[NTLUG:Discuss] Anti-linux bias in the media

David Brown frag at phrenetictheory.org
Fri Feb 13 02:52:19 CST 2004


No need to remove my name, and I can rebut your comments.

kbrannen at gte.net wrote:

>
>
> OK, I don't want to pick on anyone but I just can't leave this alone 
> (mental flaw of mine probably. :-)  Also, I'm not trying to give the 
> auther of the quote a hard time (hence I've removed names), but I've 
> seen this view espoused in other places and I'd like to do some 
> education if I can...
>
> Looking at raw numbers, I suppose it is technically true there will be 
> people trying to write Linux viruses, and there will be some that one 
> day actually work.  However, :-) the number of successful Linux 
> viruses will be so small, they won't matter.  Let me explain, if 
> anyone disagrees, I'm certainly open to discussion on it. :-)
>
> Propagation.  There are email clients I haven't used, but of the ones 
> I have, I have yet to find one that does or allows for 
> auto-execution.  (If MS would remove that ability I personally think 
> the majority of Winders viruses wouldn't harm anyone).  For the virus 
> to spread, there needs to be code executed.  On Linux, you have to 
> save the file, chmod it, then execute it. Most new people won't make 
> the effort or don't know how to do that; most experienced Linux users 
> won't do it period.  Because this process is so difficult for the new 
> person, the virus can't spread fast enough to prevent it from dieing 
> out fairly quickly; i.e. it just doesn't get started very well. 


One word. Trojans.  They don't require auto-execution. 

>
>
> Separation.  Users generally run as a non-root user.  (Yes, I know 
> some distros do that [Lindows should be whipped for it], and some 
> people ignore the advice and do it anyway.)  So the system itself is 
> generally safe.  I know it's not totally safe, give me (or someone 
> knowledgable enough) access to a box and some time and I can become 
> root; local exploits do exist.  If there was a real worry, this would 
> be it; but fortunately this is not all there is to it.  Yes, the user 
> data is probably the most important thing on the box and losing that 
> is not nice, but if the system itself is not compromised, it's harder 
> to own the box and use it for nefarious purposes.  (This is also why 
> proper security is made up of layers.)

Just because a user is non-root doesn't mean damage cannot be done.  A 
MS Word Macro virus doesn't wipe your hardrive.

>
> Platform (binaries).  For the virus to be successful, it's going to 
> have to come in a binary so I can't see it's a bad program; but more 
> fun, it's going to have to be a binary for the machine I have.  Is 
> that x86, sparc, powerpc, os390 (got access to one of these at work 
> :-), hppa-risc, or something else. Most people have x86, but not all, 
> so there's no guarantee the binary will be useful.  Though I must 
> admit I saw my first text virus this week, it was a .cmd file and was 
> interesting to look at before I deleted it.  Again, program not 
> runnable?  No propagation.

This isn't true.  A hacked CVS or source tarbal would be a virus.  Yes, 
you may run a CRC check, and not open attachments, but there are 500 
million people that don't.  Therefore the virus would be effective even 
on Linux.

>
> Of course, let's not forget there's always stupid users. :-(  By that, 
> I mean people who do things against common sense:  run email clients 
> and other non-essential programs as the root user, do make the effort 
> to run programs sent to them that they were not expecting, and so on.  
> But by and large, I firmly believe viruses for Linux will not become 
> prevalent; they will never be the trouble or make the impact that 
> Winders viruses are.
>
> Kevin

Exactly.  I noted this specificlly in my reply.  Quote: "Virus on Linux 
*will* become more prevalent as Linux grows on the desktop and more 
non-geek users begin to migrate. "

My point is computers don't error, they fail.  Only users error.  User 
error is why most computers get infected by virus.  Even Linux.

Dave





More information about the Discuss mailing list