Discussion:
[LAD] Linux Malware
Louigi Verona
2012-03-22 15:17:46 UTC
Permalink
Hey guys!

This is an Offtopic question, really, but I wanted to ask people I know and
people who are developers - what are the reasons there are (almost) no
viruses on Linux?

The typical argument is that there are not too much users.
I generally do not agree with this argument and point to architectural
reasons, number of distros, community reasons and the openness of the
platform. Additionally, I even argue that the more users, the faster news
about a potential risk spreads.

However, several of my friends and colleagues at work who are long time
Linux users have argued that in the end it is still the number of users,
since no architecture is perfect and virus writers will find a way to
penetrate the system and target all known distros.

I am wondering if I am missing something. Does anyone on this list thinks
that number of users does play more than a minor role?
--
Louigi Verona
http://www.louigiverona.ru/
Alexandre Prokoudine
2012-03-22 15:32:57 UTC
Permalink
Post by Louigi Verona
Hey guys!
This is an Offtopic question, really, but I wanted to ask people I know and
people who are developers - what are the reasons there are (almost) no
viruses on Linux?
Technically I could be wrong, but ... Lots of viruses come via mail.
On Linux it means executing binary files from mail clients. Well,

1) mail clients on Linux don't do that
2) the executable attribute of a file is lost when you send it anyway.

Alexandre Prokoudine
http://libregraphicsworld.org
Luis Garrido
2012-03-22 15:50:03 UTC
Permalink
I would say your friends are essentially correct.

To put an extreme example, there is only so much an operating system can
do for security-unconscious users that will grant root permissions to an
unknown executable that promises adult content or the Linux port of
"Angry Birds."

Knowledgeable and determined attackers can only be fended-off with an
active security policy.

However, the Linux software distribution model based on well-maintained
centralized repositories will probably help in making casual infections
more difficult. If those repos are compromised, though...

L
Emanuel Rumpf
2012-03-22 16:43:03 UTC
Permalink
Post by Louigi Verona
what are the reasons there are (almost) no
viruses on Linux?
I don't write them for Linux, because I don't want to infect my own system :))


OK that was a joke. I don't write viruses and would have to guess an answer :)
--
E.R.
Lorenzo Sutton
2012-03-23 09:55:50 UTC
Permalink
Hope the [OT] labelling excuses me being verbose :)
Post by Louigi Verona
Hey guys!
This is an Offtopic question, really, but I wanted to ask people I know
and people who are developers - what are the reasons there are (almost)
no viruses on Linux?
I think there is a subtle yet substantial different between 'viruses'
and 'malware' (and my thought is confirmed by wiwipedia [1])

A virus is traditionally a piece of code attached to an executable which
you run and 'infects' the system and easily replicates when copied to
other systems. In the old days it was really easy to get these by
swapping floppy disks.

Malware is a software which is intently programmed to perform
unforeseen, unwanted, harmful activity, usually behind the back of the
user. The degree of 'mal'-ness is to some degree subject to debate and
user perception. E.g. a programme sending information to a server
without the user knowingly accepting this could be considered malware,
but many users are ok with this. So could be considered a programme that
once removed from the system leaves an hidden or hard to remove trace
(e.g. some anti-piracy mechanisms do this). Or simply a programme which
changes your homepage or default search engine.

The most obvious way I could see some-one 'catching' a virus for linux
would be execute a programme with viral code. I think this is much more
unlikely in linux due to e.g. distribution packaging, massive presence
of open source (and thus the many eyes), no user/consumer antivirus market.

As for malware one could say that a harmful script (say one that does rm
/) is malware, I would take it a little further saying that to define it
malware the user should be tricked into executing it.

In both cases you can see how proprietary is the 'bad guy' in all of
this. How do you know that skype isn't malware when you doenload a
binary .deb blob and install it? Even on linux?

Lorenzo.

[1] http://en.wikipedia.org/wiki/Computer_virus
Louigi Verona
2012-03-23 11:12:32 UTC
Permalink
Hey Lorenzo!

Thanks for the reply. By malware I meant a more general category. I would
be more content to speak of viruses, which would include things attaching
themselves to daemons and things which would copy your passwords and start
sending out spam.

In view of the argument of the amount of users I guess one of the questions
once could ask is whether Linux would have more viruses and would be a less
safe environment if it begins to be used as widely as Windows.

My current answer is "no", but many people say "yes". How would you answer
this question?
Jostein Chr. Andersen
2012-03-23 20:13:05 UTC
Permalink
Reply to All / Reply to List
On Thursday 22 March 2012 18.17.46 Louigi Verona wrote:

Hey guys!

