Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Virii On Their Way?

Posted by Hemos on from the really-damn-funny dept.

Eric the Cat wrote to us with one of the most amusing articles for the day. A Russian Security Consultancy has claimed that a plague of virii for Linux will be coming, thanks to Chinese hackers. Wait - it gets better. According to the security expert, *because* Linux is open source, the viruses will be even worse than in other systems. Thankfully, Jason Clifford, a Linux person, is also quoted in the article setting the story a bit straighter.

4 of 436 comments (clear)

  1. Yes, there are *real* Linux viruses by ViGe · · Score: 5

    Of course viruses exist for Linux. Except they're called Trojans, and there are relatively easy ways to keep them out: check source, compile source especially for anything suid root. Or trust your distro.

    Well, there you are wrong. There exist real viruses for Linux. They are not trojans and some of them even look for security holes in other computer so that they can break into them. Some links to the most "famous" ones:
    Bliss
    Staog

    --

    --
    It has to work - rfc1925
  2. Kaspersky is out of his field... by dmuth · · Score: 5
    Yes, I really have been following viruses since 1992. No, I don't consider myself an expert, but I think I know a fair deal about them.

    That being said, I also used to hang out on Fido Net's virus echos in 1994 and 1995 where some of the true anti-virus experts hung out too. And yes, I consider Eugine Kaspersky of AVP (the guy who was quoted in the article) to be one of them. Back when the first Word Macro virus (Winword.Concept), he was the one who I saw first post about it to Fido's VIRUS echo, and he was also the first one to release a fix for it (another word macro which caught and disinfected Winword.Concept).

    Unfortunately, I fear this is another case of False Authority Syndrome in that while Eugene may know viruses very well, I question his credentials in the UNIX/Linux area. For one thing, for a virus to replicate to a considerable degree on a system, you'll need to be running as root -- if you're logged in as a regular user, any program you run isn't going to be able to infect /bin/ls, no matter how hard you try. :-)

    I think Kaspersky also misunderstands the nature of UNIX/Linux, in that a lot of applications (the stuff *I* use, anyway, like Apache, PHP, MySQL, etc.), when downloaded from the net, are usually done so in source form, and the end user compiles the code and runs it. It would be foolish if someone tried to put replicating code in their source, as it would be spotted very quickly and the author would have some serious explaining to do.

    Finally, just to play the Devil's Advocate, I think problems could arise if say, a binary in a distrubtion is infected, and then is sold to thousands of unsuspecting end users. All it would then take is to run that binary as root, and you suddenly have an infection on your hands. However, I don't see this as a very likely scenario, since I can count the number of Linux-based viruses which I have heard of on one hand. For the reasons I outlined above, Linux just isn't a very attractive platform to virus writers, who want to see their creations spread.

  3. Linux is a virus in itself by razvedchik · · Score: 5

    Sometimes, I feel that Linux is a huge, 640M virus just out to ruin my life. Then I remember that resolv.conf only has one "e" in it and continue on with my mission.

    It spreads from user to user, and once you're infected, you can never go back.

    It has been know to cripple and even destroy WinXX systems to the point of making itself the dominant OS on any machine.

    It makes its users say crazy things like "awk", "grep", "FUD", and so on....

    --
    I do what the voices on my console tell me to do.
  4. *nix and Viruses by DaveHowe · · Score: 5
    I think there are a few points here:
    1. There were Unix viruses, Worms and Trojans around since before the PC was designed; they have spread since the first few machines set up UUCP links; Unix viruses are far from new.
    2. Unix viruses are kept mainly in check because normal users don't have the permissions to do harm - they can harm their own files, they can harm the files of those that trust them. but they can't alter anyone else's, and, most importantly, they normally can't even INSTALL programs, never mind alter those already installed by other people.
    3. Linux is not Unix - 90% of Linux boxes are single user (maybe single user with webserver, or with a email router, but still single user) and for a high percentage of those, that single user either runs as root, or, if smart enough to run as a user when out on the net, will load the same data files, use the same packages, and generally work in the same sandpit when doing admin tasks that require system privileges as when running his limited "safe" account. As more and more buy "fashionable" pre-loaded linux boxes, you will see a wave of people caught by the same factors that make a windows-based machine insecure - that the user will run things without thinking, and that the user has enough permissions that the virus can take a hold.
    So, what it comes down to is that, in general, Unix viruses are not (and will not) be a problem, but that Linux has vunerabilities that make it less secure than Unix used to be.
    --
    --
    -=DaveHowe=-