VectorLinux
October 20, 2014, 09:36:22 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: 1 [2]
  Print  
Author Topic: Will Linux Viruses Ever Become A Problem?  (Read 3786 times)
Windozer
Vectorite
***
Posts: 386


Have Vector Linux, Will Travel.


« Reply #15 on: December 11, 2008, 05:35:02 pm »

You gals and guys are all so supportive - can you indulge a n00b here a moment, please, as I'd really like to understand the implications. I'd like to repeat in my own words what I think are several key points of the virus aspect of this thread...

IF users take the common sense precautions BigPaws mentions above

AND IF anti-virus software exists,  [a clamAV?]

THEN is the most critical, or underlying, issue of viruses on linux that of unwitting users (or their processes) running under root/sudo permission?

As someone mentioned, I can't really dork up my system badly unless I have root/sudo access, right? 

For a moment - for my next question that is - let's ignore the base distros you all mentioned: they seem like bad ideas if they hide or obfusicate that I'm running as root. But wouldn't the *real* problem be if a module or package I install after the initial distro setup continues to run as root? And therein lies the trojan or virus possibility?

If a trojan/virus were installed as root wouldn't its trapping, containment or expunging require that the anti-virus thingy be part of the kernel itself?

hmmm....
- Howard in Florida
~~~~~~~~~~~
Logged

483,617th Registered Linux Snoozer
bigpaws
Vectorian
****
Posts: 1856


« Reply #16 on: December 11, 2008, 09:16:21 pm »

Quote
AND IF anti-virus software exists,  [a clamAV?]

It does indeed and in fact exist.

Quote
For a moment - for my next question that is - let's ignore the base distros you all mentioned: they seem like bad ideas if they hide or obfusicate that I'm running as root. But wouldn't the *real* problem be if a module or package I install after the initial distro setup continues to run as root? And therein lies the trojan or virus possibility?

If a trojan/virus were installed as root wouldn't its trapping, containment or expunging require that the anti-virus thingy be part of the kernel itself?

For the first part, you are correct it could be a problem. No one that would make a program
would even consider doing that, at least they shouldn't except in specific cases. If you ever
follow any development sources, you will find that the thought of process escalation. In fact
most developers from what I find spend time trying to even decrease the privilage. Any process
running as root does create that possibility.

The linux kernel is already a moving target, not in a good way imho. To add such a thing would
only make it worse.

Its' funny how everyone wants to try to close a door after the flood. The thought of closing the door
before it is open is much more sensible. If my clients get infected the game is over period. There are
those here that feel that they can remove every trace of malware, trojans or virus's. All most all use the
metric of looking at running processes to determine if such a threat is present. The primary metric in
removing such bad things is looking a system resource uses, if they decrease then you have fixed the
problem. If you can not do a full audit of the entire system how in the world can you state a threat has been removed? There are a couple things you can do to get it as clean as possible. The is no full proof method short of a reinstall with a wiped drive. I welcome any arguments if there is such a full proof documented method of doing so.

The ultimate responsibility is that of the administrator. This is part of the reason that there are sources
recommended for packages.

Bigpaws
Logged
alec
Member
*
Posts: 63


« Reply #17 on: December 12, 2008, 01:58:15 am »

The small share that linux has not only makes it a non-interesting target for writing viruses, but also decreases the rate a virus can spread. It like having 99% population vaccinated. And if you add to that different distros differ a lot and same virus may not be able to spread between them.

If we were talking about 25% market share... Yes, it could be a problem. This share is attainable with hypothetic mainstream dumb-user-friendly distro, that will suffocate all others while murdering all good what is there in linux.

One more thing. Its not Windows per se that helps spreading viruses. IE and Outlook Express aside, its 3rd party applications. Last time I helped a friend with virus, he got it from infected pdf file, automatically opened and executed with Adobe Acrobat. So there.
Logged
Windozer
Vectorite
***
Posts: 386


Have Vector Linux, Will Travel.


« Reply #18 on: December 14, 2008, 10:31:24 am »

Quote
The linux kernel is already a moving target, not in a good way imho. To add such a thing would
only make it worse. - Bigpaws

And viruses are even faster moving targets!  Cry

Quote
[...] If we were talking about 25% market share... Yes, it could be a problem. - alec

Hi Alec,

Yes - most of us likely hope that the share does grow ... and the potential for hackers to become interested was, I think, one concern Tom was considering at the start of this thread.

Quote
Its not Windows per se that helps spreading viruses. [...] its 3rd party applications. [... e.g. an] infected pdf file [...]

Right, MS does patch security holes in the OS when they show up (if they can that is ... a whole 'nother story there  Shocked

This is indeed parallel to what I was just wondering, as a trojan (Linux) package, if it contained a kernal module, could be more intrusive than an application.  Looks like Bigpaws got to the crux of the matter: that it's up to the admins to scan the source. Gads, what an undertaking that could be ... checking for every system call in the code!
Logged

483,617th Registered Linux Snoozer
bigpaws
Vectorian
****
Posts: 1856


« Reply #19 on: December 14, 2008, 02:27:42 pm »

Quote
Gads, what an undertaking that could be ... checking for every system call in the code!

Actually the reference to an admin was the person that takes care of the system. The best way is to
do everything from scratch but not real reasonable. There is such a group that does this,
OpenBSD does audit all of the code even when there are changes.

Bigpaws
Logged
Pages: 1 [2]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!