Virii and linux

[Ixthusdan]

I am currently engaged in a discussion concerning virii in linux. I argued that, unless one grants root permission, a virus is impotent in linux and antivirus unecessary. Another countered that because linux is able tp spread a viruse, it was still necessary. He/She said that their office was infected by a .doc macro. (Ah. A Cnet representative!) I asked how that could be. .doc is a microsoft format and had they been using Open Office, a multiformat program, the virus would not have spread. Thus, it was not linux.

 

Does anybody here have any experience requiring linux to have antivirus running because it can "spread" virii?

How does a macro spread thru linux?

[devries]

A virus can also run with user permissions. It can´t get to the system files but it can do damage to the files in the users home folder. However it is almost impossible to automatically run a program/virus in Linux. It almost always requires user permission to make it an executable. That´s the difference with Windows where visting a webpage will get you a trojan.

[Ixthusdan]

So it is possible with user permissions to spread tru a .doc file if that file is owned by the user. Interesting.

[ianw1974]

I suppose if using wine, and MS Office under wine, that it could get kind of partially activated in this sense.

 

Unfortunately, I don't have a virus to test this theory :P

[fangbite]

Due to the nature of Linux, a virus will only destroy the block its in. For instance if you have Bill, Dave, and Sue, and Dave gets the virus, he's screwed, not Bill, Sue or the entire system. With Windows everything is so integrated that a virus that affects Dave will hose the entire system.

 

It is possible to spread virii through linux with email. I've never done it myself (that I know of) and it would only affect the people I send it to. That is a fairly funny topic though. A friend of mine who makes webpages using IE only tools was complaining to me how Linux users don't care about spreading virii with their systems. I asked him why they should care when he didn't care about them. His response was they should get IE instead of complaining. Two guesses what my response to him was.

[Ixthusdan]

What I think is funny is that people using windows are trying to claim that linux users should "protect" the environment, when what really needs to be done is to stop using windows!

[ianw1974]

I quite like fangbite's comment on the windows user who says we don't care about spreading viruses.

 

Considering that, there aren't any viruses at present for Linux, or very few that actually do something, we're not really spreading anything. And if we can't be infected by something, why do we need anti-virus software? To protect the Windows users?

 

If the Windows users are suceptible to viruses, they should protect themselves from viruses in the first place. We're unlikely to be a source of spreading viruses, since we can't activate them on our systems.

 

A review a while back on a few viruses said the worst it did on Linux was cause his process queue to get overloaded and slow down his machine. But that was a Windows virus attempting to run within a wine session from what I remember.

 

The only way we're likely to infect anyone, is to receive a virus from a windows user, and then manually email it to our entire address book :P

[scarecrow]

Never, ever had one under Linux, and I've only used an AV (klamav) for less than one month, just for the fun of it.

If things get tougher, I may reconsider, but for the moment I'm fine with no AV at all. Factly, iptables is off too, but I have a router with a pretty decent SPI firewall. Actually the router firmware is an (opensource) Linux gateway distro, but so far i've not toyed with it, mainly because it works well.

[solarian]

To me my user data is a lot more important than system files.

I can reinstall a fresh MDV setup in some 12 minutes or so, but restoring personal data would take a lot longer and a lot of fresh data would be lost too.

 

Anyway, thanks to this discussion I now remembered that I haven't yet installed Clam Anti Virus on my new MDV 2006 install :D

[solarian]

-------

oh, and a question: why wouldn't you install Clam AV if system resources allow it?

is it not a good anti virus? (not that there is a big choice for Linux)

 

I sometimes send or forward files to people using Windows, so checking if there's a windows virii for me is a good enough reason to use Klam (KDE client for Clam)

[JonEberger]

i've never ever ever never used an av program in linux. between hardware and software firewalling, i have difficulty accepting that i'm going to get anything that will affect me in linux.

[aRTee]

It's simple to spread an attachment / .doc embedded virus with Linux. Just forward the email.

 

My wife sometimes gets these powerpoint slideshows with viruses. They are really funny and often she would like to send them on - so I have to tell her "no".

 

Apart from that, yes, a virus can technically do damage to user data. However, for the really paranoid (who set their system up to be protected against realistically non-existing virus threads) it's easily possible to create an internet account (extra user) and use that within your regular account to do email stuff, read attachments and handle basically any non-trustable stuff.

We have su, chown, chmod, etc.

 

About viruses not being able to run, not having root access and all - this is old hat in Unixland that it _IS_ possible to escalate priviliges, one _CAN_ get more rights and such through vulnerabilities. (Check the online sites that list them - plenty of options to mess up things.) The point is not that Linux systems are 100% safe against all attacks. It isn't. The point is that the Linux landscape is so diverse that an automated attack like with email viruses just stands no chance.

There are so many barriers that it's just not realistic to create a self propagating worm/virus that can really affect the larger part of the Linux installations.

It's not technically impossible, just practically undoable.

[solarian]

Apart from that, yes, a virus can technically do damage to user data. However, for the really paranoid (who set their system up to be protected against realistically non-existing virus threads) it's easily possible to create an internet account (extra user) and use that within your regular account to do email stuff, read attachments and handle basically any non-trustable stuff.

We have su, chown, chmod, etc.

Actually I have done that :D

but I've never quite used it apart from some testruns,

alas it stands ready if there would appear a need to.

I think that it's sane to assume that I'd get a warning of a Linux virii at Slashdot or here first before.

 

 

p.s. For the reference -> I don't consider myself paranoid :P

and I've studied diagnostic psychiatry,

but because I also study law, I like to be prepared for all realistically possible outcomes I can think of if it doesn't require unreasonable preperation in time or in money.

Edited February 13, 2006 by solarian

[ianw1974]

I have clamav installed on Mandriva 2006 on my machine. I assume it's helping somehow. It was there by default at least on mine.

[Qchem]

I'm not sure ClamAV or similar would actually help if there was a sudden outbreak of a Linux virus anyway - surely you'd need some kind of definition file first.

 

I don't forward mail attachments and I don't run an email server, windows users can look after there own machines from my perspective.