No viruses for Linux? A second look at viruses for Linux

-By Vaibhav Kaushal

One of the prime reasons why Linux users advocate Linux is the 'virus free' tag. And for most cases they are not wrong. But the harder-to-digest fact is that they are just right enough to not be termed 'wrong'. Let's see the coin. The better side first.

Linux - a form of Zen

Linux is a form of zenLinux is a form of Zen - the right way how software should have been developed - in open so that people could build things which are needed but not present yet. It is such a development stance which has led to the widespread popularity of Linux. But that is just the beginning.

Among many other advantages of Linux is the fact that for a DVD install of any popular distribution, you would probably not require any extra driver installation. You would not have to install 134 extra applications like PDF reader, office suite, email clients and a 'good' web browser and so on. Basically, with Linux, your system is ready for use right after the install. The great thing - you do not have to worry about getting the antiviruses because you don't have any viruses, and that, is fantastic. So why does Linux not have viruses?

Because Linux is Linux?

Fact is - any system can have viruses. These small programs that can turn your computer into a snail-speed box of junk are not a property of Windows OS. The only reason Windows has more viruses is the popularity. If Linux were just as popular, it too would have had probably the same number of viruses. Malicious Virus writers are more like terrorists and in that analogy, viruses would be bombs. A terrorist is more likely to put a bomb where it makes the most amount of damage. That is the reason Windows has more viruses than other OSes, because Windows has more users.

So does it mean that Linux is insecure?

Linux is Linux

One thing people would swear upon is the security of Linux. But then, it always comes down to who uses it. A person who does not understand an inch of security would most probably open up a Linux system too bad and a person well aware of security can protect Windows quite well too. So it boils down to how much security aware you are. Every system has its way to go around security and though both Windows and Linux are different, both can be insecure as well as secure in hands of different kind of people.

That said, it is an undeniable fact that Linux can get more insecure if you do not take proper care. Actually if you think a little bit, Linux might prove to be more insecure because it is open source software, though that is nowhere close to truth. Anyone can read code and can look for vulnerabilities and create a virus to damage the work and life of people. From a strict technical viewpoint, anything malicious can be created on any operating system. The ways will differ, the difficulty levels will vary but the possibilities cannot be denied. Linux in particular can be modified and redistributed in open. And still, it has got less number of viruses. But perhaps it would not have as many viruses as Windows has if it were as popular as Windows is. And why that?

Being open does not mean being vulnerable

Linux - being open does not mean vulnerableLinux is developed in open. In complete open. Anyone can see code, write code. Well, yes, 'Linux' is just a kernel but in most parts I have referred to a 'Linux based OS' for the sake of 'the popular use' of that word. The actual thing, the OS, is a lot larger in size but almost all of that is written in open too. Everyone knows what is being written. People test each others' work out and only then does a final product come out.

While it introduces the possibility that a malicious guy would look at things and go write a virus that can exploit a vulnerability and wreak havoc. But this open model of development is the proof of two facts:

  1. There are as many intelligent people on the good side as there are on the bad side. Actually, the guys on the good side seem to be more intelligent because they report the vulnerability before someone exploits it.
  2. Unlike the popular(ized) belief that the world is full of people who are extremely selfish and want to kill others, people contribute to projects in their free time and they do not exploit things. Instead they choose to improve that is already beautiful. They report loopholes.

This openness is one of the prime reasons why we do not have viruses for Linux. Linux is the work of people, like you, and me and may be the carpenter who made the door in your house. The openness contributes to security, not to fear.

But viruses do not come with Windows, they come with 3rd party apps

Correct. And this is actually the most important point as well. When you download and install software, you never know if it contains a virus or not. You just download and install it. Or maybe you take it in a pen-drive from an infected system and install on yours. When you do that, you expose your system to a risk of getting infected. The Linux eco-system is a bit different here.

In most cases, you would not be downloading your software from some random website. You go to your package manager and search for the software and the package manager gets the software from trusted sources and installs it on your system. Now, it gets down to you - if you download software from an untrusted source, it would be 'your decision'. But the fact is that in most cases you would not have to find it outside your Linux distribution's official repos. Also, most 3rd party repos are also used by other users who know what they contain and again (!) those repos also provide the sources so people can test if they contain a virus. But like I said, you would most probably not have to look into third party repos at all and when you do, these are mostly created by people who are also working on other projects and are well known in the community. If you are taking software in a pen-drive (well, usually, that would not happen in case of Linux, but, just in case), you would probably not get any infected software because the spread of the virus (I should probably call it a worm to be more correct) requires widespread use - as of now, Linux is not widespread. So you are safe. If it were widespread, there would be more and more intelligent code contributors who would be able to fix the vulnerability in even shorter timespans - a very small window for any widespread infection. Chances are high that in the case, there would not be enough window for virus writers to even write a virus.

