[Gllug] Virus on Linux/Mac

Thu Sep 20 15:19:31 UTC 2007

On Thu, Sep 20, 2007 at 12:46:07PM +0100, Alain wrote:
> That is not true, that is the point of view peddled by Microsoft as an attempt to excuse
> their inability to produce a secure operating system.
> 
> Mac and Linux systems are based on the Unix model, they are inherently resilient to
> things like a virus. I have been using Unix (and now Linux) machines for my desktop for
> 25 years. I do not use a virus filter, I open whatever mail I feel like, I have never
> had a problem.

Most Windows viruses no longer target the OS, they exploit
vulnerabilitis in Office or Outlook and don't necessarily need
privileged OS access.  If those applications (or equivalents like
Openoffice) did become widely successful and were widely deployed (in
tandem with a wide deployment of Linux on the desktop) then Linux
desktops might well find themselves hosting viruses, even if those
viruses were not targeting Linux directly.

Insecure and unsafe Linux desktops *are* being marketed to the general
public right now; just look at the way Linspire have behaved (yes, they
have improved but it's still not ideal and they have been less than
honest about it).

The other main attack on Windows machines these days is trojans
attacking remote machines across the Net, compromising the remote
system, installing themselves and then attacking fresh targets.  While
these are still relatively rare for Linux, such trojans do exist and
have been seen in the wild.

> 
> Unix systems employ a clear distinction between data and code, you need to take explicit
> action to run a program.

That is true at the command line but less true when working from a GUI
like Gnome or KDE.  Just google "KDE Autorun" for one example.

> If a user were to be conned into running malware the effect
> would be limited since personal logins do not permit any update to the operating system.

Neither does a user login on Windows XP - you have to provide a password
at a prompt before an update can happen.  OSX and user-friendly Linux
distributions like Ubuntu use sudo to exactly the same effect.  Now, the
fact that Windows XP Home Edition defaults to installing an Admin user
with no password, *that* is irresponsible.  But then see Linspire for
somebody duplicating that silliness in the Linux world.

> 
> Anti virus people talk about the Linux virus, but won't come up with real examples that
> have caused problems; they don't want to, to admit that there are none in the wild would
> hurt their Linux business model - that of FUD.

True, but you are overstating the case in the opposite direction, I
think.

-- 
Bruce

Hierophant: someone who remembers, when you are on the way down,
everything you did to them on the way up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20070920/0f8e1d73/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug