Today I was talking to the IT person at my company. I started to tell him how I love Linux and like it so much I switched to it completely. I then went on to tell him how fast it is, and how there are no viruses or malware with it.

Now came a comment from him that I don't know how to answer.

He said "Ha, of course there are no viruses for it, they don't want to make any viruses for something that has no market share". The way he said it left me a bit speechless. Is this the only reason why we don't have viruses, is because they don't care to make them?

Is he right? If Linux adoption jumps 1000000% overnight, will we have viruses?

Will it be like windows?

How should I have answered him?

It's common sense really. Why make a virus that not alot of people will get? That kinda defeats the purpose of why idiots make viruses/malware.

Now, if Linux happens to breach 50% market share, expect to see reports of viruses being bred for Linux.

BUT any smart user can use common sense and not get a virus.

Your IT man is correct here.

Ready...set.....recurring discussions....



As a linux user:

What would you do if you recieved an email with a .tar.gz in it that told you to compile it?

Or

A debian package in an email that told you to install it?

Or

A website that told you you had to run Firefox as root to access all content?



The above shows why your IT friends theory is flawed. Linux users tend to be fundamentally informed about user security, and why one should and should not run anything as root. Windows users tend to be dumb as posts about such things-and if it says "CLICK HERE", they will.

That's a myth. Linux is a "potential market" for malware in the server market.

Yes and no is the real answer.

Linux is as secure as you make it. Unlike Windows. A program can not do any serious damage to your computer unless you specifically allow it to. Thats why Root and Sudo are such important tools.

Now, another point to explain. We have very little DESKTOP market share. But Linux owns the world when it comes to any major server application.

You tell me then if Linux has "safety in numbers".

This is an EXCELLENT Security review I read a while ago. I would recommend you read over it. http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/

You can give some of these points to your coworker.

understand one thing' everyone has their own opinion and are entitled to it.

my opinion' viruses will always be a windows thing due to the lack of security and users disabling uac, or in xp running as administrator !

if a virus is unleashed on the linux community' it will be stopped dead in it's tracks until another is created ;)

unlike your windows environment these issues will persist off scale.....

security is the reason along with openness !

you can see a vulnerability with openness' you can't see crap in proprietary applications.....

adobe reader for example, you didn't hear about that' did ya ?

The above shows why your IT friends theory is flawed. Linux users tend to be fundamentally informed about user security, and why one should and should not run anything as root. Windows users tend to be dumb as posts about such things-and if it says "CLICK HERE", they will.

See, this 'holier than thou' attitude is what gets people in trouble. JUST because YOU and I know more about our OS than most people, dosen't mean that EVERYONE does. Ubuntu is at the point of a completely new user to Linux, of being able to install and go.

So in all reality, while most of us are informed about security, so are most windows users, and WE may not get a virus, but someone else may.

And when I say that the OP's IT man is correct, I mean that his comment about viruses being made when Ubuntu gets a high market share, is correct.

Im not busting your balls here at all, just giving my .02.

understand one thing' everyone has their own opinion and are entitled to it.

my opinion' viruses will always be a windows thing due to the lack of security and users disabling uac, or in xp running as administrator !

if a virus is unleashed on the linux community' it will be stopped dead in it's tracks until another is created ;)

unlike your windows environment these issues will persist off scale.....

security is the reason along with openness !

you can see a vulnerability with openness' you can't see crap in proprietary applications.....

adobe reader for example, you didn't hear about that' did ya ?

This.

The things that will protect the linux community IS the community.

Linux (and other Unix-like OS's) are used on some of the most important and high profile systems imaginable

Banks
Telecoms
Network connectivity
etc.
etc.

Imagine, you're a criminal
what would you rather break into
A national banking system, or some guy's personal computer?

End-user desktop market share is lower than Windows - but at the end of the day, so what?
Desktop machines are small-fry

End-user desktop machines have nothing of any real value to criminals
(the odd credit card transaction, but seriously, come on....)

Incentive to to break into Linux is huge

Ok, hold up people!

When I download something here in Ubuntu, a box comes up asking me for my password. Ok, I put it in. Well, how does that keep me from getting a virus? Doesn't windows do the same thing now?

of course will will run into some malicious apps out there' but they will get snagged eventually and tossed out in the open for everyone to see.

i am not saying that a linux system can't get infected' i am saying there are much easier targets ;)

i am proud that i am not a target anymore and willing to except the fact that my system isn't full proof from malicious attacks.....

