[ILUG-Cochin.org] Virus on GNU/Linux?

Mahesh Aravind ra_mahesh at yahoo.com
Wed Jul 16 21:12:03 IST 2008 


Mundus vult decipi, ergo decipiatur!
-----
http://maravind.blogspot.com/


--- On Wed, 7/16/08, gingerjoos <gingerjoos at gmail.com> wrote:

> not really :) like the author says, a virus by definition
> is not a

I would suggest that you not listen to some "author" and use your common sense.

> windows program. Due to various reasons Linux virii are
> limited in

Yes, it is _not_ a windows program, but nonetheless, the class of programs called 'virus' cannot so much proliferate in a *nix system.  Anybody with a sound understanding of OS design (and who've read Maurice Bach), and assembly language can see that *nix has inherent protection towards memory based replication, and unauthorised file/block manipulation.

The multi-level privilege protection of the x86 (386 and above) also comes into play.  Low level interrupts like 'int 0x80' etc are hooked into the kernel and scanned for the uid/euid before permitted to execution.  These in-built protections make Linux viruii practically impossible, or very very difficult.  You can maybe write one yourself (as has been done using ELF-header hooks exploitation), and maybe 'infect' your personal accounts.  But then again, it is very difficult to bring down an entire system, or target yet another similarly configured box.


> variety and number, that's all :) maybe there are even
> POSIX compliant
> virii that can hit any UNIX :D

Now THAT's an idea -- POSIX complaint Virii.  I wonder if X/Open is granting a certification for them. :D

> 
> maybe we should stop using the net altogether ;)

Then again, an actual exploit is OS independant: http://www.infoworld.com/article/08/07/14/Researcher_to_demonstrate_attack_code_for_Intel_chips_1.html

> Absolutely. Some users are used to there being no
> "root" in other
> operating systems. Other users can't bear the
> inconvenience of running
> sudo/su to run stuff whenever they need to run root :)

Even THEN, it is not so much of a PITA like in the Wind0ze world.  Personally, I don't care, I am NOT the least afraid, and won't be concerned till I'm PERSONALLY hit. Call it over-confidence or arrogance.  I am doubtful about the existence of a Linux virus.

To end the discussion.  Worms are very much a common malware in *nix systems.  Remember Robert T. Morris Jr?

-- Carb0n

More information about the Mailinglist mailing list