FWIW, I posted months ago somewhere about an article I had read on the www somewhere, detailing a dude's attempts to run common Windows Viruses (about a dozen as I recall) under WINE on Linux. None of them would work. The one or two that actually did execute to any degree failed to accomplish their respective goals, and neither was able to replicate itself.
I don't know what exactly this proves or disproves, if anything, but it does tell me that if I were someone inclined to have WINE on my system, I shoudn't be too too worried about Windows viruses compromising my Linux/WINE machine. They might screw up the WINE environment, if they are lucky, but to date, none has been able to mess up the host machine.
If I can come across the site and/or article again anywhere, I'll post the link. If someone else finds the article, either let me know so I can add it to this post, or atleast so I can edit my post to point to yours, so readers can view the article.

Well I've heard from someone that he was able to run virus on wine that messed up his desktop due to wine desktop integration. However, this information isn't reliable - there are no screenshots, no virus name, no wine version, no nothing. The whole story could have been made up...

Anyway (IMHO) if virus is a Windows program that doesn't use undocumented or unimplemented functions, I don't see anything that'll prevent it from working and infecting dll's and exe's in wine folder, as well as all accessible writeable files. Also I suppose that some WinXP/Win98 viruses might work, if they were launched with Wine.

Wine viruses should only effect the .wine folder in the user's home directory.
ErV, I don't know of any linux programs that don't support multi-users

Yes, that's right.

By saying "don't support multi-users" I mean that program, for example, doesn't install itself in /usr/local/bin, its data to /usr/local/share, but instead needs to store it's configuration files in directory it's installed into (i.t. it should have read-write access to the directory). Most serious applications doesn't do this, but some games/small applications do, as I know. As I understand such behaviour is "not normal", and can make system more vulnerable if such application is installed system-wide (by adding users to a certain group, or making executable suid or something else). Am I right? If this not a correct point of view, please, let me know about it.

Thread merged.
Thanks for the suggestion. Thread stickied.

i) while every distribution is different, that doesn't offer you all that much protection. If the vulnerability is in, say, bind or sendmail, anyone running a vulnerable version of bind or sendmail will be vulnerable. If the attack vector is to deliver a .rpm, probably all distros that use .rpms will be potentially vulnerable and while that more-or-less bisects the linux world (.rpm and .deb...and .tar.gz files can be made to work on pretty much everything) that isn't particularly strong protection.

ii) Every installation is different... True, but you don't have to know many installation details to attempt an exploit. That one particular distro may put some stuff in a variant place like /usr/sbin doesn't slow you down much in using the distro, why should it stop an exploiter?

There is a potential advantage here and that is not installing vulnerable programs. While you don't know what the next exploit will be, avoiding programs that have been recently exploited in favour of functionally similar programs that have not been exploit targets is advantageous, as is not running services that you don't need (can't exploit non-existant services) and not running services with unnecessarily high levels of privilege.

ii) Not all linux users are 'well behaved'.
Not every exploit is dependant on the program itself being writable.

iv) It seems that one of the major infection vectors on systems with weaker security uses as a vector data files for Office Applications that include dastardly macros. There is a trade-off here between user convenience and security and that particular vendor seems always to take the 'let's go for convenience, unless and until someone exploits it, and then, maybe, issue a patch' (and, oh, by the way, we'll take such a restrictive approach to what you might be allowed to do with our software that users can be afraid to get updates from us because we might cut off their ability to use our software) approach to security.

In this case, there are several things that you might do; disable macros (to the extent possible), use a viewer program to look at untrusted document files, not download files which might contain macros from the 'net, for example. But will users take any or all of those measures? (Hint: the answer is not 'yes'.) You could even use an alternative Office package which makes life less easy for writers of macro viruses, but that hasn't happened either (at least, not noticeably for security reasons).

Users even open e-mails with known security problems, either out of curiosity (the 'cat' approach to electronic security) or for the thrill.

In this context, I would make some observations:

With brain-dead users, you need to do whatever you can to limit the problems that they will cause. (Note: some of the brain-deadness is induced by the corporate environment and I'm not suggesting that the users themselves shoulder all of the blame for having become brain dead.)

If users avoid unsafe behaviours, you are a lot safer than if they just do whatever is convenient/fun without thinking.

Linux is much safer than some mass-market security disasters, but that does not, of and by itself, make Linux 'bullet-proof'.

There are various measures within a nominally more secure environment that you probably should be taking (from not running services as root, chroot environments, careful selection of services, firewalls, to SELinux/AppArmour that improve your bulletproofness. One of those measures might be virus scanning, another might be Intrusion Detection). The correct combination will depend on your particular circumstances. If you are a three-letter agency, you will have a risk assessment...

You shouldn't regard this as 'I'm running Linux, no one can possibly do anything nasty to me', but 'I'm running Linux, that was a good first step; what else, if anything, should someone in my position be doing'.

The Linux Malware problem is nowhere near as bad as some other systems.

There is no observable Linux malware epidemic today. There have been laboratory cases of Linux malware, but there are few recorded instances in the wild. There is little interest in writing Linux malware today (it is harder, there is a lower market share, but it might get you bragging rights), but that may change. If, maybe when, it does change, what do you have to lose if you get caught (how valuable is your data, can you afford to re-install stuff, so how valuable is your time)?

There is little disadvantage in using a free AV system, but at this point, there may be little practical advantage either (TLAs and corporates - please see earlier comment). If you do not indulge in unsafe behaviour, you are probably allright, but what if someone carried out a 'bogus repository' exploit? Would that get you? What would happen then?

Don't trust anyone. Particularly those who tell you "Don't trust anyone" And certainly not 'Trust me, I'm a snake-oil salesman.' :-)

i)actually rpms are different for every distro that uses rpms usually

What I need to know is about emails. Forwarded mail with cute little pictures jumping up and down or morphing into something else. When I ran "Winders" I could copy and paste them into other mail and cut out all the scripts! If you look at the source code of those "[FWD...FWD...etc.] you can see that they are doing much more than just getting forwarded! I don't know exactly what they do but I have a pretty good idea! Nothing good! I don't forward anything anymore to anyone! I think there is a "Sinister Plan" going on here and it has to do [I think] with DCOM-scm {port 135} and Microsoft-ds on port 445! Somewhat anyway! Does anyone know anything about the new "Syber Command" facility the Gov is putting in down there in Shreveport?
Anyway...Is there anyone that can explain the e-mail crap I keep getting in the forwards? I am really curious!

Thanks and pardon my lack of knowledge in these matters!

This seems a very old thread (last post in 2004). Whilst attempting a tutorial link in the above site my virus checker (Kaspersky) blocked a trojan that came up a undeletable. I've only been on Linux sites for less than a day. Perhaps this thread has been resurrected on a similar thread. Is it advisable to report such attack to the above website.

Which distro are you running?
You'd want to make sure that the virus was from there before doing that.

I have to say that I've been running Linux for approximately 8 years and have never seen a single virus in all that time.

I've seen certain file infectors on various hacked linux systems in the wild, and there's source code posted to various places for linux viruses. There's even viruses for mobile phones and calculators. They just aren't very effective on linux. Beyond Windows viruses in email that came in a user's mail, I've not had a virus infect my linux system.

on a small percentage of people read the source code so it does NOT REALLY matter if the source is open or not, i don't even read the source - why require everyone on the planet to read the source code as it takes time, it's trusting in repositories, etc. or the vendor ur using that they didn't put something bad in the OS of ur machine... - Other words it means that the most important people to watch for such baddies is the vendor of the OS one uses..

...................................
B.O.T

Viruses to exist for linux, however we WILL see how bad it is when the users of a linux box equals that of a windows box.

hoobs, I've merged your post (and the resulting discussion) into the Megathread, as it seems the discussion is moving in that direction anyways. Next time, please start your own new thread instead of resurrecting one that's been dead for years.

You can't really compare linux to windows if linux had 95% of the market share because there is such a variety of software for linux and not everybody even uses the same linux kernel, or use the same linux kernel modules or even use the same programs or the same versions of programs so it would be pretty hard to find a program that a lot of people use the same version of, plus I'm sure the devs of a program could make a patch in a matter of days, or hours considering its open-source compared to microsoft, who can take virtually as long as they want in making a patch. I read a story, the other day, about IE 6 not being patched for 286 days in 2006, and I highly doubt that there is any active open-source product that takes that long to make a security patch. So it would be very difficult to make a linux virus that effects a large number of people and have it actually do so

I am new to Linux so my question is do I need an Antivirus?

In any case what should I be careful for?