[SGVLUG] Linux viruses [was: (no subject)]

Dustin Laurence dustin at laurences.net
Wed Aug 2 21:09:22 PDT 2006


On Wed, Aug 02, 2006 at 07:44:26PM -0700, Christopher Smith wrote:
> 
> Well, it depends on how strict your definition of virus is. There are a 
> few Linux worms who have most definitely spread in practice. You can 
> read the new stories about them.

Sure.  They're not viruses, which is what was brought up.  If "strict"
means "not changing the definition to mean *anything bad* because idiot
reporters can't be bothered to learn anything at all before writing a
story", then of course I'm strict.  You and I both remember when there
was no question of distinguishing a worm from a trojan from a virus.

The broader point, though, was that Linux security measures and software
tend to be different, and differently implemented, than those on
Microsoft Windows.  I guess the closest thing would be integrity
checkers, but there the biggest fear (or so I gather) is a rootkit.

The point is, the technique of infecting executables with parasitic code
isn't a big problem.  Sure, many other things are, but not that.

> In general though, Linux viruses are at a unique disadvantage to Windows 
> viruses when it comes to "spreading" that has little to do with the 
> technical merits of their security systems: a Windows virus has about a 
> 90% chance of finding another windows machine each time it acquires a 
> new target, but a Linux virus has ~1% chance. It turns out the wonders 
> of network effects work for virus writers too. ;-)

I don't think that's a problem anymore; even at 1% there is more than
enough critical mass out there.  We also have other data.  Before the
days of unix-based OS X, by all accounts viruses were even more more
prevalant on MacOS than on on DOS.  Nowadays, thanks to borrowing a real
OS from someone else, they aren't any longer.  Trojans,
worms, social engineering, yes, but not parasitic code embedded in
another executable.  So the experiment was even done starting with an
infected population.

Dustin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.sgvlug.net/pipermail/sgvlug/attachments/20060802/64b7fb88/attachment.bin


More information about the SGVLUG mailing list