Will Linux Viruses Ever Become A Problem?

[Windozer]

You gals and guys are all so supportive - can you indulge a n00b here a moment, please, as I'd really like to understand the implications. I'd like to repeat in my own words what I think are several key points of the virus aspect of this thread...

IF users take the common sense precautions BigPaws mentions above

AND IF anti-virus software exists,  [a clamAV?]

THEN is the most critical, or underlying, issue of viruses on linux that of unwitting users (or their processes) running under root/sudo permission?

As someone mentioned, I can't really dork up my system badly unless I have root/sudo access, right? 

For a moment - for my next question that is - let's ignore the base distros you all mentioned: they seem like bad ideas if they hide or obfusicate that I'm running as root. But wouldn't the *real* problem be if a module or package I install after the initial distro setup continues to run as root? And therein lies the trojan or virus possibility?

If a trojan/virus were installed as root wouldn't its trapping, containment or expunging require that the anti-virus thingy be part of the kernel itself?

hmmm....
- Howard in Florida
~~~~~~~~~~~

[bigpaws]

AND IF anti-virus software exists,  [a clamAV?]

It does indeed and in fact exist.

For a moment - for my next question that is - let's ignore the base distros you all mentioned: they seem like bad ideas if they hide or obfusicate that I'm running as root. But wouldn't the *real* problem be if a module or package I install after the initial distro setup continues to run as root? And therein lies the trojan or virus possibility?

If a trojan/virus were installed as root wouldn't its trapping, containment or expunging require that the anti-virus thingy be part of the kernel itself?

For the first part, you are correct it could be a problem. No one that would make a program
would even consider doing that, at least they shouldn't except in specific cases. If you ever
follow any development sources, you will find that the thought of process escalation. In fact
most developers from what I find spend time trying to even decrease the privilage. Any process
running as root does create that possibility.

The linux kernel is already a moving target, not in a good way imho. To add such a thing would
only make it worse.

Its' funny how everyone wants to try to close a door after the flood. The thought of closing the door
before it is open is much more sensible. If my clients get infected the game is over period. There are
those here that feel that they can remove every trace of malware, trojans or virus's. All most all use the
metric of looking at running processes to determine if such a threat is present. The primary metric in
removing such bad things is looking a system resource uses, if they decrease then you have fixed the
problem. If you can not do a full audit of the entire system how in the world can you state a threat has been removed? There are a couple things you can do to get it as clean as possible. The is no full proof method short of a reinstall with a wiped drive. I welcome any arguments if there is such a full proof documented method of doing so.

The ultimate responsibility is that of the administrator. This is part of the reason that there are sources
recommended for packages.

Bigpaws

[alec]

The small share that linux has not only makes it a non-interesting target for writing viruses, but also decreases the rate a virus can spread. It like having 99% population vaccinated. And if you add to that different distros differ a lot and same virus may not be able to spread between them.

If we were talking about 25% market share... Yes, it could be a problem. This share is attainable with hypothetic mainstream dumb-user-friendly distro, that will suffocate all others while murdering all good what is there in linux.

One more thing. Its not Windows per se that helps spreading viruses. IE and Outlook Express aside, its 3rd party applications. Last time I helped a friend with virus, he got it from infected pdf file, automatically opened and executed with Adobe Acrobat. So there.

[Windozer]

The linux kernel is already a moving target, not in a good way imho. To add such a thing would
only make it worse. - Bigpaws

And viruses are even faster moving targets! 

[...] If we were talking about 25% market share... Yes, it could be a problem. - alec

Hi Alec,

Yes - most of us likely hope that the share does grow ... and the potential for hackers to become interested was, I think, one concern Tom was considering at the start of this thread.

Its not Windows per se that helps spreading viruses. [...] its 3rd party applications. [... e.g. an] infected pdf file [...]

Right, MS does patch security holes in the OS when they show up (if they can that is ... a whole 'nother story there  ) 

This is indeed parallel to what I was just wondering, as a trojan (Linux) package, if it contained a kernal module, could be more intrusive than an application.  Looks like Bigpaws got to the crux of the matter: that it's up to the admins to scan the source. Gads, what an undertaking that could be ... checking for every system call in the code!

[bigpaws]

Gads, what an undertaking that could be ... checking for every system call in the code!

Actually the reference to an admin was the person that takes care of the system. The best way is to
do everything from scratch but not real reasonable. There is such a group that does this,
OpenBSD does audit all of the code even when there are changes.

Bigpaws