Re: Why are there few viruses for UNIX/Linux systems?

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 08/23/03


Date: Sat, 23 Aug 2003 19:23:16 +0000 (UTC)

Christopher Browne <cbbrowne@acm.org> writes:

]A long time ago, in a galaxy far, far away, "-thavna" <sniff@nospan.mypdr.com> wrote:
]> I have always taken for granted that there are few viruses that affect
]> UNIX/Linux systems (compared to other operating systems). I want to
]> understand why... Can someone please shed some light on this matter.

]1. Processes run in a "user" context, and seldom as a "superuser."

Depends on which processes. The link with the outside world is primarily
via daemons, which often run as root. Viruses, which tend to enter
through email etc, are often user processes, which have a harder time
getting at system resources, but then the latest MS systems also have
separate users with permissions, making virux infection more difficult.
Once a virus is in the boot loader, the game is up since the bootloader
is always running as root. Just getting it there is more difficult.

] The traditional "boot viruses" on MS-DOS required _TOTAL_ system
] access to a degree that Unix typically doesn't really directly
] offer even to code running as "root."

The installation does. And if you are root on Linux you or the program
can do anything. The access tot he system as root is as total as in DOS.

]2. Memory protection means that it is MUCH more challenging for
] viruses to trample on the rest of the system.

] On MS-DOS, virus code could literally do ANYTHING to the system.

]3. Typical software written for Unix is written by people that have
] some clue about system security.

Probably not, but as Redmont says, many eyes make bugs shallow-- ie the
bugs tend to get seen faster.

] Developers working in educational environments had to deal with
] there being students doing stupid and/or malicious things, which
] quickly leads to the more grievious security holes being pointed
] out as such.

No. The security consciousness at universities is probably less than in
most industries. Primarily because in general it does not matter. The
students screw themselves as badly as others if they crash the machine.
Also development work often means you need more access to the machine.

I suspect it is a combination of the "many eyes" and the "few users"
features of Linux which has meant fewer attacks.



Relevant Pages

  • Re: [AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!
    ... run some linux distro or other, and there's not exactly an epidemic. ... making statements such as "no known viruses exist in the wild" ... This is where the difference comes in between Windows and *NIX OS's. ... The thing with Linux "viruses" is that the majority of them must be run as 'root' for them to do any real damage. ...
    (Ubuntu)
  • Re: Unix NOT secure against Viruses on home PCs
    ... Daniel Mewes wrote: ... because most users do not work as root. ... > Sadly it is not really a big problem to spoof these logins. ... > What I want to say is that there actually IS a threat to *nix by viruses! ...
    (comp.os.linux.security)
  • Re: Unix & viruses
    ... Charles wrote: ... > Do you think crackers can develop viruses for these OSes like they're ... In UNIX, the root ... server, including wiping the entire hard drive. ...
    (alt.linux)
  • Re: Unix NOT secure against Viruses on home PCs
    ... Daniel Mewes writes: ... ]It is an often used argument that Linux/Unix machines are not affected by ... No linux machines are not affected by viruses because most viruses (or ... Secondarily, yes, most work is done as user not root. ...
    (comp.os.linux.security)
  • RE: Linux hacked
    ... Subject: Linux hacked ... After you boot up into the OS running from CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful in getting root back. ...
    (Security-Basics)