[wellylug] Viruses and Linux

Enkidu enkidu at cliffp.com
Mon Aug 16 23:15:58 NZST 2004


On Mon, 16 Aug 2004 20:45:19 +1200, you wrote:

>Michael Dittmer wrote:
>
>>Hi All...
>>
>>I have a client that is looking at Linux on a server and is worried about
>>viruses (comes from using Windows).
>>
>>Can anyone point me to a website that explains it in everyday (newbie)
>>language why linux doesn't have / get viruses. I have explained it to my
>>client myslef, they they want to see it in writing (not just the opinion of
>>a consultant).
>>
>Check out
>
>http://linuxmafia.com/~rick/faq/index.php?page=virus
>
>Not sure who Rick is but he makes a good case IMHO on why Linux is not 
>plagued by viruses. He does so in an easy to understand way and (here's 
>the best bit) from the perspective of a windoze non-believer.
>
That sort of thing helps no one.

Rick, whoever he is, doesn't understand the nature of viruses. A virus
is a piece of code that runs as an innocuous looking user mode program
that uses a *flaw* in a more privileged program to get itself more
privilege than it is supposed to. Rick's thesis is based on the
premise that programs running in privilege mode can't be persuaded to
up lesser program's privilege level, This is not borne out by facts:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

http://www.securityfocus.com/archive/1/370668

http://www.kb.cert.org/vuls/id/809347

I find Rick's point 2 (a virus must be large and obvious to
successfully attack a Linux system) to be plain silly. He's thinking
of brute force attacks. 

His third point - sigh! There are myriads ways to configure a Linux
system. The chances of a sysadmin - even an experienced sysadmin -
knowing all the ins and outs of his system are pretty small. It only
takes *one* flaw to give a hacker access to your systems...

I have admined Linux and Windows systems for many years now and the
only reason that I think that Windows boxes are attacked more than
Linux boxes is only partly because they are harder to compromise - if
they are - it's more likely that Windows boxes are attacked because
there are many more of them.

Cheers,

Cliff




More information about the wellylug mailing list