By Joe Barr

Savvy Windows users have to watch their virus checkers as closely as the head nurse in the ICU keeps an eye on patient monitors. Often, the buzz in the Windows security world is about which protection-for-profit firm was the first to discover and offer protection for the malware du jour -- or should I say malware de l'heure? The only thing better than having backed the winning Super Bowl team come Monday morning at the office coffeepot is having the virus checker you use be the one winning the malware sweepstakes that weekend.

If a rogue program finds a crack in your Windows armor, paying $200 per infection to have your machine scrubbed and sanitized by the local goon^H^H^H^H geek squad not only helps to reinforce the notion that you have to have malware protection, but that it has to be the right protection, too. The malware firms are aware of this, and all of their advertising plays upon the insecurity fears of Windows users and the paranoia that results. Chronic exposure and vulnerability to malware has conditioned Windows users to accept this security tax.

It's no wonder, then, that when Windows users are finally able to break their chains and experience freedom on a Linux desktop, they stare at me in disbelief when I tell them to lay that burden down. They are reluctant to stop totin' that load. They have come to expect to pay a toll for a modicum of security.

I try to explain that permissions on Linux make such tribute unnecessary. Without quibbling over the definitions of viruses and trojans, I tell them that neither can execute on your machine unless you explicitly give them permission to do so.

Permissions on Linux are universal. They cover three things you can do with files: read, write, and execute. Not only that, they come in three levels: for the root user, for the individual user who is signed in, and for the rest of the world. Typically, software that can impact the system as a whole requires root privileges to run.

Microsoft designed Windows to enable outsiders to execute software on your system. The company justifies that design by saying it enriches the user experience if a Web site can do "cool" things on your desktop. It should be clear by now that the only people being enriched by that design decision are those who make a buck providing additional security or repairing the damage to systems caused by it.

Malware in Windows Land is usually spread by email clients, browser bits, or IM clients, which graciously accept the poisoned fruit from others, then neatly deposit it on their masters' systems, where malware authors know it will likely be executed and do their bidding -- without ever asking permission.

Some malware programs require that you open an attachment. Others don't even require that user error. By hook or by crook, malware on Windows often gets executed, infecting the local system first, then spreading itself to others. What a terrible neighborhood. I'm glad I don't live there.

On Linux, there is built-in protection against such craft. Newly deposited files from your email client or Web browser are not given execute privileges. Cleverly renaming executable files as something else doesn't matter, because Linux and its applications don't depend on file extensions to identify the properties of a file, so they won't mistakenly execute malware as they interact with it.

Whether newcomers grok permissions or not, I try to explain the bottom line to them: that because they have chosen Linux, they are now free of having to pay either a security tax up front to protect themselves from malware, or one after the fact to have their systems sterilized after having been infected.

So Linux is bulletproof? No. Bulletproof is one of the last stages of drunkenness, not a state of security. Linux users, like users on every operating system, must always be aware of security issues. They must act intelligently to keep their systems safe and secure. They should not run programs with root privileges when they are not required, and they should apply security patches regularly.

Misleading claims and false advertising by virus protection rackets to the contrary, you simply don't need antivirus products to keep your Linux box free of malware.

Linux.com

 

Comments (17)

Subscribe to this comment's feed

Show/hide comments

Linux, the malware free experience.
written by Per Lindholm, August 28, 2009

I think the Linux community should emphize on the fact that using Linux is a malware free experience that Microsoft can only dream of.

One way of getting Linux in peoples mind is by utilizing this fact where it really matters, like online banking. Therefor I would like to see a screencast showing how you get a lot safer using a liveCD/liveUSB from start to finish.

• 
• +0
• 
• 

...
written by r0000t, September 15, 2009

I to agree that this is an advantage that is not touted enough within the industry. I think we all know it internally, but when it comes to the "decision makers" of Linux vs Windows, at least in the business environment, this isn't covered enough.

As long as the demonstration doesn't include a wireless connection, online banking would be a great example. The reason I excluded a wireless connection is because then you get into the battle of encrypted wireless traffic, etc, etc.

