DesktopLinux
Click here to learn
about this Sponsor:
the monthly magazine
of the Linux Community
DesktopLinux
  home  |  news  |  articles  |  forum  |  polls  |  sponsors  |  search  |  directory
Desktop Linux Forum
Ask a question, give an answer, express an opinion, start a debate
Forum home | Sign In | Sign Up | Search | Help | DesktopLinux.comStart New Thread | Reply to Thread | Printer | Forward

Home / LINUX vs. WINDOWS debate / discussion
Virus In Linux - Debate?
Virus In Linux - Debate?

Virus In Linux - Debate?Virus In Linux - Debate? (modified 0 times) penguin
Do we really need to install antivirus software on your LinuxOS-based computer? Linux follows File Sysetm Heirarchy Standard and is considered to be more secure with it's file system permissions and previliges structure. Hence is there a real virus threat in linux? If so, how and what is it? What makes linux vulnerable to virus, in case? Anyone who wants to speak about "Virus in Linux" , please echo your words here....
Jun 04, 2003 13:45:10

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) matt y
Profile | Email
I've been using linux for about 5-6 years now, and full time for over 2 years at least. I don't know a single person who has ever gotten a virus while running linux.
Jun 05, 2003 07:11:18

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) kevin
I've been running linux full time since 1995. I also am not aware of a single person who has ever gotten a 'virus' on linux. However, in unix we call them 'worms'.

Due to the design of unix, these things are theoretically impossible. But due to buggy implementations, they can become possible. So in the exceptionally rare circumstance that one of these nasty buggers gets out in the wild, the solution is a bug fix rather than virus scanning software.

For example if you are hooked up to the internet running web servers / etc and no firewall, you could be vulnerable to worms or hacking. There have been several cases of unix worms in the last 20 years; the first biggie was in the mid 80's (long before I started using unix). I also remember a couple years back there was some sort of web worm going around attacking linux.

The difference here is in how this sort of thing is handled on linux. In the windows world, virus scanners would have been updated to scan for a fingerprint of the virus and alert you. In linux, the vulerable application is immediately patched; that type of worm can never happen again.

They key to protecting yourself in linux is to keep up with your security updates; on redhat for example, use up2date regularly. And use the linux firewall (firestarter works great to configure it).

Jun 05, 2003 07:34:12

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) Penguin
What is the difference between a worm and virus or trojans? If there are no viruses in linux, then why there are so many anti-virus softwares in linux, such as Vexira, RAV etc. , I am just curious to know . So kevin, u mean to say that there are only vulnerabilities in some linux software, which are utilized in spreading the worms. But there are no viruses in real.
I am working for a corporate and we are aiming to provide a standard Linux Desktop for our employees. The question is , is it required to provide antivirus software with the desktop or not?
Jun 06, 2003 06:58:16

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) matt y
Profile | Email
The AV software I've seen for linux is intended to be used on linux servers (primarily gateways or mail servers) to prevent the virii from getting to the end users machine (usually a Win box).
Jun 06, 2003 07:03:02

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) kevin
> What is the difference between a worm and virus or trojans?

They are all malicious programs, but what is different is how they spread.

Trojan - Like the story of the trojan horse; You purposely install a program onto your computer, say some email client. But what if the email client itself chose to contact the author whenever you ran it, and allow him to gain access to your computer? That is a trojan. You put it there, because you trusted it and thought it was legitimate, but it wasn't.

Virus - These are malicious programs you didn't ask for; they find their own way onto your computer. They can often attach themselves to many different kinds of programs, or come in word documents, etc. The key here is that the program that you purposely downloaded was not the culprit; the virus is a stowaway.

Worm - this pretty much refers to a program that can 'hack into' machines; ie, you didn't invite it in any way whatsoever. You just happen to be running a vulnerable mail/dhcp/other server that listens to internet traffic. Worms actively search for and expliot systems on the net. Like an automated script kiddie hacker, it "knows" how to break into a few types of systems and just does it.

So let's look at how these are addressed in the world of linux:

Trojans: Peer review helps people pick apps that are legit; it is generally accepted that evolution is a 'safe' email client (no wisecracks please ). However, it is still possible to get a copy of evolution that was hacked by someone other than the author; what if someone cracked the ftp server you downloaded it from? Every so often you hear about this. How to defend against this? The smart way is to use md5 checksums from one site, and download your email client from another. Not sure if anyone is actually doing this; but I have noticed that distros like gentoo perform md5 checksums on software before it is installed.

Virus: These just don't seem to happen in the wild on linux, and the reason why is hard to explain in detail. My best explanation (and I am certainly not an expert on virii) is that the inherent security at many levels in a linux system, which is always ON BY DEFAULT. As so many have pointed out, the majority of the system is read only to any program that doesn't know the root password. Period. But there are other reasons; as many as there are viruses. I don't want to make this into a novel, so I'll just punt and hand you my opinion, which you can take or leave: I think the jury is still out on whether virii will ever be a serious problem in linux. But right now it certainly isn't.

Worms/hackers: This is a more realistic problem for unix, and something that everyone with a linux machine connected to the internet should be concerned with. I lumped worms together with hackers because they are really the same thing, especially if you consider script kiddies. The solution to this is: keep up to date with security enhcements on all your internet daemons. If your software is impenetrable by the exploits these worms/kiddies employ, then they will simply skip to another machine.

matt y: Couldn't have said it better myself. Penguin: You often see email accounts being offered with virus protection. These systems are usually unix based, and they filter the MS based virii out of email as it passes through the system. I can (and have in fact) copy a windows virus onto my linux hard drive; outside windows it is helpless.
After a quick check of Vexira, it appears to be this sort of scanner.

