How vulnerable is Ubuntu to viruses and should I do something to protect my data and machine?

Ubuntu is really not vulnerable to virusses, I never had a virus. And overall most people don't have virusses with ubuntu.

You're safe:)

I know when your coming from Windows it sound ludicrous but on Linux it's a non-issue.

More than likely the curious user will bork their system a few times while learning how to use Linux though :)

Why is it that Ubuntu (Linux) is safe from viruses?

There are different reasons:

Windows is most used so people make virusses mostly for windows

Linux is open source so many people are working at it and make updates against those virusses.

There are different reasons:

Windows is most used so people make virusses mostly for windows

Linux is open source so many people are working at it and make updates against those virusses.

While this is true. The bigger reason is the far superior security-system Linux has. Linux was made with networking and multiple users in mind, windows was made for single users on a not networked system.

Most viruses are written specifically for Windows. There are no known linux viruses out in the wild (any linux viruses are only theoretical) and there is a bounty for anyone who finds one. In saying that if you are emulating Windows with such things as DosBox or Wine, for example it may be possible but is unlikely. In this case and if you are sending email to people who do have windows and use shared windows drives you could use ClamAv/Clamtk (http://www.ubuntugeek.com/howto-install-clam-antivirus-with-gtk-frontend-gui.html). ClamAv will only look for Windows/Dos viruses.

Why is it that Ubuntu (Linux) is safe from viruses?
Mainly because of the administrator/user model. You use Ubuntu as a normal user without any privileges as opposed to windows, where you are an administrator by default. Only with administrator rights, you can mess up your system. The normal user in Ubuntu can acquire administrator (root) priviliges by placing sudo in front of a command or gksudo if it's a graphical application. In the worst case scenario you can only mess up your user settings, that is if you use sudo correctly. Be extra careful with commands that require sudo as they affect system wide settings.

For the most part it's that Linux is designed from the ground up as a multi-user system, Windows was originally designed as a single user system (and is pulling away from that but as they do it breaks older programs that relied on having access to all parts of the system)

Linux limits what the user can do, keeps as much in userspace as possible. In order for most viruses to effectively infect and spread to other computers on a Linux system they will need to get root access somehow. Otherwise the infection is limited to one user account and can't spread.

On Windows the first user runs as an admin (same as a root user on linux) and has system wide access, so The virus doesn't have to do any work to get system wide access.

Also Linux tends to get patched faster than Windows, when holes are found that a virus or maleware could attack, it's fixed and eliminated as soon as possible.

I see Windows machines infected all the time, I run no additional protection than default settings and have never had an infection occur on my Linux machines.

Why is it that Ubuntu (Linux) is safe from viruses?

Because the majority of viruses are written to run under Windows; Linux does not natively run Win* code. Also, viruses assume admin privileges under Win*; this cannot easily occur in Linux except on poorly configured systems or systems where a root account is open and running. This is just a short simplistic explanation, Google is your friend and will give you much more info.

The only way a virus can work in Linux is if you install it yourself. The only way a program can be installed is if it has root access. The root pasword is disabled in Ubuntu, so unless you specifically enter your password A virus or any other program can't be installed.

Jim

http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
;)

Why is it that Ubuntu (Linux) is safe from viruses?

Most virus writers target larger scale operating systems (Windows, Mac OS).

And Linux uses sudo so it always asks you for your password to do something that will efect the system or system files. Unlike windows were your always the Administrator

The only way a virus can work in Linux is if you install it yourself. The only way a program can be installed is if it has root access. The root pasword is disabled in Ubuntu, so unless you specifically enter your password A virus or any other program can't be installed.

Jim
Briefly summarized: http://www.gnu.org/fun/jokes/evilmalware.html

There are antivirus programs for Linux, but I think their purpose is to help against spreading to more Windows machines rather than to protect yourself.

There are different reasons:

Windows is most used so people make virusses mostly for windows

I so strongly disagree with this.

In the server world not so Apache is by far the most used program to host websites, yet Apache/Linux stays running when Windows Server/IIS gets taken out by the latest worm. Even when Linux systems do get hit a hit the damage is generally limited and correctable.

It is very unlikely that there will ever be a major Linux virus due to the large variety of basic linux system components that can be used. It would also be hard to force a virus onto a Linux system, as anything outside of /home/whatever requires root access to change.

I so strongly disagree with this.

In the server world not so Apache is by far the most used program to host websites, yet Apache/Linux stays running when Windows Server/IIS gets taken out by the latest worm. Even when Linux systems do get hit a hit the damage is generally limited and correctable.

That's treu, but on homecomputers windows is mostly used and there are also virusses made to get your bank passes etc.

So in Windoze a good defence would be to not run as an admin.

Is that the original admin, or any admin (ones you create)?

I'm saying Linux being obscure on the Desktop isn't the reason viruses aren't an issue. It actually does have a better security model than Windows.

If security through obscurity were the reason Linux doesn't have a virus problem I would go back to Windows.

http://bigbolshevik.blog.friendster.com/

A lot to read. ENJOY!!

and windows virusses nest themself in the startup, so that they start together with your OS, This isn't possible in WINE (emulator) or anything similar, cuz this doesn't has a startupsequese, SO WE CAN STATE THAT LINUX OWNES WINDOWS BIG TIME, NOT ONLY IS LINUX ALMOST IMMUME TO VIRUSSES, THEY JUST IMPROVE WINDOWS :p

hi there,

my main concern is not linux itself due to all reasons you mentioned but...

how about programs we use on linux. I mean i.e. firefox ? bugs, malwares, cookies spy. to have them installed ones does not need root privileges.

what about it ?

hi there,

my main concern is not linux itself due to all reasons you mentioned but...

how about programs we use on linux. I mean i.e. firefox ? bugs, malwares, cookies spy. to have them installed ones does not need root privileges.

what about it ?

Yes some flash based/java based things can be a concern.

I use flashblock/noscript addons under firefox, noscript only allows javacript/java to run on whitelisted sites. Flashblock block flash and put's a place holder where the flash object should go, when you click on the place holder it'll load the flash object like normal.

hi there,

my main concern is not linux itself due to all reasons you mentioned but...

how about programs we use on linux. I mean i.e. firefox ? bugs, malwares, cookies spy. to have them installed ones does not need root privileges.

what about it ?

well spyware/addware isnt that much of an issue on linux either, as again most of that stuff targets windows.
And if by chance a browser is taken over by addware by mistake it would no no harm to the full system and would be easy to fix compared to the issues you may face on windows,

again and again, I would not much care if somebody got into (hacked) my computer and remove, watch, allter my files as I have nothing there that is worth something :) although I would be annoyed.

but... with firefox (opera, whatever) is a different story. school accounts, work account, banks and so on- they all have prior importance to me

again and again, I would not much care if somebody got into (hacked) my computer and remove, watch, allter my files as I have nothing there that is worth something :) although I would be annoyed.

but... with firefox (opera, whatever) is a different story. school accounts, work account, banks and so on- there all have prior importance

well in terms of web browsing no browser is 100% safe, heck even opera has its drawbacks.
But careful browsing habits and constant clean outs of your personal data like cookies and cache's will help.
Browsing is something that no OS can fully cover though on linux if there is a attack of some kind on your favorite browser it is just going to affect the folder of that said browser and at best slow the system down a bit.
But if you have some knowhow you can make that browser work like new again

I agree completely.

my point is that there should be a major shift in how we perceive security.

I agree completely.

my point is that there should be a major shift in how we perceive security.

Well there are methods to spruce up browser security.
Opera and firefox both have ways to make it more secure, you can get addons for firefox to make that secure and opera comes with some tools for safer browsing by default.
Adding a main password for your browser is a good idea, both opera and firefox have the capacity to add a master password by default.
Firefox can be modified heavily to make it more secure, like flashblock, noscript and a countless other add ons.
I can understand your paranoia, but fortunately the browsers that linux can use have decent security practices, Firefox, opera, konqueror, epiphany, lyx, kazenkaze and most others run circles around IE in terms of security and safety.

yes my friend :)

still, I could be wrong but if you browse posts concerning the security issues you should notice that most of them are about OS security and the numbers of viruses (and so on) that exist on linux (few) and windows (a few :) ). and this ,in my humble opinion, is of little importance (only! with comparison to the situations in which your passwords are stolen (intercepted).

and in this point of view, again I could be wrong, linux's firefox and windows' firefox have the same vulnerability.

