Here we go again :rolleyes: This very topic has been discussed to death and I'm sure you would find more than enough information to keep you reading for a long time, simply by using the forum search function.

Any way, the answer is that most operating systems are the same as far as security. The reason that Windows has a lot more viruses, worms, and malicious code in general is because it's a very popular OS run by a huge number of people as both a personal OS and on servers. This means that if you write a worm for Windows, it's very likely to infect a lot of hosts and get a lot of attention.

There are many times few Linux systems deployed than Windows systems, so right away it's a much less tempting target for malware writers, and add to that the fact that each Linux distro does things differently, some times very differently, and this makes it difficult to write malware that will affect most Linux-based OSs at once. Since the install base of Linux is split up very widely between at least dozens of major variants (out of the hundreds available), this makes it even more difficult to make a big splash with a Linux worm.

The last major difference is that with Linux OSs there isn't a single, dominant e-mail client like on Windows. Since there are so many different e-mail clients, and almost none of them have direct links to web browsers, and because there are so many different browsers used by Linux users, it's extremely difficult to write an e-mail virus/worm for Linux (because most e-mail malware counts on a specific vulnerability in an e-mail client that's tied to a specific browser). Part of this has also been pointed out, that so far Open Source e-mail clients down allow automatic execution of an attachment simply by clicking on it; however it should be noted that many of them display images by default, and with the recent BMP buffer-overflow vulnerability, this should be an eye-opener.

Any reasons other than the above are likely to be a red herring, in particular one argument that you often hear goes like this:
"On Linux user accounts aren't allowed to affect the entire system, so this prevents malware."

The fact that user accounts can't alter core OS files by default has nothing to do with malware on Linux. First of all, the most important "stuff" on a computer is the user data, and that can be altered if the user is comprimised by malware. Reinstalling the OS is easy (it's very possible to reinstall the OS while keeping user data intact), but user data is irreplacable. Second, you don't need root access to do the evil stuff that most malware does, i.e. participate in DDoS attacks, send spam, host scam websites, store illegal files, scan networks, repropagate itself, host an open proxy, be a "jump box" for crackers to attack other boxes, etc. Since malware can do everything it needs to with simple user permissions, this argument is almost completely false.

The only added benefit of root would be to alter firewall rules to allow inbound connections (for hosting scam sites and/or proxies), but everything else is either an outbound connection, or can be done with reverse tunnels. Also, assuming the identity of the user allows the attack to observe that user, such as hijack su or sudo and record the password the user types (which would give root access). Also, there are a large number of Linux kernel and other Open Source Software vulnerabilities which can only be exploited by local users, but once you've compromised a user account, the road is open for those exploits and a disturbing amount of them result in root access.

So in summary, Linux is currently relatively free of viruses and worms because it's not popular enough and not standardized enough to attack with automatically propagating malware. On the other hand, there are a very large number of "rootkits" that take automatically compromise a Linux system once the initial break-in has been made (using some vulnerability, or a guessed password, or some other method). There are a number of instances in the wild of automatic scans for known OSS vulnerabilities (such as with Apache, PHP, SSH, etc) and will automatically launch an exploit or alert an attacker who then manually conducts the exploit.

Hi,

I've split this post off into its own topic, as it was not directly related to the topic in which it was posted.

Your contention is based upon flawed reasoning. That's understandable, because a lot of people follow the same flawed reasoning. They contend that Linux is 'safe' because malicious software can only effect the particular user's files and not the system root. That reasoning is unsound, as was explained quite a long time ago at linuxquestions.org.

Yes, Linux is more 'secure' because it does not use Remote Procedure Calls in the fundamental way that Windows does, but this does not mean that it's inherently 'safe'. The predominant reason that few Linux systems get compromised by viruses and other malicious software is that Linux is not a standardised operating system that is in almost universal use. Should Linux ever become standardised and 'idiot proofed' to the extent that it becomes suitable for use as an everyday OS for 'Joe public' to use, then it WILL be compromised..