• 
• +1
• 
• 

WRONGGGGG!!!!!!!
written by excuse me!!!!, September 22, 2009

im currently a victim of a linux virus... it infiltrated and turned my system into a server(slow internet)

as an ethical hacker i have in collection 32 linux viruses. also if you think your secure look at these extremely short programs :: gainroot, becomeroot, instaroot, bricker.. and more

and also... i demand demand you destroy this post... or rename it to "there are viruses in linux"

if you really want to fuck with my logic bring it.. i have a 8 gigabyte usb and i can more than cram it with infected programs. the shortest root hack code ive seen is only 7 kilobytes. and once the virus entity becomes root of course it causes bloody mary + beetle juice all over.

master control program:: end of.... grrrrk.... hnnnnnnnnngg!!!
hyperdyne"icka bicka boo?"
tron"boooyaaaa!"

• 
• +0
• 
• 

LoL
written by Will, October 13, 2009

Directed at "excuse me!!!!". One would think if your an ethical hacker you would not be so foolish as to let your system get turned into a server by a virus..........

If you read this blog post very close you will see them telling you to be careful what you give "execute privileges" to...........obviously you were not careful enough.

And you can take your 8gb usb and shove it where the sun don't shine.

Excellent post Joe Barr, keep up the good work.

• 
• +0
• 
• 

...
written by flournoy, October 16, 2009

yes cause theres just such great anti virus for linux. lol anyways.. i discovered it was just the file system

• 
• +1
• 
• 

Antivirus on Linux that scans for Windows Virus
written by Slashww3, October 18, 2009

Hey everyone,

I need to know if there is a AV that I can install on Linux to scan for Windows virusses. The reason why I ask this is because I want to setup a backup server at work which runs a Linux operating system. We are running Windows operation systems on all the computers that I have to support and virusses are a constant threat. Thus, I want to use Linux as the backup server and run virus scans from there to secure the system and the network.

If you guys have any suggestions, I would appreciate it very much.

Thanks.

• 
• +0
• 
• 

new user comment
written by akarobin, October 21, 2009

I always thought the anti-virus game was a 'protection racket' and it was one of the factors that persuaded me to leave the familiar environment of MS Windows and start the climb up the Linux learning curve. One thing struck me as remarkable just before I left and that is that Microsoft offered a security/ anti-virus package designed to protect it's customers from the flaws in it's operating system. I had to pay hundreds of dollars for the OS and then had to pay 'protection money' ad infinitum on top. To me that's unethical and will forever define Microsoft for me.

I notice now that Microsoft offer free security providing your copy of MS Windows passes the genuine validation test(Microsoft Security Essentials). I wonder what the implications of this might be for the industry and in particular those businesses that thrive on the vulnerability of computer users to mall-ware under the MS windows platform?

To be honest for a desktop user like myself, some of the anti-virus solutions offered for MS Windows are worse than the disease itself. I found that not heaving an in-depth understanding of computers & networking left me at the mercy of the anti-virus program and torn between a paranoid fear of what might happen & a lack of functionality should I choose to take the safe option.

Anyway I joined here to thank Joe for his post, i stumbled upon it in a moment crisis, I guess the years of conditioning can't be shaken off overnight . I'm putting a lot of effort into learning, being inspired by all those who work to provide free & open software, who knows, one day I might even be able to help others as I have been helped

• 
• +1
• 
• 

Viruses/Malware can do serious damage to the user without root access
written by Bijan Soleymani, October 26, 2009

You mention permissions and how they are universal in Linux. But that doesn't really protect the user, it mostly protects other users on the system. If I receive an executable it can do something like:
rm -rf ~/ (delete my entire home directory)
in a billion different ways. Bye bye years of data. Fine I can restore from backups, but that is a real pain... Sure /usr is safe, other users' home directories are safe, but all my files are dead and gone.

Worse the virus/malware can open a TCP connection and send data to the cracker's server. It could send him all my emails (if they are not encrypted) and any non-encrypted file I have access to. Again it can't send him other people's files, but do I really care about that or do I care about my personal data?

