Linux Doomed to Virus Plague. (Again.)
That's dumb and wrong on several levels, which we already know. But it always pays to be cautious-- what will happen as Linux continues to grow, and especially as it reaches increasing numbers of unsophisticated users? Doesn't common sense dictate that it will suffer increasing levels of attack and compromise?
Now, getting back on topic. It is understandable to worry about presenting an increasingly tempting target as consumer Linux grows. After all, we've been listening to Redmond successfully shift the blame for their fantastically porous malware-friendly software for years-- it's always the user's fault. If that is true, then more Linux popularity equals more unsophisticated users which equals more malware.
Not only that, but Linux permeates every possible segment of tech-- routers and networking devices, home and business automation, security and surveillance systems, phones, netbooks and other consumer mobile devices, desktops, vehicles, media servers and settop boxes; it's already a major player in the datacenter, server room, mainframes, clusters, and supercomputing. Linux runs on multiple CPU architectures. So a Windows-type Trojan horse or worm on Linux should have a much more catastrophic effect because of Linux' much greater reach.
It sounds good, but it's baloney, plain old erroneous Windows-think. Linux is not Windows. Windows PCs are trivially easily captured into the World Wide Botnet, but not because all those millions of PCs carry valuable payloads. Who cares about millions of Minesweeper scores and inane chatlogs? They're just launching points for spam, malware, phishes and attacks on high-value Linux and Unix systems, all those datacenters and database servers containing terabytes of valuable business and customer data.
That's the best attackers can do because direct attacks on Linux (and all Unix-type systems) are rarely fruitful. Sure, users are always the weakest links, and we must never let our guard down, and never violate basic security principles. I'm just not seeing some future turning point where malware authors are going to get serious about attacking Linux in significant numbers, which has been predicted for going on ten years now. Not unless a pandemic of sanity overwhelms the planet and everyone unplugs their Windows machines from the Internet, so the only available targets are Linux/Unix machines. I suspect that if something like that did happen we still wouldn't see a surge in remote attacks, but rather more social engineering and inside jobs.
Addendum:
Here are some resources that go into more detail on why Linux and Unix are more secure and secure-able.
This Talkback thread on LinuxToday has some interesting comments on possible Linux attack vectors and vulnerable points:
Are we too naive by believing that GNU/Linux is more secure by design?
1 TrackBacks
Listed below are links to blogs that reference this entry: Linux Doomed to Virus Plague. (Again.).
TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8599
Sightings of security FUD against GNU/Linux in the news ... Read More
Have you seen this article about AIs?
http://www.nytimes.com/2009/07/26/science/26robot.html
Note who the president is.
<shilling>
Making people switch to secure OSes is holding back the evolution of AI!
</shilling>
Yeah, there's a long and inglorious history of FAILED predictions of a Coming Plague of Linux (or Unix) Viruses, Worms and Malware.
Everybody does realize that the source code for 2 sh-script viruses has been available for over 20 years?
http://www.cs.bell-labs-com/~dmr/tdvirus.pdf
http://cm.bell-labs.com/cm/cs/who/doug/v101.ps
You'd think that with such an amazing starting point, the long rumored Apocalypse of Unix and/or Linux Malware would have long since overwhelmed us.
Linux is more secure by default than Windows on its best day. Even if Linux became the prime OS, hackers would still have a hard time due to the way the file system and system structure is set up.
Social engineering would be the best bet for hackers outside of known bugs and security holes.
Well Windows Vista and 7 are a lot harder than 2000 & XP (unless you're dumb enough to switch off UAC), to the extent that the most common attacks target application vulnerabilities, not OS vulnerabilities....and that's the best way into GNU/Linux as well. The big ones on the desktop are Flash (or anything made by Adobe ha ha) and browser exploits. That looks very cross platform to me. I guess on the server side it's people running old/unpatched versions of applications or doing silly stuff like using passwords instead of keys for SSH....user error, just as foolish as the people who download and install a dubious shareware.
The distribution+_package management model offers a huge advantage because keeping everything up to date on Windows is a tedious, daunting and complex task involving continuous/very regular checking of numerous applications originating from numerous different places. Nothing beats a package manager and a little automation of notifications or installation of patches. I wonder if the sheer complexity and the laborious nature of keeping Windows applications up to date (meaning almost nobody does it) has more bearing on this than anything else these days. I'd bet that 99% of the compromised Windows computers out there would never have got owned if they were up to date. I *know* all my Debian computers are fully up to date, everything patched. To be as confident of my Windows computers/installs I'd have to spend some hours checking before I actually knew for sure. That can't be good. And how many regular end users (home/small business) ever look at tech news sites where the biggest baddest vulnerabilities and patches will be reported? 1%? Less?
