SnEafer
Senior Member
- Apr 1, 2009
- 154
- 3
The [ame="http://en.wikipedia.org/wiki/Linux"]Linux[/ame] [ame="http://en.wikipedia.org/wiki/Operating_system"]operating system[/ame], [ame="http://en.wikipedia.org/wiki/Unix"]Unix[/ame] and other Unix-like [ame="http://en.wikipedia.org/wiki/Computer"]computer[/ame] operating systems are generally regarded as well-protected against [ame="http://en.wikipedia.org/wiki/Computer_virus"]computer viruses[/ame].
There has not yet been a single widespread Linux malware threat of the type that [ame="http://en.wikipedia.org/wiki/Microsoft_Windows"]Microsoft Windows[/ame] software currently faces; this is commonly attributed to the malware's lack of root access and fast updates to most Linux vulnerabilities.
The number of malicious programs-including viruses, Trojans, and other threats-specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863.
Like Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system.
One of the vulnerabilities of Linux is that many users think it is not vulnerable to viruses. Tom Ferris, a researcher with Mission Viejo, California-based Security Protocols, said in 2006, "In people's minds, if it's non-Windows, it's secure, and that's not the case. They think nobody writes malware for Linux or Mac OS X. But that's not necessarily true ..."[3]
Shane Coursen, a senior technical consultant with [ame="http://en.wikipedia.org/wiki/Kaspersky_Lab"]Kaspersky Lab[/ame] noted, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."
The viruses listed below still pose a potential, although minimal, threat to Linux systems. If an infected binary containing one of the viruses were run, the system would be infected. The infection level would depend on which user with what privileges ran the binary. A binary run under the root account would be able to infect the entire system. [ame="http://en.wikipedia.org/wiki/Privilege_escalation"]Privilege escalation[/ame] vulnerabilities may permit malware running under a limited account to infect the entire system.
The use of [ame="http://en.wikipedia.org/wiki/Software_repositories"]software repositories[/ame] significantly reduces any threat of installation of malware, as the software repositories are checked by maintainers, who try to ensure that their repository is malware-free. Subsequently, to ensure safe distribution of the software, [ame="http://en.wikipedia.org/wiki/Md5"]md5[/ame] [ame="http://en.wikipedia.org/wiki/Checksum"]checksums[/ame] are made available. Careful use of these [ame="http://en.wikipedia.org/wiki/Digital_signatures"]digital signatures[/ame] (which reveal possible modifications by e.g. hijacking of communications using a man-in-the-middle attack or via a redirection attack such as [ame="http://en.wikipedia.org/wiki/ARP_poisoning"]ARP[/ame] or [ame="http://en.wikipedia.org/wiki/DNS_poisoning"]DNS poisoning[/ame]), provides an additional line of defense, which limits the scope of attacks to include only the original authors, package and release maintainers and possibly others with suitable administrative access, depending on how the keys and checksums are handled.
Cross-platform viruses
A new area of concern identified in 2007 is that of cross-platform viruses, driven by the popularity of cross-platform applications. This was brought to the forefront of malware awareness by the distribution of an Openoffice.org virus called Bad Bunny.
Stuart Smith of [ame="http://en.wikipedia.org/wiki/Symantec"]Symantec[/ame] wrote the following:
The ClamTk GUI for [ame="http://en.wikipedia.org/wiki/Clam_AntiVirus"]ClamAV[/ame] running a scan on [ame="http://en.wikipedia.org/wiki/Ubuntu"]Ubuntu[/ame] 8.04 Hardy Heron
There are a number of anti-virus applications available for Linux computers, including:
" ...some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users." " Because they are predominately used on mail servers which may send mail to computers running other operating systems, Linux virus scanners generally use definitions for, and scan for, all known viruses for all computer platforms. For example the open source ClamAV "Detects ... viruses, worms and trojans, including Microsoft Office macro viruses, mobile malware, and other threats."
preference ***for more info click below***
[ame="http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses"]Linux malware - Wikipedia, the free encyclopedia[/ame]
There has not yet been a single widespread Linux malware threat of the type that [ame="http://en.wikipedia.org/wiki/Microsoft_Windows"]Microsoft Windows[/ame] software currently faces; this is commonly attributed to the malware's lack of root access and fast updates to most Linux vulnerabilities.
The number of malicious programs-including viruses, Trojans, and other threats-specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863.
Like Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system.
