Comments on: Can A Linux OS Get Infected By Viruses, Malware?

By: NickG

NickG — Fri, 06 Nov 2009 16:49:53 +0000

http://blog.linuxtoday.com/blog/2009/05/1-linux-m...

Interesting take on Linux Desktop market share. includes nice graphs when you click appropriate link

By: NickG

NickG — Fri, 06 Nov 2009 16:34:39 +0000

It's viruses not virii. Learn english:
here —> http://en.wikipedia.org/wiki/Plural_form_of_words...
and here —> http://answers.google.com/answers/threadview/id/2...

Next, it doesn't matter about market share. The problem exists in the insecure kernel that Microsoft went with at the inception of their first OS. They did and still do have a system 5 kernel that they could have gone with originally. Time and money was the outcome of the current OSes we all enjoy so much.
60% of Servers run linux. Why are these servers not infected with trojans and worms while running on Linux / other system 5 operating systems?
Your line of thinking should show that running linux as a service is dangerous since DNS, Web, Social Networks, Clusters, Clouds mostly use system 5 technology as opposed to Microsoft products.
Microsoft Office environment. Exchange, Outlook, Sharepoint, SBS Servers.
Any IT man worth his salt hides these behind a Firewall. Smart. And they know why.
Stop thinking that, just because windows is the market share for desktops that is the market share that makes the viruses so prevalent on Windows.
Getting rootkits on major servers and clusters is far more lucrative.

Nick

By: Ian Betteridge

Ian Betteridge — Wed, 05 Aug 2009 16:38:55 +0000

First, Apple's actual share is nowhere near 10%. US retail share doesn't reflect the real situation, because it misses out both direct corporate sales or *any* sales from Dell, the No 1 PC vendor. Apple's actually worldwide overall share according to IDC is around 4.5%.

Second, without a link to the Ballmer slide, I'm not going to comment on the veracity of your (or his) claim. Pics or GTFO, as they say

By: GreyGeek

GreyGeek — Wed, 05 Aug 2009 16:12:40 +0000

1% Market share? You've been drinking Microsoft's sock puppet Kool-Aid (NetApplications).
Ballmer himself does not believe that the Linux desktop market share is so low. In a talk given last February he put up a graphic which showed that the Linux desktop market share was bigger than Apple's, and Apple's retail channel figures put it's desktop market share at around 10%.
http://www.osnews.com/story/21035/Ballmer_Linux_B...
So, if Apple's is 10% and Linux is bigger, I'd put it between 10-15%. by now.
Also, I've been running the KDE4 desktop for over a year, and it has been out about two years. Why do the latest pictures of the Win7 desktop look so much like my KDE4.2.4 desktop? MS "Innovation"?

By: Mr. Vile

Mr. Vile — Sun, 12 Jul 2009 05:47:13 +0000

GNU/Linux has a 1% market share because it does not cost money.

By: Uncle B

Uncle B — Sat, 30 May 2009 11:03:33 +0000

Please donate your old boxes to a church-group or some needy student in these hard times! To comply with the law, and with Microsoft's leasing policy, you can now replace Microsoft OS with the free (download from the net) Ubuntu OS, which can be set to erase the hard drive of all traces of the “illegal to give away ” Microsoft system and your private information, before donation! Now, explain to your lucky recipient that all the manuals they will ever need are available for free on the internet! Just ask for them in Google! OpenOffice, which is installed already is plenty adequate for homework assignments and with a little exploring, everything else can work well too! Happy computing!

By: xian

xian — Fri, 29 May 2009 17:27:55 +0000

they really can't measure market share, most of the measurements i've see are based on the top 100 websites user agent data, which is not a good metric, i mean #5 and #6 right now are windows live and MSN. They look at sites that have a clearly windows/mac demographic…comparing the stats on slashdot for instance would paint a different picture

By: Tisi

Tisi — Fri, 29 May 2009 17:18:45 +0000

I have been dual booting Ubuntu and Windows 7 since Windows7 pre-beta. I have never gotten a virus on my Ubuntu, but I use Avast on it just to be sure I'm not spreading viruses (especially Windows ones) to others (and to be able to claim that I don't get viruses on linux. It's not a fair claim if you don't check). As an added bonus, it scans my Windows partition. I use stumbleupon and have had a bunch of viruses try to put themselves on my Windows (which my good and free antivirus stops, not like that stupid Norton), but they can't figure out how to do it on my linux. I'm also pretty sure that linux is getting more popular and that 1% is not accurate.

By: xian

xian — Fri, 29 May 2009 17:16:36 +0000

there have been numerous problems and exploits to get around UAC, google it

By: xian

xian — Fri, 29 May 2009 17:14:02 +0000

I have ClamAV on all my linux file servers, but its not there for the server, but the windows clients that write/read files there, helps limit spreading

By: xian

xian — Fri, 29 May 2009 17:12:41 +0000

one example – opening a specially designed pdf from an otherwise proper looking website would do it as acrobat has had many critical security problems and since your running as root, it's got full access

By: Tin tuc games

Tin tuc games — Tue, 26 May 2009 20:06:24 +0000

Oh no. I have never seen Virus on Linux before and almost believe that they are NOT exist.
Have any AV on Linux yet ?

By: Ian Betteridge

Ian Betteridge — Sun, 17 May 2009 08:43:04 +0000

Thom – drive by's don't require a server to be infected – they require it to be hacked, or (equally likely these days) actually configured by their administrators to distribute malicious code.

This is usually done through either poor configuration practice (a server with username "admin" and password "admin", for example) or a previously-patched hole in the server software. It's nothing to do with the underlying OS.

I recommend you read Google's post about it from a couple of years ago (http://googleonlinesecurity.blogspot.com/2007/06/...

By: Thom

Thom — Sun, 17 May 2009 03:09:49 +0000

Erm…sophos actually seem to reckon that the no 1 way of infecting desktops at the moment is via drive by downloads….i.e…..infected servers. So, actually the 1% market share (for desktops) is rather irrelavent, since the virus writers want to infect as many servers as possible in order to then infect the desktops. Linux/unix is clearly dominant in terms of servers (60% market share) – it is, in terms of numbers, the obvious target. And yet, its the windows servers getting infected…..And windows server editions are considerably more robust than the desktop editions. If Linux desktop is safer due to 1% market share, and mac equally safe due to 6%(? – u.s. only I think), then why aren't windows servers safer due to their minority share? The 1% desktop share 'is' a valid reason for lack of infection. If only 1 in 100 people were vulnerable to a human virus, it means that your infectee has to pass another 100 people to infect just one. If a virus affects 95 out of 100 people, you have a pandemic. But what, you don't think that the bloke who writes the first linux super virus won't become an instant superstar? Thats a pretty big motivation to make that virus – yet it hasn't happened. All these arguments about windows being as or more secure, and it all being down to market share and so on are really just delusional. The facts speak for themselves, windows gets more new viruses in a day than linux has had in its history. Why is it that a windows virus remains effective after it is discovered? The security holes arent adequately fixed with updates. It should be – virus discovered – windows release autopatch – virus dies because exploit no longer exists. What actually happens is – windows virus found – 5 years later, windows virus still kicking arse……MS bascally need to just do what apple did and rip up their crappy code and start again based on how a proper operating system works. It took unix 15 years to become secure. Even if you generously allow the clock to start from win 95 (and to be honest, you should really start with msdos 1), basically windows in 2009 is not in any way secure….If you don't believe, consider how much easy it is to hack a win box (any version) than a linux/unix box. You get nmap, find out whats running, open your exploit database – you've hundreds of explots for every os and every bit of software with a network identity. Windows exploits work for years, linux work until kernel or whatever is patched hours after explot released and everyone is automatically updated (unless they're dense and have turned off auto security updates.) Sure windows has automatic updates too – exactly! Why don't they work? Since at least 2003, av people have been trying to scare linux people into buying their av software, by simply repeating agan and again that linux is as vulnerable or even more vulnerable than windows. "Hell is around the corner" they say…..Yet it hasn't happened yet. People confuse this desperate attempt to aquire a market share in growing unix/linux/os x desktop realm, as if what these people were saying was true, but really its just an attempt to get your cash by scaring you…Sophos has more responsible attitude here and haven't indulged in such behaviour. Their linux av software is specifically targeted for linux running web servers and email servers and is all about preventing the spread of windows viruses – they actually state that linux is very unlikely to become infected itself. If you disagree – put ypur money where your mouth is – write a virus that takes the world's linux servers. Servers are easier to discover and target than desktop users in terms of non- email based worms (random google results for lists of servers v stealth firewalled desktop pcs behind stealth firewalled routers, basically invisible.) I'm not kidding – if you reckon Linux is as vulnerable, do the community a favour and write a harmless virus that infects half the net's servers. Should be easy right?…..The real reason no one has? Linux is light years ahead of windows in security terms. Shame the printer drivers suck

