Linux and Viruses?

hank863 · 2009-03-29 23:40:11

I know the Linux community isn't insanely worried about the threat of viruses, at least no where near as much as Windows and Mac OS X. I have always done a lot to protect my computers and networks. I have not done anything on my Linux systems, however. Do I need a firewall? anti-virus? I realize the threat may not be very high now, but as Linux gets more publicity, will some brilliant hacker out there come up with something to kill all our systems, taking advantage of our false sense of security?

banshee28 · 2009-03-29 23:50:19

hank863 wrote:

I know the Linux community isn't insanely worried about the threat of viruses, at least no where near as much as Windows and Mac OS X. I have always done a lot to protect my computers and networks. I have not done anything on my Linux systems, however. Do I need a firewall? anti-virus? I realize the threat may not be very high now, but as Linux gets more publicity, will some brilliant hacker out there come up with something to kill all our systems, taking advantage of our false sense of security?

I am definitely running a hw based (dedicated) firewall for my home network. However on my new Arch install I am not running any AV. I might in the future if I feel the need to based on whats going on.

hank863 · 2009-03-29 23:54:37

Which firewall would you recommend?

barjo · 2009-03-29 23:58:44

> Do I need a firewall?
not mandatory but always a good idea.

> anti-virus?
No. Update regularly, use no script, don't do silly things.

Linux is 1% market on desktop, with majority of well educated users, it's still far from being an interesting target for virus/malware who target Joe User windows box today. Linux servers are under attacks for years (with some success)

Edit: Anti-virus/scanner is a defective way to deal with the problem, if one day linux _need_ an anti virus, linux is dead from my point of view.

Last edited by barjo (2009-03-30 00:01:56)

kensai · 2009-03-30 00:03:17

barjo wrote:

Linux is 1% market on desktop, with majority of well educated users, it's still far from being an interesting target for virus/malware who target Joe User windows box today. Linux servers are under attacks for years (with some success)

Beware, there are two myths here, Linux is not only 1% of desktops, that is published by a study paid by mac and ms, and no onw know the specific of those studies, independent studies show 5%+.

And no matter if people are educated, the code security of Linux is far better than that of windows, of course a Linux server can be hacked, but if not properly maintained, and is harder.

And now to the OP, yeah a firewall is always a good idea, an anti virus if you want to but is not necessary.

Last edited by kensai (2009-03-30 00:47:07)

ChoK · 2009-03-30 00:15:17

Linux kernels have a firewall built-in called iptables

check the following page for the configuration http://wiki.archlinux.org/index.php/Firewalls

hank863 · 2009-03-30 00:26:59

I installed iptables. Is there any way to test it?

barjo · 2009-03-30 00:29:16

kensai> 1% is millions, not 15, but be it 5%, it doesn't change my point, which say nothing about technical merit of windows vs linux (it's probably not a topic we want to discuss here )

(edit: rson451> nice guess )

Last edited by barjo (2009-03-30 00:40:09)

rson451 · 2009-03-30 00:35:17

barjo wrote:

kensai> 1% is millions, not 15

% is probably shift+5 in his keymap, just a typo.

kensai · 2009-03-30 00:48:05

rson451 wrote:

barjo wrote:
kensai> 1% is millions, not 15
% is probably shift+5 in his keymap, just a typo.

LOL, nice catch, yeah barjo I undertsnad your point, I just want to make everything clear to the n00bs so they don't go off spreading Linux has 1% market share.

Kilz · 2009-03-30 01:16:28

As I understand it Linux makes for a poor virus target for a number of reasons
1. Its patched regularly
2. The code is open - this may sound like a risk, but if thousands (most likely x10 that number or better) of people have looked at the code and found no way to exploit it is a plus.
3. the configuration of distro's differ enough that it s hard to write a virus that affects them all.
4. Unlike windows, you dont run as root (if you are shame on you) so the most a virus can do is mess with the userland.

All and All I dont think a AV is useful. Those av's out there are useful only to email servers so that windows users that connect to them cant pass on the virus to other windows users. The server isnt in danger from windows viruses.
Lastly, if my brother has been running Linux for almost 3 years without one, it proves to me it isnt nessasary. Before I converted him, he got one on average every 3 weeks.

Firewall, as others have pointed out linux has iptables. firestarter and guarddog are good gui's to help configure iptables.

Last edited by Kilz (2009-03-30 01:17:12)

hank863 · 2009-03-30 01:24:32

I know this is a very noob question, but I was reading about Guarddog in the wiki. How would I do this:

To have the firewall settings applied at bootup you must run /etc/rc.firewall from inside /etc/rc.local or something similar.

Last edited by hank863 (2009-03-30 01:25:13)

Ranguvar · 2009-03-30 01:28:41

The primary use of a firewall is to block ports, and Arch's are all closed by default, so you're actually pretty covered there unless you need something more, especially if you have a good router already. Anti-virus is also of little concern if you are smart about configuring apps and keep your system up to date.

ChoK · 2009-03-30 01:28:44

Everything is in the wiki, you can test the firewall with Shields Up!

hank863 · 2009-03-30 01:43:46

Ok, thank you all very much for your input.

kgas · 2009-03-30 15:54:39

GNU/Linux is less prone to virus mainly because mostly educated persons are using. This statement is correct to some extend. We all know GNU/Linux is adopted in many government and private institution and most have curious enough to click and see what they receive. I read one interesting bug report https://bugs.kde.org/show_bug.cgi?id=73865 and said it is fixed in KDE 4.3.
To test what had been said , I send one .desktop file as attachment myself and open it in another computer using thunderbird. It could not be executed and ask for an application to open it. I saved the file on my desktop and clicked it. The application run quite happily. The reason may be same user name and the file keeps all the bits set.
I post this for users information.

