[NBLUG/talk] Vulnerability of Linux to virus attacks

E Frank Ball III frankb at frankb.us
Sat Jan 5 23:36:30 PST 2008


It isn't just that Linux systems don't get viruses like windows systems
because there aren't as many Linux systems so they aren't targeted as
often.  Linux just isn't as susceptible to viruses as windows.

Some windows applications are pretty notorious for being security risks:
outlook, Internet explorer (and ActiveX) are big ones.  They will
install and/or execute programs without any warning.  The applications
on Linux tend not to be this stupid.

Linux users aren't running with root (administrative) privileges.
Without root privileges your personal files can be corrupted, but the
system cannot.

I did a quick search on a Debian machine and found three programs that
could qualify as virus scanners:

 chkrootkit - Checks for signs of rootkits on the local system
 rkhunter - rootkit, backdoor, sniffer and exploit scanner
 aegis-virus-scanner - A virus scanner for Linux/Unix systems

I've only used chkrootkit, but it never found anything.

Most of the compromised Linux boxes I've heard about in recent history
are webservers with web programs that had security holes (usually PHP
based).  Also never ever login remotely using a program that doesn't use
encryption (telnet and FTP are bad; ssh, scp, sftp are good) and don't
login from untrusted systems.

Also be careful with web browsers.  Don't let them remember passwords
for important things, like bank acccounts.  After logging into such
sites it's best to completely exit the browser and restart it when you
are done.  If you want to surf a lot of high risk types of sites
consider making a second account and using that to protect your main
account.

-- 

   E Frank Ball                frankb at frankb.us



More information about the talk mailing list