And think of all the Linux based routers out there. Pretty much every home router I see runs a Linux kernel. If it was that easy to own then that would be the absolutely perfect target, and leave not a trace visible to the poor guy running his AV and anti-malware religiously on the PC believing he's safe....meanwhile the cracker can open and close ports, execute code, access everything on the LAN, redirect DNS requests...oh noes.
So I'm also not expecting a virus storm on GNU/Linux, for all the same reasons you mention and also the fact that desktop GNU/Linux tends to be up to date and fully patched by default.
Additionally I would like to comment, that Windows will be always the one to build 100% of the botnets as long as users can use it ONLY with administrator privileges. Since linux distros are decently usable with normal privileges their users are safe unless someone would social engineer them - as GaryM said.
I am a linux user but STILL I would be much happier if MS would correct this privilege issue vs usability.
... and heaven forbid if hackers learn the default login details for all those unaltered fire-walled modems shipped in the past 7 or more years. Oh damn, these blogs are now giving me cause to resort to erudite sarcasm.
"Linux" is inherently more secure - if it has been secured. Linux based operating systems are also potentially far more damaging if left unsecured because it allows potential hackers far more capability to cause damage.
So, if you consider Risk = (Probability x Impact) then whilst it is less probably that a Linux OS machine will be compromised, the impact is far far greater.
The mainstream user-focused distros Fedora, Ubuntu, Suse, Mandrake etc have had selinux and decent security switched on by default for a number of years - but other mid-distrowatch-list or single purpose distros - that a newbie could as easily acquire do not have the same overall level of security and rely on experienced administration.
1. Linux is a kernel - users download and use distro's.
2. A Linux distro is not automatically secure (See DVL for example)
3. New desktop based users should be directed to the mainstream distros where these things are taken care of.
To: Bruce Ediger
It is not virus. Virus can spread without user interaction using OS vulnerabilities. It is just worm, which relies on stupid user who executes all it gets. By default files got from outside in Linux (and Unixes) are not executable, so user needs to either tweak OS settings, or change file permissions to be executable.
It is nothing more than playing in sandbox and fantasies what could be if..
I think we need to distinguish between "windows viruses", "linux viruses" and "stupid user viruses". The last category relies on social engineering and could be made to work on any OS.
Once there are more stupid users using linux, there will be more stupid-user-viruses that run on linux. Obviously.
Anyone who actually knows ANYTHING about computers knows that Linux's market share is actually more like 60-65%. That 1-2% BS is simply the result of Windows requiring every single copy to be registered, therefor accounted for. Linux users can download and install theirs without ever being accounted for. Without Linux we wouldnt even be online right now, considering 90% of the servers that control your internet providers run Linux.
Oh I really really want to believe this post, and I totally agree the arbitrary 1% people are idiots. There is information that I would really like to see that would statistically backup or refute your points here though. I do not know what that data looks like, but I feel like it should be here (especially given your comments about research). What are the Windows Enterprise infection rates? To be honest my Windows machines over the years (I am finally reaching the point where they can go away) have suffered far below the normal infection rate. I've had my occasional malware and virus, but it's a big event. I do not run anti-virus because it is painfully invasive. I've used alternative browsers since the early days before the name argument that got us Firefox, and I think that helps a lot.
What I'd really like to know is what is the infection rate of Enterprise Windows servers. Do they suffer like their end user abused desktop counterparts. If they don't then your argument is somewhat questionable because it points to the fact that it probably is the end user. That desktop Linux may well not be as secure as it's enterprise/business cousin. If we reach the point where stupid poorly coded tagon programs that come with every little thing come in Linux variety, and end users get to comfortable typing in their sudo password whenever the system asks them we might begin to see Linux computers on that bot net.
I do not think Linux is anywhere close to as vulnerable as Windows, but get some statistics, make some data driven arguments, or your article just gives ammo to the people who want to think we are just screaming fan boys.
Hey, the 1st internet worm that I know of was in 1989 and it affected SunOS and VAX (running Ultrix?) systems running Sendmail. It took down half the internet.
Sendmail had a backdoor to root when compiled with debugging. And I think SunOS shipped it that way by default.
It's been fixed.
The basic issue is windows users usually run with administator rights. Unix users do not. It's a security model.
As an analogy, On the locked safe, Unix users have the hinge bolts on the inside of the safe, windows users have them on the outside.
This should explain quite q bit about the subject:
http://ardchoille42.blogspot.com/2009/02/linux-and-viruses.html
The Macintosh history shows that popularity plays only a little role in the number of virus/malware for a given platform. Mac OS 9 and previous releases had viruses, in the order of 60 to 80 according to clamxav, Mac OS X has none and the platform popularity did not change that much.
Mac OS 9 was designed for a single user, non-networked (no Internet at least) computer while Mac OS X benefits from the multi-user networked design of Unix.
So, when Mac OS had a design that easily allowed virus to spread, it had a number of viruses more or less proportional to its popularity. That proportion does not hold with Mac OS X has it has a robust architecture.
Reference:
http://www.clamxav.com/