Virus writers love challenges

programmers rubik cudeThat is a fact - anyone loves challenges to overcome and virus writers are not a different breed. Linux is so open that if someone creates a virus, he would not get that respect and fame in the hackers (crackers) community as much as he would get if he wrote one for Windows or Mac or anything that is close source. Linux's open source nature prevents hackers from writing malicious code because that does not pose a challenge - after all, the source is open - so the virus writer does not achieve a marvellous feat or something. He just took a black-hat approach and attacked a target that was in the open. Some call that cowardice.

Linux is diverse, very diverse

If someone has found vulnerability in one particular version of some software which is installed on many Linux systems, it does not guarantee that it can cause a lot of infections. Why? Because

  1. Most vulnerabilities are introduced with features in new versions of software.
  2. There is no guarantee that a lot of users are using the same version of software.

Linux is diverse in all waysFor example, if a bug is found in the desktop management system, say KDE 4.9, then there is no guarantee that a lot of people are using it. Some may be on Gnome, some on LXDE or XFCE and those who are using KDE - they might be using an older or a newer version in which the vulnerability does not exist. Even the kernel versions can be different. Security configurations can be different. This is not true for most widespread closed source operating systems and closely associated or widely used programs; for example all Windows users have to have the explorer installed and you can expect Office 2007 or Office 2010 installed on most of them. A vulnerability in a Windows subsystem or Office subsystem can help write a virus writer gain confidence about the spread of the malice he wants to design because he can be sure for most parts about the presence of the piece of code he is targeting at.

That's not true with Linux which is actually built using pieces which can fit together. You choose the pieces and the rest works just fine.

The weak point

This is actually a weak point of both closed source and open source software - any software whose security has been taken as granted causes a problem. If a software package does not evolve and is widely used at the same time, it is important to review parts of the package and the overall architecture from time to time. A failure to do so can result in a vulnerability that can live for long. Such vulnerability can cause a huge loss and a large-scale infection.

Recently a virus named 'Darkleech' attacked Linux servers around the world which ran Apache 2.2.2 or above and was able to install malicious modules - now that is a classic case. You do not rethink or relook into the architecture and the software is open as well as widely used, problems start waiting for you. In case of Linux and other open source software this can be dangerous for the duration while developers close the loophole. The fact that it will be done in open and can be fast decreases the risk but does not remove it.

For the sake of history

Linux's history with viruses is not completely clean but one page here is enough it round it up. A furniture styled OS has a (very(very(very(very)))) long list.

I use Linux. Should I be afraid?

The short answer: no.

​The long answer: If you are a desktop user, do not get shaken up. Snakes are not going to run into your pants. If you are still sceptical, read the post from top and try to understand. If you feel this thing goes over your head, drop a comment (below) and we'd respond. If you are running a Linux server, you must keep an eye on the security bulletins and look for the bugs that can damage data on your infrastructure. Look for patches and apply them; usually, that'd come with an OS update via repos and you should feel safe. Again, enforce strong networking rules at all levels to ensure that network vulnerabilities are able to minimize the risk as much as they can. Do that and you'd probably be safe enough. In the end, if you are capable of putting up some code which can help others, do so because Linux is built by people like you and me and it is up to us to make sure it remains beautiful.

Before I end it, just a few words - Linux's open development stance and diversity saves a lot of pain that viruses can create but Linux is not 'virus proof'. Though chances are very less but keeping an eye will pay. The following simple tips are good enough for the days we live in:

  1. Never run the system as 'root' user. Never. Ever. Executing a malicious program as root can damage things way more seriously than otherwise.
  2. If you do not trust a program or its source, do not run it with a 'sudo' or as 'root'. In most cases, an open source program can be trusted. If you downloaded it from official repos, then you should feel safe.
  3. Trust 3rd party software repos if you got them from your distribution's official site of from someone whom you trust. Ubuntu PPAs and home: repos for OpenSUSE are trustworthy enough.
  4. Windows viruses do not infect Linux systems so no need to install those. But if you are running a server which serves and receives files from Windows systems, these antivirus software can help protect your users.
  5. If you know how to configure a firewall, configure it. In most cases, they are in place. OpenSUSE, for example, comes with a good firewall configuration tool in its YaST control centre. Other service-style software configuration tools also contain the options to open specific services in Firewall - should be simple enough for users who want to use those services. Other Linux distributions too have GUI programs to control the firewall.
  6. Sleep well ;) You might make a mistake out of sleep deprivation.
Posted on Apr 10, 2013 12:16 AM
comments powered by Disqus