Page 1 of 10 123 ... LastLast
Results 1 to 10 of 99

Thread: Linux viruses -- everything you need to know!

  1. Back To Top    #1
    Ascendant GreyGeek's Avatar
    Join Date
    Feb 2009
    Posts
    16,483
    Threads
    1169
    Local Date
    Jun 5th 2020
    Local Time
    11:20 AM

    Linux viruses -- everything you need to know!

    Linux expert Rick Moen upgraded his authoritative piece on viruses and Trojans in Linux two days ago.

    IT SHOULD BE A MUST READ FOR ALL LINUX USERS ... ESPECIALLY NEWBIES...

    One sentence summary: You aren't in Windows any more, Todo...

    *
    V. In Summary:

    There are real threats to Linux security. If you spend time looking for "Linux viruses" — which, by and large, can come at your system only if you get behind them and push — you might miss the real threats and not do something useful like studying your security profile and other measures.

    And yes, some "virus" author could in principle, some day, in the very worst-case scenario — if he/she were able to find a remotely exploitable Linux kernel network-code flaw unknown to everyone else — unleash a devastating and rapid, automated, surprise attack that clobbers (compromises) within one hour a large percentage of, say, worldwide Internet-connected i386 Linux servers' TCP/IP stacks, and thus gains root control.

    This would force all afflicted systems to be offline for a day to await the necessary patch and be rebuilt. That would be very annoying — but would hardly be unrecoverable. Moreover, I'll give very long odds against this or less-central failures happening, too — and lower ones for the same threat against practically every other OS.

    Why? Some of the reasons were articulated nicely in (separate) analyses by Nick Petreley, Eric Raymond, and Karsten M. Self:
    o System was designed for multiuser and networked operation from the ground up.
    o System was designed to distrust and not rely (in the general case) on remote procedure calls (RPCs), especially not between hosts.
    o System is profoundly modular, with the simplest, most generic possible interactions (often via pipes or textual interchange — even if then layered over sockets, etc.) between components (which can thus be individually changed, patched, upgraded, removed, or disabled as desired — without, in general, large interdependency consequences or cascade failures). Within that modular framework, functional substitutes exist and can be swapped in for almost all common security-relevant codebases. (E.g., if OpenSSH is having security problems, I can easily sidestep to LSH or any of several other SSH daemons. Ditto Web servers, ftp daemons, mail servers, etc. If need be, I can even change kernels.)
    o System doesn't give software excessive privilege or easy paths to escalation. Components run with high privilege are kept as small and carefully checked as possible. Interacting components seldom even run as the same effective user ID, and thus are in a poor position to subvert one another's resources.
    o As a result of the above, system state is highly transparent, lending itself to effective scrutiny and management via simple, well-understood tools (including ps, netstat, lsof, lslk, fuser, etc.).

    For details, please see Petreley, Raymond, and Self's more-comprehensive write-ups.

    Last modified: 2010-03-02
    rick@linuxmafia.com

    Copyright (C) 1995-2010 by Rick Moen. Verbatim copying, distribution, and display of this entire article (page) are permitted in any medium, provided this notice is preserved.

  2. Back To Top    #2
    Esteemed Member
    Join Date
    Jul 2007
    Posts
    632
    Threads
    51
    Local Date
    Jun 5th 2020
    Local Time
    02:20 PM

    Re: Linux viruses -- everything you need to know!

    I don't run any form of antivirus while in Linux, but I will say, it is not hard to write code that will act very 'virus like' for Gnome/KDE. And it DOESN'T require root access to do some pretty hefty damage to an average user. Users just need to be aware that just because they are in a Linux enviroment, doesn't mean you can open any attachment that comes along.

    mm0

    Dell Inspiron 1720 Laptop<br />Intel T9300 Core2Duo Processor @ 2.5Ghz<br />4 GB Ram | 1920 X 1200 Resolution<br />2 X 160 GB SATA HD Internal<br />Nvidia GeForce 8600M Graphics Adapter<br />Using Kubuntu 9.10

  3. Back To Top    #3
    Junior Member thriller's Avatar
    Join Date
    Feb 2010
    Posts
    10
    Threads
    4
    Local Date
    Jun 5th 2020
    Local Time
    04:20 PM

    Re: Linux viruses -- everything you need to know!

