Should we be worried about...

[Manchunian]

...this. After all, Mac shares many similarities with Linux, including a root password. If these security threats affect Macs, shouldn't it affect Linux too?

[elija]

...this. After all, Mac shares many similarities with Linux, including a root password. If these security threats affect Macs, shouldn't it affect Linux too?

I think we should be very worried; they are suggesting the installation of Norton. That's never good!

[GNU-Fan]

If these security threats affect Macs, shouldn't it affect Linux too?

Yes, I agree that GNU/Linux can be compromised as easily as Windows or MacOS--provided the user behaves likewise.

I do, however, disagree that this threat can be circumvented by additional "security software".

[Redman]

... shouldn't it affect Linux too?

Only when people don't know the difference between the root account and a regular user account.

Luckily, real noobs (like my mother-in-law) don't know how to "su" so there shouldn't be a real issue here

[SkittleLinux18]

This is the exact argument I had with that Supervisor at the Norton office here in Utah. I've already posted the story on here twice, so I won't belabor it. However, I am dead certain that Linux can only be compromised by a virus IF AND ONLY IF:

A) Users are always logging into their root accounts

and/or

B) If their root password is something like christmas, that can be easily guessed by a password guesser program that just runs through a hundred words per minute until it finds the password.

I just don't see how any code can be written in a virus that can circumvent root without a password. Without root, nobody/nothing is doing anything. The best password is a 10-12 digit password of completely random numbers and letters.

e.g. 38gr031jj482

Guess that!

[SkittleLinux18]

excerpt from that article:

"Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."

Great idea!!! Because 95% of the AV software out there takes over too much of your computer and is heavy on system resources. I can only imagine what three would do!!!

Seriously, my friends ask me look at their computers because they are "moving too slow." Well I'm never surprised to see Norton Antivirus, Windows Defender, SpySweeper, Norton Firewall, and AVG running on their computer at the same time!

"Dude, Kevin, how do you never get viruses when you don't use any internet security programs?"

"It's called Linux. It has a built-in AV called root."

"What's root?"

"Exactly!"

[GNU-Fan]

I just don't see how any code can be written in a virus that can circumvent root without a password. Without root, nobody/nothing is doing anything.

I wouldn't bet.
Every non-trivial software has bugs and so has GNU/Linux--opening holes to slip through. Even OpenBSD has. If an attacker has normal user rights and will not be disturbed, eventually he will be root.

What safes us from Windows like massive infections is diversity. Most systems are customized and somewhat unique, making "hand-crafted" exploits necessary which overburdens most skriptkiddies.

[SkittleLinux18]

I wouldn't bet.
Every non-trivial software has bugs and so has GNU/Linux--opening holes to slip through. Even OpenBSD has. If an attacker has normal user rights and will not be disturbed, eventually he will be root.

Yes, you are right. There are always security flaws in every OS. However, There are still too many things to override. The program still needs a user's permission to run, whether root or not. Just the fact that Linux doesn't read .exe files is proof of that. In fact, I'm pretty sure that Vista's idea of needing a user to click yes when prompted to run a program came from Linux/Unix. So even if the virus gets on Linux, and even IF it manages to run, a user still has to click "yes" for it to run- and that requires a password. Again, I refuse to believe that will ever happen. Maybe I'm wrong, but I won't believe it until I see it myself. Like, i.e. it happens on my own computer right before my very own eyes.

What saves us from Windows like massive infections is diversity. Most systems are customized and somewhat unique, making "hand-crafted" exploits necessary which overburdens most skriptkiddies.

Wait, does that mean that the variety of distros is what saves us? The fact that just because one virus script may work in Ubuntu or Debian does not mean it will necessarily work in PCLinuxOS or Mandriva?

[GNU-Fan]

So even if the virus gets on Linux, and even IF it manages to run, a user still has to click "yes" for it to run- and that requires a password. Again, I refuse to believe that will ever happen. Maybe I'm wrong, but I won't believe it until I see it myself. Like, i.e. it happens on my own computer right before my very own eyes.

You seem to assume that every infection has to start with the user giving permission and executing a malicious file. But there are many programs already running on your system, some of them even with root rights. If they have bugs, they do mistakes. And if they do mistakes, they do mistakes under the rights you gave them before. No need to ask the user for anything. You might want to visit a random root-server forum to see how common the "my linux server got hacked " posts are. (Unlike on desktops, GNU/Linux is the common operating system in the server world and therefore an attractive target, mind you.)

Wait, does that mean that the variety of distros is what saves us? The fact that just because one virus script may work in Ubuntu or Debian does not mean it will necessarily work in PCLinuxOS or Mandriva?

I would say shell skripts are mostly compatible. It's the diversity in the versions of the programs. This is what plays in favour of us.
Let's say I have Linux 2.6.22 custom built and you have Linux gentoo 2.6.26-1-686. Both kernels are likely to have bugs but the critical ones are likely not to be exploited in the same way, if they are the same at all. Different compilers, different optimizations, all that stuff...

The situation is different for proprietary builds like Skype or Flash, which is one of the reasons I do not recommend them.

[Freston]

Well one of the things that can go wrong is people thinking they are safe 'just because' they run Linux.

That by itself is a lot, but not enough. To throw in a really ugly cliché: 'Security is a verb'.

There are already different kinds of attacks that easily compromise Linux systems. Think of 'cookie-fetching' javascript for example. With your cookies, all your online personal data is compromised. Email addresses, credit card details

And then there are obviously botnets running 24/7 trying to find machines with open ports and brute forcing them when they find one. Your Linux box is as safe as you have made it. But once you choose to run ssh, keep the default port 22 and couldn't be bothered to disallow root logins, ehm, you'll find yourself on the receiving side of a whole lot of attention. I used to get ~400 login attempts per day (on average). My ftp server, before I took it down, got 40,000 login attempts in one night. None of them successful, but not because a lack of trying

And then there's social engineering. Not a pretty thing. If you can persuade people to run executables on a Windows machine, then you can get people to run executables on a Linux box. And who here routinely reads 'Makefiles' before installing? Nobody, no you don't. I don't either.

It's only a small step to add some hostile payload. And it is possible to send 30,000 emails a day using nothing but regular user permissions. Building this to be self replicating and adding a mechanism to cause the spread of what is now a virus may not seem far fetched.

Now I tend to think that active Linux users are smart enough to see through 99% of all attempts to break their system. But as the Great Unwashed is discovering the virtues of Open Source, so too the gullibility about the inherent security of their system will rise and people reckon their box invulnerable.

If I had a dime for every time I read a news site about some vulnerability, and an army of zealots starts claiming their Ubuntu box is immune to 'everything', oh I'd be the one with the Bugatti Veyron. This irritates me (for one, I'd be really uncomfortable about owning a Bugatti), but as Nietzsche said, the best way to destroy something is to defend it for the wrong reasons.

Remember that it is quite possible to keep a Redmond box perfectly safe, and it is possible to screw up the safety of your Linux box with just as much effort.

And then, third party (often proprietary!) AV software is just fighting symptoms. It's not a cure, and it doesn't address the cause of your systems vulnerabilities.

[\rant]

Sorry for the long post