have you ever gotten a virus on linux?

i was just wondering if anyone in here has actually gotten a virus for linux. personally i have never gotten one and i have been using linux for over two years now (excluding the past week since i got my new notebook ive been using vista until i get ubuntu on here)

also, if you have, tell a bit about it, where you got it/ how you got it, what you did about it, etc...

 

I have never had a Linux virus (I have had Windows viruses thanks to infected USB keys, but those are entirely harmless). Assuming you have a normal user account (no administrative privileges) then the most a Linux virus could likely do is bounded to your home folder. Should any problem arise (or some misbehavior) you can always create a new user, move your files to its home folder, and delete the problematic one (this in an extreme case).

Joe.

 

Work in the lowest privilege level possible. Your normal login shouldn't be root or anything close. This way, even if something does manage to push its way in, it won't be able to go totally nuts.

 

Viruses don't really exist on Linux. Not that there are no security issues on Linux at all, its just not worth the trouble to write a virus for that obscure of an OS when Windows based worms are so much more cost-effective.

Generally, if someone wants to break into Linux systems its a particular box they want to get into, and therefore they'll make the personal effort to look for a way in.

Also, regarding running things as a non-privileged users, that IS a critical step security wise but remember that Privilege escalation attacks do exist, so just don't assume your safe.

SELinux is nice for that, but most people seem to consider running it on a laptop it's a bigger pain that it's worth.

 

There was a well published incidence where several servers of debian.org being penetrated by rootkit(resulting in wiping out everything on there and re-issuing of all the user keys etc. to have complete clean up). So there are these nasty things out there, contrary to common believes. And of course it is done through non-root escalated to root through system holes.

And debian is one of the distro being praised for its security quality.

 

Never had a virus in linux.

 

Yeah, but I assume somebody planted the rootkit, ie personal effort by somebody to break in. There are no 'autonomous' virii that do this. Plus on your notebook you (most of the time) wouldn't have ports open for somebody to break into (although theoretically something like your bittorrent client can be used as a hole to get in thru...).

 

Do you read email? Do you surf the web? There are your holes.

The softwares you use to do those tasks are running with your user id. Anything you can do, they can do. If there is any security hole in those, you're vulnerable. Security holes are found in mail readers and web browsers periodically so from time to time you are vulnerable.

Once the door is opened, it is fairly easy to install a key logger to check everything you type. Root access is not required because from the p.o.v. of the operating system the key logger is running with your id so it is just you accessing your own data. (The keyboard and mouse inputs belong to you and the screen too.) A trojan can just wait for a sudo or a gnome password prompt and bingo, the door to the root account is open.

I prefer Linux security over Windows security but security is never a given, even with Linux.

 

There are. While that Microsoft XP incidence of its file sharing service open the door for hackers to get in is well published, it is not only limited to Microsoft. There were this kind of attack and many success incidences and many of them were on *nix based system.

For example, the once famous Morris worm didn't attack Microsoft softwares but *nix service(even though it was VAX that was affected most).

Whether it is *nix or Windows, there are bugs and like lemur said, don't simply belief that security in linux is perfect.

 

I had never gotten a virus on my Virtual PC Suse.
Compared to my Vista, it hits a couple of trojan horses and had to be wiped clean for a reinstallation.

 

That is a bit naive... It's true, unless the virus does what viruses *usually* do, which is, exploit a security flaw to gain access to the system.

That said, there are hardly any viruses targetting Linux at the moment.
That doesn't mean it's impossible though, or that none exist, or that Linux users are "safe".

 

Indeed... the 'bounded to home folder' thing is silly... that's *your* stuff potentially deleted... if Linux sandboxed the browser and use selinux standard then we could say it's way more secure. Currently it's just a severe lack of interest causing the lack of viruses.

 

I read email, but none of the clients I use allow any kind of scripting or code execution to happen. The worst bug I've seen is a libpng error which allowed random code to be run from an actual image, but that was pretty much a no-show, and was fixed within days.

Web browsers? If you want to be secure, disable any scripting, and plugins like Flash, and you're set.

And as long as you're running both of those programs as your user (which is what is the default), then there's pretty much no way for them to install anything system wide, or anything you can't easily disable and find.

