Symantec published this (date: August 5, 2008):

http://www.symantec.com/security_res...257-99&tabid=2

After reading it, I found an important mistake (at least, I thought it was important):

And then I asked myself: Is it possible for Linux to execute files such as .vbs, .bat, .exe, .pif and .scr? My answer was nooooo. Am I right?

So, one of the famous questions came back to my mind:

Do viruses exist in Linux? Can they break my system?

If I need to execute a script to start a virus and executing a script needs root privileges How can a virus be executed without my approval?

How can a rootkit be inserted in my system without me knowing it?

And the last question I would like to ask would be:

Why you think Linux is safer ?(not links, just your own opinion. I would like to know our opinion as users)

For me, one of the reason is that we don't use the system as root (unless we need to execute a script or to do system setups). And the other reason is that kernel is less vulnerable. But I am not sure about this (it's a hope and not my knowledge!!! :-)

Thank you!

If you're worried about rootkits you can install a utility (rkhunter) that will check your system for bad guys. This utility is available at SBo. You are less likely to have your system compromised if you're running your system as a regular user and not as root.

http://slackbuilds.org/repository/12.1/system/rkhunter/

Those extensions are blocked so windows machines connecting to email server won't get infected. And you actually can (manually) execute *.exe and *.scr on Linux - with WINE.

Yes, but there is small amount of them, often they depends on dated vulnerabilities fixed long time ago, and can't do any harm unless launched as root.

Depends on your system setup. On normal system setup they can't change system files.

Using unpatched vulnerability that allows leveling of privileges. Or by using remote code execution vulnerability (if exists) in a program that runs with "set uid" privilegies with root owner.

Using security holes. That is:
1) weak passwords.
2) System configuration files (/etc/) accidentally available for download via ftp/http
3) http/ftp/whatever daemon has write access to system directories
4) "set uid" applications with "remote code execution" vulnerability (via buffer overruns, etc.)
5) etc.

Default security policy is better, default permissions are better, and "Working as root should be avoided" rule is very good. Normal malicious script won't be able to take down whole system (it can break user data, though, if it is launched)

Ok, the first thing to understand is that companies like Symantec that sell "antivirus" software have a vested interest in scaring the shit out of uninformed computer users in-order to sell their product.

Now for a bit of terminology.


Trojan:

The term is taken from the story of the Siege of Troy and the Trojan Horse (which should really be referred to as a Greek horse if you're being 100% accurate). In computing terms, a Trojan, is a program with a nasty surprise (the payload) hiding inside of it, just like the Greeks hiding inside their horse.

All OSes are susceptible to Trojans, Linux included. Almost all of what people commonly refer to as viruses or malware are in fact trojans. Again, just as the greeks in their horse relied on the Trojans bringing them inside the city walls, a Trojanned program relies on you bringing it inside your system.

One slight mitigation is that unlike windows, linux and UNIX in general has a strong user separation model. If one user runs a Trojan, then the scope for mischief of the Trojan code is limited by the power of the user that runs it. In practice, this mitigation really doesn't count for that much on a desktop system as you'll most likely be using the same user for everything.

Virus:

A computer Virus is a snippet of code that when run will self-replicate (attach) itself to any other executable programs that it can find, 'infecting' them. Just like a trojan, a Virus will probably contain a nasty payload in addition to the code it uses to spread itself.

Linux users don't generally have access to overwrite program files such as those in /usr/bin and the like, therefore a virus generally won't spread to other executables, however, the virus will still have its payload, which will work exactly the same way as I described for the trojan.

As I mentioned above, most of the stuff people commonly call viruses are really trojans and don't spread themselves further once they hook into your system anyway, so again in practice this little bit of extra protection Linux gives you probably isn't worth all that much.

Worm:

A worm is effectively a virus that remotely exploits a weakness in your system to get inside your system without any intervention needed on a users part. Worms may exploit software errors such as buffer overflows on things like network server software such as http, ftp servers etc, or even something as simple as weak passwords. Once it sets up home in your system it will use that as a base to start worming its way into other peoples systems. Worms are much rarer, but when you get an outbreak they spread across the internet like wildfire and Linux can be just as susceptable to them as anything else.

Keeping current with security updates and having good firewall rules is the best way to protect yourself from a worm.

As for MS Windows, the reason its got such a bad reputation is mostly to do with really dumb design decisions like:

• Allowing the web-browser to download and run Active-X.
  
• Hiding the file extension by default so that boobies.jpg that someone emailed you is really boobies.jpg.exe but you don't know about it.
  
• Having Autorun.inf on removable media so things will run when you insert a disk without you taking any action.

In reality, the security of a system has far more to do with the mindset of the users/administrators on it rather than any of its technical nuances. And despite what the anti-virus vendors would have you believe, their products really don't provide that much protection.


