There seems to be a lot of confusion regarding viruses, the security of Unix based OSs, even in more tech savvy groups. So, what’s the deal with viruses and Linux?
“Linux doesn’t have viruses at all!”
Most of the time this is just a case of over simplification made by ‘Linux people’ in order to convince Windows people to try Linux. The truth is that there are about 30 viruses for Linux. I know this number sounds extremely large, but bear with me.
The trick is that there aren’t any viruses in circulation – that can currently infect systems and are present on USB sticks, malicious servers, etc. In fact, most of those viruses are gathering dust somewhere on a floppy disk. How come there are so few viruses for Linux? Linux is radically different from Windows because:
- The source code is freely available, which means more eyeballs are staring at the code, ever since the 90’s, continually improving it. On the other hand, it’s a felony to decompile or reverse engineer any component of Windows. Which means only Microsoft employees and hackers see the code.
- Linux was built with security in mind. Windows started paying attention to security well after Windows NT. Like putting the money into the bank and installing the safe afterwards: the robbers came and went.
- And even then, they set the combination on the lock to ‘1234’.
- On any modern Linux OS, you get updates for the system as well as for the apps, automatically. On Windows, every app has its updater program, which isn’t as robust or reliable.
- Multiple Linux package managers means that a Debian virus can’t infect a Mandriva system. To cover all the major Linux distributions, a virus programmer needs to write the same virus about 5 times.
Linux can however store the Windows virus executables without getting infected itself. Which is why the bad guys use Linux themselves. Smart, isn’t it?
The structure of Linux makes writing a virus very difficult as it requires root access to do anything of significance. For a virus to run it would have to be granted root access with a password request. If you fail to give it root access then the most a virus could do, if anything, is damage your home directory. It is unlikely it could even run again so it would die there in your home directory. Most smart Linux users grasp the power of root access and would question why an unknown program is suddenly requesting root access. (You don’t enter your password for just ANY prompt do you? Only for programs YOU have called up, right?) –BrunoLinux
There’s a Linux antivirus called Clam AntiVirus. Which is completely useless, because finding a Linux virus in the wild is like finding a unicorn in your backyard.
Windows fanatics, please leave angry thoughts using the comment form below. Yes, make the pain go away.
NickF
April 28, 2009
You forgot maybe the first reason Linux virii are not so widespread: marketshare. There is no point in writing a virus for a platform that scores maybe 1% of the market.
Ikon
April 28, 2009
But more information are stored in linux servers all over the world then on user pc-s.
Why aren't the hackers harvesting the power of more powerfull servers, server clusters? Because windows pc-s are more defenseless, and are operated by users who don't know jack about how to use security softwares. Market share IMHO is just a dumb excuse of windows fans. (I do not want to offense anyone here, it is my opinion)
Ian Betteridge
April 28, 2009
But those are the most likely machines to be patched, up to date, and not be amenable to social engineering. Almost all Windows malware relies either on people not patching regularly or getting them to run an executable (and, if they're on Vista, ignoring the warnings that Windows throws up about installing unknown apps, allowing them to run from startup, etc).
You're right to highlight the differences between the Linux security model and that of Windows XP and prior. But Microsoft changed the game a lot with Vista, and did a lot of work both to make the OS itself more secure and to improve its software methodologies to minimise the potential for security holes. Vista – and Win7 – can make a good claim to be the most secure desktop operating system at present.
BUT… and it's a big "but"… they aren't the *safest* operating systems, because they are the biggest target for malware writers.
There's an old principle in open source development that the sheer number of eyeballs checking open source code makes it more likely that bugs will be found and squashed. Windows, unfortunately, suffers from the same principle with malware: with thousands of malware writers around the world looking for new ways to exploit Windows, more problems will be found no matter what Microsoft does.
And, with 90% of the desktop market, it's the most attractive target for the kind of commercial malware which harvests passwords, relays spam, and launches DDOS attacks.
Hence, while Windows is pretty secure these days, it remains "unsafe" – and until it loses significant market share, it will remain so.
Mr. Vile
July 12, 2009
GNU/Linux has a 1% market share because it does not cost money.
NickG
November 6, 2009
It's viruses not virii. Learn english:
here —> http://en.wikipedia.org/wiki/Plural_form_of_words...
and here —> http://answers.google.com/answers/threadview/id/2...
Next, it doesn't matter about market share. The problem exists in the insecure kernel that Microsoft went with at the inception of their first OS. They did and still do have a system 5 kernel that they could have gone with originally. Time and money was the outcome of the current OSes we all enjoy so much.
60% of Servers run linux. Why are these servers not infected with trojans and worms while running on Linux / other system 5 operating systems?
Your line of thinking should show that running linux as a service is dangerous since DNS, Web, Social Networks, Clusters, Clouds mostly use system 5 technology as opposed to Microsoft products.
Microsoft Office environment. Exchange, Outlook, Sharepoint, SBS Servers.
Any IT man worth his salt hides these behind a Firewall. Smart. And they know why.
Stop thinking that, just because windows is the market share for desktops that is the market share that makes the viruses so prevalent on Windows.
Getting rootkits on major servers and clusters is far more lucrative.
Nick
NickF
April 28, 2009
Disclaimer: I use Linux since 2001. Servers are an all different ballgame. Most of Windows virii target the desktop, not server base. Stuff that moves through USB drives or email are not exactly server malaware. Keyloggers, general malaware are pure desktop platform. I can go on and on.
However I totally agree: Linux, by design is a way much more secure system. Windows could be too, if the user would not be automatically be given root access.
Ian Betteridge
April 28, 2009
Windows as-of Vista doesn't give users the equivalent of root access by default. The default user is a member of the Administrators group, but that doesn't have the same power as the "Administrator" account in Windows XP (which *was* the equivalent of root).
Members of the Administrator group can do all the things you need to admin a machine, but everything that is potentially a security issue (like, say, installing something which runs at startup) gets run through User Account Control – ie, it says "are you sure you want to do this?" and makes you put in your password. In that sense, it's more like a default user in Linux, where you have to put in your admin password before it will let you do something stupid
There's two caveats to that. First of all, there *is* a super-admin account (the exact equivalent of root) where you won't get bothered by UAC. It's disabled by default though. The second caveat is that in some (but not all) cases where a user has upgraded to Vista from Windows XP, they retain all the privs they have before – which means they have the same control as they used to have, including not being bothered by UAC.
It's worth reading the Wikipedia entry on security features in Windows Vista (http://en.wikipedia.org/wiki/Security_and_safety_... – it's a good summary, and there's some very nice stuff in there that Linux should adopt too.
xian
May 29, 2009
there have been numerous problems and exploits to get around UAC, google it
Ikon
April 28, 2009
As of second thinking, market share does affect this story, like the way botnets are composed. You are right I admit
u235sentinel
April 28, 2009
NickF, Marketshare?
Apache is open source and has about 60% marketshare. So…. why not more exploits/virui to attack it compared tot he vast number available against IIS?
Mouseclone
April 28, 2009
I have seen these threats on my Linux box as well. They really are funny, with the look of windows and all.
What might interest you even more is the fact that the FBI has spyware on people's computers. If the FBI can inject spyware on to a windows computer, and software people allow them the back doors, ie Microsoft, then it is not going to stop hackers from planting spyware either.
Some spyware removal software is programmed to not see the stuff that the FBI has put onto a computer. So these programs will not detect the FBI spyware. Also the way that they got the spyware on the computer in the first place and be used by hackers to allow them access.
Yes the FBI is tracking you the say way that hackers track you. The reason Windows is a problem is because the FBI has a hand in what is patched and what is not. You can't patch something that the FBI uses. Do a google search for CIPAV and you will see what I'm talking about.
Thank you Microsoft.
GregE
April 29, 2009
ClamAV is not useless, it can be used to scan Windows disks from a Linux system without fear of back infection. Also I use Clamdrib with Thunderbird to ensure I do not pass on infected emails to Windows users. It is about being a responsible netizen. Also chkrootkit is a handy utilty.
