The Windows Virus and Linux.

It is often stated that Linux is more secure than Windows and is virus and malware free. Though I agree it is more secure it is not malware and virus free. Though the numbers are small there are a number of cross platform threats. These in the main run on the likes of Adobe Flash, Java, Perl, PHP etc. But they work just as well on Linux.

Way back in 2012 there was the multi platform back door called Troj/JavaDI-NJ. This is quite happy to run on Windows, Mac and Linux.

More often then not Linux servers are used to distribute Windows malware. You click on a booby trapped link and it takes you to a Linux server.

If you attach a computer or more recently any device to the Internet it is susceptible to attack. As with most things it is relative. Compare the number of virus infections on the different platforms and you can understand why many people believe Linux is immune. A virus can be caught in a number of ways. By opening an infected email attachment. Clicking on a malicious web address either on a web page or in an email. By installing an applications that has been compromised or from an untrusted source.

Email attachments are in the main not an issue to the average Linux user as they target the Windows environment. If the malicious attachment is in the form of a zip file or .exe file then Linux does not understand these files and nothing well happen if you click on it. That all changes if you have WINE installed as WINE will try to install or execute the file.

If you are unlucky enough to get a malicious attachment in the form of a .deb or .rpm file then it is still not the end of the world. Depending on your install of Linux it still may not know what to do with it. A Debian based system may not know how to deal with an RPM so nothing well happen. If our system is Debian based and you receive a malicious .deb file it well just ask for your sudo password. At that point alarm bells should ring in the users mind and they should not proceed.

Now you do use a virus scanner don’t you? I hear you asking why you should bother. Unfortunately the fact that Linux does not know what to do with your infected attachment would not prevent you from being the source of an infection or at least helping to propagate it. The act of forwarding an email with an infected attachment on to a Windows user would help spread that infection.

I have mentioned on here before that we have our own email server. Some thing I really must do a blog about. Any way a part of that was that we used Windows based machines at the time so the use of a virus scanner was a must have. Now we have made the switch to a fully Linux based network we still use the server side virus scanning. Many of the people we interact with via email use Windows based machines so we owe to them not to pass on any infection.

You may have in the pass come across a fake email claiming to be from Paypal, Ebay or even your bank. This at first glance can appear to be genuine but little errors and in consistences give them away. If you do click on a link in an email that asks you to log into your account then do not proceed. Instead go to their web site directly and do it from there.

These types of links do not affect the Linux operating system but they do affect the user.

Because of the open nature of Linux there are lots of unofficial applications out there. Now I am not saying that you should never ever use unofficial supported software as I am sure the vast majority is trustworthy but there are people out there that are not. It is always best to only use official support software from your distributions servers. Once you step outside of that environment you open up the possibility of installing a malicious program that conforms to the classic Trojan Horse concept. A program that gives the impression it one thing and is actually another.

As Linux is open source there are a lot of people out there checking the software you use daily. This is Linux’s strength as no one wants to be known as the coder who created malicious Linux software. That reputation would get the person shunned by the Linux community and unemployable as a coder.

What is a Root Kit?

A root kit is a nasty bit of software that once it has managed to install is next to impossible to remove. Some are so bad that a complete reformat and reinstall is the only solution. For an eye opener install rkhunter. Do not think I run a desktop not a server so I do not need it. You are wrong. ANY Linux based machine can get one not just servers.

So then being a Linux user do you need a virus scanner? The simple answer is yes. Even though the chance of being infected is minimal there is still the chance. You can also be the source of an infection and with the advent of root kits you are unlikely to even know. You do not need to be paranoid just careful and take a few simple steps to protect your self. The recent trend for encrypting whole hard drives then extorting money from the unlucky user is one that is unlikely to make it to Linux but that is not to say it well not happen. I am sure some one some where is working on doing just that.

Do not be naive and fall into the trap of thinking that Linux is immune to Virus infection. It is not there are Linux viruses out there it is just that there are not many. Less than forty is a number I have often seen quoted. Install a Virus scanner and make sure it is updated at least a couple of times a day. Run regular full system scans. It may be an idea to install and run rkhunter also. After all better safe then sorry.

Advertisements