Get APLawrence.com by RSSLinux/Unix Viri
Tue Jun 8 10:15:20 GMT 2004 Linux/Unix Viri
Link: Sophos chief concedes Unix virus frustration
Some very interesting comments here. The main point is that Sophos is having trouble building Linux anti-virus tools, but that the reasons for their difficulties (lack of standardization) also make it difficult to write viri, so it's kind of a wash for any users who may be worried about such things.
That's interesting, but I was more interested in his comment about "non-Microsoft desktop software" use in Japan:
"It's one of those things that will hit us like a Tsunami where nothing seemingly happens for a long time and suddenly the whole thing gains momentum -- before you know quite a few people will be doing it. If I was Microsoft, I would certainly be worried about that particular aspect of it".
That Sophos is writing anti-virus software is also very interesting. There aren't many Unix/Linux viruses to worry about, and the exposed user base, while certainly growing, isn't much right now either. Unless the base grows tremendously, it wouldn't make sense for Sophos to waste much effort at all, never mind tackling something that is apparently so difficult.
So the big wave must be coming?
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
I sell and support
Kerio Mail server
Click here to add your comments
Sometimes I think that this isn't a issue and will never be a issue. Other times I think it will be a big issue given time. The thing is that you can make something as simple as a bash script into a virus (or virus-like) if you have people guilible enough to give it rights and execute it as root.
The other issue is that with open software it's nice that you can get bugs and vunerabilities fixed quickly, but unless you keep your system up to date your vunerabilities are advertised to everybody, potentionally. You see people still running around with default installations of Redhat 6.x or 7.x when those OSes have some very serious security issues. But since it hasn't been a issue so far like it is in Windows, then people don't think they have a problem.
That sort of thing can get Linux into trouble badly. The solution IMO for that is to use a good advanced package mantainer like Yum or Apt. A simple "apt-get update && apt-get upgrade" once a month or so can keep you protected from all sorts of bad stuff, and is simple enough that a average user can handle it. The downside is that bad packages can break things, but that's pretty rare.
Oh, just for reference you can get support for Redhat OSes as old at Redhat 7.2 at fedoralegacy.org. I've upgraded Redhat 8.0 to 9.2 to Fedora Core2 one box using third-party packages and Apt from freshrpms.net, but I don't recommend that for the casual Linux user.
As far as virus scanning goes I've used F-prot, which seems nice. They have a free (as in cost) virus scanner for home users for linux you can use. You just set it up to update and scan your home directory once every couple days off-hours. What more do you want? It's mostly a nod right now for Windows users so I don't accedently send a virus their way that I picked up somewere else.
This "on access" scanning (from the article) stuff is for the birds anyways. This sort of thing causes issues with Windows users everyday... And they are talking about trouble with KERNEL VERSIONS? What are they trying to do make a monolithic program to control every aspect of your OS from kernel-land up? Sounds like a risky thing to do, to me. Probably open you up to more viruses and vunerabilities then it would close.
--Drag.
I think where this guy (Jan Hruska of Sophos) is missing the boat is in assuming that variations in Linux are what's preventing him from coming up with an anti-virus package, and in assuming that a virus on Linux or UNIX will behave as it would in the Windows environment. We all know (or should know) that unless something runs with root privileges, the likelihood of it causing serious or fatal operating system problems is very small. Therefore, the best virus preventative in Linux or UNIX is to not routinely run as root.
Also, I don't think the usage numbers are that much of a factor. Windows is a prime target for virii because it is easily attacked, not because of its dominance. If the Windows kernel had been properly hardened to begin with, we wouldn't be seeing all this stuff. Also, if the Windows model did not allow applications to add or replace DLLs into the system, another avenue for exploitation would not be available.
--BigDumbDinosaur
I think it can end up being a big issue if people who setup Linux isn't carefull. The temptation to make things easy for home users by breaking down some of the barriers between root and regular users is very tempting.
But the bigger issue that I see is when it comes to the actual users. Time after time big problems with worms on the internet plague Windows users constantly, but most of the vunerabilities that these worms exploit have been patched and fixes are aviable for some time. But if nobody installs them then they are worthlesss, but if you installed them and/or had a good firewall setup then it's a non-issue.
Linux vendors could end up in a similar place.
Although I seriously doubt that there will EVER be as big as a problem with Unix variants as there is with Windows. People have been preaching that it is only a matter of time for these virusses become issues with Unix. They've been saying it for 10+ years. "Just another year" they say.
It still hasn't happened yet.
Drag
Drag's point is well taken: this Slashdot article says 80% of spam comes from zombie Windows boxes: http://slashdot.org/article.pl?sid=04/06/08/0155218
--TonyLawrence
"They've been saying it for 10+ years. 'Just another year'"
'Twas about 9-10 years ago that Bill Gates predicted the demise of UNIX. He even put a timetable to it: Windows NT would take over and both UNIX and Netware would be dead by 1996.
So much for predictions!
--BigDumbDinosaur
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar