Comments on: Developer Ponders Release of Linux Malware

By: Richard Chapman

Richard Chapman — Thu, 03 Dec 2009 00:39:27 +0000

Security, or the lack of it, needs to be up front and out in the open. Microsoft and their security partners have somehow convinced the World that Microsoft’s atrocious security is normal, it isn’t. It only seems normal because nearly all of the World’s computer users have never known any other computer/security relationship. I kind of get a little miffed when the Linux community are accused of declaring Linux as unsinkable. I do often see phrases like “Linux has no viruses” but only from non-Linux users assigning that nonsense to us. I can’t remember seeing something like that from a real Linux user. So let me just say that GNU/Linux has security holes, known and unknown. But it is not, nor will ever be, the security disaster that is sold by Microsoft. Proving that Linux can be infected is not proving that 35,000 node BotNets will be common if it becomes the World’s OS. Roughly 14 billion USDs are siphoned off of users and enterprises each year to pay for computer security or to clean up after it’s failure. GNU/Linux represents a mortal threat to that industry. I expect to see a lot more of “Linux users say Linux is impervious to malware” followed by “hey look, Linux just got a virus, guess it’s no better than Windows”.

Part of learning to use Linux is learning to rely on the Package Manager and the repositories instead of downloading willy nilly off the Web. That system has 98% of what 98% of the users need or want. If you are thinking of mentioning Photoshop don’t bother unless you paid for it. Professional photographers use it and pay full price too. Using a pirated copy of PS to crop your family’s vacation photos does not count as a must have application.

Linux is not immune to malware, but then no software is. It was, however, designed from the first line of code to be safely connected to the rest of the World. Windows still has single-user legacy code deep down in its heart. If you really want to prove that Linux can get malware, here’s a gem for you. http://www.geekzone.co.nz/foobar/6229

By: midi-man

midi-man — Wed, 02 Dec 2009 14:09:28 +0000

Nice to note it will only run under Wine. So if the user really dumps his Windows apps and just runs native Linux applications I guess it has not effect on the system.

Am I correct?

If so then this is windows Malware..

By: oz_ollie

oz_ollie — Wed, 02 Dec 2009 05:49:50 +0000

There has been “malware” available for Linux for a long time but it is different to Windows malware. Linux malware requires the intervention of a person and some people are just plain stupid and others are very gullible. How many offers for millions of dollars from Nigeria do you need to prove this?

Windows has got much better but the relentless UAC permission requests in Vista have once again just got people used to clicking “Yes”. If you have physical access to a computer it isn’t secure, if that person runs programs with Administrator/root permissions then the system will be compromised. That is just the nature of the beast.

By: Tom

Tom — Wed, 02 Dec 2009 00:54:26 +0000

Is only as good as the administrator on any given system. Linux being more secure by default does not mean you can not install malware. Most malware, even in Windows gets there through user interaction, people downloading and installing it themselves. There is no patch for this. All we can do is educate people.

By: gorgy

gorgy — Wed, 02 Dec 2009 00:22:47 +0000

Distributions always stress out, you are at you own risk downloading third party package, so really he isn’t the first to “ponder”.

By: Dallas

Dallas — Tue, 01 Dec 2009 22:06:15 +0000

My only question is, why Linux? I am, IMHO, an advanced Linux user (desktop and server) with over 10 years of experience and a security auditing background to boot. I am not, however, even in the slightest bit, dumbfounded that software such as this exists for the Linux platform… especially when you add “uneducated” end users into the equation, which appears to be the way this rootkit (if you can call it that) installs itself. I would argue that un-informed, click happy users account for 90-95% of the Windows platform infections and the other 5-10% are a result of unpatched software and/or operating systems. That being said, I personally always felt Apple would get “hit” first because Mac fan boys (and Apple themselves in advertisements) stated thousands of times “they” are 100% impervious to viruses/spyware whereas the only Linux users who would even remotely attempt to argue this fall back into my “uneducated” category. Just my two cents.

By: shaunehunter

shaunehunter — Tue, 01 Dec 2009 20:43:26 +0000

Does using a Windows program running under wine even count?