[ubuntu-uk] linux & viruses

Tony Arnold tony.arnold at manchester.ac.uk
Wed Oct 21 11:51:30 BST 2009


Peter Adam Kelly wrote:

> I was thinking this morning (which is quite exceptional for me at such
> an early hour, but that's another story haha) that a large distro user
> base like ubuntu's is great, it standardizes things and all that, but I
> was left wondering maybe having so many people using one distro makes
> the user base more seseptable to virusses or mallicious attacks, is the
> none standardisation in gnu linux a good thing in security terms and
> standization a bad thing?

It's generally agreed that a homogeneous environment is bad from a
security viewpoint because it means that if one machine is compromised
then it's likely all of them will or could be. Having a variety of
machines can help limit the scope of the effects of a compromise.

There are a number of reasons why Linux has not be hit by viruses in the
same way that Windows has. The main one, IMHO, is that files are not
executable by default and so an attacker has to work that little bit
harder to get a user to run something malicious. The other is that users
tend to be logged in as root all the time, so it's much harder to
compromise system files, although some argue the users' data is still
vulnerable which is much more valuable than the system stuff.

Linux users still make up a relatively small proportion os computer
users in the world so if a virus writer wanted to have maximium effect,
starting with Linux does not make sense. Of course as this changes,
virus writers may start turning their attentions to Linux.

Having said, that Linux is not immune from the hackers. My experience is
that most incidents with Linux machines have been down to week or
default passwords. Hackers can then get in and use the machine to scan
other machines for weaknesses. My guess is if you put a machine on the
netork with an ssh daemon running and a user name of david and password
of david (for example), then it will be compromised within 24 hours or
less. (I know someone who did exactly this).

Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-uk mailing list