By: Mouseclone

Mouseclone — Mon, 11 May 2009 15:41:41 +0000

A virus could be downloaded to you computer by means of visiting a page. A virus that is 1k in size, will be on your computer before you can click cancel. If this happens, when closing out of a page that code can be told to execute. That is how you can get infected.

By: jfw

jfw — Mon, 11 May 2009 15:27:34 +0000

I am worried!
I have a external hardware firewall
I use XP
I use Firefox
I use Thunderbird
I do not double click unknown attachments to email
How can I get viruses????

By: Ben Franklin

Ben Franklin — Thu, 30 Apr 2009 15:57:10 +0000

It never fails, someone repeats the lame "windowz is more popular!" argument, and when that fails, "It's the user's fault!" Yes, for using the most malware-friendly operating system there is. Vista is stronger? Right, ask Conficker, which targets XP and Vista with ease. It doesn't matter how smart you are and how tightly you lock down your windows box– or how much money and time you spend on anti-malware software, ever-more restrictive firewalls– It is impossible to secure Windows because it is fundamentally flawed to the core. You should not be able to get infected from merely visiting an infected Web site, or downloading an infected email. These are beyond user's control. Windows does not have true privilege separation; you can run as a non-privileged user but random malware will still execute and get into Windows system files.

Please windows fanbois, go defend something that is worth defending. Microsoft uses and abuses you, and costs the world economy tens of billions of dollars year in direct and collateral damage.

By: GregE

GregE — Wed, 29 Apr 2009 00:18:47 +0000

ClamAV is not useless, it can be used to scan Windows disks from a Linux system without fear of back infection. Also I use Clamdrib with Thunderbird to ensure I do not pass on infected emails to Windows users. It is about being a responsible netizen. Also chkrootkit is a handy utilty.

By: Mouseclone

Mouseclone — Tue, 28 Apr 2009 21:19:38 +0000

I have seen these threats on my Linux box as well. They really are funny, with the look of windows and all.

What might interest you even more is the fact that the FBI has spyware on people's computers. If the FBI can inject spyware on to a windows computer, and software people allow them the back doors, ie Microsoft, then it is not going to stop hackers from planting spyware either.

Some spyware removal software is programmed to not see the stuff that the FBI has put onto a computer. So these programs will not detect the FBI spyware. Also the way that they got the spyware on the computer in the first place and be used by hackers to allow them access.

Yes the FBI is tracking you the say way that hackers track you. The reason Windows is a problem is because the FBI has a hand in what is patched and what is not. You can't patch something that the FBI uses. Do a google search for CIPAV and you will see what I'm talking about.

Thank you Microsoft.

By: u235sentinel

u235sentinel — Tue, 28 Apr 2009 15:49:07 +0000

NickF, Marketshare?

Apache is open source and has about 60% marketshare. So…. why not more exploits/virui to attack it compared tot he vast number available against IIS?

By: Ian Betteridge

Ian Betteridge — Tue, 28 Apr 2009 12:13:42 +0000

Windows as-of Vista doesn't give users the equivalent of root access by default. The default user is a member of the Administrators group, but that doesn't have the same power as the "Administrator" account in Windows XP (which *was* the equivalent of root).

Members of the Administrator group can do all the things you need to admin a machine, but everything that is potentially a security issue (like, say, installing something which runs at startup) gets run through User Account Control – ie, it says "are you sure you want to do this?" and makes you put in your password. In that sense, it's more like a default user in Linux, where you have to put in your admin password before it will let you do something stupid

There's two caveats to that. First of all, there *is* a super-admin account (the exact equivalent of root) where you won't get bothered by UAC. It's disabled by default though. The second caveat is that in some (but not all) cases where a user has upgraded to Vista from Windows XP, they retain all the privs they have before – which means they have the same control as they used to have, including not being bothered by UAC.

It's worth reading the Wikipedia entry on security features in Windows Vista (http://en.wikipedia.org/wiki/Security_and_safety_... – it's a good summary, and there's some very nice stuff in there that Linux should adopt too.

By: Ikon

Ikon — Tue, 28 Apr 2009 12:12:14 +0000

As of second thinking, market share does affect this story, like the way botnets are composed. You are right I admit

By: Ian Betteridge

Ian Betteridge — Tue, 28 Apr 2009 12:02:58 +0000

But those are the most likely machines to be patched, up to date, and not be amenable to social engineering. Almost all Windows malware relies either on people not patching regularly or getting them to run an executable (and, if they're on Vista, ignoring the warnings that Windows throws up about installing unknown apps, allowing them to run from startup, etc).

You're right to highlight the differences between the Linux security model and that of Windows XP and prior. But Microsoft changed the game a lot with Vista, and did a lot of work both to make the OS itself more secure and to improve its software methodologies to minimise the potential for security holes. Vista – and Win7 – can make a good claim to be the most secure desktop operating system at present.

BUT… and it's a big "but"… they aren't the *safest* operating systems, because they are the biggest target for malware writers.

There's an old principle in open source development that the sheer number of eyeballs checking open source code makes it more likely that bugs will be found and squashed. Windows, unfortunately, suffers from the same principle with malware: with thousands of malware writers around the world looking for new ways to exploit Windows, more problems will be found no matter what Microsoft does.

And, with 90% of the desktop market, it's the most attractive target for the kind of commercial malware which harvests passwords, relays spam, and launches DDOS attacks.

Hence, while Windows is pretty secure these days, it remains "unsafe" – and until it loses significant market share, it will remain so.

By: NickF

NickF — Tue, 28 Apr 2009 06:45:43 +0000

Disclaimer: I use Linux since 2001. Servers are an all different ballgame. Most of Windows virii target the desktop, not server base. Stuff that moves through USB drives or email are not exactly server malaware. Keyloggers, general malaware are pure desktop platform. I can go on and on.

However I totally agree: Linux, by design is a way much more secure system. Windows could be too, if the user would not be automatically be given root access.

By: Ikon

Ikon — Tue, 28 Apr 2009 06:22:36 +0000

But more information are stored in linux servers all over the world then on user pc-s.
Why aren't the hackers harvesting the power of more powerfull servers, server clusters? Because windows pc-s are more defenseless, and are operated by users who don't know jack about how to use security softwares. Market share IMHO is just a dumb excuse of windows fans. (I do not want to offense anyone here, it is my opinion)

By: NickF

NickF — Tue, 28 Apr 2009 06:13:10 +0000

You forgot maybe the first reason Linux virii are not so widespread: marketshare. There is no point in writing a virus for a platform that scores maybe 1% of the market.