it's not about whether web browsers are safe (because they are) or not (because ultimately they aren't) but what should be more important ? os safety or (in general) web browser. especially, once that we've already established that linux is a safe system :)

cheers,

Well ubuntu doesnt maintain its browsers, firefox is maintained by mozilla developers, Opera is maintained by opera developers and sofourth.
If something goes wrong there isnt much the Ubuntu developers can take in for responsibility.
I dont think ubuntu should force itself on independent developers, thats microsofts job ;)
But its all about doing the best job you can with what you have, no OS or browser is bulletproof.
Really if you are overly sensitive about net security and such simply dont connect to the net.

The following article is worth reading about the security of MS Windows and Linux.

Security Report: Linux vs Windows by Nicholas Petreley
http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/

Have Fun!

greenkernel

the other benefit from being immune to viruses:

you pc runs faster cuz you don't need no damn anti-virus

So in Windoze a good defence would be to not run as an admin.

Is that the original admin, or any admin (ones you create)?

The safest thing to do is run as a "normal" user - ie, do not run with any admin privileges.

But I think that can be hard to pull off in Windows, as many apps require admin permissions to work properly.

The safest thing to do is run as a "normal" user - ie, do not run with any admin privileges.

But I think that can be hard to pull off in Windows, as many apps require admin permissions to work properly.

Like anti-virus updates.

the other benefit from being immune to viruses

Immune? No, there are proof of concept viruses for Linux.

I've been in this discussion many times over several threads. Firefox has shown vunerabilities in Ubuntu - just search for why the update to 3.0.3 was made. Buffer overruns, etc., are possible. The question becomes just what kind of exploit can be done.

It is true that Linux is more secure - it's based off of Unix, which is a very robust very secure multi-user operating system, as is Linux. So what can be done? There are a FEW things running around out there, that contrary to what some believe as only being proof-of-concept ideas in a lab, are in the wild. Can they effect you? Probably not. As already mentioned in this and other threads, the separation of the administrative user from the normal user, and the security inherent in a user space versus system space environment makes things pretty secure.

Anti-virus? I believe most, if not all, of these scan for threats directed at Windows. However, there are root kit tools available for Linux and they should be used.

Much of any of this type of conversation is opinion with theory thrown in. However, as an ex-systems programmer and ex-systems admin in large scale, medium scale, mini and micro environments, including some Unix, I can state that no system is perfect. Are there holes in Linux somewhere? Probably. Are these going to be exploited at the current time? Probably not. While a lot of servers may be running Linux, it's no secret that the vast majority of PCs in the world run a Windows based operating system. Those who wish to expoit an OS and users will most often target the OS with the largest installed base so that their threats, through sheer numbers, are most likely to be successful.


Dave :)

Immune? No, there are proof of concept viruses for Linux.

Of course, but they're very rare. You might pick up one on a bad linux site. :popcorn:

I think the bottom line is that security is different on Linux then Windows.

Linux servers can be cracked (see the recent issues with Fedora for example) as can apache (although with apache it is usually via modules or sloppy server side code).

If you would like to learn Ubuntu Security, check out these links :

Ubuntu Security - Ubuntu Forums (http://ubuntuforums.org/showthread.php?t=510812)

[all variants] Intrusion Detection - Ubuntu Forums (http://ubuntuforums.org/showthread.php?t=919472)

The first link in particular has a number of additional links so you can learn how Linux security works (and is different from windows).

Those who wish to expoit an OS and users will most often target the OS with the largest installed base so that their threats, through sheer numbers, are most likely to be successful.

Nope, those who wish to exploit an OS will those a user that promises the best "returns on interest". So you take into account:
- how large is the install base out there
- how simple i it to exploit that system
- .........

While there is a large userbase on windows you have all the code open to you on linux. So simpleness of exploitation lies definitively in favour of linux (theoretically) and outweights the number of install base.

The number of install base can't just compete with the open system layout of linux yet still it is not linux that is being target that much.

Dude if you want to know to keep your system safe from any system security threats then sign up to this site http://www.systemsecurityinstitute.org. When you sign for their weekly free newsletter you'll get a very useful information on latest threats or virus, worm, trojan and spywares for free.

All of my friends claim that Ubuntu is invulnerable to viruses, along with the Mac OS. That statement couldnt be more false. The fact is that people A) dont fully understand them yet and B) dont care to attack people using them. People using linux are quite often computer savvy and would likely be able to handle a virus situation rather effectively. I actually know a guy who's made a few viruses in his day and has only succeeded in making one virus for linux which was patched up soon after. He hasn't tried since because he doesn't see the point. Windows users are just more vulnerable, everyday people. Easy targets

I'm interested to find out what addons everyone is using for Firefox? I currently have noscript and have just installed flashblock, can anyone recommend anything else?

I also clear my data everytime firefox is closed :)

I'm interested to find out what addons everyone is using for Firefox? I currently have noscript and have just installed flashblock, can anyone recommend anything else?

I also clear my data everytime firefox is closed :)

See this thread : How to Secure Firefox - Ubuntu Forums (http://ubuntuforums.org/showthread.php?t=671604)

great thread thanks, i'll have a proper read :)

He hasn't tried since because he doesn't see the point.

Indeed. And people only rob convenience stores rather than Fort Knox because they don't see the point of stealing all that gold... they'd probably hurt their backs lifting it and stuff.

Back in reality, the reason why people write viruses for Windows rather than Linux is because viruses for Windows are inherently vastly simpler to write; Linux has security built in from the ground up, whereas Windows has security bolted on the side.

How funny! I ran into a virus that actually seems to 'work' on Wine :P

Anyone who is interested can find it here: <snip>

After opening it in Wine it nests itself in the ./wine/drive_c/windows/temp folder (in my case it was called spoolsv.exe) and starts up a mIRC applet connecting to a bot net. The applet appears visible in the tray but upon exiting it will restart and reconnect automatically. It is ofcourse possible to kill the process from the System monitor and then deleting it from the temp folder will remove it permanently (I hope? Tell me if i am wrong!)...

I suppose that it would not auto-start upon reboot or anything but for the time it is left active it does connect to several other bots on a botnet and there is communication going on. I just hope I did not take part in any bot attack in the few minutes while it was left running on my system :(

Well, just wanted to share this with you all :lolflag:

EDIT: by the way, the outdated ClamAV in the Ubuntu repo does not reconize it as a virus... 0.95 however should be able to catch it.

If you read the stickies at the top of these forums, particularly "Ubuntu Security", there is an updated section regarding wine and what, IMO, you need to be aware of.

There are different reasons:

Windows is most used so people make virusses mostly for windows

Linux is open source so many people are working at it and make updates against those virusses.

:KSUbuntu(Linux) is safe as long as it catch up 80% of market in Operating system users world wide,After that also it is substantially better than Micro soft Operating systems but the VIRUS and Malwares Numbers for Linux versions may Increase Considerably,But the threat to Linux is less because of Root authentication and other secure feathers in Linux

I've got a query related to this issue.

At my university I am able to "install" programs into my user space if I so desire (or so it seems)

Is this because the admins have allready included the required program somewhere on the system and hence it just "works" or is it something else?

In particular I am thinking of the "BeanShell" environment, I was able to download the thing and get it too run.... or is it that this is a special case as it uses the java run-time (or some such), also I think I was able to include GoogleEarth without root access?

In which case does that mean that a virus could be "easily" written in java, and simply watch the user space for a time when an "admin" password is used (ie if I use sudo when I'm logged on?).

this leads nicely to my next question.....

can I allow users to load/install thier own programs into their user space, without worrying about them installing some "malwhere" that may affect the rest of the system?

I am thinking of things like enabling flash, loading on VLC or other stuff, that mostly I don't use (but are there in the repositories), equally (as I mention the repos) can I allow users to load stuff only from the official ubuntu repos (as I consider these to be "virus free")

thanks, as allways, in advance.

David.

a couple of years, when i first started to run ubuntu , i got hit with a couple of rootkits. turned out to my fault. installed a couple of packages that made installing other packages really easy. the rookits were in the first package i installed.

forgot what they called, one was auto-something or other.

folks on here were warning against getting it and i ignored the warnings. will never do that again.

as for ff add ons, i have no script, flash block, adblock plus, and better privacy.

and i have gufw , am trying to learn and spend a lot of time on here reading about security.

not easy as i have chemo brain and med brain.