    It says all i386 systems running a Linux kernel could be affected. So does that mean anyone running i686 and 64-bit kernels would be safe? I think with advancement of processors, the threat of viruses decrease as well as increase in some cases. I don't run anti-virus as well, but a user would be quite idiotic to open any attachment (and enter admin password) that he/she gets.
    AMD 64 Turon X-2, 4GB RAM, Kubuntu 12.04 LTS 64bit

  4. Back To Top    #4
    Ascendant GreyGeek's Avatar
    Join Date
    Feb 2009
    Posts
    16,483
    Threads
    1169
    Local Date
    Jun 5th 2020
    Local Time
    11:20 AM

    Re: Linux viruses -- everything you need to know!

    I agree with Rick:
    Should I get anti-virus software for my Linux box?

    The problem with answering this question is that those asking it know only OSes where viruses, trojan-horse programs, worms, nasty Javascripts, ActiveX controls with destructive payloads, and ordinary misbehaved applications are a constant threat to their computing. Therefore, they refuse to believe Linux could be different, no matter what they hear.

    And yet it is.

    Here's the short version of the answer: No.
    If you simply never run untrusted executables while logged in as the root user (or equivalent), all the "virus checkers" in the world will be at best superfluous; at worst, downright harmful. "Hostile" executables (including viruses) are almost unfindable in the Linux world — and no real threat to it — because they lack root-user authority, and because Linux admins are seldom stupid enough to run untrusted executables as root, and because Linux users' sources for privileged executables enjoy paranoid-grade scrutiny (such that any unauthorised changes would be detected and remedied).

    Here's the long version: Still no. Any program on a Linux box, viruses included, can only do what the user who ran it can do. Real users aren't allowed to hurt the system (only the root user can), so neither can programs they run.

  5. Back To Top    #5
    Ascendant GreyGeek's Avatar
    Join Date
    Feb 2009
    Posts
    16,483
    Threads
    1169
    Local Date
    Jun 5th 2020
    Local Time
    11:20 AM

    Re: Linux viruses -- everything you need to know!

    Quote Originally Posted by thriller
    It says all i386 systems running a Linux kernel could be affected. So does that mean anyone running i686 and 64-bit kernels would be safe? I think with advancement of processors, the threat of viruses decrease as well as increase in some cases. I don't run anti-virus as well, but a user would be quite idiotic to open any attachment (and enter admin password) that he/she gets.
    Please read the ENTIRE article!

    Security has nothing to do with hardware. An i386 system or an i686 or a 64bit Linux system are equally, and VERY, safe. The reason is well explained in Rick's article.

    Don't run as root, don't download unknown apps, or from unknown sources, don't give execute permissions to alien binaries. IOW, don't be stupid. Besides, an AV application can be just as susceptible to being infected as any other application, and it is usually given root permission.

    I don't run AV software. I used to run it for the benefit of my Windows using friends so that any email I forwarded on to them wouldn't infect their computers, but almost all of my friends now run Linux. The rest will just have to take their chances -- which is 100% that they WILL get infected. THEN they'll ask me to "fix" their system. They KNOW what my fix is -- replace Windows with Kubuntu. 8)

  6. Back To Top    #6
    Esteemed Member
    Join Date
    Jul 2007
    Posts
    632
    Threads
    51
    Local Date
    Jun 5th 2020
    Local Time
    02:20 PM

    Re: Linux viruses -- everything you need to know!

    who says it needs you to enter your password to do damage? it only needs a password to infect to root file sysem. Think of all the damage that can be done to a home directory. including autostart, emailing, etc. also, all you have to do is get someone to open a .desktop file to get a bash script to run.
    Dell Inspiron 1720 Laptop<br />Intel T9300 Core2Duo Processor @ 2.5Ghz<br />4 GB Ram | 1920 X 1200 Resolution<br />2 X 160 GB SATA HD Internal<br />Nvidia GeForce 8600M Graphics Adapter<br />Using Kubuntu 9.10

  7. Back To Top    #7
    Ascendant dibl's Avatar
    Join Date
    Oct 2006
    Posts
    12,955
    Threads
    176
    Local Date
    Jun 5th 2020
    Local Time
    04:20 PM

    Re: Linux viruses -- everything you need to know!