This is an Offtopic question, really, but I wanted to ask people I know
and people who are developers - what are the reasons there are (almost)
no viruses on Linux?

The typical argument is that there are not too much users.
...

If I should take a wild guess, It was not so many Windows users in
numbers back in around 1992/1993 either, but the number of viruses and
Co. was around 16 000. So yes, that number argument is not really good.

The smaller number of viruses and other problems in Linux is in my
opinion mainly because of this:

* The simplicity in file structure. Most programs and libraries
can be normally be found in just a few paths, which generally
makes it easier to control things. This structures also makes
it easier to install and run programs without being an admin
and messing with the system.
* It is the distro vendors that are doing the hard work of
upgrading packages as fast as possible when a security
hole are discovered. In a main stream distro like Ubuntu,
this can happen more that one time at day if needed. In
Windows this is once a week and in OSX, it can take many
weeks if they fix it. This is a very serious thing. Many
packages are in use in both Linux, Windows and OSX,
If I'm not mistaking, Openssl is one of them. So when the
world knows about security holes, it might take long time
before MS and Apple fix it.

So to sum it up: The distro take care of most of it in Linux,
MS and Apple usually only care about the OS related stuff.
In addition: for MS, antivirus and other security programs
are central for keeping things healthy. The passive nature
of the Unix systems are probably better here.


*Speaking about packages: They are often open sourced,
and many eyes can identify and solve problems.

This was only tree points, but one can probably find more. But now, I will
go and watch TV! :-)

Jostein
Gordon JC Pearc e
2012-03-23 20:51:30 UTC
Permalink
Post by Louigi Verona
The typical argument is that there are not too much users.
I generally do not agree with this argument and point to architectural
reasons, number of distros, community reasons and the openness of the
platform. Additionally, I even argue that the more users, the faster
news about a potential risk spreads.
Actually, there are many, many more Linux machines connected to the
Internet that Windows machines - all those broadband routers.

Ever seen a Windows box directly connected to PPPoA? No? Yeah, that's
what I thought...
--
Gordonjcp MM0YEQ
David Robillard
2012-03-24 00:15:23 UTC
Permalink
Post by Louigi Verona
Hey guys!
This is an Offtopic question, really, but I wanted to ask people I
know and people who are developers - what are the reasons there are
(almost) no viruses on Linux?
The typical argument is that there are not too much users.
Maybe "typical" in Redmond... the typical sane argument is that users on
Lignux systems only have write access to their home directories, which
the system does not run software from by default.

Windows, on the other hand, traditionally had users running with
complete access to the system. Add to the mix notoriously flaky
low-quality code, slow moving development, and a core system built from
numerous layers of piled legacy crap, and it'd be shocking if exploits
*didn't* run rampant.

Anyone claiming that any system would have been as badly affected in
Windows' situation has no idea what they're talking about. The system
essentially didn't have any form of security whatsoever. The security
model wasn't flawed, it *wasn't there*. You didn't have to exploit the
system to get viruses and malware on it, you just had to get the user to
run something.

Windows isn't a victim of its own popularity, it's a victim of being
crap.

-dr
Paul Davis
2012-03-24 00:38:10 UTC
Permalink
Post by David Robillard
Post by Louigi Verona
Hey guys!
This is an Offtopic question, really, but I wanted to ask people I
know and people who are developers - what are the reasons there are
(almost) no viruses on Linux?
The typical argument is that there are not too much users.
Maybe "typical" in Redmond... the typical sane argument is that users on
Lignux systems only have write access to their home directories, which
the system does not run software from by default.
true, but a little reset of LD_LIBRARY_PATH, or even better,
LD_PRELOAD in the user's .profile or whatever can go a long way
towards fixing that particular .... err, barrier ;)
Gabriel M. Beddingfield
2012-03-24 23:23:56 UTC
Permalink
Post by David Robillard
Windows, on the other hand, traditionally had users running with
complete access to the system. Add to the mix notoriously flaky
low-quality code, slow moving development, and a core system built from
numerous layers of piled legacy crap, and it'd be shocking if exploits
*didn't* run rampant.
Anyone claiming that any system would have been as badly affected in
Windows' situation has no idea what they're talking about. The system
essentially didn't have any form of security whatsoever. The security
model wasn't flawed, it *wasn't there*. You didn't have to exploit the
system to get viruses and malware on it, you just had to get the user to
run something.
In all fairness... the situation in Windows is getting better while the
situation in Linux is getting more relaxed. When it comes to the user
experience, Win7 and Ubuntu now have more or less the same security
model WRT doing administrator tasks (asking for a password, sudo-style).
And even in Windows XP you *could* do it right (don't run as admin),
but several applications forced people to do it wrong... and the default
was to run as admin.

