Re: Why are there few viruses for UNIX/Linux systems?

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 08/23/03


Date: Sat, 23 Aug 2003 19:23:16 +0000 (UTC)

Christopher Browne <cbbrowne@acm.org> writes:

]A long time ago, in a galaxy far, far away, "-thavna" <sniff@nospan.mypdr.com> wrote:
]> I have always taken for granted that there are few viruses that affect
]> UNIX/Linux systems (compared to other operating systems). I want to
]> understand why... Can someone please shed some light on this matter.

]1. Processes run in a "user" context, and seldom as a "superuser."

Depends on which processes. The link with the outside world is primarily
via daemons, which often run as root. Viruses, which tend to enter
through email etc, are often user processes, which have a harder time
getting at system resources, but then the latest MS systems also have
separate users with permissions, making virux infection more difficult.
Once a virus is in the boot loader, the game is up since the bootloader
is always running as root. Just getting it there is more difficult.

] The traditional "boot viruses" on MS-DOS required _TOTAL_ system
] access to a degree that Unix typically doesn't really directly
] offer even to code running as "root."

The installation does. And if you are root on Linux you or the program
can do anything. The access tot he system as root is as total as in DOS.

]2. Memory protection means that it is MUCH more challenging for
] viruses to trample on the rest of the system.

] On MS-DOS, virus code could literally do ANYTHING to the system.

]3. Typical software written for Unix is written by people that have
] some clue about system security.

Probably not, but as Redmont says, many eyes make bugs shallow-- ie the
bugs tend to get seen faster.

] Developers working in educational environments had to deal with
] there being students doing stupid and/or malicious things, which
] quickly leads to the more grievious security holes being pointed
] out as such.

No. The security consciousness at universities is probably less than in
most industries. Primarily because in general it does not matter. The
students screw themselves as badly as others if they crash the machine.
Also development work often means you need more access to the machine.

I suspect it is a combination of the "many eyes" and the "few users"
features of Linux which has meant fewer attacks.