It is ridiculous to suggest that people should not use protective software on their PCs. It is even more ridiculous to suggest that Windows users should not use such software because you, as a Linux user, do not.

Hi,

All I am going to say is this: the only secure computer out there is the one that is encased in cement with no power or network connections.

I would rather secure a Linux box than a Windoze box.

Christian

There is no amount of application security, NT or otherwise, that will prevent you from receiving viruses on a Windows machine.

They come as an attachment some people actually inadvertently run, or even as a TEMPORARY INTERNET FILE off of a site you may visit, without you even knowing, and do not need for you to run them for them to do what they are going to do.

Some just report back to the person's server information about you, like what sites you've visited from your history logs, and don't affect applications or application security at all.

Some disrupt network communication - which can affect ANY computer, not just Windows PCs.

To say that NT application security will protect you is definitely a giving in to a false hope

especially without a firewall that lets that nasty traffic right in.

Have fun getting your trojans.

They come as an attachment some people actually inadvertently run, or even as a TEMPORARY INTERNET FILE off of a site you may visit, without you even knowing, and do not need for you to run them for them to do what they are going to do.

Wrong, your failure to read is affluently made clear. Restrict administrative accounts from running untrusted applications and isolate/restrict standard users in a manner that prevents the virus from being able to propagate.

... You see what that says? Adequate security cannot be provided by applications... it must be accomplished at the OS level. What does this mean? Application security DOSE NOT MATTER!

Unless your application is PERFECT sooner or later it will be exploited, and all applications get exploited in the same way.


cheers

catch

Oh dear! Your argument seems to be Because no security application is perfect, it naturally follows that no such application is worthy of implementation and use! Seems a rather irrational argument to me!

Misinformed? How about the fact I have seen things firsthand? Can you say that you are an administrator of a network that has seen such things as non-application oriented scripts that will run regardless of the permissions you lock down on your computer? How about UNIX scripts that are not bound by Windows permissions? I've seen it happen on both my home network and the one I work on at work where things are not bound by simple Windows NT permissions. Where do you get off at? What experience do you have? Are you actually a legitimate Systems Administrator, or are you just a hobbyist?
You can't lock down your Temporary Internet Files folder to have only read permissions to it or you'd never get internet pages (they are downloaded off the internet for you to view them, after all, requiring "write" permission somewhere). And little good restricting a user's account would do if they are already a standard user. And how can you restrict an admin account without reverting it to a standard user account? Far as I know, unless you know something I don't, at least with XP, it's only either/or, nothing in-between. I know there are those that would say never log in as an admin unless you're going to install stuff. Yes, that is why they were created like this in the first place. But that is inconvenient and inefficient, and will not stop scripts that don't use normal install channels from running unblocked if the person is logged in under a standard user account, anyway, so what good does it serve a person other than to inconvenience themselves for nothing?

And all of the sudden I know nothing because I bring up viruses you obviously know nothing about:



The specific issues I was talking about at the end of my quote aren't "applications" per se that will be picked up as such to be blocked from running. They come in the form of trojan scripts. Scripts are text-files, not applications. This is why they are called scripts. A script can run regardless of user privileges, and can fake a signature of a dll that is trusted. And all a virus needs is network connectivity and to have part of their script ran in order to propagate. I had a virus once that propagated through files I used just by me double-clicking and opening them before I realized what it was doing. All I could see right away was that it changed the file-extension to all-caps. After I went back to a file I had opened before and couldn't open it again, only then did I know something was wrong. But this opening of files action can be done by a standard user or admin user. People like you that rely on account privileges to solve everything are not living in reality, so yes, I do know better. Kinda funny how if someone has seen something you obviously haven't that it seems to automatically make them a liar and not know what they are talking about with you. Arrogance is not your best friend when it comes to the security threats that are out there, my friend.