So, how do I try and keep my system safe:

1) Use good stong passwords and keep them safe.

2) make sure all patches are applied promptly.

3) make sure any network services that you need to run have as tight a set of firewall/iptables rules as you can make them and don't run any network services that you don't need. This will help protect against Worms.

4) Only download and install software from trusted authors. Make sure that you check the md5sum and gpg signature if available before installing them to ensure that no one other than the author has tampered with it. This will help protect against trojans and viruses.

5) Don't use root from XWindow's Desktop. If you slip up and a trojan gets in and installs a keylogger under your userid it may capture the root password if you 'su - root' from an xterm. It'll be much harder for it to grab the password if you only use the root account directly on a VT. (though if you've already been trojan'd you've already lost anyway, so this one has arguable value, but doing this can't hurt any).

6) Virus scanners aren't much use, but using an intrusion detection system to make sure non of your systems binaries have been tampered with is a good idea. Setup and use tripwire or AIDE and scan your system for changes periodically. It won't stop people getting in, but if you use it correctly, you'll atleast know you've been "owned".

7) Be a Paranoid, tin-foil hat wearing loony and trust no-one.


I hope that was of some use to someone. This topic almost always results in someone saying "Linux doesn't have viruses", which although true to some degree, really doesn't give the big picture and can give folk a false sense of security.

I think the LQ readers will benefit from this excellent post, it is very thorough! I enjoyed this last remark, funny stuff, man:-)

8) Be extra-paranoid, wear tin-foil underpants (NOT a thong), and don't even trust yourself.

I dunno, but personally I have had an insane amount of problems with Window$ in the past because it was constantly infected with malware, trojans, viruses, and maybe even worms. Not only that, but these seemed to wreak havok on the system no matter the measures taken, sure the measures do help, but not that much. With Linux I have not had a single problem with any trojan, malware, virus, worm, or rootkit. Did I forget to mention that my $ony laptop came with a nice surprise from $ony, a rootkit, yay, and it seemed to be embedded into Window$ and no way to remove it unless you buy another copy of Window$ one not provided by $ony with the added present. As you might guess, I refused to buy another copy, wiped the disk with dban and installed Linux.

Oh, and I swore an oath that no computer I own will ever run Window$ again, and I refuse to aid Window$ users to fix the unfixable which is what Window$ is, it is a lost cause, abandon ship.

Agreed.
I've been windows free for a few years now and I don't miss it at all.
Speaking of paranoia (tinfoil hats), all this talk of trojans and rootkits prompted me to scan all of my Linux boxes. I'm clean. I've never encountered malware in Linux.
The only type of proprietary software that I administer is OS X on my daughter's Macbook.

I have never run a downloaded script.
I have never installed any software package from outside the official debian repository.

Though not mentioned above, I think installation from the repositories and availability of software to do almost anything in these repositories minimizes the chance that users have to look for pirated or evil windoze software and fall prey to malicious intents.

And of course, due to the open source nature of most of the programs used by *NIXers, any evil code is found out and patched sooner rather than later.

Sony is on my 'evil companies never to give business to' blacklist. As for XP, Its never really given me any problems at all.

As I've mentioned before, my main box mboard died a few weeks ago and I'm back on a old P3-800 that I resurrected to tide me over. One of the things that's putting me off getting a new system is that they all now come with vista. I tell ya, I'm sooo tempted to just say sod it and buy an iMac 20". Garageband looks like it could be alot of fun to provide a bit of accompaniment for when I play my guitar. Hydrogen on Linux is ok, but the interface is a bit clunky.

Is it true that linux can get the m$ worms? I thought I remembered during one of the last big outbreaks, code red or whatever, that macOS and linuxes weren't being infected? I have never heard of a worm on linux -- are there any worm blockers? or just safe practices?

Worms work by exploiting unpatched vulnerabilities in network services such as httpd, ftpd sendmail daemon and the likes. It's amazing how lapse some companies/organisations can be about keeping things patched. They're usually specific to a single piece of software and quite often to a specific patch level though there's nothing to stop more sophisticated worms trying to exploit several different vulnerabilities at once. Keep patched and use a firewall where possible and you shouldn't have much to worry about.

For me it is much clearer now. As a brief summary, I can write:

a) We should always work as users and not root (unless we need to do so).

b) Use rkhunter and chkrootkit regularly. Rkhunter has a self update option (rkhunter --update). We can use both every now and then.

c) Teorically, virus may exist in Linux but... Did you find any in your system?

d) Symantec tries to make us feel we need an antivirus as in win.

e) Linux is safer and Linux people is nicer!

f) We prefer Slackware!

Thanks people for your opinion.

Glore2002.-

If you want antivirus, try clamav, it's rather good. I used it for a while, but ended up removing it because it never found anything.