    The worst thing that ever infected my Kubuntu system was strigi ...


  8. Back To Top    #8
    Esteemed Member
    Join Date
    Jul 2007
    Posts
    632
    Threads
    51
    Local Date
    Jun 5th 2020
    Local Time
    02:20 PM

    Re: Linux viruses -- everything you need to know!

    hahahahaha! no kidding.
    Dell Inspiron 1720 Laptop<br />Intel T9300 Core2Duo Processor @ 2.5Ghz<br />4 GB Ram | 1920 X 1200 Resolution<br />2 X 160 GB SATA HD Internal<br />Nvidia GeForce 8600M Graphics Adapter<br />Using Kubuntu 9.10

  9. Back To Top    #9
    Kubuntu as a Second Language Telengard's Avatar
    Join Date
    Dec 2006
    Location
    USA
    Posts
    1,227
    Threads
    41
    Local Date
    Jun 5th 2020
    Local Time
    11:20 AM

    Re: Linux viruses -- everything you need to know!

    Quote Originally Posted by dibl
    The worst thing that ever infected my Kubuntu system was strigi ...
    Yeah, I haven't used the thing since it never worked on Hardy 8.04. I think KFind is still on the system, but why bother. The find, locate, and grep commands work better than any GUI file finder I've ever used.

    Makes me wonder though, is Strigi still useless junk on Lucid 10.04?

  10. Back To Top    #10
    Ascendant GreyGeek's Avatar
    Join Date
    Feb 2009
    Posts
    16,483
    Threads
    1169
    Local Date
    Jun 5th 2020
    Local Time
    11:20 AM

    Re: Linux viruses -- everything you need to know!

    Quote Originally Posted by muzicman0
    who says it needs you to enter your password to do damage? it only needs a password to infect to root file sysem. Think of all the damage that can be done to a home directory. including autostart, emailing, etc. also, all you have to do is get someone to open a .desktop file to get a bash script to run.
    "a password"? What password would allow doing damage to the root file system EXCEPT the root password? None. If you choose an adequate root password chances of privilege escalation are next to none. IF it were otherwise, you'd be reading about bot farms made of millions of Linux computers, but you don't.

    However, you are right about damage to the home account. IF you download an infected binary (shame on you for visiting that malware site anyway or installing alien software!) and run it as you, it can ONLY do what you can do -- the worst being to delete your own home account. Big deal. You do make regular backups of your home account, don't you? Then just delete yourself as a user, delete what the malware didn't delete of your home account, recreate your home account, and reboot. Restore from your backup.

    As far as the *.desktop email attachment is concerned, that attack vector was valid only on a few distros when it was first demonstrated and I doubt that it is valid on any now. For it to work now you would have to detach it and save it in your desktop directory, save the binary that it is supposed to "exec", then click on it. Three actions that, if you were to do it, would demonstrate that you are not being very smart about your admin duties.

    BTW, in eleven years of using Linux I have yet to encounter ANY Linux virus, Trojan or other malware, let alone be infected. I used to play with Windows viruses using WINE just to see what they'd do. After they did their damage I'd investigate the "C:" directory and explore what was left and do an analysis of the code and/or script the virus left behind. Then, I'd delete WINE and reinstall it. Got boring after awhile because there are only about 8 or so attack vectors for Windows, and the millions of viruses out there are just variations of those eight. Download a virus source, change the name of a variable slightly, recompile, and PRESTO! You have a "new" Windows virus which completely fools the signature datafile of all the AV products for several weeks or more.

Page 1 of 10 123 ... LastLast

Similar Threads

  1. Linux and viruses (or virii)
    By arochester in forum Geek News
    Replies: 3
    Last Post: Mar 4th 2011, 12:18 AM
  2. [question] why linux has no viruses
    By electropc in forum Help the New Guy
    Replies: 5
    Last Post: Apr 21st 2010, 02:39 PM
  3. Using WINE might give your linux system viruses?!?
    By pcdoctor in forum Help the New Guy
    Replies: 2
    Last Post: Mar 27th 2008, 08:56 AM
  4. Replies: 5
    Last Post: Nov 2nd 2007, 05:12 AM
  5. Replies: 0
    Last Post: May 24th 2007, 03:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •