Cake for coffee's sake
Saying that the reason that linux is not picked on is because it's user base is small compared to windows isn't really the case...most SERVERS these days are on linux (including many at microsoft!..lol)
Don't you think virus creators would love to mess those up?
other factors are at play...you should read some articles about the built in security aspects that linux has and which microsoft does not...THAT is what makes most of the difference really...
Cake for coffee's sake
In fact, here is a very interested article i found that explains about that:
Virus Department
Should I get anti-virus software for my Linux box?
The problem with answering this question is that those asking it know only OSes where viruses, trojan-horse programs, worms, nasty Javascripts, ActiveX controls with destructive payloads, and ordinary misbehaved applications are a constant threat to their computing. Therefore, they refuse to believe Linux could be different, no matter what they hear.
And yet it is.
Here's the short version of the answer: No. If you simply never run untrusted executables while logged in as the root user (or equivalent), all the "virus checkers" in the world will be at best superfluous; at worst, downright harmful. "Hostile" executables (including viruses) are almost unfindable in the Linux world — and no real threat to it — because they lack root-user authority, and because Linux admins are seldom stupid enough to run untrusted executables as root, and because Linux users' sources for privileged executables enjoy paranoid-grade scrutiny (such that any unauthorised changes would be detected and remedied).
Here's the long version: Still no. Any program on a Linux box, viruses included, can only do what the user who ran it can do. Real users aren't allowed to hurt the system (only the root user can), so neither can programs they run.
Because of the distinction between privileged (root-run) processes and user-owned processes, a "hostile" executable that a non-root user receives (or creates) and then executes (runs) cannot "infect" or otherwise manipulate the system as a whole. Just as you can delete only your own files (i.e., those you have "write" permission to), executables you run cannot affect other users' (or root's) files. Therefore, although you can create (or retrieve), and then run, a virus, worm, trojan horse, etc., it can't do much. Unless you do so as "root". Which it's simple to avoid doing.
The first "virus" (arguably, actually a trojan or worm) for Linux was named "Bliss", created in September 1996 as a proof of concept. If a user executes an infected executable, the viral code appends itself to all executables for which the user has write permission. But thereafter, it can't go anywhere else or do anything else — and cannot take over (infect) the local machine (or any other): It lacks permission to do so. Nor can the other Linux/Unix viruses / worms / trojan horses thus far known. And claims of "Bliss" infections outside deliberate lab-only deployment by virus researchers are, in point of fact, considered suspect. New Linux viruses (such as Simile.D) emerge continually, too. But guess what? They don't go anywhere, either.
Most people asking this question have no experience with true multi-user systems built around a pervasive, ground-up security model. On their systems, any process the user executes, directly or indirectly, can modify, destroy, or manipulate anything on the system. This is true to a degree even on MS-Windows NT/XP, which tries to be fully multiuser as Unixes are, but has numerous fundamental security flaws.
By contrast, on Linux (or any other Unix), your processes cannot harm the machine (or damage other users' files) — because you yourself cannot.
Thus, even a Linux user who deliberately wants to activate a Linux virus (trojan horse, worm, or other program designed to do mischief) will have extreme difficulty getting it to circulate. If you're a programmer, try and see. Viruses aren't difficult to write on Linux: Write one, run it (as a non-root user), and watch it bollix your files. But nobody else's.
What are you planning?
For the Linux server portion - you don't give them 'viruses' you would try to compromise them via privilege escalation - think SQL/PHP injection or by accessing a service that wasn't properly secured.
Root the box and you will have complete control of it.
There are a ton of threads on these forums about boxes being compromised due to using SSH with poor passwords or using VNC and exposing it to the internet.
Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide
Tomorrow's an illusion and yesterday's a dream, today is a solution...
Tea Glorious Tea!
Sure, to be secure you require more than a product, but that doesn't mean one product can't be better than another.Originally Posted by haqking
There are kernel vulnerabilities reported in the list.And the list provided from symantec are application based and not OS centric.
I don't want to take this metaphor too far but I'm going to go ahead and suggest that it's worse for a empty house to have 10 open windows than to have only one.The OS itself varies across versions in Windows and Distros in its security design overall and none are "more" or "less" secure, they all have vulnerabilities and known exploits.
If one has 10 and the other has 1 it doesnt make it less or more, it only takes 1 open window to gain entry to a house.
A empty house with one open window is not any more secure than one with 10 open windows, just the points of entry are increased thats all.
That doesn't make sense to me. How can being more poorly written have nothing to do with the OS?
I Ubuntu, Therefore, I Am
You bet I would, because this 10% includes banking, government, military, education, industry, telecom, and most of the Internet's infrastructure.
Ubuntu Cappuccino Scuro
I'm sorry I wasn't as clear as I meant to be -- I was referring to third party applications existing outside of the OS itself.
For instance -- firefox.
Make more sense now?
Tea Glorious Tea!
Ah, ok. Fair enough.
Posting Permissions
Adv Reply
Bookmarks