So now the difference is mainly that *nix has execute permissions on files.

Everything else is converged or converging.(*)

-gabriel
Jeff McClintock
2012-03-24 21:19:23 UTC
Permalink
Post by David Robillard
Lignux systems only have write access to their home directories, which
the system does not run software from by default.
So Malware can trash your personal documents and steal your identity.....but
the kernel is safe?
Post by David Robillard
Windows isn't a victim of its own popularity, it's a victim of being
crap.
Yeah, While the average programmer makes 20 errors per 1000 lines-of-code.
Linux programmers, having being on a mission form god, NEVER make such
mistakes, therefore Linux is has no exploitable flaws.

;)

Seriously though, this is *SO* off topic.

Best Regards,
Jeff
Post by David Robillard
Message: 3
Date: Fri, 23 Mar 2012 20:15:23 -0400
Subject: Re: [LAD] Linux Malware
Content-Type: text/plain; charset="UTF-8"
Post by Louigi Verona
Hey guys!
This is an Offtopic question, really, but I wanted to ask people I
know and people who are developers - what are the reasons there are
(almost) no viruses on Linux?
The typical argument is that there are not too much users.
Maybe "typical" in Redmond... the typical sane argument is that users
on
Lignux systems only have write access to their home directories, which
the system does not run software from by default.
Windows, on the other hand, traditionally had users running with
complete access to the system. Add to the mix notoriously flaky
low-quality code, slow moving development, and a core system built from
numerous layers of piled legacy crap, and it'd be shocking if exploits
*didn't* run rampant.
Anyone claiming that any system would have been as badly affected in
Windows' situation has no idea what they're talking about. The system
essentially didn't have any form of security whatsoever. The security
model wasn't flawed, it *wasn't there*. You didn't have to exploit the
system to get viruses and malware on it, you just had to get the user
to
run something.
Windows isn't a victim of its own popularity, it's a victim of being
crap.
-dr
Geoff Beasley
2012-03-24 21:40:10 UTC
Permalink
Post by Jeff McClintock
Yeah, While the average programmer makes 20 errors per 1000 lines-of-code.
Linux programmers, having being on a mission form god, NEVER make such
mistakes, therefore Linux is has no exploitable flaws.
It's a reality that Linux (and it's programmers) have been at the
forefront of computer software design and implementation; and that will
continue.

Microsoft have never been.

g.
Paul Davis
2012-03-24 22:16:35 UTC
Permalink
On Sat, Mar 24, 2012 at 5:40 PM, Geoff Beasley
It's a reality that Linux (and it's programmers) have been at the forefront
of computer software design and implementation; and that will continue.
Microsoft have never been.
this isn't actually true. microsoft research has done some pretty
innovative stuff. the original NT kernel group headed by dave cutler
(who used to work at dec and basically bought a decent chunk of the
VMS team with him) did some quite creative things with kernel design.
and even the justifiably maligned IE did bring a few features to web
browsers that are now standard. even though CORBA attempted to do
"object management" before MS, its design never really took off,
whereas MS's "DOM" model has been quite successful when viewed through
certain lenses.

what is true is that microsoft innovations rarely spread outside of
microsoft. not never, just rarely.
Pedro Lopez-Cabanillas
2012-03-25 11:27:44 UTC
Permalink
Post by Paul Davis
even though CORBA attempted to do
"object management" before MS, its design never really took off,
whereas MS's "DOM" model has been quite successful when viewed through
certain lenses.
DOM? Document Object Model? like in HTML and XML documents processing?
I guess you mean COM, aka OLE2, == Component Object Model.

Let me add D-Bus to the soup of acronyms:
http://dbus.freedesktop.org/doc/dbus-faq.html#components

Regards,
Pedro

Gordon JC Pearc e
2012-03-25 09:05:33 UTC
Permalink
Post by Jeff McClintock
Post by David Robillard
Lignux systems only have write access to their home directories, which
the system does not run software from by default.
So Malware can trash your personal documents and steal your identity.....but
the kernel is safe?
The malware has to be able to run. Simply writing it to disk is not
sufficient.
--
Gordonjcp MM0YEQ
Gordon JC Pearc e
2012-03-25 09:05:29 UTC
Permalink
Post by Louigi Verona
The typical argument is that there are not too much users.
I generally do not agree with this argument and point to architectural
reasons, number of distros, community reasons and the openness of the
platform. Additionally, I even argue that the more users, the faster
news about a potential risk spreads.
Actually, there are many, many more Linux machines connected to the
Internet that Windows machines - all those broadband routers.

Ever seen a Windows box directly connected to PPPoA? No? Yeah, that's
what I thought...
--
Gordonjcp MM0YEQ
Loading...