Spyware on Linux?

[fourtrackmind]

Hello, all!

I have been wondering myself about this spyware/virus business on Linux.

As you see below my name on the left, I run Debian Sid. Why is explained elsewhere in these forums. But, I still wonder, if I am at risk, and if someone could/would infect Linux, I have yet to find a program to do what Norton/and the like does for the Win32 crowd. That is, be on the disk to know what you would not normally know.

There simply seems no other way to combat it other than knowing more than a newbie would, which is what I thought these forums were all about (newbies). Not that I am disrespecting in any realm, but that a n00b to Linux (like me and many others) could be infected with the smallest possibility of a virus, and not know that he/she is even infected, since Linux can be quirky before it is set up right. We'd never know, and never know where to look. It'd be really scary, if we weren't the minority, and that most virus writers have a kind of respect for Linux.......(or something). This seems to be a big potential problem. Someone will do something bad, and no one will know what to do, but the hackers. The rest of us won't even be able to boot up to get the damned answers.

Just a few thoughts.

-Todd

[U-Turn]

Todd,
Due to the directory structure and the permissions hierarchy of Linux, There is simply no way for viruses and other nefarious code to work in an efficient and effective manner. Unless, of course, everybody using Linux were to stop using user accounts and start using root for their everyday non-admin tasks.
That being said, there are a few AV's out there. ClamAV and AVG Grisoft are a couple that spring to mind. The only truely useful purpose AV's serve in Linux would be on a server which is used to serve content to Windows and DOS clients.
The one exception to the rule would be root kits. And with a decent set of firewall rules and an occasional check with something like rkhunter even these are useless to the common script kiddie.

[kkubasik]

Agreed, take a stick to a stone and youll see viruses in linux, now don't forget, malicous code and viruses are different. If someone has gained access to a user account, the could exploit the buffer overun vunerabilities to get code of their choosing executed. But again, if someone has access to your system on that level, viruses are the least of your worries. Also keep in mind that viruses are not intlligent, they are unleased, then just left to spread, on linux this is near impossible on a large scale as there are so many windows machines inbetween. again, it really comes down to users, as long as you dont login as root for everyday activiites and only su when you need to, viruses will never be an issue.

[sdousley]

One thing i noticed when i got broadband at uni last september was that the DNS servers that were supplied to start off with if i went to www.google.com it would redirect me to google.nl. now if it was something wrong with my linux machine, it was the same thing wrong with my windows machine, and all the other windows machines on my network!! it could be odd DNS settings at ur isp. try looking for public dns servers and trying them temporarily,

[mont4982]

I was reading the thread and I saw that fourtrackmind was conecerned about viruses and how to fix them. Below is a link to a virus scanner supposedly made for linux. I use there free version for my XP box as now I haven't become infected with any of the latest viruses that have been hitting M$ OS(s). But from what I hear there is no spyware and very few attacks on linux boxes. So if your worried about viruses check the sight just make sure i wont damage anything on your box if you install.

[http://www.grisoft.com/us/us_index.php][/url]

[fourtrackmind]

Hi, all!

I see now how a virus couldn't really cause problems, now. Thanks to all who helped.

Here's a question, though. It concerns keyloggers. (I take it that's what you mean by 'malicious code', qub333?) Is there even a keylogger out there that is used on Linux? Can it be embedded in like a JPEG, like for Windows keyloggers?

This could also be a potential problem, since if you 'su' yourself in a terminal, the recipient of the output could in theory get your root password. I personally like to just log into the GUI as root. Say I did end up with a keylogger somehow (if one exists). I take it that once you log out of the user session, it would no longer be able to read said keystrokes. If I'm wrong, let me know.

Also, say I'm logged into a user account. If rather than using terminal emulation, I go to a virtual terminal, via ctrl+alt+F#. If, again, I did have a keylogger and the logged in session is running still on F7, would it still be able to read what I am typing, although I am in another terminal? I suspect yes, but I just want to double check.

Thanks for listening.

-Todd

[Lotharjade]

Hmmm, Im still not trusting. True, the makeup of linux is much more secure, but it only takes one crafty bad guy (programmer) and a false sence of security to ruin your day. I think I will do AV just to be safe.
:drown:

[Goran]

If you are still having doubts: try out ClamAV. But I am telling you out of experience: I have been using linux for 2 & 1/2 years now and ClamAV has only found a win32 virus on a CD from a magazine. With the permissions policy, a firewall, rootkit checkers (chkrootkit, rkhunter,tripwire) and a little skill you won't have any problems...

[danensis]

Is active content a threat on Linux? I clicked on a URL recently (purportedly an image link), and it seemed to be trying to load a script.