Ok, hold up people!

When I download something here in Ubuntu, a box comes up asking me for my password. Ok, I put it in. Well, how does that keep me from getting a virus? Doesn't windows do the same thing now?

your downloading a trusted application from an ubuntu or opensource repo.

windows' you download off the web with a 50% chance the proprietary app being a rogue app !

you click next, next, bang' the it unleashes it's payload

http://en.wikipedia.org/wiki/Rogue_software

those apps are very dangerous and windows users don't consider proper security practices and assume avast will save them

edit: using opensuse' i searched for acroread

acroread - Adobe Reader for PDF Files

Acroread is a well known PDF viewer.
Adobe Reader is often the only program able to process complicated PDF files, such as PDF forms. However, there are many bugs where we cannot do anything about because it is proprietary binary-only software.
Please consider whether it is possible to use free PDF readers like okular, evince, xpdf, ghostview, ... instead.
The level of support is unspecified

my package manager warned me' that's an acceptable warning, i certainly do use a free opensource reader in ubuntu and suse ........

let's assume you are stupid enough to get tricked into downloading dstroyer_virus-0.04a.deb, open it, enter your password so the deb is executed as super user.

In worst case scenario the .deb will overwrite an application you are going to open... like "eye of gnome" (it is an image viewer).

Now the virus is running on your computer with root privileges.
So now it starts working as part of a botnet, sending spam emails to people.

But it needs to multiply and distribute it self to other computers.. how does it do that? you ask.

Well... it could... umm... it could infect every single executable file it finds... So now it waits until you move executable files to another computer... ok how? you ask.. I mean... not all distros use nautilus and there are much better file managers... but ok.. this is a nautilus specific virus... or rewrite the cp command which nautilus might perhaps be using... dunno.

Well... it could make an infected executable file along with every copy command you do in nautilus and hope it is a removable disk.
Then when you take your flash drive to another computer the executable may be executed... uh... automatically?... well may depend on distro.. so perhaps it is ubuntu specific virus that executes it self when the flash drive is plugged into a computer.

now we have a problem.... who the hell is stupid enough to enter his or her password when plugging in a flash drive?
well there are definetly people out there that will.. but how far will the virus go? It is dependent on the software you are using so it is distro dependent and it needs everyone to enter their passwords at times when they are not doing admin stuff.

Today I was talking to the IT person at my company. I started to tell him how I love Linux and like it so much I switched to it completely. I then went on to tell him how fast it is, and how there are no viruses or malware with it.

Now came a comment from him that I don't know how to answer.

He said "Ha, of course there are no viruses for it, they don't want to make any viruses for something that has no market share". The way he said it left me a bit speechless. Is this the only reason why we don't have viruses, is because they don't care to make them?

Is he right? If Linux adoption jumps 1000000% overnight, will we have viruses?

Will it be like windows?

How should I have answered him?

Like Windows, Linux won't protect a user from stupidity. Like Windows, you can have issues with malware on Linux if you don't follow good practices...

1. Only visit websites you know and trust (don't click on advertisements, don't open email attachments you don't know where they are from etc...)

2. Don't install add-ons or plug-ins for programs, such as web browsers, that you don't trust or can't verify the author

3. Only install software that you trust; either from the official repositories or widely trusted repositories like medibuntu or from a major supplier like Sun Microsystems, Adobe etc...

4. Don't run scripts or other commands where you can't verify and trust the source

5. Don't run as root (or Administrator on Windows)

That said, Windows has historically had a large number of problems with malware because of poor decisions Microsoft has made. Windows XP SP2 fixed a large number of those issues but some issues are likely to remain.

Windows users have never gotten the message not to run as Administrator. The ones who have are likely still running as Administrator because of stupidly designed software that unnecessarily requires root access and/or because running as a non-Administrator on Windows is just a hassle (compared to Linux.) For example, as a developer running Windows as a non-Administrator is simply not viable (especially when using IIS) whereas on Linux it is easy. UAC on Windows Vista is ridiculous.

being a fellow linux user i can agree with you there :)


my best advice for those is simply stick with the repos and avoid pre-compiled crap from just anywhere and grab a tar.gz direct from the applications site if it's not in the repos.

Bigger Market Share + Less Technically Proficient Users = Active Viruses.

It's inevitable if Linux desktop went mainstream. However, viruses would depend heavily on getting the user to allow the virus to be installed.

