April 11, 2006

The case of the non-viral virus

Author: Joe Barr

Have you heard the "news"? There's a new virus that attacks both Linux and Windows machines. Thus, once and for all, there is an end to the notion that Linux is somehow immune to the viral infections that plague the Windows world. Or at least so one anti-virus software vendor would have the world believe.

Of course, there are a few caveats behind the headlines. One minor thing is that the alleged virus -- called Virus.Linux.Bi.a -- being trumpeted far and wide by Kaspersky Lab is not really a virus, but rather "proof of concept" code, designed to show that such a virus could be written.

A second caveat is that for it to work on Linux, a user has to download the program and then execute it, and even then, it can only "infect" files in the same directory the program is in. Exactly how the program gets write permissions even in that directory is not explained.

And finally, it's not a virus at all. It can't replicate itself, which is one thing that makes a piece of malware a virus. According to Wikipedia, as stated in the first sentence of the entry for "computer virus," a virus is "a self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents." The entry goes on to explain why computer viruses have been given that name, saying, "A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an 'infection,' and the infected file (or executable code that is not part of a file) is called a 'host.'"

So the biggest question I had after reading the story in several different places, none of which provided any data beyond the blind repetition of the scare headline, was, "Why in the world are they calling this a virus, when one of the few facts they provide conclusively proves that it's not?"

Kaspersky Lab has not yet responded to my query about this.

Much smarter folks than I have pointed out that only idiots believe Linux is totally immune from such things. I agree with them. We can never safely assume that Linux is as secure as it can be. But when a Microsoft partner creates a tsunami of headlines with a story about a phony, fabricated "virus," which admittedly is not contagious, and which requires the user to execute it in order for it to do anything at all, I don't call it a virus. I call it BS.


  • Security
Click Here!