Linux security

Daniel Carrera daniel.carrera at zmsl.com
Fri Apr 28 23:34:50 UTC 2006 

Lorin B Pino wrote:
> I know nothing of the technical side of the linux os, but if you prefer 
> a humorous take on viruses, and what it takes to run some on linux, then 
> see:
[snip]
> http://librenix.com/?inode=21
> Hopefully those will answer (or start to answer) your questions.

Actually, this one does:

* "For a Linux binary virus to infect executables, those executables 
must be writable by the user activating the virus."

Okay, so that's one thing that separation of priviledges does. It 
removes much of the virality of the virus because the system's 
executables are not writable the the regular user.

Of course, this isn't a spectacular protection, since the virus itself 
could still run. But this touches on the propagation issue, which makes 
me think of another Linux advantage:

Linux software is more diverse. Suppose you do get a virus, how will it 
spread? Some users will be running Thunderbird, others Evolution and 
others KMail. Even if one of them has a bug that allows the virus to 
spread, the fact that people use different clients makes it difficult 
for the virus to spread.

So, putting together all the arguments so far. Linux is inhospitable to 
viruses because:

* Linux has fewer bugs and they get fixed faster.

* Making a virus run requires a much greater lapse in judgement from 
either the user or the application writer. This is because you must go 
out of your way to alter the execute bit.

* Viruses have a hard time propagating because they can't infect 
executable files in the system (separation of priviledge).

* Viruses have a hard time propagating because of the diversity in mail 
clients.


On a second thought, there is a way to get around the inability to 
infect executables. A virus could create a $HOME/.local/bin directory, 
put a script there than runs the virus and then calls (say) Firefox, and 
then look for your Gnome panel settings and make your Firefox button run 
that script instead of Firefox.

What does this mean? It doesn't mean that Linux is "just as vulnerable". 
Actually, you can see that it increases the work that the virus writer 
needs to do, and makes the virus more detectable.

Cheers,
Daniel.
-- 
      /\/`) http://opendocumentfellowship.org
     /\/_/
    /\/_/   ...and starting today, all passwords must contain
    \/_/    letters, numbers, doodles, sign language and
    /       squirrel noises.

More information about the ubuntu-users mailing list