[NTLUG:Discuss] Anti-linux bias in the media

kbrannen@gte.net kbrannen at gte.net
Fri Feb 13 00:09:39 CST 2004 

someone wrote:
> ...
> 
> For the most part it's all correct.  Virus on Linux *will* become more 
> prevalent as Linux grows on the desktop and more non-geek users begin to 
> migrate.  He did give *nix some credit with the following statement.  
> Quote: "Operating systems like Unix and Linux (kind of like Unix, but 
> free) are harder to infect, but it's not impossible."
...

OK, I don't want to pick on anyone but I just can't leave this alone (mental 
flaw of mine probably. :-)  Also, I'm not trying to give the auther of the 
quote a hard time (hence I've removed names), but I've seen this view espoused 
in other places and I'd like to do some education if I can...

Looking at raw numbers, I suppose it is technically true there will be people 
trying to write Linux viruses, and there will be some that one day actually 
work.  However, :-) the number of successful Linux viruses will be so small, 
they won't matter.  Let me explain, if anyone disagrees, I'm certainly open to 
discussion on it. :-)

Propagation.  There are email clients I haven't used, but of the ones I have, 
I have yet to find one that does or allows for auto-execution.  (If MS would 
remove that ability I personally think the majority of Winders viruses 
wouldn't harm anyone).  For the virus to spread, there needs to be code 
executed.  On Linux, you have to save the file, chmod it, then execute it. 
Most new people won't make the effort or don't know how to do that; most 
experienced Linux users won't do it period.  Because this process is so 
difficult for the new person, the virus can't spread fast enough to prevent it 
from dieing out fairly quickly; i.e. it just doesn't get started very well.

Separation.  Users generally run as a non-root user.  (Yes, I know some 
distros do that [Lindows should be whipped for it], and some people ignore the 
advice and do it anyway.)  So the system itself is generally safe.  I know 
it's not totally safe, give me (or someone knowledgable enough) access to a 
box and some time and I can become root; local exploits do exist.  If there 
was a real worry, this would be it; but fortunately this is not all there is 
to it.  Yes, the user data is probably the most important thing on the box and 
losing that is not nice, but if the system itself is not compromised, it's 
harder to own the box and use it for nefarious purposes.  (This is also why 
proper security is made up of layers.)

Platform (binaries).  For the virus to be successful, it's going to have to 
come in a binary so I can't see it's a bad program; but more fun, it's going 
to have to be a binary for the machine I have.  Is that x86, sparc, powerpc, 
os390 (got access to one of these at work :-), hppa-risc, or something else. 
Most people have x86, but not all, so there's no guarantee the binary will be 
useful.  Though I must admit I saw my first text virus this week, it was a 
.cmd file and was interesting to look at before I deleted it.  Again, program 
not runnable?  No propagation.

Of course, let's not forget there's always stupid users. :-(  By that, I mean 
people who do things against common sense:  run email clients and other 
non-essential programs as the root user, do make the effort to run programs 
sent to them that they were not expecting, and so on.  But by and large, I 
firmly believe viruses for Linux will not become prevalent; they will never be 
the trouble or make the impact that Winders viruses are.

Kevin

More information about the Discuss mailing list