It can also install a server running on a port >= 1024 and listen and let the cracker log in to my machine. Ok this is with my permissions not root's, but once the cracker has local access, there are often ways of compromising the system and gaining root privileges. If he can do that it's game over for everyone!

So yeah if the user wants to be able to run executables from emails or from the internet they are at risk of all of that. I mean you can use public key cryptography and have the sender or the provider to sign the package with their private key. But that just confirms that the sender/provider is really the one who generated that package, it doesn't mean they are trustworthy.

Is there really anyone who knows all the people they get software from over the internet? Even software in source code form can do all this. I mean sure you can look through the code and find out, but there can be thousands/millions of lines of code.

And there's no easy fix. I mean I don't want to be asked for confirmation by the OS each time one of my file's needs to be deleted, or each time I make a TCP connection.

I could be wrong, and I'd love to see a system that could run arbitrary code with zero risk of hurting the user, I just think that's not realistic.

• 
• +1
• 
• 

Its it me??
written by merlinux, October 30, 2009

Ok, I'm not exactly an expert on the subject but... wouldn't you have to grant execution permissions to that file to allow it to do all that???

yes, you could be thinking it was a specific software you want, but granting it permissions to execute is human mistake and not a system's hole

• 
• +0
• 
• 

Re: Its it me??
written by Bijan Soleymani, October 31, 2009

You're right it might be a human mistake to run dangerous code. I wasn't saying it wasn't. I was just saying that permissions won't protect a user who is not careful. Therefore, maybe the fact that Linux users are more careful is a major part of why they don't need to worry about viruses/malware. At least it's probably more of a factor than permissions, because of all the problems I outlined...

Another reason is that a lot of Linux users get most of their software directly from their distributions. I'm an example of this, I get almost everything from Ubuntu (except for chrome and a couple of thunderbird plugins).

• 
• +0
• 
• 

...
written by Iris, November 01, 2009

I made this:

Practice safer surfing!

I am a human. My computer runs on Linux. I can't find anti-virus software for my machine, could you help me?

my email sig and someone googled and sent me this link. LOL That's great, got 'em thinking. Of course I already knew I don't need AV. Good article.

• 
• +0
• 
• 

...
written by merlinux, November 02, 2009

I do believe it might be nearly impossible to protect "certain" users for harming their machines LOLOLOLOL

However, i also do believe that Linux is the system which is more prepared to protect his users (because of it's permissions system). But I'm not saying it's virus-proof!!! Not at all! Every system is breakable! What I'm saying is that, at the present time (specially if you have your distro up-to-date), there is no known virus able to infect it, unless you do it with intention!

why?!?! Well to find a Linux Virus is, by it self, something extraordinary and after such a small probability you make the mistake of running it with the permissions it needs to take actions... well i would say that something like that is reeeeeeeaaaaaaally hard to happen.

but even if something like that happens we can't forget one of the viruses biggest function: to replicate it-self. For a start it would have to find someone using Linux (Linux absence of virus might, as well, be a result from having "few" users - so it would be hard to find one) and after that It would be even harder to get another Linux user that would have the same bad luck of being caught by a virus and make the same permission mistakes.

But then again, we should never underestimate human stupidity! For that there is no anti-virus!!! LOLOLOLOLOLOL

• 
• +1
• 
• 

desktop user
written by akarobin, November 02, 2009

As someone new to GNU/Linux I am left wondering if there have been any examples of malicious code(i.e. virus) that have had and real success in spreading. I can believe that someone with a lot of technical computer Knowledge might be able to target and compromise the machine of someone without such understanding, but thats not a virus is it? Can a desktop user, such as myself, following normal recommended precautions be generally safe and free from virus's and will this change if there is a big swing away from MS Windows towards GNU/Linux?

• 
• +0
• 
• 

...
written by merlinux, November 02, 2009

Ok, let me put it this way:

The post title says everything you need to know

Linux is as safe as an operating system can ever get. There will (almost for sure) not be possible to make a safer system!!!

However please check this article (http://en.wikipedia.org/wiki/Linux_Virus) and then came back.