One of the vulnerabilities of Linux is that many users think it is not vulnerable to viruses. Tom Ferris, a researcher with Mission Viejo, California-based Security Protocols, said in 2006, "In people's minds, if it's non-Windows, it's secure, and that's not the case. They think nobody writes malware for Linux or Mac OS X. But that's not necessarily true ..."[3]
Shane Coursen, a senior technical consultant with [ame="http://en.wikipedia.org/wiki/Kaspersky_Lab"]Kaspersky Lab[/ame] noted, "The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."
The viruses listed below still pose a potential, although minimal, threat to Linux systems. If an infected binary containing one of the viruses were run, the system would be infected. The infection level would depend on which user with what privileges ran the binary. A binary run under the root account would be able to infect the entire system. [ame="http://en.wikipedia.org/wiki/Privilege_escalation"]Privilege escalation[/ame] vulnerabilities may permit malware running under a limited account to infect the entire system.
The use of [ame="http://en.wikipedia.org/wiki/Software_repositories"]software repositories[/ame] significantly reduces any threat of installation of malware, as the software repositories are checked by maintainers, who try to ensure that their repository is malware-free. Subsequently, to ensure safe distribution of the software, [ame="http://en.wikipedia.org/wiki/Md5"]md5[/ame] [ame="http://en.wikipedia.org/wiki/Checksum"]checksums[/ame] are made available. Careful use of these [ame="http://en.wikipedia.org/wiki/Digital_signatures"]digital signatures[/ame] (which reveal possible modifications by e.g. hijacking of communications using a man-in-the-middle attack or via a redirection attack such as [ame="http://en.wikipedia.org/wiki/ARP_poisoning"]ARP[/ame] or [ame="http://en.wikipedia.org/wiki/DNS_poisoning"]DNS poisoning[/ame]), provides an additional line of defense, which limits the scope of attacks to include only the original authors, package and release maintainers and possibly others with suitable administrative access, depending on how the keys and checksums are handled.
Cross-platform viruses
A new area of concern identified in 2007 is that of cross-platform viruses, driven by the popularity of cross-platform applications. This was brought to the forefront of malware awareness by the distribution of an Openoffice.org virus called Bad Bunny.
Stuart Smith of [ame="http://en.wikipedia.org/wiki/Symantec"]Symantec[/ame] wrote the following:
"What makes this virus worth mentioning is that it illustrates how easily scripting platforms, extensibility, plug-ins, ActiveX, etc, can be abused. All too often, this is forgotten in the pursuit to match features with another vendor... [T]he ability for malware to survive in a cross-platform, cross-application environment has particular relevance as more and more malware is pushed out via Web sites. How long until someone uses something like this to drop a JavaScript infector on a Web server, regardless of platform?"
Anti-virus applications
The ClamTk GUI for [ame="http://en.wikipedia.org/wiki/Clam_AntiVirus"]ClamAV[/ame] running a scan on [ame="http://en.wikipedia.org/wiki/Ubuntu"]Ubuntu[/ame] 8.04 Hardy Heron
There are a number of anti-virus applications available for Linux computers, including:
- Avast! ([ame="http://en.wikipedia.org/wiki/Freeware"]freeware[/ame] and commercial versions)
- AVG (freeware and commercial versions)
- [ame="http://en.wikipedia.org/wiki/Avira_security_software"]Avira[/ame] (freeware and commercial)
- [ame="http://en.wikipedia.org/wiki/Clam_AntiVirus"]ClamAV[/ame] (free [ame="http://en.wikipedia.org/wiki/Open_source_software"]open source software[/ame])
- [ame="http://en.wikipedia.org/wiki/Eset"]Eset[/ame] (commercial versions)
- F-Secure Linux (commercial)
- [ame="http://en.wikipedia.org/wiki/Kaspersky"]Kaspersky[/ame] Linux Security (commercial)
- [ame="http://en.wikipedia.org/wiki/Panda_Software"]Panda Security for Linux[/ame] (commercial version)
- Sophos (commercial)
- [ame="http://en.wikipedia.org/wiki/Symantec"]Symantec[/ame] AntiVirus for Linux (commercial)
- [ame="http://en.wikipedia.org/wiki/Trend_Micro"]Trend Micro[/ame] ServerProtect for Linux (commercial)
" ...some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users." " Because they are predominately used on mail servers which may send mail to computers running other operating systems, Linux virus scanners generally use definitions for, and scan for, all known viruses for all computer platforms. For example the open source ClamAV "Detects ... viruses, worms and trojans, including Microsoft Office macro viruses, mobile malware, and other threats."
preference ***for more info click below***
[ame="http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses"]Linux malware - Wikipedia, the free encyclopedia[/ame]
