The Short Life And Hard Times Of A Linux Virus

Sun Tzu writes, "There are several reasons for the non-issue of the Linux virus. Most of those reasons a Linux user would already be familiar with, but there is one, all important, reason that a student of evolution or zoology would also appreciate ... The article is at sitereview.org. "

Linux virus #1

I thought I had a virus working in a popular text editing program. It bulked the application up to ludicrous amounts of memory space, made the whole thing unstable and made it impossible to get anything doe without typing in cramped and confusing strings of characters. Then a helpful friend reminded me that I was using emacs.

Oh good, we can all relax now

[sanderb]

Disclaimer: I too do believe that viruses have less of a chance to infect Linux machines.

This is a pretty bad article IMHO. It is clearly meant as a rebuttal against what Garfinkle wrote. But it is pretty bad.

For a Linux binary virus to infect executables, those executables must be writable by the user activating the virus. That is not likely to be the case. Chances are, the programs are owned by root and the user is running from a non-privileged account. Further, the less experienced the user, the lower the likelihood that he actually owns any executable programs. Therefore, the users who are the least savvy about such hazards are also the ones with the least fertile home directories for viruses.

This describes the typical Unix situation, which is not the typical Linux situation. There, more people have installed their own system and have root priviliges. And the less savvy the user, the bigger the chance that the root user is the only account on the system.

Linux networking programs are conservatively constructed, without the high-level macro facilities....

Very true, but seconds later

Linux applications and system software is almost all open source. Because so much of the Linux market is accustomed to the availability of source code, binary-only products are rare and have a harder time achieving a substantial market presence. This has two effects on the virus. First, open source code is a tough place for a virus to hide.

Yeah right, so first it says that high level scripts may be a source of viruses, but then when you have source code (in e.g. Makefiles, highlevel), viruses are all of a sudden less likely. I am still afraid that I come into a Makefile someday that holds the line:
install: rm -rf /
Is this not a virus? If not, why is it a virus if a similar line is contained in some malicious Word macro?

No reason to worry about Linux viruses yet, but mostly because the platform is not popular enough to have a widespread effect (and this is the real lesson of zoology, viruses in nature are mostly used by evolution to limit large populations. This is why there are mostly Windows viruses; evolution wants to limit its growth).

App virii and hubris

[jabber]

There's little in Linux to keep application level viruses, like those enabled by Microsoft Innovations and intra-application macro languages, to pummel their users work.

Open source kills bugs DEAD! But folks who insist on distributing compiled versions of their code apparently do not want the advantage of infinitelly shallow bugs, and virus protection to boot.

The article points out that access protection keeps a virus confined within the user(s) that initially bring it onto the system. As Linux becomes more and more popular, new users running as root will multiply, making the installed Linux base more prone to virus infection from compiled wizz-bang apps that newbies will download.

New users may run as root because they don't know any better. They don't have to learn about access protection, chmod, or other UNIX complexity.
rm -rf works and there's no doubt, when you run as root.

Slightly less than new users run as root for the illusion of competency. This is where the danger lies. Arrogance is harmful until you have the experience to ack it up. Then it becomes confidence, and pride no longer requires running as root always, just to tweak a config file sometimes.

For the record, Linux DOES suffer from one virus. GPL. ;)

Re:What Viruses are out there? (Lookee here!)

[*borktheork*]

There was a linux virus list at (might be down now)

http://virus.beergrave.net

it's owner has several interesting (low-level, assembler/C, ELF) documents with linux virusses and descriptions. Find them here:

http://www.big.net.au/~silvio

Also, there's a linux virus at

http://www.mixter.org

For more low-level linux stuff go to

http://hculinux.cjb.net

A word of warning...

[Docrates]

Articles such as this are only fuel to the virus writing fire. The more people keep daring crackers and virus writers that this is not possible, the closer you get to a virus epidemic. If that happens, it will be a huge disservice to the growing popularity of the amazing OS that is Linux.

of course I'm all for writing about virus warnings, technical consideratiosn and the sort, but, IMHO, we must keep our tone down and speak with humility. Not even suggest for a minute that a successful linux virus is not possible. The ability of humans to do the impossible is a big part of the reason why linux exists, and to be honest, i started using linux BECAUSE most people (used to) think it would fail.

i personally think the open source movement, and the whole linux fenomena, is a serious and professional one, and unless treated that way will probably fall for the same reasons other venues are falling today (that is if you, like me, think that windows won't last that long). If more serious consideration would have been given to viruses when they first showed up (not mainstream), windows would probably be much more protected against them than it is (but then again, maybe not. thanks bill).

anyway, that's just my $0.02