This walkthrough here shows one way of how it could be done:

How to write a Linux virus in 5 easy steps
(http://www.geekzone.co.nz/foobar/6229)


.

who said linux wasn't mainstream' they are dead wrong !

who said linux wasn't mainstream' they are dead wrong !

I think what is meant by mainstream is common (non-technical) users using it. Non technical users can use Linux but they need to understand the basic security principals.

For example, about a year ago I setup a Ubuntu computer for a friend who had never used a computer before. At first I setup his account so that he was not a member of administrators so he couldn't use sudo or anything that required root access. A few months ago I changed his account and made it a member of administrators and showed him more things but with a warning not to install software that he doesn't know where it is from etc...

To this day he has never had a problem with the computer and Ubuntu has gotten a really good rating from someone who has never used a computer before. :)

Nope contrary to a lot of beleif Linux is a high prfile target, it controls the server market....

if anything servers are a lot bigger target than the desktop, becuas ethye hold the data that matters, credit card numbers and so on...

even the NSA prefer it.... So go tell your it friend he's an idiot bvig mouth that has absolutely no clue

Nope contrary to a lot of beleif Linux is a high prfile target, it controls the server market....

if anything servers are a lot bigger target than the desktop, becuas ethye hold the data that matters, credit card numbers and so on...

It's botnets now that attack servers and these botnets are comprised of desktops.

I think what is meant by mainstream is common (non-technical) users using it. Non technical users can use Linux but they need to understand the basic security principals.

For example, about a year ago I setup a Ubuntu computer for a friend who had never used a computer before. At first I setup his account so that he was not a member of administrators so he couldn't use sudo or anything that required root access. A few months ago I changed his account and made it a member of administrators and showed him more things but with a warning not to install software that he doesn't know where it is from etc...

To this day he has never had a problem with the computer and Ubuntu has gotten a really good rating from someone who has never used a computer before. :)

oh' i see

thanks for that' that was a great thing you did :)

Using a ddos attack but thats nothing to do with a Linux vulnerability. thats just infected Windows computers spamming a single target computer, hence using up the bandwidth..

as for it's popularity

aka balmer thinks linux is a bigger threat to windows than mac ;)

http://www.osnews.com/story/21035/Ballmer_Linux_Bigger_Competitor_than_Apple

haha' stupid pie charts

oh' i see

thanks for that' that was a great thing you did :)

I learned a huge amount in the process also :D He even had his ISP come in and install high-definition TV. I'm sure they had a couple of questions about his computer...I'm glad it was still on the Internet after they had installed a router, etc... ;)

Even from a noob perspective Linux has better security

let's see using Windows you can cruise by a site get a virus, or a virus comes across the internet connection and bang your infected since once it gets to your computer it basically has admin privileges without you even knowing....

now with Linux you'd have to knowingly download it enter your password to grant it privileges each time it runs, AND give it executable privileges, that enviro tends to impede viruses, and thats assuming the OS is vulnerable, which they're typicaly not they're patched within hours of a problem being found typicaly

I learned a huge amount in the process also :D He even had his ISP come in and install high-definition TV. I'm sure they had a couple of questions about his computer...I'm glad it was still on the Internet after they had installed a router, etc... ;)

haha must have been an eye raising situation for the tech to see a linux desktop.

tech guy at my house was very curious about my os :)

One thing that's nice about Linux, right now, is that there isn't a whole lot of malware out there. Statistically it's less risky because there are simply far less mines in the minefield.

We'd like to keep it that way too but as it becomes more popular it will inevitably attract the attention of con artists and criminals or just plain jokers that want to have fun at other people's expense.

haha must have been an eye raising situation for the tech to see a linux desktop.

tech guy at my house was very curious about my os :)

Yeah they don't see too many non-Windows (and non-Mac) computers, especially someone that doesn't know much about computers running one. ;)

One thing that's nice about Linux, right now, is that there isn't a whole lot of malware out there. Statistically it's less risky because there are simply far less mines in the minefield.

We'd like to keep it that way too but as it becomes more popular it will inevitably attract the attention of con artists and criminals or just plain jokers that want to have fun at other people's expense.

agreed' but i feel it's always been like that.

constant kernel security updates and bug ironing along with basic common sense is the only defense against this garbage.

typically linux evolves and becomes more secure !

i say this because' we don't see the holes until something happens that reveals the vulnerability.

now if we consider being over powered by the stuff' then of course we would be the only os standing being the only target:)

Linux is very secure, I'm not saying invulnerable but with a ltitle common sense I'll even say your 100% safe unlike windows.... as long as you don't go giving executable permissions and admin privileges to suspicious software you find on questionable sites....

But the thing is as we get more users we get more developers, if Linux became the number one os, all that extra manpower behind Linux you'd see even more enhanced security...

but if you really are concerned about security why don't you go into synaptic and install selinux, it is designed by the NSA and it is a security enhanced protection...

Personally I think it's really unneeded but, draw your own conclusion and do your own research

but if you really are concerned about security why don't you go into synaptic and install selinux, it is designed by the NSA and it is a security enhanced protection...

Personally I think it's really unneeded but, draw your own conclusion and do your own research

i have a basic setup and i don't have any concerns' not even one, in fact security doesn't even cross my mind like it did in the past :)

i am sure you know what i mean ;)

i have a basic setup and i don't have any concerns' not even one, in fact security doesn't even cross my mind like it did in the past :)

i am sure you know what i mean ;)
Considering Linux is in my Opinion secure I'm comfortable myself with the basic security, and I've never ever had an issue, not with Linux, I think you'd be very very hard pressed anyone who genuinely has

let's assume you are stupid enough to get tricked into downloading dstroyer_virus-0.04a.deb, open it, enter your password so the deb is executed as super user.

In worst case scenario the .deb will overwrite an application you are going to open... like "eye of gnome" (it is an image viewer).

Actually, no. The .deb could not be used to install over other existing applications, because the package manager won't do that. If you've ever done much tinkering with non-recommended repository configurations, you've probably seen .debs fail to install because they tried to overwrite a file in another package.

I suppose in theory it could run some kind of setup script that could do heaven-knows-what, but the actual APT installer engine would error out and require you to use dpkg at the command line with special switches to force the install.

This is one of the many things apart from mere market share obscurity that helps innoculate us against the baddies.

For a few more, see this post: http://ubuntuforums.org/showpost.php?p=6886501&postcount=51

Considering Linux is in my Opinion secure I'm comfortable myself with the basic security, and I've never ever had an issue, not with Linux, I think you'd be very very hard pressed anyone who genuinely has

been using linux for years and never' not once had any issues.

if i ever thought it was time to use the extra's' i would have an arsenal of protection to choose from !

Think about this, what would you trust more...

Windows.
Doesn't let anyone see the code or fix it, trusts in the security through obscurity rule, yet crackers keep finding those holes.... and even if a company finds the hole they can't fix it to protect them selves or Microsoft can sue them....

Linux
shows everyone the code, companies like Google, IBM, Dell and a lot of others are constantly working to make sure your OS is Secure, Home users can come up with fixes to make sure your OS is secure, government organizations can fix it to make sure your secure such as the selinux with the NSA. and you know what, it's secure, your safe no holes, no crackers

I would have asked the question...
How many of you have gotten a Linux virus?

I have never heard anyone talk about it. It seems to me that with all the wackos in the world, whether a million or whether 10 people use Linux, there would be SOMEONE trying to infect a Linux computer. So I do not believe its a matter of 'mainstream'. Its got to be a matter of, its just hard to do.

Also No back doors like THIS ONE (http://nationalexpositor.com/News/1128.html) in Windows

If anyone tried, since the code is open source and it'd never be let through.... Unlike closed source you can trust that with open source, millions of people have gone through to make sure it's safe, not just the Linux users either, I'm sure MS would love to yell about something back door in Linux, but that ain't gonna happen, with the open source model, it can't happen

oh' this thread is a keeper "bookmarked" :)

Think about this, what would you trust more...

Windows.
Doesn't let anyone see the code or fix it, trusts in the security through obscurity rule, yet crackers keep finding those holes.... and even if a company finds the hole they can't fix it to protect them selves or Microsoft can sue them....

Linux
shows everyone the code, companies like Google, IBM, Dell and a lot of others are constantly working to make sure your OS is Secure, Home users can come up with fixes to make sure your OS is secure, government organizations can fix it to make sure your secure such as the selinux with the NSA. and you know what, it's secure, your safe no holes, no crackers

why can't they fix it?

why can't they fix it?
copyright and the DMCA, you can request Microsoft fix it but your not aloud to alter the Microsoft code even if you have the know how which a lot of corporations have... one reason why google use a version of Ubuntu

yep' the ms eula strictly says you cannot modify anything.


i refuse to agree to those terms and therefore refuse to install windows on my computer .

i guess it's their priority to not let you touch the code but haven't some of these problems been lingering for awhile now?

there are bugs in windows that have been there since 98, thats well known just do a search.... so yes obscurity just doesn't work, theres tons of proof

they built some community support for bug testing' personally i would never partake in such a thing' especially if they don't pay me for testing !

Actually, no. The .deb could not be used to install over other existing applications, because the package manager won't do that. If you've ever done much tinkering with non-recommended repository configurations, you've probably seen .debs fail to install because they tried to overwrite a file in another package.

For a few more, see this post: http://ubuntuforums.org/showpost.php?p=6886501&postcount=51

Yes, you are right, that would probably not work like that. but after installation of the .deb and after a restart, the virus would be auto started and that actually be easier. So I guess I failed :P

but I tried may things on the list, trying to disguise a program I made to look like it wasnt a dubious program.... and it didnt work. placing .desktop as a tag showed up, but it did change how gnome treats the file.... now it is a folder.. -.-

And without permission to execute I was unable to get anything, no matter what... it may be because I had wine installed and any foreign looking executables on my system are normally considered to be wine material.


I guess this has just been fixed in updates though since he made that page. please try out your self to see if it works on your computer, failed at mine :)

End-user desktop machines have nothing of any real value to criminals (the odd credit card transaction, but seriously, come on....)
I disagree.

Botnets have huge value to criminals. Sections of zombie networks are often sold off for significant amounts of money.

Ok, hold up people!

When I download something here in Ubuntu, a box comes up asking me for my password. Ok, I put it in. Well, how does that keep me from getting a virus? Doesn't windows do the same thing now?

Where do you download things from?

Ok, hold up people!

When I download something here in Ubuntu, a box comes up asking me for my password. Ok, I put it in. Well, how does that keep me from getting a virus? Doesn't windows do the same thing now?

Typically for a well configured Windows box this or something like it would also be the case. This however is where one has to remember who we are dealing with. To avoid this they can exploit privilege escalation bugs, they are discovered all the time, even if you are up to date you have to remember that the bad guys often know about security problems the good guys don't till they are widely exploited.

You cannot be assured that not being root will stop such attacks.

Another thing to consider is what the objective might be, if it is to infect your machine and make it part of a botnet that could easily be done in a user account without being installed system wide. Sure in this case hiding from the system using rootkit techniques is largely not possible... were it not for the afore mentioned escalation bugs and the lack of containment. Most of the time this is probably the case.

The ace up Linux' sleeve is definitely systems like SELinux, even if there is a bug in Firefox e.g. you cannot break out of the jail. Your breach doesn't flow over into the system. This makes it much safer, and increasingly applications are contained like this on distros that take security seriously (read Fedora). Another ace up our sleeve is preemptive action, there are a multiple of compiler settings that make things like buffer overflow exploits less likely. We have very good defences available to us (pretty much everyone does this now.. good job people).

Finally we can architect the system to not correctly, if security is underneath working automatically and we don't ask for passwords and permission all the time are are not fostering a cult of "OK" dialog clickers who will mindlessly just type in their pasword without understanding why. This is one reason why PolicyKit and good default policy is important. When people are not constantly asked to confirm stuff, they learn to grow concerned and to read dialogs when it does happen. Don't be a yes man, yes men get exploited.

We can also stop writing things in hopelessly unsafe languages like C, there is no need for it when options like C# offer us many security advantages. Singularity and SharpOS even show us that a highly performant kernel can be written in a managed language. We should definitely consider this path for the future, not only for the security aspect.

Is Linux safer? yes. Absolutely. Will it get exploited the most machines are out there? naturally. Will the effect be as bad as on Windows? I doubt it, we have years of security minded design on our side and provided we don't start throwing that overboard to gain popularity then I would say the odds are considerably lower.

As most people have correctly stated in this thread, Linux is a high profile target if you look behind the desktop market.
Also Linux does have a better security design (userland, SELinux, AppArmor, ...) than Windows.
For instance, in XP many security options in the otherwise well built NT kernel are turned off. And Vista: "Do you want to download?" -> yes, "Do you really want to download" -> yes without hesitation, "Do you want to execute after download?" -> yes without looking, "Do you want to install virus?" -> yes and now get out of my way already.
And both are usually run as administrator.


Another thing about the way of spreading a Linux virus via USB (someone asked on page 2 or 3).
Assume that you want to make an Ubuntu specific virus and assume that autostart from USB is generally turned on.
Then you infect the USB stick with a program that starts when the drive is plugged in, but sleeps for 10-20 minutes. After that, it pops up a classical "Update Manager" window (using your current theme), showing some bogus updates and asking you to install them. If you do so and enter your password as usual, it can grab your password and root the system. Of course, it will move the slider as if downloading something and then crank up the CPU usage for a few seconds and emulate the terminal output so you think it's installing. This could actually be used to install a real rootkit.
Then it'll run a daemon detecting any USB drives and infecting those too.

This idea is limited to GNOME, but nothing hinders the virus writer to include a detection check for KDE (and maybe XFCE?) and then pop up those update manager look-a-likes, covering almost all of the desktop population.

That's also a reason why the "pop under" update manager in Jaunty isn't such an awesome idea. But if it's possible to display tray icons with user rights (I think it is), the virus could display the update icon instead of popping up directly, which would endanger Hardy/Intrepid users as well.

Of course, all this would be limited on the fact that not everyone has autostart on USB turned on. But the idea can be used in many other cases (infected debs from a small project you want to download... or an infected third party repository... or emails with a fun little program), the payload stays the same.
There is little to prevent social engineering from making non-technical users (parents are the classical example) run such programs. "Here's a new screensaver, just run it. It's not dangerous since it doesn't ask your password" or something less lame ;)
The important thing is the waiting period (which could be set randomly between 10 and 30 minutes), so the act of plugging in a drive or running a file doesn't appear connected to the update manager.

Someone should write a proof of concept.

The definitive answer: there is NO secure OS. Once you have the code executed, expect everything. You want to be secure, get legit software. Use software from trusted sources, vendors. Else is just your fault.

Regarding linux, remember, hackers dont need your root pass to steal your credit card details. Is enough a key logger to watch you and send back passwords. I think one windows virus was did that, making all firewalls useless, because he wasn't opened as a server, he was just sending mails. Same thing can happen on linux also.

This whole thread is absurd IMO.

Why do you preach about Linux when you obviously don't really know what it is or how it works, and what it is built upon?

I mean, seen few too many of the new people to preach about something they are new to. Not logical.

Not to bash newbies(I still consider myself as one) but the worst thing about Linux and Unix is the preaching newbies. Just cut it already please. :(

Hopefully someone gets the point, and no one gets offended. :)

Thank you.

Even from a noob perspective Linux has better security

let's see using Windows you can cruise by a site get a virus, or a virus comes across the internet connection and bang your infected since once it gets to your computer it basically has admin privileges without you even knowing....
That is total utter ******** (no offence :-p ). Viruses don't magically fly towards a Windows PC, you know ;) Vista has improved a lot on security, and Windows XP wasn't too bad either (though running as an Administrator was problematic).

now with Linux you'd have to knowingly download it enter your password to grant it privileges each time it runs, AND give it executable privileges, that enviro tends to impede viruses, and thats assuming the OS is vulnerable, which they're typicaly not they're patched within hours of a problem being found typicaly
It depends a lot. Yes, most vulnerabilities get patched fast (and the update manager updating all your applications helps a lot), but for example the Debian SSH disaster took around 2 years before it was noticed.
And these things apply to Windows as well: you have to knowingly download it, and press 'accept' (or something like that) to install the application.

This whole thread is absurd IMO.

Why do you preach about Linux when you obviously don't really know what it is or how it works, and what it is built upon?

I mean, seen few too many of the new people to preach about something they are new to. Not logical.

Not to bash newbies(I still consider myself as one) but the worst thing about Linux and Unix is the preaching newbies. Just cut it already please. :(

Hopefully someone gets the point, and no one gets offended. :)

Thank you.

Agreed. Totally agreed.

trying to kill an innocent thread eh?

this thread isn't designed to degrade a specific distro, it's purpose is to capture everyones thoughts and opinions !

when someone decides to read threw it' they will be capable of sorting out what's logical........

the newbies are allowed to post too !

they will eventually learn from the facts laid out here from very knowledgeable folks.

if you don't wish to partake in the thread go to another thread :)

As I see it both Windows and Linux have their own ideas about how to balance use-ability against security. Ubuntu/Linux handles it one way, Windows another. There are too many factors in the equation to say that one is better than another for everyone, for all systems, across the board.

What I do feel safe in saying is this:

1. There is no OS yet made by man can not be hacked or exploited by man.

2. This being the case, there is no security application -- no firewall, no anti-malware or anti-virus -- that can adequately replace the one between your ears in the form of a minimum of understanding, common sense and applied safe-computing habits.

I've never caught a virus on even Windows. Why? Common sense. Don't click on anything that tells you to click it, don't open any weird executables, and don't do anything that the little man on your shoulder tells you looks a bit absurd...

The only way you can keep any computer safe is the disconnect it from the net and seal it in concrete. There have been people on this site that had their Ubuntu PCs hosed. If you weren't too busy trolling the community cafe you would see the occasional thread pop up in general help.

The only way you can keep any computer safe is the disconnect it from the net and seal it in concrete. There have been people on this site that had their Ubuntu PCs hosed. If you weren't too busy trolling the community cafe you would see the occasional thread pop up in general help.

You are indeed correct, but the internet is not the only way of getting viruses. Indeed, stupidity is the worst method. I know someone who practically bubble wrapped a PC for gaming. From a dodgy and most likely illegal deal for a game he got he caught a virus. I'm not sure what happened next but I think he eventually had to format the drive and reinstall.

Fact is, if you're stupid enough to get viruses, you're going to get them. If you can bash the proverbial rocks together, you can probably avoid most.

there are no trolls here either, each of us helped in the user forums and have a right to come here and chat by the cooler :)


it looks like basic security principles and common sense is the answer on any platform.

i guess it really depends upon the individual and the level of security on that users platform.

some don't realize how affective uac can be when it's enabled' there is virtualization involved that protects the core components !

You are indeed correct, but the internet is not the only way of getting viruses. Indeed, stupidity is the worst method. I know someone who practically bubble wrapped a PC for gaming. From a dodgy and most likely illegal deal for a game he got he caught a virus. I'm not sure what happened next but I think he eventually had to format the drive and reinstall.

Fact is, if you're stupid enough to get viruses, you're going to get them. If you can bash the proverbial rocks together, you can probably avoid most.

It's not stupidity. It's the lack of education of safe security practices. Most people that get a PC don't know of the various vectors that viruses have and how to plug them. They have the false belief that Norton actually does something.

They have the false belief that Norton actually does something.

Yes, quite recently I've had someone claim that because they had an anti-virus, they could execute a virus safely...:roll:

uac isn't a toy' it can really help keeping it enabled !

those that are annoyed by it's prompts should read this, it shouldn't be disabled as it proves to be quite useful .

http://en.wikipedia.org/wiki/User_Account_Control#Features

for example the Debian SSH disaster took around 2 years before it was noticed

Then, it wasn't much of a disaster if no one freaking noticed it for 2 years, now, was it? :)

I've never caught a virus on even Windows. Why? Common sense.

Major problem with common sense is that it just isn't very common these days.

Also keep in mind what definition of virus we're thinking about here. Are we talking virus as "a possible way to bust a computer" or virus as "a piece of code that exploits a vulnerability in an OS without user interaction"?

If the former, then here's a simple mailbased virus for ya :

"Hello, this is your computer speaking, I'm very thirsty so please pour some water throught my mouth-grill in the back".
I call it the "Genepool-cleaner"-virus.

Sure, it may not propagate a lot, but it busts hardware with the added possibility of personal injury, AND it's cross-platform.

If the latter, then Linux is by far more secure than Windows solely because of it's open nature. We simply have more eyes to debug code with than Microsoft. That, and a much better permission-regime.

Today I was talking to the IT person at my company. I started to tell him how I love Linux and like it so much I switched to it completely. I then went on to tell him how fast it is, and how there are no viruses or malware with it.

Now came a comment from him that I don't know how to answer.

He said "Ha, of course there are no viruses for it, they don't want to make any viruses for something that has no market share". The way he said it left me a bit speechless. Is this the only reason why we don't have viruses, is because they don't care to make them?

Is he right? If Linux adoption jumps 1000000% overnight, will we have viruses?

Will it be like windows?

How should I have answered him?

He is right, in a way.

Linux is more secure, but it's possible to write malware for it.

So while market share is a reason why it's more secure, the system itself is more secure as well.

Let's put it this way, if Linux had the market share MS had today, there would be problems, but nothing close to the epic malware proportions MS has today.

Tell him that some of the world's most sensitive information including credit card details, national secrets, social security numbers, internal government documents, and industrial secrets are all stored on Linux servers. Whoever could write a virus to transparently infect those servers and retrieve that information, would be the world's newest billionaire overnight.

Many have tried to infect those computers, but they have limited / no success. Linux is strong.

It is possible that a malicious attack can come from the fact that many linux users need help learning linux. Many new users will trust anything posted on the forums.
At the same time the community is pretty quick to catch these things, but it must be getting tougher to moderate.

One thing for sure: If any user posts that they got a virus on their system on this forum, there will be hundreds of users investigating it within the hour.

Also, mentioned earlier: Proprietary software poses another threat (Flash based attacks...etc)

The above shows why your IT friends theory is flawed. Linux users tend to be fundamentally informed about user security, and why one should and should not run anything as root. Windows users tend to be dumb as posts about such things-and if it says "CLICK HERE", they will.

You completely missed his question, he said if the market share jumped to 50%.

It doesn't matter what operating system you are on, if you know what you are doing, you will not get a virus. I haven't seen a virus in 4 years, just 3 months ago I ditched virus protection and have run free without it, no viruses. Yes, I know there is, I dont' need virus protection to figure that out.

So, you just answered his question, Linux is no more secure then Windows, it merely relises on the users knowledge. I've already posted something on this before. Ty, Good bye.

Windows runs as full admin (unless you setup a limited user). So it is easy to just delete the entire Windows directory, setup a spam-bot machine, or do whatever damage a virus wants. That is why viruses run freely all over windows. They have full access. Even 'UAC' does not prevent viruses and malware from running wild as anyone who has worked on a compromised Vista machine can attest. That ever popular 'Anti-Virus 2009' malware installs on Vista machines without ever prompting UAC...

You are safer in Linux as you are running a limited user. Same in OS X, or Solaris. Sure there are Linux vulnerabilities, rootkits, trojans and crap. Install the program rkhunter for more info. :)

But most all of those only happen to machines that are public facing acting as a webserver or database server (i.e. not 100% behind a NAT router). If you are behind a Linksys router with your Linux desktop, you are pretty darn safe. There is nothing you can 'click on' that will suddenly infest your machine. Nothing right now, anyway. :KS


PS: You can install a package safe-rm which will prevent accidental deletions in Linux if you are paranoid from a certain known command.

There are linux viruses of course, google and you will find. I've never hadd a virus in my Windows PC in 2 years since I became a geek.. You need to learn how to be responsible for your things, and that include your computer.

This guy is correct. Linux doesn't have a whole lot of viruses because it lacks market share. Nobody wants to infect such a small group of people, when they can be screwing up the computers of more than twenty times the amount of people on Windows. Linux users are also pretty technical and smart, and know how to avoid these types of things. Linux would be the easiest to create viruses for since it's open source, but nobody wants to waste their time right now. Maybe you'll see viruses when 'mainstream' finally catches on and the market share goes up to 40%. It will happen eventually.

Forget worrying about viruses in particular: if you focus too much time worrying about viruses (and wether virii is a valid plural) you could easily miss spotting the other kinds of malware (http://en.wikipedia.org/wiki/Malware) that could come your way.

The only sure fire way I know of that guarantees no nasties is to have your computer completely disconnected from the outside world (no internet, no disk drives, no power, and [pardon the double negative] no nothing) and preferably switched off. As an extra precaution you could bury it in your back yard, but that might be hazardous to its health too.

(and wether virii is a valid plural)

It definitely isn't.

Viruses don't exist because there are a lot of Windows computers, they exist because of how Windows is designed.

Linux isn't designed the same way Windows is so there are no viruses.

Marketshare has nothing to do with it whatsoever.

Linux would be the easiest to create viruses for since it's open source, but nobody wants to waste their time right now.


Au contraire, mon frere, this is what makes writing a successful Linux virus extremely difficult.


.

This kinna makes you think who really creates viruses. If you think logically the only person who would spend hundreds of hours writing a virus or malware is the person who makes some kinna profit out of it. So the next question is who are the people that make profit out of viruses. And the answer is simple, any company that makes AntiVirus programs that you have to pay for. So why write viruses for an OS that 99.9% of people who use is have a strong feeling against paying for software. And with a little elbow grease can patch most vulnerabilities on their own. I'm not much of a conspiracy theorist but this one seem just a bit too obvious.

Linux would be the easiest to create viruses for since it's open source, but nobody wants to waste their time right now.That's a myth. Security updates are released quickly because it is open source.