VectorLinux

The Vectorian Lounge => The Lounge => Topic started by: tomh38 on December 01, 2008, 07:34:55 am

Title: Will Linux Viruses Ever Become A Problem?
Post by: tomh38 on December 01, 2008, 07:34:55 am
I'm starting this as a new topic because in my opinion we need to think about this possibility (however remote it may be).

I'm certain all of you are aware that viruses can be a major problem with Windows.  Some of you who were or are Windows users have not had virus problems.  I know that GrannyGeek, who has used Windows since version 3.0, has not had problems with viruses or other malware.  I imagine that other have had such problems.  I myself used to have major virus problems back when I used Windows.  On a number of occasions I had to do complete reinstalls of the OS because I couldn't get rid of the virus problems that I had.

As things are now, viruses are not a problem for Linux.  I think that there are two main reasons for this:  1) Only root can install software on a Linux system (I know, except in your home directory, but right now I'm focusing on things that could affect an entire install), and 2) There aren't any Linux viruses (that last isn't strictly true - malware programs for Linux number in the hundreds). 

Though it is hard to come by solid numbers for Windows viruses, there are at least tens of thousands and possibly over 100,000.

It's probable that many of you know that it can be difficult to get people to focus on the security of their computers.  I know people who have bought machines with Norton installed who have turned off Norton because it slows down their machine, or who have failed to renew their subscriptions to Norton.  Many of those same people have called me (sometimes in the middle of the night) because their virus load has become so high that their computers have become a big doorstop.  These are also the people who find the Windows Vista "Allow/Deny?" pop-up so annoying that they find a way to turn it off.

Now, imagine this scenario.  The "price break" (at least in the US) for consumer electronics is around $200.  This means when the price of a particular product falls to $199.99, a whole lot more people are going to buy it than would before.  With netbooks (Asus EEE etc.) we're either there or very close.  I'm not saying this is going to make Linux extremely popular, but market share might increase dramatically, from the current below 1%.

If this happens, people are going to be even more annoyed at having to give a root password than they are by the "Allow/Deny" pop-up.  I see two possible results:  1) People will buy the Windows versions of these inexpensive computers, and/or 2) Somebody will come up with a distro or version of a distro in which users have root privileges by default.  If the second thing happens, then it's quite possible that Linux viruses could become a real problem.

I know that this isn't going to be a problem for us, since nobody who's been using Linux prior to this potential problem is going to give root privileges to regular users.  Nevertheless, I think we as a community (the Linux community as it exists today) have a certain responsibility to at least consider this potential danger and think of possible solutions.  After all, many of us have been saying for years that people should use Linux rather than Windows (I have said it quite a few times).  If we urge people to do something, we are obliged to bear some of the burden of the consequences in the event that people do what we've been urging them to do.

If anybody is interested in discussing this issue, please post your thoughts.

Tom

Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: nightflier on December 01, 2008, 08:04:38 am
I am convinced that Linux viruses will appear as soon as the incentive to write them is great enough.

When Linux becomes commonplace, with auto-login and users running it like they do Win boxes now, root access is not necessary. Viruses can still send out spam from a running user account.

The root account will also be breached. If people can hack iPhones, Xboxes, mainframes and defense department servers, a consumer Linux machine is not safe. We will have to continue to adapt and evolve.

That said, the diverse Linux landscape should remain a much harder target than the current monoculture.
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: Megamieuwsel on December 01, 2008, 09:18:46 am
I am convinced that Linux viruses will appear as soon as the incentive to write them is great enough.
I'm calling bovine manure!
*nix IS the target with the biggest incentive; The vast majority of the Internet- AND corporate serves are running on *nix.
And that's where the dough is.(for the virus-writing scum, that is)
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: nightflier on December 01, 2008, 10:48:53 am
No doubt that high-powered, always-on, high-bandwidth *NIX servers are very tempting targets for the scum you are referring to. Professionally managed mainframes and server farms have always been under attack.

I was thinking more of the personal desktop computer. Many botnets consist of compromised PC's, where viruses are spread mainly through user action; web surfing, e-mail, IM, installing anything that promises instant riches, free mp3's, activation cracks, funny cursors, or a glimpse of skin.
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: tomh38 on December 01, 2008, 12:12:22 pm
Don't forget those fantastic banner ads.

(http://i24.photobucket.com/albums/c16/tomh38/728x90_ps3_spaceships.jpg?t=1228160592)
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: bigpaws on December 01, 2008, 01:11:04 pm
I guess I can chime in here.

The thought or perception that alot of people even on this distribution is
probably not good. I am finding many that I am helping with Linux are indeed
only working as root. As mentioned this is a problem. Ubuntu using sudo the
way that it does is somewhat default root. It is easy to type sudo without a
thought.

In my experience those without virus problems use their internet connections wisely
and also in what appears to be somewhat narrow scope.

Guarding against virus problems in Linux. Place sane permissions on things. Stop the
thoughts of open it and close later. Use a firewall in a proper sense.

Thinking that a computer is an appliance is not a good thing. There is a responsibility of
the computer user. There are so many people that think is Samba is file sharing program
instead of networking protocol creates problems.

The current Linux community is failing those that have been using it for a longtime by
not educating new users about how things are done. It maybe that insisting that those whom
wish to be involved understand some of the above problems.

The thought that designing Linux to mimic something else will be detrimental instead of a
positive effect. Almost all of the spin offs of the major distros are following that way. Lets' make
a GUI to have access to all of the tools for system configuration, and in the process not create
a good log to show where the problems are. For troubleshooting its a mess.

The fact that it is now acceptable to answer the same question twice. The fact that instead on
allowing one program to do one thing well. The simplicity of expected tools in all distributions.

Most of these reasons are why older users are moving into tight knit place, or moving away
from Linux completely. There is the argument from those that asking a question in those areas
is dangerous and unwelcoming. I have not found that to be the case. In fact if you follow the old
rules which is put forth effort before asking, like using Google. Then your question will be
answered as well as  welcomed.

Sorry this turned into somewhat of a rant. Flames are welcomed.

Bigpaws
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: tomh38 on December 01, 2008, 02:35:16 pm
bigpaws:

I know I started this discussion, so I should just let people say what they have to say and be quiet ... but I feel the need to respond to what you wrote.

I don't think what you wrote was a rant.  I certainly wouldn't flame you for any of it.  In fact, I agree with pretty much everything you wrote.

I strongly agree with what you wrote about the overuse of "sudo."  I'm glad VL doesn't do this by default, and that it's not encouraged.  I'm a little surprised that it doesn't cause problems for the Ubuntu community (maybe it does and I just don't know about it).

I also agree that older users need to educate new users about how to use Linux.  I think that's done very well here at VL.  You yourself answer many questions in the "Vectorbie" section in a helpful but proper Linux way - meaning that you steer people away from bad practices and ideas.  I just have one question for you:  If people can buy a Linux computer over the Internet or from a store, what can we do to help educate them that we're not already doing?

Thanks,
Tom
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: bigpaws on December 01, 2008, 03:48:05 pm
That is the magic question. It is unfortunate that the general public has been
taught that a computer is no more than an appliance. In every forum that I have
been to there are stickies most containing the how to ask a proper question.
The stickies are ignored. That is a problem. While answering question I attempt
to direct folks in that direction. Which would be describe the problem, attempted
solutions and the hardware and or software involved. I am not really sure if the
message is even received.

The next problem is the reluctance to feel responsible for using a computer and the
possible effects that it can have. One of the responses are I just want it to work and I
don't care how the background involved. Not to mention these same people are part
of the spam problem since their computers are involved in the botnets.

So perhaps in a non invasive way show the users of Vector the way and the reasons
behind it. By no means am I suggesting ignoring or flaming anyone who is not interested
in the when,where and why. I am suggesting this direction so that perhaps some of the same
questions can be avoided. The other problem with this forum is searching, my solution is
using Google with Vector Linux ________________ I found better hits than the forum search.

Just my .02

Bigpaws
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: rbistolfi on December 01, 2008, 06:32:59 pm
I will respectfully disagree in one: I don't mind to answer a question twice or pointing to a solution several times. An introduction by an experienced user is always needed. Is not that easy to search in Google if you don't know what are you exactly looking for. Nobody educates their children by telling 'read man "crossing the street"'. We do a lot of stuff to teach them hoping that one day they will learn (or at least try to) by themselves (please excuse the example, its hard to not agree with it but is in doubt if it applies to this case, its just the better I can think right now :)). Of course is not the same a user that want's to learn than one that just want's someone else solving their problems. But indeed is not that easy to learn something new, recognize pertinent solutions to some problems, or make a difference between a good answer and a stupid thing Google returns in 3rd place. What is evident to an experienced user might not be to a newbie.

