Slashdot Mirror
The Short Life And Hard Times Of A Linux Virus
Sun Tzu writes, "There are several reasons for the non-issue of the Linux virus. Most of those reasons a Linux user would already be familiar with, but there is one, all important, reason that a student of evolution or zoology would also appreciate ... The article is at sitereview.org. "
I read this earlier and it seemed pretty good. Sort of a rehash to most Linux savy people. But reading it over again is never a bad idea.
... one large issue that will cause problems for Linux as a client machine is that most people will be running as root. This sucks. I believe education is the best method to fix this but I'm fearful it will be bad education, not good. By that I mean that 100s of clueless caldera users or something will get some horid virus before someone says `Why were you running as root?' Then they will learn. Not a nice lesson. There may be better solutions out there (such as linuxconf style system configuration?), but as long as an end user views root as the easiest way to avoid permission issues, they will use it.
Anyhow
Don't expect to ever see serious server side Linux virus outbreakes, but end user Linux is a trojan horse waiting to happen, IMHO.
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
One of the major reasons for there being a distinct lack of linux viruses is that by and large, it will most likely only be executed by a local user as themselves, therefore spreading to system binaries is nigh-on impossible.
There are two threats to that, of course: (a) people start running every silly thing as root (which will rise the more of a "desktop OS" "linux" becomes) and (b) folks who hack cracking become virus writers and use exploits to propogate stuff around.
~Tim
--
Rushing on down to the circle of the turn
Writing a macro virus for 1-2-3, Quattro or WordPerfect was well-nigh impossible, because the macro facilities just weren't up to it. I tried, but never succeeded (and I used to write a lot of WordPerfect macros back around 1989)
The first macro virus I saw was one I wrote myself and distributed to a selected few people on the CIX system (Dr Solly included) back in '91 or so, when Word 1 first shipped. I was tired of hearing "You can't transmit viruses by email" arguments, because even if you couldn't, it was only a matter of time before you could. Word 1 macros were sufficiently powerful (albeit buggy) to do this.
When OLE Automation finally started to work right (about '94 ?) and especially when mail user agents (like Outlook or some MAPI clients) started to offer an API that was usable from Word, then things really took off (especially for self-propagation).
I'm continually surprised just how primitive most macro viruses are. If you wanted to be a total Gibsonian Super-Bastard, then there's a lot more scope for havoc than is being used even yet. Cross-Office viruses scare the hell out of me, especially if they can travel via PowerPoint and the most technically illiterate of the userbase.
So where does this leave Linux ? Well Linux already does have two powerful vectors for virus havoc (shell scripting and Perl) that are already reasonably likely to be available to anything executing under the user's shell. It doesn't need a WP macro language to find itself a home.
I'd agree that Linux is generally more secure at present (higher competence, compilation from source, user permissions being sub-root) but isn't the very acceptance of Linux going to be indicated by all 3 of those being eroded ?
Can you imagine your parents running Windows ? Can you imagine them running Linux ? Can you imagine them compiling under a store-bought Linux distro and a "just slap in the CD" install ?
The people and pizza hut have been pissin' me off lately. Anyone know of a virus that will access a users modem and call pizza hut and order a bunch of pizza to people that don't exist?
The Pizza Virus effect could be great for alot of people. 1) More wasted food means better prices for farmers. 2) More wasted food means more work for sanitation workers. 3) Somebody might be thinking "hey, I want a pizza" and suddenly, the pizza virus will unexpectedly deliever a pizza to their door. I guess the people at pizza hut wouldn't like it much, but they are bastards anyway, so screw them.
I thought I had a virus working in a popular text editing program. It bulked the application up to ludicrous amounts of memory space, made the whole thing unstable and made it impossible to get anything doe without typing in cramped and confusing strings of characters. Then a helpful friend reminded me that I was using emacs.
This is a pretty bad article IMHO. It is clearly meant as a rebuttal against what Garfinkle wrote. But it is pretty bad.
For a Linux binary virus to infect executables, those executables must be writable by the user activating the virus. That is not likely to be the case. Chances are, the programs are owned by root and the user is running from a non-privileged account. Further, the less experienced the user, the lower the likelihood that he actually owns any executable programs. Therefore, the users who are the least savvy about such hazards are also the ones with the least fertile home directories for viruses.
This describes the typical Unix situation, which is not the typical Linux situation. There, more people have installed their own system and have root priviliges. And the less savvy the user, the bigger the chance that the root user is the only account on the system.
Linux networking programs are conservatively constructed, without the high-level macro facilities....
Very true, but seconds later
Linux applications and system software is almost all open source. Because so much of the Linux market is accustomed to the availability of source code, binary-only products are rare and have a harder time achieving a substantial market presence. This has two effects on the virus. First, open source code is a tough place for a virus to hide.
Yeah right, so first it says that high level scripts may be a source of viruses, but then when you have source code (in e.g. Makefiles, highlevel), viruses are all of a sudden less likely. I am still afraid that I come into a Makefile someday that holds the line:
install: rm -rf /
Is this not a virus? If not, why is it a virus if a similar line is contained in some malicious Word macro?
No reason to worry about Linux viruses yet, but mostly because the platform is not popular enough to have a widespread effect (and this is the real lesson of zoology, viruses in nature are mostly used by evolution to limit large populations. This is why there are mostly Windows viruses; evolution wants to limit its growth).
There's little in Linux to keep application level viruses, like those enabled by Microsoft Innovations and intra-application macro languages, to pummel their users work.
;)
Open source kills bugs DEAD! But folks who insist on distributing compiled versions of their code apparently do not want the advantage of infinitelly shallow bugs, and virus protection to boot.
The article points out that access protection keeps a virus confined within the user(s) that initially bring it onto the system. As Linux becomes more and more popular, new users running as root will multiply, making the installed Linux base more prone to virus infection from compiled wizz-bang apps that newbies will download.
New users may run as root because they don't know any better. They don't have to learn about access protection, chmod, or other UNIX complexity.
rm -rf works and there's no doubt, when you run as root.
Slightly less than new users run as root for the illusion of competency. This is where the danger lies. Arrogance is harmful until you have the experience to ack it up. Then it becomes confidence, and pride no longer requires running as root always, just to tweak a config file sometimes.
For the record, Linux DOES suffer from one virus. GPL.
-- What you do today will cost you a day of your life.
There was a linux virus list at (might be down now)
http://virus.beergrave.net
it's owner has several interesting (low-level, assembler/C, ELF) documents with linux virusses and descriptions. Find them here:
http://www.big.net.au/~silvio
Also, there's a linux virus at
http://www.mixter.org
For more low-level linux stuff go to
http://hculinux.cjb.net
*borkborkbork*
Articles such as this are only fuel to the virus writing fire. The more people keep daring crackers and virus writers that this is not possible, the closer you get to a virus epidemic. If that happens, it will be a huge disservice to the growing popularity of the amazing OS that is Linux.
of course I'm all for writing about virus warnings, technical consideratiosn and the sort, but, IMHO, we must keep our tone down and speak with humility. Not even suggest for a minute that a successful linux virus is not possible. The ability of humans to do the impossible is a big part of the reason why linux exists, and to be honest, i started using linux BECAUSE most people (used to) think it would fail.
i personally think the open source movement, and the whole linux fenomena, is a serious and professional one, and unless treated that way will probably fall for the same reasons other venues are falling today (that is if you, like me, think that windows won't last that long). If more serious consideration would have been given to viruses when they first showed up (not mainstream), windows would probably be much more protected against them than it is (but then again, maybe not. thanks bill).
anyway, that's just my $0.02
There are two kinds of people in the world: Those with good memory.