A trojan that snoops the root password from a sudo session is a pretty far-fetched thing. You would have to get the program, make it executable, and install/run it, then it would have to watch for a sudo process to launch, capture the input... what if you only use things like gksudo? Would the trojan watch for that too? It's very unlikely that it would be successful... it would be a very complex program to hook the proper inputs, not to mention just getting itself downloaded and installed in the first place.

Yes, "holes" exist on Linux. Putting them on equal footing with the Administrator-by-default Windows holes is a mistake, though.

 

Agreed - security is a process, not a product (unless you're talking about OpenBSD ).

But those examples you mentioned are not virus behaviors. Key loggers, back-doors, etc. are more about hackers specifically targeting your system, trying to get inside of YOUR machine, whereas a virus is something that spreads on it's own without intervention from its creator, and is typically designed to cause your computer to malfunction.

 

Right and the most important element of that process is the user.

I beg to differ. You are right that viruses are self-propagating but there is no set definition of what a virus does once it is on your system. A virus can very well install a key logger once it is in and then work on replicating itself. In fact, it is the fact that a virus self-replicates and that it does so by infecting a host that makes a virus a virus. Here's a Windows example of a virus that installs a key logger:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=139626

 

No, it's easy to do for somebody who knows how to program on *nix systems. Executing:

$ cat < /dev/pts/X

where X is the number of a pty one in interested in already gives very primitive key logging capabilities. For X Windows programs xev shows how one can intercept the events sent to windows.

In all you describe here the difficult part is finding the security hole. After the hole is found, the rest is trivial.

Nobody put them on equal footing. Reread my message and see what I say about Linux security vs Windows security.

 

Once... it was a java virus... it ran. It was trying to acess c:\windows... I laughed.

Thats pretty much it... XD I barely bothered to delete the poor thing...

^.^ But yeah, I'll leave you all to your conversion.

 

Provided you have your Linux system up to date there shouldn't be problems for 'security holes' are promptly fixed. That is the advantage of an OSS system, there are many eyes watching over it.

Joe.

 

Am I writing in Chinese??? Here is what I wrote about Linux security:

I know the advantages of OSS but there is no guarantee of absolute security even with OSS.

 

So who got the weak one?

 

Nope I never gotten a Virus under Linux yet nor have I noticed a Windows Virus try to execute.

To be honest, if I did catch a virus on Linux, I don't think I would even know about it being I would have a real time Anti Virus software, and I would doubt that a Virus in Linux would slow things down like the usually do on Windows.

I guess if I noticed some extra folders, (hidden & system too) that I don't think should be in my home then I would get suspicious or google.

But I disconnect from the net, login to root, and run Full Avast scan once every month. Avast scan will fail unless your in root.

Overall there is not much need to worry.

 

Erm, there's a well established rootkit culture out there. Basically patching the kernel to intercept the system call that, say, lists a directory, so you end up never seeing any suspicious files (and neither does the scanner I presume). I'm pretty sure any 'good' Linux virus would leverage these 'features'...

 

what kind of logic is this ?

 

What you described work equally well under Windows.

 

That means you are lucky in the sense that this virus follows the typical, "target the low hanging fruit, or maximize the probability of hiting jackpot". If it is designed for *nix, it can access /tmp/ and target known holes in certain packages(some don't use randomized temp file name) and it can already cause damage.

 

Once, someone in IRC asked for my IP address and root password, they said they could make my computer run faster. I gave it to them and then my computer wouldnt boot up properly.

 

Never had an issue. Had a few with Windows, but never with Linux. I try to keep it up to date, but I don't run an AV.

 

In fact, the very first rootkit was for a *nix system, the name itself comes from the idea that having a rootkit on the system allows the intruder to maintain root privileges on the machine.

I've run into Windows rootkit trojans at work before, and they're pretty scary stuff. You could open Explorer, or do a "dir" from the command line, and the virus just doesn't show up. I was able to determine the filename through other means, and typing "del <virus filename>" wouldn't work, it would just say the file didn't exist. But try to rename a file to <virus filename> (command line or GUI), and it would say, "Can't rename, file with name already exists".
Only way I could reliably remove those viruses was to use a BartPE disk so I could access the hard drive without loading the infected installation.

 

I use Pocket Killbox & Process Explorer to remove those, replace on reboot option. They're strange, you can 'see' them via the tab-autocomplete in cmd, ie type first letter and press tab and it shows up, but when you try to do anything to it like delete it says it isn't there.

 

MMM, I prefer to don't make any comment on that.

 

he was kidding.

 

Very well then.

 

With the nastier ones (which this one was), Pocket Killbox wouldn't always work. Truthfully, I stopped using Pocket Killbox after a little while because I found it so much easier to get rid of viruses booting into BartPE. It's easier to kill something that's sleeping than something that's awake and alert.

 

I think what he was alluding to was the relative speed in which holes are patched in Open Source software. Many (most?) security holes that are discovered have a patch to correct the issue within 24 hours.

With Microsoft, it takes weeks and months even between discovery of the hole, and an official patch is released.

See here for some commentary on that:
http://www.slate.com/id/2133993/

It doesn't take but a few moments with google to find many Microsoft security holes that still don't yet have a patch.

 

Maybe you've never heard of openbsd? Only 2 remote security holes in more than 10 years. That's about as close to 'absolute security' as it gets. Obviously, it's rather popular with the IT managers at places like The Pentagon.

 

OpenBSD has had more than 2 security holes in the past year, even. See these 3 reports:

http://www.securityfocus.com/bid/20216
http://www.securityfocus.com/bid/17192
http://www.securityfocus.com/bid/20241

All of them affect OpenBSD.

 

I should have said "in the default installation". Things like sendmail would not be enabled by default, and therefore pose no threat to folks not using it.

If we're going to include all the possible services and programs that could be enabled on an OpenBSD system, we should also include the same for Windows. That means Exchange, SQL, IIS, etc.

 

What is the point comparing "default installation" ? If the default installation don't have a Window system and I need one to do my job, it is useless no matter how secure it is.


The most secure system is one that is powered off.

 

lol quite true

 

Reminds of when Microsoft got Windows NT to pass the NSA's test for C2 security rating for processing of classified data. I remember they really talked it up about how secure it was "look! it has a C2 rating!!"

They failed to mention that the C2 rating only applied to NT when it had NO network connections whatsoever, and no removable media drives (floppy or CDROM). What use is a computer with no removable media and no network? It was a real joke.

 

Remember that too. All these are just another "mine is bigger than yours" twist.

 

Sorry to go back on topic - these Windows vs. OSS debates generate lots of energy (in one form or another) .

Not even a weak one. And I really don't get all paranoid over malware in the Linux world, anyway. However, I have recently started running clamav again, although I'll proably try out a few other Linux AV products before long. Clamav hasn't found anything, other than the test files it generates.

 

I was expecting this kind of sudden disclaimer. Ok, here are 3 other vulnerabilites, all in the kernel. Heck, I'm adding a fourth one as a bonus!

http://www.securityfocus.com/bid/12250
http://www.securityfocus.com/bid/1759
http://www.securityfocus.com/bid/1723
http://www.securityfocus.com/bid/8689

The were all found within the past 10 years. Are you going to say that the kernel is not part of the default installation?

 

Like I said, " ... generates lots of energy ... ". Should have said unnecessary heat .

 

Yeah, I once dual booted Windows, so yes, I therefore had a virus.

(Otherwise, no!)

 

While we are talking about virus, check this out :

http://www.theinquirer.net/default.aspx?article=41034
http://www.adobe.com/support/security/bulletins/apsb07-12.html

Seems that even you are running non-root under linux, it is still possible for this stuff to do some harm to the active running user.

The best way is of course, disable flash(which is what I do, though only because I hate flash) but that would mean no more youtube and I wonder how many people can give up on that.

 

Never even started, so I don't miss it. But then again, I'm of a different generation.

 

I call on the people voting that they did get viruses to elaborate.

 

I'm betting dollars to donuts they're trolls The worst I've seen is when a virus passed through my mailbox under Linux. So I've gotten viruses, they just can't do anything. It's really amusing purposefully running malware under wine. All kinds of weird errors when it can't find it's exploit

 

Trolls are a possibility but some people are hard pressed to distinguish a virus from their own mistakes. I've encountered quite a few people who would blame bad performance in Windows on mysterious viruses when in fact they just messed up their computer by installing all kinds of ridiculous junk on there. I've never encountered someone blaming Linux problems caused by their own actions on viruses but that's bound to happen at some point.