I've merged this with the other similar thread on the issue.

I don't think it's complacent at all to not run anti-virus on Linux.

First of all, if someone were to create malware for Linux in "the wild," it would probably come in the form of a .deb file or some buffer overrun or Javascript exploit in Firefox. Assuming an anti-virus program would protect you from viruses fully, you'd still have other security problems to contend with. And if you download random .debs from all over the internet (instead of sticking to the main repositories), you're probably more likely to have your system compromised than from contracting a Linux virus. That said, I've never heard of a malicious .deb file. Not saying one can't be created, only saying one has not yet been created or detected.

Secondly, an anti-virus program is only as good as its creator/maintainer. Someone has to maintain and update virus definitions. If a Linux virus (one that worked and spread rapidly) suddenly appeared, it would probably do a lot of damage before the anti-virus software creator could update the program to detect the virus, and then distribute those updates to all the anti-virus software users. This is the same problem that Norton Anti-Virus Windows users run into as well. Virus and anti-virus, spam and anti-spam are both arms races. You will never have a fullproof guard against all malware.

I view it as complacent to think that running anti-virus will give you any kind of real security in Linux.

YEA.. we are crazy, Mike shuttleworth were and is crazy enough to ship free OS all over the world, so why dont we?

ah.. and have you heard crazy rumours that some anti-virus companies make their own virus and few hour later release fix for the virus? the arm race of virus and anti virus is one thing, arm race of anti virus companies is another. Forgive my conspiracy theory.

and " just in case" it sound like something I could handle, honestly I can do more harm to my linux box more than any linux virus can. I leave my pc case open, place a cup of coffee, ashtray with cigarette on top of it, I very lucky I haven't spill coffee on my pc box, but I had a few cigarette burn on the casing. Can virus do that?

In the real world.. does wearing condom give you protection over HIV? yes of course, but you don't have to use it all the time. If you don't screw around you even don't need one. I thing that's goes to computer users, your best protection is your behaviour.

I like the condom analogy.

Some people are under the impression that just running anti-virus makes you safe from all the ills of the internet. Likewise, some people are under the impression that using a condom protects you from all STDs. Even if you use condoms properly and every time you have sex, you can still contract herpes, HPV, and crabs. And if someone created a malware-laden .deb for a "cool program" that you double-clicked and gave your password to, it wouldn't matter how good your anti-virus is.

I've merged this with the other similar thread on the issue.

I don't think it's complacent at all to not run anti-virus on Linux.

First of all, if someone were to create malware for Linux in "the wild," it would probably come in the form of a .deb file or some buffer overrun or Javascript exploit in Firefox. Assuming an anti-virus program would protect you from viruses fully, you'd still have other security problems to contend with. And if you download random .debs from all over the internet (instead of sticking to the main repositories), you're probably more likely to have your system compromised than from contracting a Linux virus. That said, I've never heard of a malicious .deb file. Not saying one can't be created, only saying one has not yet been created or detected.

Secondly, an anti-virus program is only as good as its creator/maintainer. Someone has to maintain and update virus definitions. If a Linux virus (one that worked and spread rapidly) suddenly appeared, it would probably do a lot of damage before the anti-virus software creator could update the program to detect the virus, and then distribute those updates to all the anti-virus software users. This is the same problem that Norton Anti-Virus Windows users run into as well. Virus and anti-virus, spam and anti-spam are both arms races. You will never have a fullproof guard against all malware.

I view it as complacent to think that running anti-virus will give you any kind of real security in Linux.

Agreed. The odds of getting a virus on Linux are low. Very few known viruses exist for Linux, but that does not mean that you can't download a malicious .tar.gz or .deb, just like on Windows.

I read the WinXP Home Edition EULA. Among other things:
-It can't be used on more than 1 CPU at once. Translation: NO SMP! (Pro has this, but it's extra.)
-It acknowledges that even XP is loaded with DRMs.
-Only 5 other computers can connect to the computer at once.
-If a DRM has been "compromised", Microsoft may disable the DRM-using program, and therefore the DRMed content- or even the DRMed OS. :o
-The WMF SDK requires a separate license.
-Gaming requires a certain system (but what? they don't say).
-Reverse engineering is prohibited.
-Hosting via XP is prohibited. (What? Surprised? Server Edition probably has this, but it's extra.)
-Microsoft can "terminate" your copy of Windows.
None of this is the case with GNU/Linux. SMP can be added by recompiling the kernel (or installing a new one via Synaptic), there are no DRMs, you can have as many clients as you want, standards not only need no license, but are available to the public, gaming works on any system, reverse engineering is unnecessary but not prohibited, hosting is fine, and not even Linus himself can tell you to stop using Linux.
So join the revolution. We guarantee freedom from DRMs and BS like this.

4 points to consider:

1. MS code is closed, all the more easy to hide malware. Not so in Linux

2. MS botched the root/user paradigm in Windows, it's practically impossible to run as a limited priviledges user. All those users running as root brings joy to virus writers, so easy to take full control. Not so in Linux.

3. Windows doesn't do a good job separating core and apps. Virus writers must love this, so easy to write and install an app to change the core codebase and bring the whole system down. Not so in Linux.

4. MS does an apalling job addressing security issues, seemingly preferring to cover them up or deny them as long as possible to avoid "bad press", then taking ages to resolve them. (See here (http://en.wikipedia.org/wiki/Comparison_of_operating_systems_%28security%29)). Not so in Linux.

So even though Linux now enjoys security through (relative) obscurity, the very design of Linux makes it much harder to bundle spyware or write viruses for it. Also Linux has a lot of good faith built up amongst the code writing literate, particulary the young and angry/mischevious/bored ones. Not so for MS!

Though only time will answer your question for certain.

I wouldn't consider Wikipedia a competent source for any information.

I wouldn't consider Wikipedia a competent source for any information.

But it runs on te same principle as open source!

But it runs on te same principle as open source!
No it doesn't. I can't just randomly insert code into the Linux kernel or add a package to the Ubuntu repositories. There's an approval process. Code can be contributed, but it has to be accepted first. And if it's not accepted, you can fork the project and be your own project leader.

Wikipedia (with a few exceptions) allows anyone to edit entries. You don't have to have any qualifications or trust within the community.

That is a very different development model from open source.

Statistically your data is under more threat from hard drive failure than viruses, so better make regular back ups........

Yes, but only if you know what you do. If you start everything as root or login as root for working the answer is "No".

Julian

Statistically your data is under more threat from hard drive failure than viruses, so better make regular back ups........

yes.. true.. that's why I hate statistic. Hard drive failure is my number 1 problem, not virus.

It's not a garantuee as such.

Running linux does protect you much better then running Linux. Even to the point where I don't run a virusscanner or Firewall anymore.

But bad habbits can ruin you linux just as well. Don't default to root login. Don't install every crappy .deb that comes you're way.

I view it as complacent to think that running anti-virus will give you any kind of real security in Linux.

I hadn't looked at it like that - but I suppose it makes sense. I'm still too used to Windows XP I guess!

Yes, but only if you know what you do. If you start everything as root or login as root for working the answer is "No".

Julian

Of course, this is prevented on Ubuntu, since the root password is scrambled.

Of course, this is prevented on Ubuntu, since the root password is scrambled.
It's not scrambled, there just isn't a root account you can log in with. You can't guess the password of an account that doesn't exist ;).

And passwords are 'scrambled' on pretty much every system. Take a look at /etc/shadow as an example. Your username is in there as plain text, but the password is just saved as a hash of your password.

It's not scrambled, there just isn't a root account you can log in with. You can't guess the password of an account that doesn't exist ;) Actually, you're wrong. The root account exists in Ubuntu, and it does have a scrambled password.

It's not scrambled, there just isn't a root account you can log in with. You can't guess the password of an account that doesn't exist ;).

And passwords are 'scrambled' on pretty much every system. Take a look at /etc/shadow as an example. Your username is in there as plain text, but the password is just saved as a hash of your password.

It exists, and is scrambled. Scrambled and encrypted are much different. That jumble of text in your shadow file translates to your password, just encrypted. On the other hand, scrambled means that the actual password required for system entry is an auto-generated jumble of text before encryption.

There is a root account. There needs to be. Sudo would not run without it-all sudo does is pass along the commands to the root account, which passes the results back to sudo. Oh, and load your system in recovery mode from the GRUB menu. You will be logged on as root. (Type "reboot" to reboot or "gdm" to start GDM).

OK stupid name for my thread

but I've had enough. I am about to make some comments, which I can only hope are not taken as troll like- cos that isn't at all what i'm trying to achieve.... anywaay.. i need to make them

first up, i'm going to make a bold statement which i want everyone to rip apart completely

linux...in particular,.. ubuntu, has only security by obscurity. No one on the forums seems to be able to make the comment, either: linux is free of vira and u need to be carefull, or linux is still vulnerable. of course, everything is vulnerable, but there is a certain idiot factor in especially with linux that would cause that to happen. almost retardedness. anyway forget that. My point is, everyone argues for linux/ubuntu whatever securty is flawless. No. clearly that is not the case. So why isn't there a how-to secure ubuntu?

I guess my main point is, why should anyone trust security here, as every single person has a completely different take on how perfect it is. This is the fundamental flaw for me. If i comapre to windows, sure, security patches maybe slower, but it fixes the problem.
Pls, don't get me wrong, I really hate windows, but, as a security professional, how can I ever trust anything here... Updates often wrong/bad/(**** **** up) --- no one is able to give definitive opinion on whether its secure by design/obscurity, ok... you get what i'm saying...

basically

How on earth can I trust that its "more secure by default", or "don't worry just use noscript in firefox"

and for this question, pls ignore strength of password. I use a 20 character pw, with everything you would expect.

perhaps i should have also noted i understand the difference between linux / windows admin usage.

i agree- ubuntu's security is not flawless. but seeing as how the majority of viruses/hackers out there target computers running windows, then, well, take that how you want to:)

http://ubuntuforums.org/showthread.php?p=3088372

...

another q stemming....

why are tehre so many linux users, which i assume alreadt have greater knowledge of computers/hw/sw in general, that claim nothing needs to be done apart from securing your password (ignoring things like opening your own security flaws by opening ports/samba/whatever would cause possible vulnerability through silly misconfiguration.)

sure, but

"targeting windows users" is silly

serious computer criminals don't target single users, they would attack a repository of users, (i'm sure u can imagine, e.g. database of social sec numbers... whatever...). And it's stupid to assume these servers are windows. they aren't. they're mostly apache. Obviously its an easiest target thing, but in this case the apache server may be the easier target for having the biggest benefit,...whatever...

As such, I believe, (probably misguidedly), linux more secure by default == false

quibble: the English plural of "virus" is "viruses," since the Latin noun "virus" (meaning scum, muck, sludge, filth or poison) has no plural form. Theoretically, it would be 'virora,' but that word is not found in the existing Latin corpus.

If you want to talk about exploits versus patches, then we can have a very good conversation. Windows has literally thousands of open and disclosed vulnerabilities in the OS--and a fraction of those are patched at any one time.

GNU/Linux distributions also report a number of security vulnerabilities, but because of the nature of free and open-source software, those vulnerabilities are quickly identified and even more quickly patched.

Compare the development model to that of Windows, where only Microsoft can fix vulnerabilities in their own software.

Consider this, as well: if I were to discover a vulnerability in a Microsoft product, I could simply conceal the knowledge and exploit it repeatedly. Assuming nobody from MSFT ever discovered the flaw, I've just found a handy back door into any system running that software--a door that won't close, since nobody can fix it but the maintainers (who remain ignorant of the flaw).

This is what is meant by "security through design." It's not that the software is itself flawless--it is that the faults of the software are known and fixable, rather than the Microsoft model, where you have to HOPE the software is flawless, since there's no way you can fix it should it turn out to be flawed.

OK stupid name for my thread

but I've had enough. I am about to make some comments, which I can only hope are not taken as troll like- cos that isn't at all what i'm trying to achieve.... anywaay.. i need to make them

first up, i'm going to make a bold statement which i want everyone to rip apart completely

linux...in particular,.. ubuntu, has only security by obscurity. No one on the forums seems to be able to make the comment, either: linux is free of vira and u need to be carefull, or linux is still vulnerable. of course, everything is vulnerable, but there is a certain idiot factor in especially with linux that would cause that to happen. almost retardedness. anyway forget that. My point is, everyone argues for linux/ubuntu whatever securty is flawless. No. clearly that is not the case. So why isn't there a how-to secure ubuntu?

I guess my main point is, why should anyone trust security here, as every single person has a completely different take on how perfect it is. This is the fundamental flaw for me. If i comapre to windows, sure, security patches maybe slower, but it fixes the problem.
Pls, don't get me wrong, I really hate windows, but, as a security professional, how can I ever trust anything here... Updates often wrong/bad/(**** **** up) --- no one is able to give definitive opinion on whether its secure by design/obscurity, ok... you get what i'm saying...

basically

How on earth can I trust that its "more secure by default", or "don't worry just use noscript in firefox"

and for this question, pls ignore strength of password. I use a 20 character pw, with everything you would expect. I've merged this thread with the other, similar thread.

While some Ubuntu users might come across as complacent about security, it seems you're making a straw man out of the whole community. If you read through this entire 100-page thread, you'll see the viewpoints and explanations about security vary, and most people here realize that security is a multi-faceted phenomenon.

Design, defaults, documentation, user savvy, and obscurity/visibility are all factors in security. Obscurity alone will not protect you, just as good design alone won't protect you.

But you also cannot discount good design completely just because other factors can override it. A door with a lock on it is good design. Just because you have a home owner who decides to leave the door unlocked all the time... or unlock the door for anyone who rings the doorbell... doesn't mean the lock isn't good design.

I will definetly read that thread, but the point of making a new thread for security was mainly to do with the fact that there is so much discrepancy with replies to do with security in sec threads. I have spent time reading a large number of them, and i always see the same trends, a group agree its secure and you don't have to do anything, and another group agree that while it is secure you should still take simple steps (e.g. noscript -> firefox, enable firewall --> just incase... etc) to ensure security.

it annoys me because, while I would enable a firewall on pc as well as a routers firewall, we still have a huge misconception on what needs to be done and what is unimportant. soz for the weird question; hope i'm making sense to people.

I will definetly read that thread, but the point of making a new thread for security was mainly to do with the fact that there is so much discrepancy with replies to do with security in sec threads. I have spent time reading a large number of them, and i always see the same trends, a group agree its secure and you don't have to do anything, and another group agree that while it is secure you should still take simple steps (e.g. noscript -> firefox, enable firewall --> just incase... etc) to ensure security.

it annoys me because, while I would enable a firewall on pc as well as a routers firewall, we still have a huge misconception on what needs to be done and what is unimportant. soz for the weird question; hope i'm making sense to people.
Well, if you see people offering misinformation, you can politely (within that thread) correct them and/or point them to the security sticky (http://ubuntuforums.org/showthread.php?t=510812&highlight=security+sticky), which bodhi.zazen spent a lot of time putting together.

I've also written a quick layperson's guide to desktop (not server) security (http://www.psychocats.net/ubuntu/security).

Seriously, i'm attempting a serious discussion here not a, err... "i know better than u" thread [cos i don't!]. The complete different opinions everywhere on security really turn me off as a security proffesional. But,... Windows is where i've come from (pretty much... & mostly my history)

I disagree that security is a "multi-faceted phenomenon." In this case. Everyone wants to secure the same things. I don't need to tell you about CIA. It seems to me the "multi-faceted phenomenon" is more on how you need to deal with these possibliites.

...

"
Design, defaults, documentation, user savvy, and obscurity/visibility are all factors in security. Obscurity alone will not protect you, just as good design alone won't protect you.

But you also cannot discount good design completely just because other factors can override it. A door with a lock on it is good design. Just because you have a home owner who decides to leave the door unlocked all the time... or unlock the door for anyone who rings the doorbell... doesn't mean the lock isn't good design.
"

completely agree, but just because you have a home owner who always locks their front door; doesn't mean it will never be compromised

Seriously, i'm attempting a serious discussion here not a, err... "i know better than u" thread [cos i don't!]. The complete different opinions everywhere on security really turn me off as a security proffesional. But,... Windows is where i've come from (pretty much... & mostly my history)

I disagree that security is a "multi-faceted phenomenon." In this case. Everyone wants to secure the same things. I don't need to tell you about CIA. It seems to me the "multi-faceted phenomenon" is more on how you need to deal with these possibliites.

...

"
Design, defaults, documentation, user savvy, and obscurity/visibility are all factors in security. Obscurity alone will not protect you, just as good design alone won't protect you.

But you also cannot discount good design completely just because other factors can override it. A door with a lock on it is good design. Just because you have a home owner who decides to leave the door unlocked all the time... or unlock the door for anyone who rings the doorbell... doesn't mean the lock isn't good design.
"

completely agree, but just because you have a home owner who always locks their front door; doesn't mean it will never be compromised
If you're that paranoid, why not move OSes entirely? OpenBSD has gone for years--I want to seay four or five--without anybody being able to report a single kernel-level vulnerability.

sorry, i don't believe i see misinformation, moreso I see a whole lot of potentially very IT savvy people completely conflicting views on security as it is now "secure by default" or some **** or whatever preconception has been given to them

If you're that paranoid, why not move OSes entirely? OpenBSD has gone for years--I want to seay four or five--without anybody being able to report a single kernel-level vulnerability.
Isn't SELinux used by the NSA?

sorry, i don't believe i see misinformation, moreso I see a whole lot of potentially very IT savvy people completely conflicting views on security as it is now "secure by default" or some **** or whatever preconception has been given to them
Well, of course, there are conflicting views. Do you know how many forum members we have here? Anyone in the world who speaks English and has an internet connection can sign up for these forums and talk about security.

it's not that i'm parranoid. well, actually, i am.

it's more that I see a number of [potentially] quite developed IT professionals with very differing views on their security. I am confident I can secure what I need to as much as I need to in my networking environment, but is there not a problem that [as it seems to me] the majority of the linux community will just disregard it due to design/obscurity/both?

Ithere is so much discrepancy with replies to do with security in sec threads. ... , a group agree its secure and you don't have to do anything, and another group agree that while it is secure you should still take simple steps to ensure security.

it annoys me because we still have a huge misconception on what needs to be done and what is unimportant.

There is no simple answer to security, because security has to be adapted to the way the system is configured and used. On some systems, a virus scanner may be a waste of resources (eg an ordinary linux desktop) while on a (Linux) mail server with Windows clients, it makes sense. So there's no simple answer about how to secure a computer system - Linux or any other.

Granted, there are those who think that running Linux is a cure for any and all security issues. They're wrong. I've seen "I got hacked" threaths on this forum in the past 2-3 weeks.

Well, of course, there are conflicting views. Do you know how many forum members we have here? Anyone in the world who speaks English and has an internet connection can sign up for these forums and talk about security.

yeah... whatever. Silly point, I already mentioned I was talking about the frequency of these discrepancies. Don't get angry at me as if I am bashing at your security beliefs,.... there's obviously facts behind why people have such obviously differed views

There is no simple answer to security, because security has to be adapted to the way the system is configured and used. On some systems, a virus scanner may be a waste of resources (eg an ordinary linux desktop) while on a (Linux) mail server with Windows clients, it makes sense. So there's no simple answer about how to secure a computer system - Linux or any other.

Granted, there are those who think that running Linux is a cure for any and all security issues. They're wrong. I've seen "I got hacked" threaths on this forum in the past 2-3 weeks.

Agreed. I too read the "I got hacked threads" to gather understandings of how it was breached.

So can we consider two typical desktop environments

1) laptop/(whatever i guess) wanting wireless connection to encrypted network

2) simply a new desktop configured to fileshare with windows desktops (lets assume simplest as possible, a ubuntu install with samba installed/configured)


and again, i'm really trying to learn here, more than i Could from previous security threads which never seem to directly answer my questions.

jesus,

I just looked at the results to this (now merged threads) poll

Yes 253 70.28%
No 31 8.61%
Yes, but only on some operating systems (please explain) 31 8.61%
I don't know 45 12.50%
Voters: 360. You have already voted on this poll








Rediculous

jesus,

I just looked at the results to this (now merged threads) poll

Yes 253 70.28%
No 31 8.61%
Yes, but only on some operating systems (please explain) 31 8.61%
I don't know 45 12.50%
Voters: 360. You have already voted on this poll








Rediculous
OK, I'm getting impatient.

What, exactly, am I supposed to be doing to come up to a "suitable" level of security on your scale? I'm seeing a lot of assertions of things being "rediculous" and not a lot of concrete discussion.

jesus,

I just looked at the results to this (now merged threads) poll

Yes 253 70.28%
No 31 8.61%
Yes, but only on some operating systems (please explain) 31 8.61%
I don't know 45 12.50%
Voters: 360. You have already voted on this poll
The poll is about viruses. I agree with those that say anti-virus software on Linux, now, today, is unnecessary.

So can we consider two typical desktop environments

1) laptop/(whatever i guess) wanting wireless connection to encrypted network

2) simply a new desktop configured to fileshare with windows desktops (lets assume simplest as possible, a ubuntu install with samba installed/configured)

and again, i'm really trying to learn here, more than i Could from previous security threads which never seem to directly answer my questions.
The post in the Security (and Servers) Forum. But reprhhase your questions first - they're way to vague

The poll is about viruses. I agree with those that say anti-virus software on Linux, now, today, is unnecessary.

alright, then whoever merged my thread with this missed my point.

Maybe anti-virus software is unnesecary on your linux box, again, this is not too say there are virus' out there / that could be developed to harm you.

ok

so i don't know if this is a stupid question in that there are too many to list,

what are the potential vulnerabilities that would exhert in setting up these systems. And let's talk about more complicated stuff than pw/self explanatory stuff.

OK, I'm getting impatient.

What, exactly, am I supposed to be doing to come up to a "suitable" level of security on your scale? I'm seeing a lot of assertions of things being "rediculous" and not a lot of concrete discussion.

sorry. Suitable level of security to me would mean a [too a large extent] maintained CIA (confiden/integiry/availab)

Suitable level of security to me would mean a [too a large extent] maintained CIA (confiden/integiry/availab)
big words with no meaning, unless you apply them to a specific situation.
And no, "Ubuntu" is not a specific situation.

sorry. Suitable level of security to me would mean a [too a large extent] maintained CIA (confiden/integiry/availab)

You appear to be demanding a 'sufficient' level of CIA. However, people who are as knowledgeable as you want them would first of all need more information as to the 'suitable' part you are mentioning. Otherwise, how could anyone determine if the attained level of CIA was 'sufficient' (or 'suitable') to your needs?

In other words: state the needs, then you can discuss wether any given security measure gives sufficient protection.

alright, then whoever merged my thread with this missed my point.

Maybe anti-virus software is unnesecary on your linux box, again, this is not too say there are virus' out there / that could be developed to harm you.

ok

so i don't know if this is a stupid question in that there are too many to list,

what are the potential vulnerabilities that would exhert in setting up these systems. And let's talk about more complicated stuff than pw/self explanatory stuff.

LOL intrasnit.

see here : http://ubuntuforums.org/showthread.php?t=510812

If security is your primary concern, well there are security specific distro's and of course there is always OpenBSD.

That is all we really have, more or less secure. IMO a default install of Ubuntu is more secure then a default install of Windows XP. Of course both OS can be hardened. No os is completely secure and best to learn how to secure the OS you use (or prefer) rather then troll. (not saying you are a troll mind you, I am just saying we should ALL be reading about securing or os rather then posting here).

I always assumed that there was never a virus for linux because all the coders were using it themselves! lol.

what is the reason for the absence of viruses for linux systems? is it because there aren't so many linux users as there are windows users and that people who want to cause as much damage as possible will automatically target the wide public?
Or is there something that would make it impossible to create a virus for linux even if the worlds most devious minds would give it a try?
And if such technology exists what is preventing microsoft from hijacking it and calling it their own :P ?


Also, why do i keep hearing "almost no viruses" and "linux is hardly affected by any viruses"... are there a few viruses out there or not?

Because Linus Torvalds uses his mental capabilities to prevent crackers writing Linuxviruses.
If someone trys to write a Linuxvirus he feels it and uses his mindpowers to prevent him, he'll then write 4 Windowsviruses. :)
Nah, use Google: http://librenix.com/?inode=21

Funny, I was just reading that article about an hour and a half ago to prove a point to a colleague..

-Dave

The very first computer virus (the Morris worm) was a Unix sendmail exploit. At present there are about 5 Linux viruses of which none work anymore.

Linux is very modular. The result is that every installation is somewhat different from every other installation, even if done using the same distribution. This makes it difficult for a virus writer to find a single exploit that may work on a large number of machines.

Furthermore, Linux has security in many layers. Every major daemon runs as a different user. The combination of tcpwrappers, netfilter, different levels of user permissions and so forth all makes it rather unlikely that a single virus will replicate over many machines.

Cheers,

Herman

http://librenix.com/?inode=21

The article you linked to suggests that it is indeed possible to make a linux virus... only that it would have to be very well-crafted.... which in turn leaves to conclude that the only reason why we are all clean and safe and able to poke fun at the ms-guys is that so far no one spent enough time to breach those security measures. However since it is possible even through conventional means, isn't the bottom line of it all that were just sitting ducks waiting for when linux will become widespread enough to attract the attention of all those good people who just want to do some damage?

The very first computer virus (the Morris worm) was a Unix sendmail exploit. At present there are about 5 Linux viruses of which none work anymore.

Linux is very modular. The result is that every installation is somewhat different from every other installation, even if done using the same distribution. This makes it difficult for a virus writer to find a single exploit that may work on a large number of machines.

Furthermore, Linux has security in many layers. Every major daemon runs as a different user. The combination of tcpwrappers, netfilter, different levels of user permissions and so forth all makes it rather unlikely that a single virus will replicate over many machines.

Cheers,

Herman

Exactly, If someone is really out to get one particular person, they might be able to infect their machine. Even then, the virus is easily taken care of and it is extremely unlikely that it will spread.

People always say they love Linux because they can "make it their own" with all the customizations, and you literally do "make it your own".

The article you linked to suggests that it is indeed possible to make a linux virus... only that it would have to be very well-crafted.... which in turn leaves to conclude that the only reason why we are all clean and safe and able to poke fun at the ms-guys is that so far no one spent enough time to breach those security measures.

That's actually the point of most "passive" defensive measures--like security be design, etc. By making it difficult or unprofitable for someone to write viruses for Linux we cut off the source of problems at their source.

However since it is possible even through conventional means, isn't the bottom line of it all that were just sitting ducks waiting for when linux will become widespread enough to attract the attention of all those good people who just want to do some damage?

I think perhaps "sitting ducks" is a bit of an overstatement. By taking security seriously and making a conscious effort to design and implement software and other technology in a secure way we are actively defending ourselves by raising the bar for potential attackers, thereby deterring many of them from even getting into the game.

Yes, there will eventually be viruses and attacked exploits, but we can still make it harder on the attacker.

That's actually the point of most "passive" defensive measures--like security be design, etc. By making it difficult or unprofitable for someone to write viruses for Linux we cut off the source of problems at their source.



I think perhaps "sitting ducks" is a bit of an overstatement. By taking security seriously and making a conscious effort to design and implement software and other technology in a secure way we are actively defending ourselves by raising the bar for potential attackers, thereby deterring many of them from even getting into the game.

Yes, there will eventually be viruses and attacked exploits, but we can still make it harder on the attacker.

What most people don't realize is that there is a built in firewall in Ubuntu protecting you all the time.

The article you linked to suggests that it is indeed possible to make a linux virus... only that it would have to be very well-crafted.... which in turn leaves to conclude that the only reason why we are all clean and safe and able to poke fun at the ms-guys is that so far no one spent enough time to breach those security measures. However since it is possible even through conventional means, isn't the bottom line of it all that were just sitting ducks waiting for when linux will become widespread enough to attract the attention of all those good people who just want to do some damage?
Not exactly. First of all, Linux is in very widespread use . . . just not on the desktop. There is plenty of incentive for the black hats to write exploits. Google, for instance, uses Linux. You think no one wants to turn their servers into a botnet?

The reason self-replicating viruses are a problem on Windows -- and the reason MS doesn't fix this -- is that the basic design of the OS gives it a lot of security holes. Completely redesigning the system would be, I'm guessing, a pretty big risk: a huge investment, and the risk of (further) alienating their millions of customers who are accustomed to being able to install stuff they found on some random web site.

There are many ways of exploiting Linux systems, and anyone who is running a public server without worrying about security is a sitting duck.
Linux doesn't need to worry about viruses, and probably won't for some time to come, simply because they're the least practical way of attacking a the system.

Not exactly. First of all, Linux is in very widespread use . . . just not on the desktop. There is plenty of incentive for the black hats to write exploits. Google, for instance, uses Linux. You think no one wants to turn their servers into a botnet?

Google also uses a custom version of Linux that they invented.

Not exactly. First of all, Linux is in very widespread use . . . just not on the desktop. There is plenty of incentive for the black hats to write exploits. Google, for instance, uses Linux. You think no one wants to turn their servers into a botnet?
You don't expect google to get into serious trouble due to some virus that comes along with some mail attachment... If someone wants to pull the plug on google they will obviously try to target it directly, that was done to quite a few servers and can be done time and time again, regardless if a particular server is on linux, freebsd or windows2003.
Viruses on the other hand spread and do damage randomly. Therefor only desktop users can be taken into consideration, and the vast majority of them are still using windows, exclusively.

What most people don't realize is that there is a built in firewall in Ubuntu protecting you all the time.
We do realize that, but a firewall does not protect you from any infested application.

If you stick to the official repositories to install your apps then you won't get any infested application.

Therefor only desktop users can be taken into consideration, and the vast majority of them are still using windows, exclusively.
Fair enough. That doesn't mean there's a virus risk for Linux-users, though. The reason viruses are a desktop problem is that (as you say), the vast majority of desktop users are running a deeply-flawed OS with full administrative privileges.

Yes, of course a Linux virus is possible. It would probably involve exploiting an X11 component -- even though it doesn't run as root, X still has access to a great deal of the system's functionality, and could be a weak point. Again, though, given the modularity of Linux (i.e., the fact that the core processes do not rely on X), it is very likely that a patch would be developed very quickly.

The only safe computer is the one that's not plugged in. Still, I just don't envision a virus as being a major threat to Linux any time soon. There are other ways of exploiting it, and they would offer greater "rewards" with respect to the effort.

Read this thread (the one I merged yours with), and you'll get all the answers.

right.... now i just have to take some days off in order to do that :))

Hello,
PLEASE....Why is Linux and its' distributions invulnerable to virus and spyware/ other ware ? THANK YOU !

Viruses spywares are created to Windows... Those don't affect Linux kernel.

A few reasons:
1) Constant quick security fixes make Linux a difficult platform to create viruses for.
2) A small install base makes Linux a poor target. A Windows virus has the potential to infect a lot more people.
3) Linux has a higher proportion of technically savvy users who won't compromise their security by doing things like opening unexpected attachments; again, this means that it's harder to infect a lot of Linux boxes than a lot of Windows boxes.

Basically, if you're the sort of person who likes making computer viruses, it makes a lot more sense to make them for Windows.

It's not invulnerable to viruses and spyware. There are a few reasons it has A LOT less of it. For one, the smaller market share makes it less attractive to develop a piece of malware for GNU/Linux. Writing one for Windows would infect a lot more people.

The second and more important aspect are the security permissions. Until Vista, on Windows pretty much every user ran as an administrator all the time. So if there is a vulnerability on any application any exploitation of that vulnerability will have administrative access to your system. This allows malware to affect critical system files and really bury itself deep and hide.

On GNU/Linux and pretty much every OS besides Windows (pre-Vista) you very rarely see a system running with root privileges 100% of the time. On GNU/Linux you will typically be running as a limited user, with access to your home directory and maybe a couple of other non-critical areas. This means that even if a piece of malware makes its way to your system it will only be able to execute itself with your limited user access, which wouldn't allow it to access critical system files.

Mainly because of the transparency in Linux you don't get viruses and spyware like you do in Windows. And also because viruses are afraid of Chuck Norris.

When I used Windows, I remember wanting a screen-capture program at one point. So I searched Google...

If I want a screen capture program in Linux, I open Adept and search the Ubuntu repositories.

Anyone could upload a virus masquerading as a program and let people download it...
I've never tried, but I doubt it's that easy to get your own programs in the Ubuntu repos, at least, not without it being checked by people who are very good at programming.

Because WINE sucks :)

Mainly because of the transparency in Linux you don't get viruses and spyware like you do in Windows. And also because viruses are afraid of Chuck Norris.

:lolflag:

Mainly because of the transparency in Linux you don't get viruses and spyware like you do in Windows. And also because viruses are afraid of Chuck Norris.

That's right! :guitar:

Hello,
PLEASE....Why is Linux and its' distributions invulnerable to virus and spyware/ other ware ? THANK YOU !

the knuckleheads that write code for such crap don't bother with *nix yet because the user base is so small and it's easier to target your average moron on a windows box because they click EVERYTHING.

Some of the reasons:

- Open Source: Everybody can look at the code for the programs they want to install. If someone tries to insert some 'phone home' parts in their program, they are found rather fast.
---> This is not valid if you install proprietary (= Non-Open source) programs.

- Central repositories: Most applications are centrally provided and maintained. They get reviewed before being allowed in this library of software. Again, virii get caught before they can break. Or solved very fast.
---> This is not valid if you start to add obscure repositories to your sources.list. Those dubious repos might even start announcing altered version of trusted applications. (Like creating a 'sudo' that always accept password less activation.).

- Strict separation on user and admin roles. If you would get infected as a user, the virus can't hurt anything outside your /home/<username>.
---> Not valid if you as a user circumvent this and always log in as root. Or if you start to 'sudo' install the most obscure pieces of soft you get in your mail.

- Voluntary/hobby developers with access to the source codes almost give you a garantuee that ANY vulnerability found that could be exploited by <hacker|cracker|scriptkiddie|...> gets resolved within hours after being discovered.
---> Not valid if you don't take the time to stay up to date with security upgrades.

- You get automatically informed about updates/upgrades for all your installed software. Security updates can even be automated.
---> Not sure if this is valid for non-debian based distro without central application management.


But no matter what technology is put in place. If the user isn't aware, he'll get impacted. Linux tends (tended -- is this correct English btw?) to have more a knowledgeable userbase, who weren't going to install random crap ware on their system. This is starting to shift. So my expectation is that we will see a rise in what I call false-positives.

My definition for 'false-positives' in this matter:
Programs that rely on the stupidity and clicker happy user to execute them and which contain malicious code. They wont be as widespread as Windows virii, but they will start to arise and will allow Ms to start some more FUD on Linux not being so 'secure'

Read the thread I merged yours with. It has all the answers.

I think the general consensus is "better safe than sorry" when it comes to virus protection. With Linux becoming more mainstream the threat of viral infection has increased. I'm relatively new to the Linux world but have worked with windows for over 20 years and I can tell you that in a world of malicious men you'll find malicious code. It started out as fun and games and has evolved into a billion dollar industry for the AV software writers such as NOD32, Norton, and others.

My personal feeling on the issue is this, protect yourself and have the peace of mind knowing that your data is secure, or not and run the risk of losing it all with the click of a mouse button. I choose to run AV software on every computer on my network, windows, linux, or otherwise.

Thank you

Windows antivirus software doesn't scan for Linux viruses, just Windows viruses.

Don't the current Linux virus scanners also only scan for Windows viruses?

If there was a Linux virus scanner that only scanned for Linux viruses that posed real threats to Linux would there be any Linux virus signatures to scan for?

In Linux malware scanners, there are probably plenty, would it be appropriate to flag all closed source software like Skype and proprietary drivers as potential security/privacy risks as well as any known ones?

...would it be appropriate to flag all closed source software like Skype and proprietary drivers as potential security/privacy risks as well as any known ones?
That's what we have vrms (Virtual RMS) for...

Don't the current Linux virus scanners also only scan for Windows viruses?

If there was a Linux virus scanner that only scanned for Linux viruses that posed real threats to Linux would there be any Linux virus signatures to scan for?

There are a handful of viruses (30 or 40) for linux, though none are know to be "in the wild" and most of them are pretty old, and the security holes they took advantage of long since fixed. Linux virus scanners, as far I know, look for both linux and windows viruses. I did a lot of reading up on the subject after I'd switched over to linux, wondering if I would really and truly be safe without a virus scanner, and if so why. The common theme I found after reading through a list of viruses and worms that affect linux (or did in the past) is that malware/viruses/etc. always exploit some sort of security vulnerability, so the best protection is to fix those vulnerabilities quickly once they are found (and, for users, install security updates as soon as they are available). Anti-virus scanning seems more like an after-the-fact-hack, treating the symptoms rather than the cause (though I certainly wouldn't want to go without on a windows system, considering the 140,000 known viruses).

...exploit some sort of security vulnerability, so the best protection is to fix those vulnerabilities quickly once they are found....
This method seems suited to Open Source.
Not much point waiting for someone to exploit a vulnerability and downloading virus signatures that recognise known attacks on those vulnerabilities if you can download a patch to remove the vulnerability before it gets exploited instead.

Anti-virus scanning seems more like an after-the-fact-hack...

This method seems more suited to Closed Source where the source code is not properly scrutinized for vulnerabilities by those with access to it and they are not capable of providing timely patches for the security vulnerabilities when they are exploited.

If an Operating system is so security challenged that it requires anti-virus software should it really have network capability?

I hate spam and so much of it seems to be viral marketing.
Here's a silly suggestion of a way for Governments to raise money and reduce spam :)
Impose penalties for attaching insecure computers to the Internet like there are penalties for driving unroadworthy vehicles on public roads.
There could be a government agency that detects insecure computers on the Internet, infected computers sending out viral marketing spam for example, encrypts all the data on them and provides the decryption key on payment of the penalty.
The key could be very long and supplied printed captcha style so they would have to enter it by hand :)

i was wondering wouldn't linux being open source allow someone to look through the code and find a bug and hack it easier than with a closed source OS? That sounds good in theory, but if that were really the case, there wouldn't be so many Windows exploits... and there are.

Is it possible to create a bash script that simply deletes all your files? OK it wouldn't touch the system but it could still delete all the user's documents, right? (Though I guess the same thing could be done on Windows too with a batch file)

Is it possible to create a bash script that simply deletes all your files? OK it wouldn't touch the system but it could still delete all the user's documents, right? (I guess the same thing could be done on Windows too?)

Who would run that? Usually I only run trustworthy software or software from the repositories

right now it is but if another OS gets popular enough malware will be written for it

Who would run that? Usually I only run trustworthy software or software from the repositories
Of course you do, anyone who is reasonably tech-savvy does the same thing. If you do the same on Windows you won't get a virus either. The people I'm talking about are computer novices, the type who open exe's in email attachments.

Of course you do, anyone who is reasonably tech-savvy does the same thing. If you do the same on Windows you won't get a virus either. The people I'm talking about are computer novices, the type who open exe's in email attachments.
This is very true, but:

In order to run this hypothetical bash script that deletes all your files, you would first have to make it executable. I'm guessing that not a lot of computer novices are going to open an attachment from an e-mail, save it to their home folder, fire up the terminal, run "sudo chmod 744 bad_script" and then run it.

Much more likely is a bad package (.deb, .rpm), because many Linuxes are built so as to automatically associate those filetypes with a graphical installation application. This would still require a password to run, however, so might give the novice user some pause (particularly if he thought he was opening an e-card, and then it tried to install a program).

There's ultimately nothing you can do about social engineering threats, but the situation for novice users is inherently better in *nix than in Windows.

i dont get why noone likes ie. its like the same exact thing as firefox except with different back and forward buttons, and it actually is more customizable. if it ran on ubuntu id use it. but im fine with firefox b/c its like the exact same program almost.

as for protection, who needs that? stay off porn and bittorrent, and your good to go. anyway i always thought of antivirus as dumb. it tries to stop malware from slowing your pc, but uses 100% of your cpu...

as for protection, who needs that? stay off porn and bittorrent, and your good to go.

wait, if you stay off porn and bittorrent, then what's the point of having a computer in the first place? :lolflag:

Lets assume for a second that Ubuntu becomes the most used operating system, dwarfing both windows and OSX. We know that one of the large reasons windows has so many viruses is because it is the most used of the operating systems, and therefore the most targeted.

That said, if ubuntu were to become the most used system, would it become more virus riddled then windows? Certainly the number of windows viruses would fall, and linux would become the new target of choice, but how bad would it get?

:popcorn:

Nicely put.. :)

I always shudder when I see people give the "standard response" to newcomers asking "what virus scanner should I install?" - the standard answer being something along the lines "there aren't (m)any linux virii out in the wild".

"...but how bad would it get?"

I guess thats a very wide open question. Attacks can come from so many directions and its (I believe) too simplistic to verbalise "standard answer II" - well any linux virus will always be limited to damage in your home directories."

I think the real threat will come from the same vector that is the biggest threat to windows or any other platform - the "stupid user" vector.

It will NOT be any harder to trick a linux user or a windows user to click on a link or open a trojan or "Enter these lines in a terminal to get free gay harp seal pron delivered to your inbox daily!"

You just cannot stop a "stupid user" (tm) from giving away root access.... :)

Lets assume for a second that Ubuntu becomes the most used operating system, dwarfing both windows and OSX. We know that one of the large reasons windows has so many viruses is because it is the most used of the operating systems, and therefore the most targeted.

That said, if ubuntu were to become the most used system, would it become more virus riddled then windows? Certainly the number of windows viruses would fall, and linux would become the new target of choice, but how bad would it get?

:popcorn:

I wouldn't be surprised if Ubuntu did get SOME viruses, but I would be surprised if it got as many as Windows. Reason is because, right now, Ubuntu has a LOT less holes than XP and Vista, and it would be hard to execute code on Linux because it needs to be set as executable.

Ubuntu would be quite virus-free compared to Windows under any circumstances, because patches in the linux world are distributed _much faster_ than under Windows (typical example being the IE vs. FF days-in-danger statistic, which I believe favours FF by a significant amount).

Due to this, and the fact that the linux security model is inherently better (mainly the disabling of root access, but I think the assumptions about incoming emails are a lot less naive than windows once was) Ubuntu will not get many viruses. Some rootkits may be inevitable, but installing them won't be done automatically.

Instead, the weakest link will be the user rather than the operating system setup and phishing will become the dominant way of doing nasty things to computers. Don't confuse tricking a user into running "rm -rf /" with a virus.

There are also other avenues of possible attack:

Someone's hacked the repositories (aka, Gentoo from what I hear)
Getting someone to add a new repo containing games or something, where a 'dependency' turns out to be a virus posing as a library

Possibly something coming in over SVN or CVS, however most people that do this are unlikely to get a virus anyway

Generally, the number of virus I think would be much less, and unless the main repositories received infected packages, it would only affect a handful of people.

Nope, Linux security is multi layered and every installation is somewhat different. Think of netfilter, tcpwrappers, snort, syslog, unprivileged users used for daemons and so on. The chances of getting a really virile virus to spread on Linux is pretty remote.

The reality is that there are billions more Linux machines online than Windows machines. Bear in mind that about 50% of web servers run Linux. Most firewall devices and routers run Linux. All of Google runs Linux. Hundreds of millions of cell phones run Linux. Most Linux machines are networked embedded devices. The desktop market is just a tiny drop in the ocean.

The total installed base of MS Windows is about 600 million machines. Each year, 300 million Linux embedded network devices are sold. These devices last 3 to 5 years. You do the math.

The bottom line is that if viruses would be a problem on Linux, then it would have been evident years ago and Linux would never have grown to its current installed base of 2 to 3 billion devices.

Cheers,

Herman

I don't think he's asking for the reasons Linux is more secure, I think he just wants a hypothetical "worst case scenario"

I've merged this with the other, similar thread.

This is an impractical question. It's a bit like saying, "Sure, aysiu seems like a normal forum user, but what if he became dictator of a major world power? Then he might get corrupted."

Desktop Linux is not going to be a big target any time soon. By the time it is a big target, there are too many unpredictable factors involved in security for the hypotheses we make now to have any relevance. Imagine, for example, that it takes fifteen or twenty years for desktop Linux to get more than 30% of the market share.

Do you know what computing looked like fifteen or twenty years ago? The internet was not commonplace. The word Megabyte was not commonplace. Home users had never even heard of the words spyware or pop-ups. No one used Google.

Fifteen or twenty years from now, we may not even have desktop/laptop computing. We may have security threats we haven't even thought of now. Linux, Windows, and Mac may all be ancient history by then. Maybe some other company that doesn't even exist now will have somehow toppled them all.

The question makes no sense to ask, because it's beyond speculation or hypothesis. Way too many unknowns.

oops

The question makes no sense to ask, because it's beyond speculation or hypothesis. Way too many unknowns.

I agree

We know that one of the large reasons windows has so many viruses is because it is the most used of the operating systems, and therefore the most targeted.

Not so. A significant percentage of servers run linux, so why are there only a handful of linux viruses and many thousands of viruses affecting windows servers? Viruses take advantage of security flaws. The biggest reason windows has so many viruses is that it has so many security holes.

..Sapo was smoking of course).


Okay, let me get this straight....

You have a smoking frog???

It will happen soon, like a year at the most.

We need to look at what causes most Windows infections. Almost everyone claims it's because of holes in the Microsoft code, but this is not 100% of the reason. The reason Windows receives so many infections is because most people run in Administrator mode.

The people who receive the most infections (mal/spy/trojan/viri) are those who see a link "Your PC is slow, click here to fix" "Click here to install this screen saver", I love XXX stuff, I'm too cheap to buy anything so I'll just infringe how ever I can.

In a short while we very well could be seeing "Your Ubuntu data base is out of sync click here" "Click to install this Screen Saver for GNOME" so on and so on. The same uninformed persons who did this in Windows will also do this in Linux. They download a .deb file, double click, give password to install, then execute it as root, and bam, infected system wide.

Most infections are caused from the actual granted permission of executed code. Such as clicking on links in pop ups, downloading programs, and opening email attachments. There a few that do not require granted permission, but these are not the ones that infect most people. With 90% of the computing population also being 90% of the worlds most non-intellectual beings, it will happen.

Anyone who has ever worked as tech support, or helped family/friends/neighbors with "PC" problems, need not wonder how and why infections spread so quickly.

@disturbed1: First, I seriously doubt that GNU/Linux will be so popular on the desktop within a year that it will be a desirable target.

That aside, I'll share a personal anecdote. The one time I loaded up a virus onto my system (this was a long time ago, on Win 95, and I was much less savvy about these things), it was an installation script disguised as a music file. It arrived via e-mail, with the return address belonging to a friend of mine.

I got fooled because it executed itself transparently. If a program installation dialogue had popped up, instead of WMP which I was expecting, I would have immediately gotten very suspicious (I was already a little suspicious, since I didn't think my friend was a huge Metallica fan).

So, yes, Linux is vulnerable to social engineering attacks. At the same time, its basic design is more verbose and less vulnerable to completely transparent attacks. Any OS is secure if the user is on top of things. I'm fairly convinced, though, that Linux and Mac OS X are more secure than Windows for inexperienced/security-ignorant users.

I think it's inevitable that Linux one day will become compromised by unscrupulous application developers. Many of the problems I've found on MS systems have been due to users downloading and installing (among other things) daily desktop screen shots, sports update services, etc. All one has to do is download it and install it. There are a ton of Linux platform apps out there. Since I'm new to this though, I won't download & install anything that hasn't been recommend by users on this site. I'm just not familiar with bad or questionable Linux freeware sites (if they exist).

4 points to consider:

1. MS code is closed, all the more easy to hide malware. Not so in Linux

2. MS botched the root/user paradigm in Windows, it's practically impossible to run as a limited priviledges user. All those users running as root brings joy to virus writers, so easy to take full control. Not so in Linux.

3. Windows doesn't do a good job separating core and apps. Virus writers must love this, so easy to write and install an app to change the core codebase and bring the whole system down. Not so in Linux.

4. MS does an apalling job addressing security issues, seemingly preferring to cover them up or deny them as long as possible to avoid "bad press", then taking ages to resolve them. (See here (http://en.wikipedia.org/wiki/Comparison_of_operating_systems_%28security%29)). Not so in Linux.

So even though Linux now enjoys security through (relative) obscurity, the very design of Linux makes it much harder to bundle spyware or write viruses for it. Also Linux has a lot of good faith built up amongst the code writing literate, particulary the young and angry/mischevious/bored ones. Not so for MS!

Though only time will answer your question for certain.

I couldn't agree more. I'm a linux newbie, but open source will always be more secure than closed source, simply because the more eyes that look at the code, the harder it is to hide anything in it. I can only assume that there are so many Windows servers out there because the decision makers at most companies are computer illiterate. Several years ago a study was done showing that something like 90% of all grammar school students knew what a modem is and less than 20% of CEO's do. I'll try to find the study.

An eventual Linux virus beyond the proof of concept experiments are inevitable. Sooner or later, it will happen, and the creators of such malware will be much more skilled than the current script kiddies spinning off new variants of old Windows viruses. I base this assertion on the fact that even with the best possible security, mathematical probabilities dictate that there will be an eventual breach. As for the skill levels required to create and deploy an effective Linux virus, this hypothetical virus author has to somehow overcome considerably more obstacles than are present in Windows. For example, how will this author get around no-root operation and repository MD5 authorization without direct user cooperation? As common infestations in Windows drive-by malware propagation has proven, Windows is simply a much softer target.

The argument that virus creators don't target Linux because of the low numbers simply doesn't make sense. While Linux lacks the ubiquity of Windows, the sheer street credentials that could be earned by the first author to deploy a Linux virus in the wild makes Linux an huge target. In the psychology of the virus author, this street cred is pure gold. So you wrote a virus that infects Windows...big deal...that's just the ante you put on the table to play in this game. Write one that works on Linux and spreads in the wild...you're immediately a god in this crowd. Linux has resisted this effort simply based on the fact that it is very, very hard to do.

Now, Microsoft took a few lessons from the Linux world to apply some security to Vista, which will slow things down a bit, temporarily. The problem is that Microsoft's new security paradigm causes enormous frustration and inconvenience to ordinary users. As a response, most Vista users will disable the security features of their beloved OS, thereby opening the door for new infestations of malware. Microsoft can and will claim that they provided a more secure OS, but it was the user's fault they ended up on the losing side of the battle against malware. We have seen this previously with worms that could have been prevented had users patched their Windows systems but chose to not do so, mostly because of a lack of trust in Microsoft. Since this hasn't changed much, I expect new rounds of devastating malware infestations in the next year targeted at Vista and Office 2007.

Macintosh fans don't get off so easily either. While Apple loves to claim their immunity from viruses, this really is from the lack of ubiquity argument. I expect that Mac will have their share of infestations as well since although they have a BSD UNIX base, the closed nature of the Macintosh system affords many wonderful places to hide viruses/spyware specifically targeted to the platform. Remember that malware has a low survival rate when placed in the transparency of open code, where there are no closed source shadowy places to hide. Macintosh is even more proprietary and more closed than Windows, plus the trust level is very high among Mac users for anyone willing to port applications to their preferred OS. These two factors alone increase Mac's vulnerability, provided they gain enough market share to attract attention.

I apologize if my post was a bit long, but this is a debate that has gone on a long time, and too often with faulty assumptions.

I hear everyone saying Ubuntu is totally virus-proof. Many people dont use a firewall, nor an anti-virus.

I just wondered, feel free to explain technically, why is Ubuntu so safe? For example, I opened a page on Firefox earlier, full of no-cd cracks and keygens. On windows, I got TONS of security alerts - I know from experience that the site is full of viruses/spyware anyway. On ubuntu, nothing has changed. Nothing has gone wrong.

To sum up, my question is, why is Ubuntu almost 'immune' to threats? Is it in the coding? Is it some built-in sophisticated system that ***dows can't reproduce?

Cheers in advance for a reply :)

Please read this (http://www.psychocats.net/ubuntu/security).

because there are not many viruses for linux in general because it isn't as big as ms windows. and also because you aren't logged as root by default as in winxp.
and potential bugs are fixed in matter of hours,days and auto-updated throught the wonder of the repositories.
and i think ubuntu has a firewall on by default but it doesn't have a GUI installed for it.

I think the main reason is that since windows has such a huge market share made it a very large target for virus-writers. This combined with the fact that security is windows is poo pretty much wrote it's fate..

It's not immume, there are just fewer viruses out there. There are exploits, trojans etc for Unix systems as well, but most malware is for Windows these days. That can change in the future however, the Mac people just had their rude awakening.

To be safe(r) with FF, install the NoScript plugin.

sadly the unwashed majority use windoze.

therefore for spammers/crackers, to get the most hits on whatever site they're re-directing you to, or whatever they're trying to install, target windows users. as windows automatically makes the main user an administrator, all programs, etc run without any pop-up's asking for admin passwords etc. ie: insecure.

windows vista and linux run as a normal user and ask for superuser priviledges when appropriate.

but the majority of virii are coded for windoze users also, hence the no virus thing in linux. it is very rare for a linux user to un-wittingly install something without knowing about it! cos it's quite hard not to notice really.

linux. works.

Ah, i see, the first link was very helpful, and a comical reference at the end...

Will look in to this firefox plugin - cheers for the replies :)

fyi: linux has a firewall on by default in the form of the iptables config file. When I switched to linux I ran into a few problems because its default behavior is white list which means you have to tell it explicitly what traffic you want to allow and I didn't know that. Checkout the gui frontend to iptables called firestarter, it functions pretty much like a software firewall such as zone alarm does on windows.

Consider that most firewalls run Linux, so putting a Linux machine behind a firewall is redundant.

Linux has security in depth: netfilter, tcpwrappers, syslog, user privilege separation, daemons run as unprivileged users.

In comparison, Windows has vulnerabilities in depth: no netfilter, no tcpwrappers, mostly useless syslog, daemons run with full privileges.

Cheers,

Herman

I hear everyone saying Ubuntu is totally virus-proof. Many people dont use a firewall, nor an anti-virus.

I just wondered, feel free to explain technically, why is Ubuntu so safe? For example, I opened a page on Firefox earlier, full of no-cd cracks and keygens. On windows, I got TONS of security alerts - I know from experience that the site is full of viruses/spyware anyway. On ubuntu, nothing has changed. Nothing has gone wrong.

To sum up, my question is, why is Ubuntu almost 'immune' to threats? Is it in the coding? Is it some built-in sophisticated system that ***dows can't reproduce?

Cheers in advance for a reply :)

Security in no more or less important in *nix. It is different.

See this : Ubuntu Security (http://ubuntuforums.org/showthread.php?t=510812)

fyi: linux has a firewall on by default in the form of the iptables config file. When I switched to linux I ran into a few problems because its default behavior is white list which means you have to tell it explicitly what traffic you want to allow and I didn't know that. Checkout the gui frontend to iptables called firestarter, it functions pretty much like a software firewall such as zone alarm does on windows.

I am not sure what problems you had or why, but FYI, your statement is inaccurate about the default configuration of the firewall.

By default iptables is installed, but permissive, meaning it allows all traffic. This is "OK" because a default Ubuntu installation has no servers listening on the posts.

People have given you some good answers and links.

If you feel you need even more explanation, read 1000 or so other posts in the thread I merged yours with.

I am not sure what problems you had or why, but FYI, your statement is inaccurate about the default configuration of the firewall.

By default iptables is installed, but permissive, meaning it allows all traffic. This is "OK" because a default Ubuntu installation has no servers listening on the posts.

This has not been my experience. For example when I recently added my laptop to my network I had to tell my other 2 kubuntu machines to allow traffic from this new ip so nx,samba,mythtv,mysql, printing etc would work. As I said above my only problem is I did not understand this behavior. There was no actual problem other than my ignorance.

Running Linux all on its own doesn't prevent the possibility of a virus attack ... It appears to me that Linux users are generally better informed about operating a computer with a healthy regard for basic safety meassures.

As has probably been stated so many times above. The OS is only partially responsible for viruses/spyware/malware. It's easy to install a program and give it user privileges because it asks for it.

Computers are only as safe as the user clicking the buttons.

Running Linux all on its own doesn't prevent the possibility of a virus attack ... It appears to me that Linux users are generally better informed about operating a computer with a healthy regard for basic safety meassures.
For the time being, it certainly does prevent that possibility, since there are no actual viruses in the wild that can attack Linux.

Anyway, the underlying design of the Linux operating system makes it pretty unlikely that viruses in the strict sense will ever be a problem. The big (potential) problems in my mind are social engineering, web scripting vulnerabilities, and rootkits. Building a virus/worm that exploited a Linux vulnerability would be a huge amount of work, and the vulnerability would be patched so quickly the payoff would be tiny.

The amount of complacency in this thread sounds pretty dangerous.

A virus, trojan, worm, or any type of spyware doesn't need administrator privileges to do harm. If you store or do anything important with user-level privileges, then malicious software with the same privilege level can do what you can do: erase your ~/ directory, intercept your form inputs, etc.

Linux is more secure than Windows (desktops) by virtue of its access control mechanisms and the tendency for Linux users to use open-source software (which are largely malware-proof due to the fact that anyone can examine the source and pinpoint suspicious code), but that doesn't guarantee security when users are complacent about possible threats.

Servers are a different matter, although I'm inclined to believe Linux servers to be more secure than Windows servers, there is no objective and scientific proof for that.

I'm just curious. How much of linux's security is due to it not being mainstream? If linux overtakes windows, would the virus situation become the same? Is linux simply immune to viruses because no one bothers to write linux viruses, or is it due to built in security? Or is it a combo of both?

I'm just curious. How much of linux's security is due to it not being mainstream? If linux overtakes windows, would the virus situation become the same? Is linux simply immune to viruses because no one bothers to write linux viruses, or is it due to built in security? Or is it a combo of both?
Read the thread I merged yours with.

A good example of the security of linux would be what just happened to my brother. his XP box got infected with a virus thats sends a message to all of his msn contacts with a link, open the link and it brings you too a download page and tries to download a file. apparently I was one of the few ppl on his list not affected.

I'm just curious. How much of linux's security is due to it not being mainstream? If linux overtakes windows, would the virus situation become the same? Is linux simply immune to viruses because no one bothers to write linux viruses, or is it due to built in security? Or is it a combo of both?

None of it. Security on Linux is actively maintained and security fixes are both more timely and more frequent then on Windows.

The fact of the matter is this is a common fallacy. Linux is based on Unix and is designed from the ground up to be multiuser and secure.

Security through obscurity is really no security at all, and this is NOT how security is addressed on either Unix or Linux.

See this thread for info and additional links: Ubuntu Security (http://ubuntuforums.org/showthread.php?t=510812)

I'm just curious. How much of linux's security is due to it not being mainstream? If linux overtakes windows, would the virus situation become the same? Is linux simply immune to viruses because no one bothers to write linux viruses, or is it due to built in security? Or is it a combo of both?

None of it. Security on Linux is actively maintained and security fixes are both more timely and more frequent then on Windows. [ ...]

I disagree. There are indeed elements in the design that make Linux more secure then, say, Windows, but " as Linux becomes (more) mainstream", by definition more people will be using it, and not all of those users will be computer literate enough to avoid threats such as installing malware infected apps from suspicious repo's or click on links to malicious scripts on websites.

Furthermore, if you don't limit 'security' to 'virus threats' : it's already common for unskilled linux users to run Linux and install all sorts of "neat" software (ssh servers, web servers, vnc servers and remote desktops, ftp servers, ... ) without regard to the most basic security such as a strong password. Consequently, their computers get compromized all over the place.
(Search these forums for "hacked" or "compromised" - you're sure to find some examples. here's a start : http://www.google.com/search?q=site:ubuntuforums.org+hacked+OR+compromis ed )

Well you are changing horses in mid stream and changing the question.

The OP question was :

How much of linux's security is due to it not being mainstream?

Second, you are shifting from operating system to "userland"

My point is that security on Linux is actively maintained and not reliant on obscurity. Do you disagree with this ?

You raise a good point though, a system is only as secure as it's users, but that is not an inherent part of the operating system is it ?

A default installation of Ubuntu is quite secure out of the box and timely security updates are readily available. From there it is up to a user to maintain security, ie perform updates, secure servers, etc. This is true in operating systems and beyond. I can build you a secure vault, but if you go cutting holes in the walls and leaving the door unlocked whose fault is that?

I know of no security course, book, or advocate that does not emphasize the need for user education, so while your point is quite valid, it is a part of user responsibility and not necessarily an inherent part of the operating system per se.

I don't think I'm changing horses or shifting anything.
The qyestion was, as you say, "How much of linux's security is due to it not being mainstream?"
'main stream' is not part of the operating system design, is not an inherent part of the OS, and has a lot to do with userland. Bringing users into the equation is, it seems to me, more than justified.

And reducing security to virus threads would be a mistake. The thread title mentions security; to me that's more than viruses. Maybe the OP meant to discuss only viruses, maybe not, I don't know.

Educating users may start at emphasing that there is more to security than viruses. What I see now (and you don't have to look any firther than these forums) is that people believe Linux is immune to viruses, hear something about 'secure by design' --> they believe nothing bad can happen --> they have their linux system compromised and zombified.

The package lists carry an MD5 checksum for each package which is checked.
The package lists themselves have to be signed with a GPG key that was distributed on your installation medium (CD). If the signatures do not match, you get an error.

So, even if an attacker gains access to the repository store, he would not yet be able to inject malicious packages.

Apologies for bringing this thread back again but after the issue at Fedora:
http://lwn.net/Articles/295134/

I think that it is clear that this is the worst thing that could happen to a distributon.
So as an ubuntu user I hope that our repo's are safe?

Apologies for bringing this thread back again but after the issue at Fedora:
http://lwn.net/Articles/295134/

I think that it is clear that this is the worst thing that could happen to a distributon.
So as an ubuntu user I hope that our repo's are safe?
No, this (http://www.linuxmint.com/blog/?p=235) is the worst thing that could happen to a distro.

Linux is based on Unix and is designed from the ground up to be multiuser and secure.


Ok normally I would not make a big deal out of this common mis conception,but you are a mod and should know this by now.
Linux is NOT based on unix.
It is based on MINIX and is just Unix Like.

I do not like bashing anyone,but when I do,I always have good reasons,So please Do not say Linux is BASED on Unix when it is not.

Now On another note Linux can get viruses it is just not very common and very very unlikely.

Ok normally I would not make a big deal out of this common mis conception,but are a mod and should know this by now.
Linux is NOT based on unix.
It is based on MINIX and is just Unix Like.


so how come it isnt called Linix :mrgreen:

so how come it isnt called Linix :mrgreen:

Linus Toke his name and Minix's name and combined them I believe :).

Making the name Linux.There is more to that story though I forget the rest lol.

4. MS does an apalling job addressing security issues, seemingly preferring to cover them up or deny them as long as possible to avoid "bad press", then taking ages to resolve them. (See here (http://en.wikipedia.org/wiki/Comparison_of_operating_systems_%28security%29)). Not so in Linux.



Do the numbers that are reflected for Linux users seem inaccurate to anyone? I mean where do they obtain these figures? Is every download of Debian, Ubuntu, etc. counted and reported? I just feel there are more Linux users (personal desktops) out there than they are aware of.

M.

Yes. Linux is just built better and it's more stable, if it had 90% marketshare I bet it wouldn't have nearly as much of a virus problem as Windows.

Yes. Linux is just built better and it's more stable, if it had 90% marketshare I bet it wouldn't have nearly as much of a virus problem as Windows.

Yes it would, but only because in that situation nobody would be interested to write nasty stuff for windows ;-)

Linux is safe enough if you are very careful and cautious.

Ok normally I would not make a big deal out of this common mis conception,but you are a mod and should know this by now.
Linux is NOT based on unix.
It is based on MINIX and is just Unix Like.

I do not like bashing anyone,but when I do,I always have good reasons,So please Do not say Linux is BASED on Unix when it is not.

Now On another note Linux can get viruses it is just not very common and very very unlikely.

No Linux is not based on Minix. Its a complete clean rewrite even Tannenbaum admits this.

Minix is a Microkernel and Linux is a monolithic kernel. It is true that some very early versions of Linux used Minix to boot.

Yes it would, but only because in that situation nobody would be interested to write nasty stuff for windows ;-)

Is that true?

If Ubuntu suddenly had 95% of the installations on desktops would we be seeing mass exploits and malware issues?

Is that true?

If Ubuntu suddenly had 95% of the installations on desktops would we be seeing mass exploits and malware issues?
Malware depends on user incompetence, not system design. Intelligent computer use will keep you safe on any OS.

I selected #3. I don't think that anything is 100%, but mostly the fact is that Windows=Easy Acess. I cannot speak for Mac so I don't know also. The poll is to black and white, but in a thread that has lasted 3 years, it's not going to change.

Is that true?

If Ubuntu suddenly had 95% of the installations on desktops would we be seeing mass exploits and malware issues?

http://www.theregister.co.uk/security/security_report_windows_vs_linux/

We'd see malware issues, for sure.

Well-constructed software used by uneducated people will always be susceptible to social engineering-based malware infections.

True, but there is a difference between trying to defend yourself from Helm's Deep compared to a log cabin in the plains.

Its still possible to get viruses in Linux, but highly unlikely.

A list of Linux viruses can be found here
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses

Well that only gets them to try harder, but the question is about some who is trying to still your password (perhaps a cracker) to get into your files or database, is it harder than in windows, or is it impossible to get the password in a Linux machine? Cuz I don't know what securities and locks have the password storage-file, it has to be somewere, how hard could it be to break it?

There's the UserID priviledges / permissions too .. and perhaps even more other that i'm not aware of, being rather new into the linux world :)

I must say this has been one of my favourite threads. I came over to Ubuntu from Vista around a year ago (still run vista on another partition only for Vue8 3d software to which I know of NO linux equivalent that is as good) and was of the usual windows mindset about the need for antivirus/anti-spyware apps, and after a quick search this had been the first thread I came across, it took me a little convincing and a while feeling a little vulnerable and insecure but soon saw for myself that I had nothing to worry about.
On windows I rarely if ever got infected (couple of spywares and crap like tracking cookies mainly) but that was down to both being protected to the hilt with expensive security software and a reasonable knowledge of malware and how you can get infected. The other main problem with windows is the amount of system resources being used to run all that active defence, the time needed to run scans/update signatures, the cost of the software annual licences, which was my main reason for seeking out an alternative. With ubuntu its far more streamlined in that respect leaving me with a much more responsive and worry free user experience as well as being cost free, and so far these points have made 3 of my friends try out Ubuntu.
Anyway, I love Ubuntu dearly now and just wanted to say thanks to you all for it.