Ben Franklin
April 30, 2009
It never fails, someone repeats the lame "windowz is more popular!" argument, and when that fails, "It's the user's fault!" Yes, for using the most malware-friendly operating system there is. Vista is stronger? Right, ask Conficker, which targets XP and Vista with ease. It doesn't matter how smart you are and how tightly you lock down your windows box– or how much money and time you spend on anti-malware software, ever-more restrictive firewalls– It is impossible to secure Windows because it is fundamentally flawed to the core. You should not be able to get infected from merely visiting an infected Web site, or downloading an infected email. These are beyond user's control. Windows does not have true privilege separation; you can run as a non-privileged user but random malware will still execute and get into Windows system files.
Please windows fanbois, go defend something that is worth defending. Microsoft uses and abuses you, and costs the world economy tens of billions of dollars year in direct and collateral damage.
jfw
May 11, 2009
I am worried!
I have a external hardware firewall
I use XP
I use Firefox
I use Thunderbird
I do not double click unknown attachments to email
How can I get viruses????
Mouseclone
May 11, 2009
A virus could be downloaded to you computer by means of visiting a page. A virus that is 1k in size, will be on your computer before you can click cancel. If this happens, when closing out of a page that code can be told to execute. That is how you can get infected.
xian
May 29, 2009
one example – opening a specially designed pdf from an otherwise proper looking website would do it as acrobat has had many critical security problems and since your running as root, it's got full access
Thom
May 17, 2009
Erm…sophos actually seem to reckon that the no 1 way of infecting desktops at the moment is via drive by downloads….i.e…..infected servers. So, actually the 1% market share (for desktops) is rather irrelavent, since the virus writers want to infect as many servers as possible in order to then infect the desktops. Linux/unix is clearly dominant in terms of servers (60% market share) – it is, in terms of numbers, the obvious target. And yet, its the windows servers getting infected…..And windows server editions are considerably more robust than the desktop editions. If Linux desktop is safer due to 1% market share, and mac equally safe due to 6%(? – u.s. only I think), then why aren't windows servers safer due to their minority share? The 1% desktop share 'is' a valid reason for lack of infection. If only 1 in 100 people were vulnerable to a human virus, it means that your infectee has to pass another 100 people to infect just one. If a virus affects 95 out of 100 people, you have a pandemic. But what, you don't think that the bloke who writes the first linux super virus won't become an instant superstar? Thats a pretty big motivation to make that virus – yet it hasn't happened. All these arguments about windows being as or more secure, and it all being down to market share and so on are really just delusional. The facts speak for themselves, windows gets more new viruses in a day than linux has had in its history. Why is it that a windows virus remains effective after it is discovered? The security holes arent adequately fixed with updates. It should be – virus discovered – windows release autopatch – virus dies because exploit no longer exists. What actually happens is – windows virus found – 5 years later, windows virus still kicking arse……MS bascally need to just do what apple did and rip up their crappy code and start again based on how a proper operating system works. It took unix 15 years to become secure. Even if you generously allow the clock to start from win 95 (and to be honest, you should really start with msdos 1), basically windows in 2009 is not in any way secure….If you don't believe, consider how much easy it is to hack a win box (any version) than a linux/unix box. You get nmap, find out whats running, open your exploit database – you've hundreds of explots for every os and every bit of software with a network identity. Windows exploits work for years, linux work until kernel or whatever is patched hours after explot released and everyone is automatically updated (unless they're dense and have turned off auto security updates.) Sure windows has automatic updates too – exactly! Why don't they work? Since at least 2003, av people have been trying to scare linux people into buying their av software, by simply repeating agan and again that linux is as vulnerable or even more vulnerable than windows. "Hell is around the corner" they say…..Yet it hasn't happened yet. People confuse this desperate attempt to aquire a market share in growing unix/linux/os x desktop realm, as if what these people were saying was true, but really its just an attempt to get your cash by scaring you…Sophos has more responsible attitude here and haven't indulged in such behaviour. Their linux av software is specifically targeted for linux running web servers and email servers and is all about preventing the spread of windows viruses – they actually state that linux is very unlikely to become infected itself. If you disagree – put ypur money where your mouth is – write a virus that takes the world's linux servers. Servers are easier to discover and target than desktop users in terms of non- email based worms (random google results for lists of servers v stealth firewalled desktop pcs behind stealth firewalled routers, basically invisible.) I'm not kidding – if you reckon Linux is as vulnerable, do the community a favour and write a harmless virus that infects half the net's servers. Should be easy right?…..The real reason no one has? Linux is light years ahead of windows in security terms. Shame the printer drivers suck
Ian Betteridge
May 17, 2009
Thom – drive by's don't require a server to be infected – they require it to be hacked, or (equally likely these days) actually configured by their administrators to distribute malicious code.
This is usually done through either poor configuration practice (a server with username "admin" and password "admin", for example) or a previously-patched hole in the server software. It's nothing to do with the underlying OS.
I recommend you read Google's post about it from a couple of years ago (http://googleonlinesecurity.blogspot.com/2007/06/...
Tin tuc games
May 26, 2009
Oh no. I have never seen Virus on Linux before and almost believe that they are NOT exist.
Have any AV on Linux yet ?
xian
May 29, 2009
I have ClamAV on all my linux file servers, but its not there for the server, but the windows clients that write/read files there, helps limit spreading
Tisi
May 29, 2009
I have been dual booting Ubuntu and Windows 7 since Windows7 pre-beta. I have never gotten a virus on my Ubuntu, but I use Avast on it just to be sure I'm not spreading viruses (especially Windows ones) to others (and to be able to claim that I don't get viruses on linux. It's not a fair claim if you don't check). As an added bonus, it scans my Windows partition. I use stumbleupon and have had a bunch of viruses try to put themselves on my Windows (which my good and free antivirus stops, not like that stupid Norton), but they can't figure out how to do it on my linux. I'm also pretty sure that linux is getting more popular and that 1% is not accurate.
xian
May 29, 2009
they really can't measure market share, most of the measurements i've see are based on the top 100 websites user agent data, which is not a good metric, i mean #5 and #6 right now are windows live and MSN. They look at sites that have a clearly windows/mac demographic…comparing the stats on slashdot for instance would paint a different picture
Uncle B
May 30, 2009
Please donate your old boxes to a church-group or some needy student in these hard times! To comply with the law, and with Microsoft's leasing policy, you can now replace Microsoft OS with the free (download from the net) Ubuntu OS, which can be set to erase the hard drive of all traces of the “illegal to give away ” Microsoft system and your private information, before donation! Now, explain to your lucky recipient that all the manuals they will ever need are available for free on the internet! Just ask for them in Google! OpenOffice, which is installed already is plenty adequate for homework assignments and with a little exploring, everything else can work well too! Happy computing!
GreyGeek
August 5, 2009
1% Market share? You've been drinking Microsoft's sock puppet Kool-Aid (NetApplications).
Ballmer himself does not believe that the Linux desktop market share is so low. In a talk given last February he put up a graphic which showed that the Linux desktop market share was bigger than Apple's, and Apple's retail channel figures put it's desktop market share at around 10%.
http://www.osnews.com/story/21035/Ballmer_Linux_B...
So, if Apple's is 10% and Linux is bigger, I'd put it between 10-15%. by now.
Also, I've been running the KDE4 desktop for over a year, and it has been out about two years. Why do the latest pictures of the Win7 desktop look so much like my KDE4.2.4 desktop? MS "Innovation"?
Ian Betteridge
August 5, 2009
First, Apple's actual share is nowhere near 10%. US retail share doesn't reflect the real situation, because it misses out both direct corporate sales or *any* sales from Dell, the No 1 PC vendor. Apple's actually worldwide overall share according to IDC is around 4.5%.
Second, without a link to the Ballmer slide, I'm not going to comment on the veracity of your (or his) claim. Pics or GTFO, as they say
NickG
November 6, 2009
http://blog.linuxtoday.com/blog/2009/05/1-linux-m...
Interesting take on Linux Desktop market share. includes nice graphs when you click appropriate link
U.Ravi Kumar
April 25, 2010
Many Linux users only know that there are no viruses or there are only a small number of viruses. But most of the users don't know the reasons. Thanks a lot for providing insights into it.