Tips Linux Explorers   All Things Linux Forum   Great Linux Links   LinuxClues.com   Hometown   Email 



SECURITY: AV SOFTWARE ( And why we don't need it )


Because on several occasions Nathan ( nlinecomputers ) has written some very good and clear posts about viruses in Linux on the forum, I have asked him to make a compilation out of several threads he contributed.

Well, he did not let us down ! . . . . . Here it is:

QUOTE (nlinecomputers @ Forum 2004)

Users who are new to Linux and have a background battling viruses in Windows are often shocked when long time Linux users advise them not to worry about viruses in Linux. "Linux has no viruses" is often said and many new Linux users have a difficult time believing it.

"Why does Linux have no viruses?"

The nature of the setup of a Linux, UNIX, BSD, or even a Mac makes having and running viruses on your system difficult to impossible. *nix operating systems are much more securely designed then Windows. Many functions in Windows can be accessed by services very easily and without a password prompt. Most Linux users can't even change the time of day on the computer without a password prompt. While at times annoying, this level of security is what keeps what few viruses that do exist in Linux under control.

There are some Linux viruses, but not many. Last time I checked there are only about 20 viruses that can infect a Linux box versus the several hundred thousand viruses that can infect a Windows box. All of the Linux viruses exploit various known holes in Linux. All the holes I know of have been patched. So if you run a recent version of Linux, and you keep it patched, you can't be infected by any of them. The structure of Linux makes writing a virus very difficult as it requires root access to do anything of significance. For a virus to run it would have to be granted root access with a password request. If you fail to give it root access then the most a virus could do, if anything, is damage your home directory. It is unlikely it could even run again so it would die there in your home directory. Most smart Linux users grasp the power of root access and would question why an unknown program is suddenly requesting root access. (You don't enter your password for just ANY prompt do you? Only for programs YOU have called up, right?)

Plus each Linux distro is different, so it is difficult to write a virus that would run on say Red Hat and also be able to run on a Debian platform (or SuSE, or Slackware, or Mandrake?...). This further limits the chances of an outbreak. This variety is one of levels of protection that Linux users have that Windows does not. All Windows boxes are very much alike and that common ground makes for a very ripe breeding ground for viruses.

"Ok so I'm safe from any so called Linux virus, but all those Windows viruses can hurt me because I can read my FAT32 partition, right?"

Not really. A virus isn't magic. It's just a computer program. It is an evil program, but still just a program. Programs can't run on systems they aren't designed for. You can't run a Windows program on a Mac or in Linux or on an IBM Mainframe. If the virus is a Windows virus then in can only infect a Windows system and only when Windows is booted up and running. Why, because Windows is the only thing that can run the code. Can you put an infected file on a Linux system? Sure, but it can't do anything. To Linux it is gibberish. Just like you can't run KDE on Windows or run Microsoft Word on a Linux box.

Linux can't be hurt by Windows viruses however it can host them. For example if you use Linux as a mail server then it can pass the virus around just like any other mail server. Note that passing a virus in an email is not the same as infecting the server. A virus is just a program and it can not infect a system unless it is run on it. But if you have an office full of Windows clients and you use your Linux box as an in house mail server or as a file server and one of the Windows clients gets infected then all the other Windows computers are at risk of infection via the Linux box and the email. So if you're running a mail server you might need to consider AV for the server. Otherwise it really isn't an issue. Even with a mail server the Linux server ITSELF can't be infected just all the Windows boxes that connect to it. (Which is bad enough?)

"So what do I need to do? I need to do something, just in case. Don't I?"

The best way to keep your system secure against viruses is by keeping your software updated and patched, by making sure that your system doesn't run unneeded services and a by running a firewall.


--------------------
Nathan Williams, N-Line Computers



Great ! Thanks Nathan for this excellent explanation !

If after these statements you still think you need AV software: A free AV for Linux is F-Prot. . . . See next Tip


Bruno



Links on security:

Basic Slackware Security: http://www.oldskoolphreak.com/tfiles/hack/...k/slack_sec.txt

More on Nmap: http://software.newsforge.com/software/04/...l?tid=78&tid=82

Nessus: http://www.nessus.org/demo/first.html

For the more advanced, here is a series of articles on Linux security.These articles were written by Mike Peters and posted on Linux.com:
Part 1: http://docs.linux.com/article.pl?sid=04/04...5/1913248&tid=2
Part 2: http://docs.linux.com/article.pl?sid=04/04...5/1918219&tid=2
Part 3: http://www.linux.com/article.pl?sid=04/04/15/1923224


-- May 4 2004 ( Revised Dec 13 2005 ) --


Tips Linux Explorers   All Things Linux Forum   Great Linux Links   LinuxClues.com   Hometown   Email