Arman's stuff
Guest
Linux Malware Threat? Ah... No.

(Thu Sep 16 14:10:24 2010)

There's a reason I use Linux over Windows, and it's not just because I'm weird.

Linux is, from the ground up, built securely. Yes, there are always reports of the Linux kernel being patched to fix some fatal flaw. In fact, one such hole was just recently patched. A similar hole was patched a couple years ago. Meanwhile, Windows XP still gets about a patch a month to fix security holes - not exactly awe inspiring. There are a few reasons Linux doesn't have the same problems as Windows does - and a few myths, too.

The big one is that Linux doesn't let the user have full control over stuff. That might sound bad, but really, it's not - how often do you manually mess with the print spool? Or the boot code? Or, for that matter, global settings for anything? If you want to change something, you have to use a special log-in to allow you to make a change. Windows Vista tried (poorly) to implement this, asking if you really wanted to move your mouse. In Linux, you can make any *user* changes you want - background, mouse speed, whatever. What you can't change (without that special login) is settings that affect everyone - installing printers, formatting hard drives, and editing system settings.
That's a huge thing. That means that even if you manage to get a virus and run it, it's only going to be able to change your wallpaper. It won't even be able to send an email!
In fact, I personally believe that this alone saves the desktop Linux user - in Windows, the majority of malware attacks come from an email/webpage/whatever enticing a user to click a link, either by offering something amazing/free/never-before-seen, or warning of impending doom. Either way, the user clicks the link/installs the program/opens the email, and boom. They have a virus. No action on their part is required to run the thing; just that they click a link. Linux won't run it, anyway - everything downloaded has the "I'm a program" flag turned off. And even if the user goes so far as to force it to run manually, it'll still ask for permission to do Bad Things.

But that's not all - Linux users, especially those with a good package manager (like Ubuntu or Debian) are also protected because they get regular updates of complete files. In Windows, the updates you get are patches - bits and pieces that replace other bits and pieces. Not so in Linux; if there were an update for Opera, I'd get a little popup that says "You have an update." When I install it (or just wait for it to install automatically), it completely deletes the old Opera program files and replaces them with the new program files. It saves all the old settings, of course, but the old program file is gone. It's the same way with any other file, system or otherwise - even if a system file was replaced with a virus, it would get overwritten the next time that file updated.
And speaking of package managers, secure package managers tend to be where everyone gets their updates and installations from. Instead of hunting for weird driver updates, you just run your package manager, and it handles it for you. Yet another way to download a virus, gone...

Yet another Linux benefit is that there is little backwards compatibility for pre-compiled binaries. Though that might not sound like a great thing, it really is - almost all Linux software is available in code form. If the system changes, just recompile the old code and it'll work again - but you have to recompile. If you don't, there's a very good chance that 2-year-old software will never work right on your system. That means that even if a virus catches hold, it's going to die out in the next year or two unless it can recompile itself. And of course, that would mean that it has source code that programmers can read through and fix the flaws.

All these big and little pieces help keep a virus from spreading, which leads to the best security of all - a low birth/death ratio. As pointed out here, if any population has more deaths than births, it's going to die off completely. If more malware is being destroyed than is being created, either on purpose or by spreading from computer to computer, then that malware is going to go away.

As a finishing thought, here is a list of known Linux viruses/worms/trojans/other malware. My favorite bit is this quote:
"If you want to get infected by a virus, this one is good. You'll need to compile it for your system, though, so be prepared to follow a lot of complicated instructions."
That pretty much explains it all; you really have to want to get your system infected to worry about a virus. As you can see from that list (or Wikipedia's), there are not many (44 in the Wikipedia list, 36 in the Linuxvirus page) Linux-based malware packages, and most of those are from 3-10 years ago. And even beyond that, most are designed as proof-of-concept, and didn't actually do anything nasty. Regardless, they have all been patched.
Compare that against this list of nasties - a list of 171439. That's a lot of pain. According to Windows Live, many of the current top threats spread even on patched Windows systems. That's frightening. And a bit telling, too, I think; even if Linux only makes up 5% of the systems out there, it only has 0.026% of the malware - and that number is shrinking.

Obviously, an open file share on a Linux box might not infect that box, but it still has a chance of infecting Windows users that access that share - rather like Typhoid Mary. Linux might not be infected, but it could still infect other systems.
Still, if you don't have open shares, you probably don't have to worry. Just make sure not to forward any virus-laden emails, and you'll be fine.

So what's the lesson in this? Just this: no matter what the nay-sayers have to say about Linux, it really is more secure than Windows. Sure, it's not perfect, but it's a lot closer than the alternative...

<< Bad Month for Hard DrivesTitles >>

This blag is tagged: Linux, Malware, Windows, All