> The question is , is it required to provide antivirus software with the desktop or
> not?

Not at this time. But keep an eye on this; if the situation changes, you will find out about it.

As I said above, the #1 thing you should worry about is hackers/worms. There is plenty of information out there about how to secure a linux machine; it usually consists of these rules:

- Don't run any services you don't need; ie don't put web servers on every corporate desktop if they aren't going to use them. Nmap will tell you what a system is running.

- If you must run internet daemons (services), run the stable software and keep them up to date with the latest bug fixes.

- For that matter, keep the entire system up to date with the latest bug fixes.

And when I say 'latest bug fixes' here, I mean something specific. Take RedHat for example. I absolutely would not run a production system on RH8.0 or RH9.0, ever. Instead, look at RH7.3; it is currently the 'stable' release from redhat. It doesn't change, the software is well tested in the field, and has gone through several incarnations. The automatic updater (up2date) will fetch the bug fixes and security updates automatically.

If RH releases a 9.1, then a 9.2, I would then consider upgrading to 9.2 (hypothetically). Because there are few if any major changes from 9.0 to 9.1 to 9.2; instead, it is just polish, bug fixes and security enhancements.

Most linux distros have the concept of a 'stable' branch vs a 'testing'; in debian they actually call it that. In RH, you have to understand their version numbering.

Jun 06, 2003 13:36:37

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) scriptkiddie
Is Red Hat still going to do point releases? I thought they decided to kick the x.1, x.2, version numbering for a simple x, x+1, x+2 versioning system. Why, I have no idea. Maybe they are going to do a Microsoft like approach and just release fixes and enhancements as they go, rather than release a whole new system.
Jun 06, 2003 19:50:49

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) kevin
scriptkiddie:

You raise a valid point, and I can't answer your question definitively. But I have a good guess.

When RH released 7.0, they called it RedHat 7 and not 7.0; I was a bit thrown by this initially, and presumed that with RH7 they were going to simple version numbering. They subsequently released 7.1, the 7.2, and finally 7.3.

When the major number rolled to '8', they once again just called it '8' rather than '8.0'. I expected a '8.1' to be forthcoming, but instead they shortly thereafter came out with RH9.

RedHat has a history of jumping the gun on new technology; changing too much a bit too fast. I suspect that is why we saw the jump from RH8 to RH9; they broke it.

Then again, maybe they just changed their version numbering scheme, and all public releases are considered 'stable'. Before making a real decision about this, check out RH's web site or give them a call; I'm sure they would be happy to straighten you out. ;)

My main point here was that you should be _aware_ of your linux vendor's policy regarding what they consider to be 'stable' releases; most linux vendors do make a distinction.

Jun 06, 2003 23:13:44

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) penguin
Here is what I came across....

1. simile is the first polymorphic and metamorphic virus to infect both Windows and Linux machines.
2. Bliss has been called a virus for Linux, a common Unix trojan, a virus-like trojan with worm-like features etc

there are several examples I think..........
I don't know whether there are any latest virii for linux....but the fact is there are virii for linux and I think antivirus is a must for linux too....
....
Penguin

Jul 10, 2003 07:48:36

RE:Virus In Linux - Debate?RE:Virus In Linux - Debate? (modified 0 times) linux_learner
penguin,

viruses are self replicating code. as kevin pointed out, a self replicating code is hard pressed to work in linux. for one reason due to permisions, as kevin explained. the other reason that viruses arent found in linux, is because viruses are generally written in VBSscript. windows uses Visual Basic, and Visual Basic script.

worms, as kevin pointed out, are different. worms are kind of a cross between viruses and a hack. a virus because it does fall into the self replicating code catagory. a hack, because a worm seeks out computers with a specific vulnerability. this is how a worm exploits linux/unix. usually the vulerability gives root access, so the worm has the ability to write to the drive, to replicate.

as kevin pointed out, there are two practices users need to follow. 1) check the md5checksums. 2) keep up to date.

if users follow these two practices, there wouldnt be any need for anit-virus software. even in the windows world these two practices would go along way in preventing viruses, worms, and trojans.

while linux local security is generally better than windows, you should check it and configure it to your specifications.

previously i stated that i was "impressed" with the local security policy of the computers at work, running windows NT 4.0 with service pack 6. i found a vulnerability, that was simply massive and quite impossible in linux. what i did was this; i clicked on the "favorites" button in internet explorer, the right clicked "media". from that i was able to select "explore". it opened up for me, the entire C drive, giving me access to regedit, cmd promt, and a whole lot more. this being on a computer with local security enforced.

this is one reason why viruses are such a threat to windows, and why they are not much of a threat to linux. things could change. it is always best to stay aprised of such issues. complacency and ignorance are your worst enemies.

Jul 13, 2003 05:06:11

Start New Thread | Reply to Thread | Printer | Forward
All times are PSTPowered by UltraBoard v1.62


about us  |  contact us  |  terms of use  |  home  |  search  |  directory  |  news  |  articles  |  polls  |  forum  |  sponsors  |
 
Except where otherwise specified, the contents of this site are copyright © 2001-2003 DeviceForge LLC. All rights reserved. DeviceForge, DesktopLinux, and DesktopLinux.com are trademarks of DeviceForge LLC. The DesktopLinux.com logo is a service mark of DeviceForge LLC. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their owners.