Once you read it you'll have to understand a few things:

1º there might be some companies that want Linux to have virus very badly!!! ( cause it will mean Money, money, money for them!!!)
2º no system is full bullet proof
3º The supposed Linux virus are mostly a proof of concept that actually none of them can't do anything if you don't grant them the permissions they need
4º even Linux being the most secure system, we all have to accept that at some degree (even being a very small one) Linux does benefit from:

- Having few users - which does not invite virus creators to t-r-y to make virus for it
- Having a LOT of Distros - which would turn difficult to hackers to develop cross-distro virus
- Having a lot of people involved in its creation - even having few users almost everyone knows a lot and those people do correct a LOT of bugs from which could result virus-attacks - these corrections are also released fast
- Being professional oriented, professional often identify easily menace
- Each distro having their own software repository.

Now, even if it would have a lot of users, a lot of users that don't know what a computer mouse is and one major distro, Linux would still probably be the most secure system, whit very few virus that would get fixed very very fast by the community and this few virus would still be a result from users mistakes. The protection key would still be the "Permissions"-thing talked above


So, even don't understanding much of Linux, i do believe you're as safe as you could be. (you're safe!)
I don't know of any Virus that have been able to spread with success in a Linux environment, but maybe someone else here knows more than me - (wikipedia is not always a safe reference!!!)
As an attack target (that's not a virus) it will not be easy to access your data (as far as i know), since almost every major distro already have the hdd data encrypted.

so, as a resume i could tell you not to worry about virus for Linux. Forget it! You're safe! Rest now

• 
• +1
• 
• 

Linux can still be a carrier ........
written by Hollow Point, December 07, 2009

As Linux grows in popularity there will be more virii/trojans/worms written for it, there will be more exploits found etc. The fact is, Linux/Unix based systems are easier to write viruses for, much easier in fact, bash scripts, perl scripts, even php CLI scripts, javascript built into websites, it's all available and it's all easy to write. The difference is, getting someone to execute said virus, is much more difficult, and if you do manage to get them to execute it, getting that virus to do damage beyond that users specific user account, virtually impossible.

On a home Linux system, I wouldn't really expect ANY virus to ever infiltrate and execute, it's so unlikely that anyone will receive an email with a Linux virus in it, that scenario is barely worth mentioning, running a program you find on the internet without checking it out first is just asking for trouble no matter what OS you're using and the fact that Linux/OSS software encourages you to take part in the community, usually means you find out about any dangerous/suspicious applications that are out there, by doing a quick google search or logging into a forum like LinuxQuestions or even visiting Linux.com, should mean unless you're REALLY stupid, you should be pretty safe. My 14 year old daughter managed to FILL her WinXP system with virii in just a few weeks, she's had a Linux system for nearly 2 months now, I very rarely even check on it, but at last weeks check, there were no virii or spyware or malware in sight.

I still run clamav on my systems, it's just good sense, as someone said in a blog post I read recently, although Linux is unlikely to be infected by a virii, it can still be a carrier. This means, that although you might not be affected by some infected file yourself, that doesn't mean that if you pass on an infected file, you won't infect your friends windows system, and as the blogger put it, "Being the transmitter of 'the electronic clap' is no fun".

In short, be safe and run something free like ClamAV, it doesn't hurt, it's likely to be more up to date on Linux exploits than anything you'd pay for as it's community run, it costs nothing, and it's better safe than sorry. For the most part though, sit back and enjoy the goodness that is Linux and OSS.

Oh and since this issue is annoying me lately and I don't post often, if Stallman reads this, finish HERD and let us try it, or STFU, it's called Linux!

• 
• +0
• 
• 

Wikipedia list of known Linux malware
written by newber, February 02, 2010

http://en.wikipedia.org/wiki/L...plications

and here's some AV programs for Linux:

https://help.ubuntu.com/community/Antivirus

ClamTk, Avira and Fprot (QtFprot) all look good.

• 
• +0
• 
• 

ps
written by newber, February 02, 2010

https://help.ubuntu.com/community/Antivirus

• 
• +0
• 
• 

Show/hide comment form