Arkane · 2009-03-30 16:10:22

.desktop files aren't executable in the standard Unix sense of the word, so it's not a matter of mode bits. Most DEs simply run their associated programs when you click them as a matter of convenience.

EDIT: Sorry, seems that's exactly what you were saying. I should have read the bug report first.

Last edited by Arkane (2009-03-30 16:12:19)

X/ax · 2009-03-30 16:21:47

Imho the biggest security issue is the user at the pc.
Of course, since we cannot cure human error, there's quite some stuff to be done to make the "web" virus-free.

Also, virusses on linux will most likely manifest themselves as a rootkit. Since those are currently the "most common" methods of rootboxing a linux pc, and keeping control.
Therefore, having a rootkit detection system and using common sense is the best thing to do. Especially the common sense part.

http://linuxhelp.blogspot.com/2006/12/v … ts-in.html
http://aur.archlinux.org/packages.php?ID=821

PS: It seems that the wiki page about firewalls is pretty outdated. Links to packages don't always work, and links to the forums neither... :s

generic_ · 2009-03-30 17:59:55

here are some reasons

1. The kernel is changing all the time.

2. Regular use does not have root privileges so most programs that are run are limited (this is why rootkits are a bigger threat.)

3. Not too much of a gain from the virus maker.

Arkane · 2009-03-30 18:37:53

I don't think the no-root-privileges part has much value for desktop computing though. The standard use case is that of a single user who connects to the web, runs programs, keeps data, etc. all at the same time. This account is both the easiest one to infect with a virus (since it's doing most of the "dangerous" stuff, and is also the most subject to human error), and one that has access to pretty much all of the functionality on the machine.

If someone got in through your normal user then they can already send all the spam and child porn ads they want, access all of your sensitive data and destroy/alter it, use your machine as an attack base to break into others, compile any auxiliary software they might need, etc. . Root access in most cases would be superfluous.

Last edited by Arkane (2009-03-30 18:41:52)

R00KIE · 2009-03-30 19:00:29

Arkane wrote:

Root access in most cases would be superfluous.

Well yes, that means that it would only affect that user and not the whole system (no permission to change boot scripts or add things to the system) and I guess that if one scanned (and cleaned) the home directory of that user the problem would be quickly solved. Data theft/loss can still happen no matter which OS is used and how safe it is, it depends mostly on the good sense of the user I guess.
The advantage of linux is that the choice of programs is so big, the versions that are used can be so many and can receive security patches so quickly that it must be very difficult and unrewarding to try to exploit any security flaw.

On the server side of things I guess that apps must be able to go through hell and come back alive for any admin to consider using them

The only possible points of attack in my opinion may be the most popular distros that are very easy to install and use (ease of install and use is a very good thing don't take me wrong). But on the other hand most people use what comes in the cd/dvd and is installed by default therefore leaving many systems configured exactly the same, if any flaw is found the possible damage that can be done may affect more users. I guess that in that case a security update would be released very fast anyway so the time window to exploit the problem would be small which takes us back to what I said at the beginning (and what others have said before anyway).

barjo · 2009-03-30 19:34:00

> 1. The kernel is changing all the time.
This is probably an interesting "feature" to make kernel module infrastructure less attractive to root-kit authors, but I fail to see how it's relevant to virus/worms?

haxit · 2009-03-30 19:44:12

I suggest checking for root kits with rkhunter. Root kits are a bigger worry imo.

darthaxul · 2009-04-01 05:29:46

yea i agree with that arkane, and if u add into the mix user-space filesystems and other stuff where u dont need to be root, its just as effective. and for people that think linux is safer just wait untill u read about how to hide processes and other crazy hacks that are not only easy but well documented.

adamlau · 2009-04-01 10:43:53

Follow the guides published by the NSA for RHE5. Modify to suit your own needs.

Arch Linux

#1 2009-03-29 23:40:11

Linux and Viruses?

#2 2009-03-29 23:50:19

Re: Linux and Viruses?

#3 2009-03-29 23:54:37

Re: Linux and Viruses?

#4 2009-03-29 23:58:44

Re: Linux and Viruses?

#5 2009-03-30 00:03:17

Re: Linux and Viruses?

#6 2009-03-30 00:15:17

Re: Linux and Viruses?

#7 2009-03-30 00:26:59

Re: Linux and Viruses?

#8 2009-03-30 00:29:16

Re: Linux and Viruses?

#9 2009-03-30 00:35:17

Re: Linux and Viruses?

#10 2009-03-30 00:48:05

Re: Linux and Viruses?

#11 2009-03-30 01:16:28

Re: Linux and Viruses?

#12 2009-03-30 01:24:32

Re: Linux and Viruses?

#13 2009-03-30 01:28:41

Re: Linux and Viruses?

#14 2009-03-30 01:28:44

Re: Linux and Viruses?

#15 2009-03-30 01:43:46

Re: Linux and Viruses?

#16 2009-03-30 15:54:39

Re: Linux and Viruses?

#17 2009-03-30 16:10:22

Re: Linux and Viruses?

#18 2009-03-30 16:21:47

Re: Linux and Viruses?

#19 2009-03-30 17:59:55

Re: Linux and Viruses?

#20 2009-03-30 18:37:53

Re: Linux and Viruses?

#21 2009-03-30 19:00:29

Re: Linux and Viruses?

#22 2009-03-30 19:34:00

Re: Linux and Viruses?

#23 2009-03-30 19:44:12

Re: Linux and Viruses?

#24 2009-04-01 05:29:46

Re: Linux and Viruses?

#25 2009-04-01 10:43:53

Re: Linux and Viruses?

Board footer