LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Cause of virii

Cause of virii

Posted Oct 24, 2006 3:25 UTC (Tue) by ringerc (guest, #3071)
In reply to: Antivirus is a bad solution to bad security. by penguin
Parent article: Critical Linux security API is still a kludge (Inquirer)

I disagree. While Microsoft's design decisions have not helped the virus issue at all (system & program files writable by all users; applications that automatically execute code coming from *email*), many viruses only explioit user stupidity.

I don't personally see how a trojan that asks a user to run it in order to "speed up their computer" or whatever and when run mails itsself to everyone in their addressbook is Microsoft's problem. Their involvement is limited to making it easy to send programs around and easy to run them.

For trojans (as opposed to worms and the even rarer old-school executable infecting viruses), which are the most common threat these days, I think Linux is probably less exposed largely beceause:

- It's harder to run a program you've been sent. You need to do more
than just double click.
- The variety of software used means that something like
scanning the user's addressbook becomes a rather non-trivial task.

But wait? What do all these trojans do? They don't just propagage - they set themselves up as backdoors to be used as spam relays etc. Is there anything that'd prevent that being done on Linux?

- User base. Why bother when there are all those Windows machines
just waiting to be exploited by their helpful users.

After all, adding some start-up code to .bash_login, .xinitrc or whatever isn't too hard, nor is building a neat little static executable that'll run on most distros. Networking isn't a big deal - an outbound IRC control channel where it "phones home" eliminates the firewall issue, and is how most of them work anyway. As far as I can tell it all comes down to the fact that there are fewer Linux machines out there and it's harder to get the user to actually run the trojan (since they need to do more than double-click).

Microsoft has a role here, but not IMO as big a role as people tend to make out. These days. They certianly did - the outlook worms, SMB worms etc were the result of plain bad security. These days, the user should take equal blame.

(Log in to post comments)

Cause of virii

Posted Oct 24, 2006 7:19 UTC (Tue) by khim (subscriber, #9252) [Link]

As far as I can tell it all comes down to the fact that there are fewer Linux machines out there

That's not 100% true. If you count number of systems (including unattached systems) - then it's of course true, but if you count available bandwidth... How many ADSL Windows PC will you need to match just one 1GBit-connected Linux server ? If you'll cound available bandwidth (and that's what spam relay's are need, right?) then Linux is already more attractive target. And we do see attacks from that angle (sendmail worms few years back, PHP-worms today, etc). I fail to see how Dazuko will help anything there: it's way too easy to write PHP worm if you know the bug in it... You need to fix PHP to stop PHP worms!

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds