Firewall and/or anti-virus
GreyGeek at earthlink.net
Mon Apr 6 17:21:10 UTC 2009
Antonio Augusto (Mancha) wrote:
> But I think some things need to be made clearer: for starts its not
> IMPOSSIBLE to one write a virus that attacks Linux, it just isn't as
> widespreed as Windows virus are,
True, it is not impossible to write a virus that attacks Linux, but it
is MUCH harder.
The hacker's problem is that the security protocol for Linux is superior
to that of Windows. A Windows executable is determined by the
extension of the file (exe, com, bat), not a bit setting on the its HD
image AND the file type, like Linux does. Linux does not implement an
"ActiveX" type component which automatically executes an email
attachment like Windows does. Linux executes SAVED FILES that are
either a special shell script or an ELF binary, both of which have to
have their execute permissions set in order to be run. To run a viral
attachment the *USER* has to first save the first as a file, then set
the execution bit, then run it. Three manual operations requiring the
cooperation of the user. Buffer overflows are another matter.
THAT is why, in the last 15 years there have been less than a dozen
Linux viruses or Trojans found in the wild, and the most recent, 5 years
ago, infected only a handful of computers in Easter Europe because they
were running copies of a commercial Linux distro which sets the user up
to run as root in order to make it "behave" more like Windows.
> simply because Linux is not as
> popular as Windows.
> When Linux becomes a mainstream OS with everyone using it you bet crackers you start trying to find ways to write virus
> to it.
I've heard that argument repeated many times but I don't believe it.
Contrary to "reports" by a firm whose business model is marketing
rebrandable Windows executables, the Linux desktop market share is
around 8 to 10%, not 0.8 to 1.0%. In 2004 CNET, ZDNET, Gartners and
IDF has reports putting the Linux desktop market share at 4%, with
predictions that it would be 8% by 2008. IF, instead, it HAD decreased
to 0.8% I doubt that DELL and PC OEMS would have wasted their time
offering Linux preinstalled on some of their offerings. The Netbook
OEMs wouldn't have bothered preinstalling Linux on their stuff either.
If it were a matter of simple 'popularity' then viruses would appear in
proportion to that ratio of popularity, not some arbitrary threshold,
but they don't. Linux is approaching 30% in some market shares and in
some countries 100% has been mandated, but despite that Linux viruses
are rare. Most Linux servers are compromised because of *manual*
attacks by hackers, one on one. They can't build a Linux bot farm one
at a time, and automatically executing Linux email viruses do not
exist. By many measures the Apple Mac has risen in popularity to
between 10-12% of the desktop market share. It's vulnerabilities have
increased slightly, probably more a result of their proprietary model
not their market share, but the percentage of Mac viruses found in the
wild is no where near their markets hare percentage. As Linus Torvolds
said, "To a thousand eyes, all bugs are shallow".
Most Linux virus counts are forged by AV houses trying to sell Linux AV
products. They take supposedly "cross platform" malware like the jpeg
stuff and rename them to include "linux" in their name, but they are
still just Windows infectants.
> Virus, worms and all that stuff are based on bugs found on the OS,
> that is: by errors of human beings. And guess what, the same way a
> person writes a program with bugs in Windows, some one can write a
> program with bugs in Linux. And it has been done before and A LOT.
> What do you think are all those updates that Kubuntu keeps telling you
> to install? Bugs being fixed, and if you don't install these updates,
> usually, you are as vulnerable as any Windows user.
A program defect is *NOT* necessarily an remotely exploitable defect,
so an update to fix a gui button which doesn't work to design specs
isn't the same as fixing a switch parameter of a utility, or a gui
textbox, which allows a buffer overflow. Defects and bugs do *not*
equate on either platform. I would wager that the *VAST majority* of
updates on Jaunty are to fix performance issues not security holes
So, NO, a Linux user is NOT "as vulnerable as any Windows user".
Microsoft's money distorts the news. You should read page 53 of the
PX03096.pdf from the Comes vs Microsoft lawsuit, section 8 entitled "The
Slog". I've posted it in another msg on this list. Microsoft's market
share is eroding steadily, more so recently because of the economic
climate, but Linux viruses are not on the rise. In fact, they haven't
been seen in 5 years. IF there HAD been a Linux virus outbreak you can
rest assured that Microsoft would make sure it hit ALL the front pages
and remain there for months.
> Also, even in the case of a Linux virus it wouldn't spreed as long as
> their windows counterpart, and the reson is simple: on Windows, you
> usually run as Administrator but on Linux, you usually runs as a
> normal user, which has even less permissions than a regular user on
> Windows :)So yeah, in this side you are a lot safer than you would be on Windows.
That assumes what you are trying to prove: that Linux is as easily
infected by a virus as Windows is.
> BUUT... as said, in the even of a Virus your personal files (that, in
> the end, as a personal user, is what matter) would be at danger. So
> yeah, if you get a Linux virus you are as screwed as on Windows.
Actually, since most hackers are not script kiddies, but professional
thieves (and this may seem strange at first) you could be *better*
protected by being hijacked by a hacker! Why? Because while hackers
can spam a single viral email and gather in several *thousand* Windows
PCs as zombies into their bot farm, they prefer to use Linux as the bot
farm controller *because* it is secure from normal viral routes of
infection and from less skilled manual hackers. But, they have to
manually hack into the Linux box to compromise it and that is not easy
and it is very dangerous - i.e. is is easier to get caught. Once in,
they will block the routes they took to get in and other routes that
might be exposed, thus making the Linux box *more* secure than it was
before. Now, from the relative safety of their IRC channel, they send a
quick *single* msg to their Linux controller with a command that tells
the Linux box to relay the contained targeting information to the
thousands of IP addresses of the Windows zombies. In the stream of IRC
channel chatter one would hardly notice that one line. The Linux user
might notice a flurry of Internet activity on their Internet connection,
and things may slow down for a few minutes as 50,000 Windows boxes are
contacted and attack information is relayed to them, but it will return
to "normal" until the next command from the hacker. After the hacker is
finished using the box he may plunder it for personal or CC
information. That is what you mean when you say the Linux user is as
screwed as the Windows users, and if that happens you are correct. But,
relative to its market share, *very few* Linux boxes are being hijacked
because very few are needed.
> Hope this helps you a bit. At the end it does not hurts to be carefull
> with what you do around the net :)
Exactly! Being careful includes *not* installing foreign applications,
i.e., ones *not* in the repository.
The best way to get infected running Linux is to install a foreign
binary app *or* one you compiled from a tar file downloaded from an
unvetted source. Those two routes are the *sure* way to get infected.
More information about the kubuntu-users