Linux is far from being free of malware - is that true?

[amjjawad]

Hi,

I got this reply:

I have run and currently run several distros and have been in computer security for over 20 years. Linux is far from being free of malware as your point 3 states. I highly recommend Ubuntu but would recommend that users run free ClamAV or some other paid version of antimalware software if choosing linux.

To my post:

[Attention Please] If 'you' are still using Microsoft Windows XP or you know 'someone' who still do, please be advised that "Microsoft Windows XP" will die very soon and will no longer be supported. What does this mean?

http://windows.microsoft.com/en-us/w...d-support-help

Now, why to BUY NEW Hardware and/or UPGRADE to Windows 7 or Windows 8 (in both cases, you will pay to Microsoft for Windows Licence) while there is a much better alternative called Linux?

- - - - - - - - - - - - - - - - - - - - - - - - - - - -
[Windows vs Linux]
1- Super Fast.

2- Super Secure.

3- Virus-Free.

4- Super Stable.

5- Very easy system and any age can use it.

6- Gives you freedom of choice to use the interface you like the
most and does not force you to use only one interface (has many options when it comes to User Graphical Interface).

7- Linux is Free Open Source Operating System. No serial numbers, no cracks, nothing.

8- Free Technical Support by so many volunteers so you don't have to worry nor pay for support.

9- Almost for each Windows Application/Program, there are more than one alternative for that in Linux and you don't have to visit any website to install anything, there is a tool installed by default that makes your life easier.

10- You do not need to buy new hardware to run Linux. It can be installed even on +10 years old machines.
- - - - - - - - - - - - - - - - - - - - - - - - - - - -

It is YOUR CALL either to make the switch to Linux OR keep paying for NEW Hardware (that you don't really need) or paying for Microsoft for Windows Licence.

Just for the record, 16 machines in our neighbourhood have been migrated to Linux and got rid of Windows. So far, not even one single issue and all happy users (different ages, etc).

Let me know if you have any Question

And that when I posted on my neighbourhood Facebook group trying to warn/advice people about the EOL of Windows XP.

What do you think?
Is he correct?

I posted this link for him: https://help.ubuntu.com/community/Antivirus

Is there anything else except going into a hopeless argument that I can use to support my claim?

I've been around here since 2009 and some of you know that I am not just a user, I am a contributor to many communities (check my signature) and all these years, I have never ever seen even 'one' single case when user was infected, etc.

So, I'd really appreciate if someone tells me whether I am right or wrong. I'd appreciate if I am wrong and be corrected

Thank you!

[sudodus]

Every operating system in contact with the internet can be attacked and compromised by clever guys, particularly if the user is careless. So linux is not 100% secure, but the risks are much smaller with linux compared to Windows, because Windows is the main target for many viruses and other attack vectors. But for example attacks via the web browser might work independently of the operating system.

There is a good wiki about these things at https://wiki.ubuntu.com/BasicSecurity

[ZoiaGuyver]

People have to understand something about the way linux is built. Linux is not "free" of malware or virus infections in the sense that noone can write the things, the problem is the way Linux is built, designed and ran by most people makes Virus or Malware useless because of the modular design. Every virus or malware needs an attack vector, something that is central and expandable, Windows weakness is also one of its greatest strengths, the ".exe" files, Executables that can run with 0 user intervention and can stay hidden in the processes.

Linux isn't like that it takes a lot of user intervention and gives warnings on many of the system changes, plus there is no "central" point within Linux (a lot can say the Kernel but with things like Tomoyo and Access based protection the kernel is far from a weakpoint).

In a sense you are both correct on the matter, but from different viewpoints. The problem isn't that linux isn't "big" enough market share to attack (the reason most give for it) the reason is the modular design ethos of Linux, the licencing choices of the projects (open source), the shear amount of amazingly intelligent coders that work on the various parts.

Answer to it really is if you have dealings with "Windows users" it may be in the best interests of others for you to run an Anti-Virus/Malware program to stop others from being infected, just because you can't be affected doesn't mean no-one can.

If you don't have any contact with Windows users then the chance of you ever getting anything like malware is pretty much zero.

[bashiergui]

If you don't have any contact with Windows users then the chance of you ever getting anything like malware is pretty much zero.

I'll fix that for you:

f you don't have any contact with ANYONE EVER AND YOU KEEP IT TURNED OFF FOREVER then the chance of you ever getting anything like malware is pretty much zero

[ZoiaGuyver]

You cannot get malware on Linux due to the way the Malware is written all current malware apps are distributed using executables, so if you don't run any suspect executables then you cannot get malware..

You cannot run an executable on linux without user intervention (for the .exe files you would need wine or another compatibility layer). Linux requires user intervention on almost everything.. the problem is not the malware its the users knowledge (covers nearly all computer problems) of them. If users were more aware of what they chose to run then Malware and Virus protection would be obsolete (plus for companies that sell software to use more conventional and correct naming for processes). The companies to an extent prey on peoples worrying so that sales continue to rise.

Linux is not immune to malware/viruses as an OS. But as with most things the problem isn't the computer its the person telling the computer what to do,

The community aspect of Linux is what drives is usage, but an answer to a problem isn't found without someone asking the question. Most people don't ask questions enough..

Obvious questions on the Malware/Virus side of things would be "do i know this person/company?" if the answers no then don't blindly install or run stuff, ask friends/family/communities/usergroups if they know of them.. if you get a bad feeling from it warn others,,

[monkeybrain20122]

BTW, ClamAV checks only for Windows virus and is rather crappy at that. So that can easily be dismissed. It is theoretically possible for Linux to get malware, but an AV is quite useless and unwarrranted on Linux IMO. When a Linux installation is compromised it seems it is always through social engineering, there is no AV that can prevent that and indeed it gives you a false sense of security. Just take the usual precautions when using the internet and keeping system up to date would be enough IMO (If you are into it you can do some configuring to hardern apparmour, but personally I don't bother, I just use the default configuration)

It seems that your correspondent is one of those people who know a little about Linux but primarily use Windows and his perspectives are mostly shaped by the Windows experience

One reason that Windows gets infected (and Linux/Ubuntu is immune from this) is that in Windows you have to go to the inetrenet to install software and that is a huge risk. To make it worse going on the net to search for random software just for the heck of it is so integral to the Windows culture that it becomes almost a sport for many Windows users. I have seen some threads of new users complaining that in Ubuntu they are inconvienenced by not being able to just download an .exe and click 'install' when they find something fancy on the net.

Even reputable sofware like vlc and Firefox can become problematic if downloaded from some random third party sites. A friend on Windows was trying to get vlc and she searched in google or yahoo, the first site that came up was called vlc something and offered a download but it wasn't videolan. I immediately stopped her and sent her to videolan instead. I saw a warning at Mozilla a while ago that some malware company set up a fake fireox website that provided an infected Firefox for Windows. I am a big avocate for ppas but only use the popular ones on launchpad or from well known developers and authentic sites (like jitsi, or Chrome)

[elizabeth]

I do think it's a mistake to categorically state that Ubuntu has no viruses. There have been vulnerabilities which some argued were viruses and as popularity increases I am certain we will see a rise in security vulnerabilities being taken advantage of further, just look at Android, and it's common for Linux servers to be broken in to if the admin doesn't keep on top of updates.

I think the bullet point about security is sufficient for conveying what you are trying to communicate, it does tend to be more secure than Windows XP out of the box because it's a more modern operating system, the open source mantra of "given enough eyeballs, all bugs are shallow," it has separation between user and admin accounts, and software is typically downloaded from a centralized, trusted source (all bets are off when you start using PPAs though).

[bashiergui]

You cannot get malware on Linux due to the way the Malware is written all current malware apps are distributed using executables, so if you don't run any suspect executables then you cannot get malware..

Malware written as a Windows executable won't run on Linux unless you make them executable, true.

It is FALSE that if you don't run them you won't get any malware ever. All a malware writer needs are a vulnerability and a way to exploit it. There are plenty of vulnerabilities in Linux. To say otherwise is ignorant and misleading.

Nevermind that java, browser, flash and adobe exploits will compromise Linux, apple, and windows.

[monkeybrain20122]

Nevermind that java, browser, flash and adobe exploits will compromise Linux, apple, and windows.

Hence keeping the system up to date. Things like browser, java and flash are all installed through the repo and they are supposed to get security patches when issues arise, and that's why adobe acroread has been removed because it is unmaintained and can be a security risk.

[SCBrisbane]

1)If you stick to installing software from the ubuntu repositories, your chance of installing malware onto your machine is pretty much zero. Once you start installing from ppa's this risk goes up slightly.

2)If you additionally keep on top of the updates, you can reduce the number of remote exploits too. Linux is targeted just as much as windows in this area, though it tends to be against web/database servers and not desktops.

3)Try to avoid downloading deb's outside of the package manager or installing directly from archives without researching the trustworthyness of the origin and considering how you will keep these extra packages up to date. This is not just about security, you also may impact system stability by replacing important and fully tested libraries with incompatable/buggy ones.

4)If you follow all the above, you can still have your user account infected, passwords stolen etc if you run files from places you dont trust, even if these are not run as root.

5)People (including me) tend not to run malware checkers on Linux, so we are in principle very vulnerable (at least in principle) to the last point, perhaps more so than a Windows user with a good malware checkers if we dont think about what we "click on". I expect anyone reading this forum is sensible about the websites they visit, but recommending Linux to Windows users who are already indoctrinated to be click happy or careless is not necessarily going to help them too much.

All that said, most desktop malware is currently targeted at Windows users and so that fact alone makes Linux safer than Windows for now.

Virus-checkers:- ClamAV mostly helps you by catching cross platform malware, as there are few known Linux-only malware programs that can hurt an up-to-date system. If you can install it and keep it up to date that would be a good idea. You generally gain more by being sensible about what you run or sites you visit in the first place, however you may not always be able to control this (eg if someone else uses the machine too and you want to protect them). If you run Wine, you are also vulnerable to a lot of Windows viruses. In that case, I would definately recommend a virus checker.

@monkeybrain20122:- I agree mostly with that post, other than to ask for a clarification of what is meant by social engineering. A virus checker will alert you dangerous email attachements, for example. Something I would clas as social engineering.
@ZoiaGuyver Is it true that all malware is in executables? I have heard of exploits in pdf files, flash, java and even using buffer overruns in image handling libraries so it is at least in principle possible to produce malware on Linux or Windows that does not use .exe files. Whether there are any 'in the wild' and that affect Linux is a different matter, but I would be interested in a reference for the statement.