Virus Threats to the GNU/Linux Operating System

[securitybreach]

Agreed!!! I thought you were referring to physical access when you said "getting personal". But you do make an excellent point!!!

[amenditman]

I still see the same old trend online... MS Windows proponents and AV companies warn Linux users not to be too confident because evil does lurk out there and Linux is vulnerable according to these experts. On the other hand, the vast majority of the Linux oriented sites online are of the opposite opinion; claiming that Linux is secure and not at all vulnerable, with the exception of a few minor malware-type issues.

 

I sure would like to know the the REAL TRUTH! Am I going to have to study virii and malware for the next ten years to form my own expert opinions about this? Doen't anyone have definitive answers?

By the time you get up to speed, it will have all changed many times over.

The are only two things you need to remember

1 - As long as there is a human being operating a computer, the human being will be the weakest link in the security chain.

2 - The bad guys will keep right on trying to take advantage of the weak links in the chain.

[securitybreach]

By the time you get up to speed, it will have all changed many times over.

The are only two things you need to remember

1 - As long as there is a human being operating a computer, the human being will be the weakest link in the security chain.

2 - The bad guys will keep right on trying to take advantage of the weak links in the chain.

 

So true!!!!

[Guest LilBambi]

By the time you get up to speed, it will have all changed many times over.

The are only two things you need to remember

1 - As long as there is a human being operating a computer, the human being will be the weakest link in the security chain.

2 - The bad guys will keep right on trying to take advantage of the weak links in the chain.

Yes! This is what I was trying to say!

 

Thanks amenditman!

[goretsky]

Hello,

 

There is not a lot of malware for Linux and related operating systems, but there is some. For that matter, it might be important to look back to the origin of the terrm computer virus, which was coined in 1985 by Fred Cohen's doctoral thesis advisor, Len Adelman (a/k/a, the "A" of RSA). In his thesis [PDF], Dr. Cohen experimented on computer viruses for UNIX.

 

The majority of security incidents I hear about on Linux are about system compromises of various sorts, which could be due to poor or outdated OS configurations, bad password practices, insecure applications and so forth. A look at zone-h's archive shows that a fair number of comprmised web sites are running some distribution of Linux, so it does seem to be an issue. Of course, it could be that malware was used to attack the server, or that post-compromise it's being used to direct users to malware or even host it, but it's important to keep in mind that malware is a very generic term and includes more than the classic recursively-self-replacating parasitic file infectors that are what most people think of when you say computer virus (and probably account for aroundd 10% or less of the current volume of malicious code).

 

In my experience, there are several reasons why someone would install anti-malware software on a Linux-based system. In no particular order:

• They were actually infected by malware or their server was used to distribute malware, and wish to protect themselves against future infections.
  
• They work in an environment where anti-malware software is mandated on all computers, regardless of operating system.
  
• They work in an environment where they exchange or host files with more heavily-targeted operating systems, such as Microsoft Windows.
  

There are probably a few others, but that's just off the top of my head. While the market for anti-malware software constantly grows, I rarely see it advertised for Linux servers or desktops, and when I do, it never seems to use fear-based marketing. If you have some really egrigious example of such advertisements, could you share links to them? Thank you.

 

Regards,

 

Aryeh Goretsky

[ross549]

The majority of security incidents I hear about on Linux are about system compromises of various sorts, which could be due to poor or outdated OS configurations, bad password practices, insecure applications and so forth. A look at zone-h's archive shows that a fair number of comprmised web sites are running some distribution of Linux, so it does seem to be an issue. Of course, it could be that malware was used to attack the server, or that post-compromise it's being used to direct users to malware or even host it, but it's important to keep in mind that malware is a very generic term and includes more than the classic recursively-self-replacating parasitic file infectors that are what most people think of when you say computer virus (and probably account for aroundd 10% or less of the current volume of malicious code).

 

I would be willing to bet that the vast majority of these compromises are within PHP/mySQL, and not the host system itself. My own website was attacked a couple of times, and PHP/mySQL was the attack vector.

 

If the site had been set up with static pages, I highly doubt it would have ben compromised.

 

Adam

[Guest LilBambi]

Not always but often for sure Adam.