I think it's ok if Linux mimics other stuff, it's not ok to mimic Windows or Mac. Instead radical changes in the operating system I would try to write better documents or to be more patience explaining to newbies, even thinking about new ways to communicate our ideas. Nobody would turn the relativity theory into 2+2 just because it's hard to understand or because the "learning curve is too hard." If something is well done it is at least wrong to change it because is not simple at first glance. This doesn't mean the Linux interfaces can't be improved or that it's wrong to try to make a more intuitive Operating System, of course.
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: tomh38 on December 02, 2008, 02:30:19 pm
Interesting article here; Windows market share has dropped below 90% - this is mostly because of OS X, though Linux gained a little ground, going from 0.71% to 0.83%.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121938 (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121938)

This isn't enough to change things in terms of viruses in any significant way (in my opinion), though it could be a sign of things to come.  I still think that if enough low end machines (netbooks, etc.) are sold with Linux on them, we may have a problem.

Tom
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: budulay on December 02, 2008, 08:16:54 pm
Speaking of forum search:
am I the only one having problem with it giving me a whole bunch of random posts that have nothing to do with what I am searching for?(I mean literally. Not a single word that I enter can be found in those posts.)

The problem with newcomers reading manuals is that people who switched from windows simply ignores them(basing this from myself and people I know). windows manuals are for most part impossible to read, and even if one manages to do that, the main point they lead to is to double click on everything, that right click and if nothing works, call for support. The main way to solve problems on windows for me was to blindly guess. Linux manuals and manuals for various software for Linux are different. They are meaningful, have all the options listed and can point to related manuals that may help in solving a problem. Sometimes it gets boring to view dozens of pages of commands and options totally unrelated to my issue, but at least I know that there is a reason for doing that.

There is also a reason why newcomers tend to "do things windows way in Linux". They simply do not know how else to do them. If there was some good introductory article like "Why there is a root privilege and some pretty important reasons why one should not be logged in as root all the time and/or overuse sudo". Maybe there is one somewhere and I just did not happen to run across it.

And about viruses: Besides my own guesses and conclusions, I have no idea why there is no viruses for Linux(now that I know from the first post that there is actually few hundred Linux malware programs out there, it is even more confusing to me). I need to go and get some knowledge on this issue before trying to discuss it. This is an interesting thread, though. Big thanks to Tom for creating it.

Oh, BTW, that's a really nice article.
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: wcs on December 03, 2008, 07:59:08 am
Quote
The thought that designing Linux to mimic something else will be detrimental instead of a
positive effect.

Agreed. An example is linux distributions in netbooks: no root password, and (sometimes) auto-login to a user called "user". Sudo allows you to do everything. Plus, several services running at boot and no gui way to remove them.
Seems silly, especially for machines that are supposed to be on the net, using a bunch of different wireless networks.

(ironically, the xandros distribution in the eee includes clamav. Probably because Windows users would feel "unsafe" without an anti-virus)
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: Windozer on December 03, 2008, 06:03:07 pm
Quote
... have turned off Norton because it slows down their machine, or who have failed to renew their subscriptions to Norton
-tomh38

Well, at least Norton would run faster on Linux  8)

It's not difficult to imagine Norton or McAffee (sp?) would jump in for Linux once its market share becomes big enough.  Would that be a bad thing?

My take on Vectors look and feel: give as many options as you think reasonable.

cheers
- Howard
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: Windozer on December 08, 2008, 05:41:31 pm
Would this slackware antivirus thingy work on Vector?

clamAV
http://www.linuxpackages.net/pkg_details.php?id=12367 (http://www.linuxpackages.net/pkg_details.php?id=12367)
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: bigpaws on December 08, 2008, 05:43:18 pm
ClamAV will work fine.

Bigpaws
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: Windozer on December 11, 2008, 05:35:02 pm
You gals and guys are all so supportive - can you indulge a n00b here a moment, please, as I'd really like to understand the implications. I'd like to repeat in my own words what I think are several key points of the virus aspect of this thread...

IF users take the common sense precautions BigPaws mentions above

AND IF anti-virus software exists,  [a clamAV?]

THEN is the most critical, or underlying, issue of viruses on linux that of unwitting users (or their processes) running under root/sudo permission?

As someone mentioned, I can't really dork up my system badly unless I have root/sudo access, right? 

For a moment - for my next question that is - let's ignore the base distros you all mentioned: they seem like bad ideas if they hide or obfusicate that I'm running as root. But wouldn't the *real* problem be if a module or package I install after the initial distro setup continues to run as root? And therein lies the trojan or virus possibility?

If a trojan/virus were installed as root wouldn't its trapping, containment or expunging require that the anti-virus thingy be part of the kernel itself?

hmmm....
- Howard in Florida
~~~~~~~~~~~
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: bigpaws on December 11, 2008, 09:16:21 pm
Quote
AND IF anti-virus software exists,  [a clamAV?]

It does indeed and in fact exist.

Quote
For a moment - for my next question that is - let's ignore the base distros you all mentioned: they seem like bad ideas if they hide or obfusicate that I'm running as root. But wouldn't the *real* problem be if a module or package I install after the initial distro setup continues to run as root? And therein lies the trojan or virus possibility?

If a trojan/virus were installed as root wouldn't its trapping, containment or expunging require that the anti-virus thingy be part of the kernel itself?

For the first part, you are correct it could be a problem. No one that would make a program
would even consider doing that, at least they shouldn't except in specific cases. If you ever
follow any development sources, you will find that the thought of process escalation. In fact
most developers from what I find spend time trying to even decrease the privilage. Any process
running as root does create that possibility.

The linux kernel is already a moving target, not in a good way imho. To add such a thing would
only make it worse.

Its' funny how everyone wants to try to close a door after the flood. The thought of closing the door
before it is open is much more sensible. If my clients get infected the game is over period. There are
those here that feel that they can remove every trace of malware, trojans or virus's. All most all use the
metric of looking at running processes to determine if such a threat is present. The primary metric in
removing such bad things is looking a system resource uses, if they decrease then you have fixed the
problem. If you can not do a full audit of the entire system how in the world can you state a threat has been removed? There are a couple things you can do to get it as clean as possible. The is no full proof method short of a reinstall with a wiped drive. I welcome any arguments if there is such a full proof documented method of doing so.

The ultimate responsibility is that of the administrator. This is part of the reason that there are sources
recommended for packages.

Bigpaws
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: alec on December 12, 2008, 01:58:15 am
The small share that linux has not only makes it a non-interesting target for writing viruses, but also decreases the rate a virus can spread. It like having 99% population vaccinated. And if you add to that different distros differ a lot and same virus may not be able to spread between them.

If we were talking about 25% market share... Yes, it could be a problem. This share is attainable with hypothetic mainstream dumb-user-friendly distro, that will suffocate all others while murdering all good what is there in linux.

One more thing. Its not Windows per se that helps spreading viruses. IE and Outlook Express aside, its 3rd party applications. Last time I helped a friend with virus, he got it from infected pdf file, automatically opened and executed with Adobe Acrobat. So there.
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: Windozer on December 14, 2008, 10:31:24 am
Quote
The linux kernel is already a moving target, not in a good way imho. To add such a thing would
only make it worse. - Bigpaws

And viruses are even faster moving targets!  :'(

Quote
[...] If we were talking about 25% market share... Yes, it could be a problem. - alec

Hi Alec,

Yes - most of us likely hope that the share does grow ... and the potential for hackers to become interested was, I think, one concern Tom was considering at the start of this thread.

Quote
Its not Windows per se that helps spreading viruses. [...] its 3rd party applications. [... e.g. an] infected pdf file [...]

Right, MS does patch security holes in the OS when they show up (if they can that is ... a whole 'nother story there  :o) 

This is indeed parallel to what I was just wondering, as a trojan (Linux) package, if it contained a kernal module, could be more intrusive than an application.  Looks like Bigpaws got to the crux of the matter: that it's up to the admins to scan the source. Gads, what an undertaking that could be ... checking for every system call in the code!
Title: Re: Will Linux Viruses Ever Become A Problem?
Post by: bigpaws on December 14, 2008, 02:27:42 pm
Quote
Gads, what an undertaking that could be ... checking for every system call in the code!

Actually the reference to an admin was the person that takes care of the system. The best way is to
do everything from scratch but not real reasonable. There is such a group that does this,
OpenBSD does audit all of the code even when there are changes.

Bigpaws