that's a true danger to all Linux users. Veteran Linux users now better than to do some of the stupid human tricks or social engineering tricks that often snag Windows users, but some of those same people got burnt and figured they would go to the invincible Linux or nearly so Mac.

 

It's just not a good thing to say that Linux can't be had. It can.

 

Any computer, on any OS can be had, if it gets personal. We've heard that with Security 101 forever.

Link to post
Share on other sites
securitybreach

Any computer, on any OS can be had, if it gets personal. We've heard that with Security 101 forever.

 

Exactly, there is no OS out there that is secure from physical access. A simple livecd or loading up runlevel 1 (using grub) can access any and all data on your harddrives. Once you have root access, which is easily done by booting into runlevel 1 and changing the root password, you can simply load up a startup script to capture your keystrokes or browser info (logins, etc) and then email the info using sendmail. Unless you watch your logs very closely or use Snort (or an alternative IDS), you would never know.....

 

Pretty much there is not very much you can do once physical access is achieved, your machine can and will be 0wned. :ph34r:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...