How do you get a virus on Linux?
Someone said to me that I really shouldn’t assume I am safe from all viruses on Linux. I decided to look into the steps you would have to follow in order to get a virus that does more than mess with the files in a users home folder. Here is what I came up with:
- Find a virus
- Download or otherwise transfer the virus to your computer
- Mark the virus as executable with chmod
- Run the virus as root so it can damage the whole system
Now, for the sake of comparison, this is how you get a virus on Windows:
- Connect to the Internet
Of course, that’s not a sure-fire way of getting a Windows virus, but it seems to be the most common.
Now, this had led me to the conclusion that I really don’t need to worry about getting a virus on Linux, as the only way to get one involves entering the root password at least once! Don’t worry, Linuxers, we are all safe from viruses - unless you don’t want to be for some reason.
I have known people run Windows viruses through WINE, and the vast majority of them don’t work. A few do manage to damage files in the users home folder, but nothing else as only an idiot would run WINE as root.
In conclusion, Linux is still light-years ahead of Windows in terms of virus security, despite all of Microsoft’s attempts to make Windows a true multi-user system, as Windows is just insecure by design, and will be until Windows is a true multi-user system with proper file and folder permissions and suchlike..
Windows NT(and thus 2000, XP, and Vista) security system is at heart quite good actually and you could very well create a UNIX-like setup with a limited users and one Administrator(root).
However, this isn’t the default setting when creating new users in Windows and thus they all run as they are root. So…. Windows does have proper design, but it’s not being user properely.
Vista does change this though, it’s security model is in the direction of Ubuntu and OS X, except that when using a “sudo”(the UAC dialog) you don’t have to write the password. What’s a bit problematic with this is that the UAC-dialog pops up all the time. This is simple because developers on Win-plattform are used to users having admin-rights so they program their apps to use it all the time. UAC is part an effort to make programmers not use admin-rights unless it is really neccesery.
btw. Your list is too short. I think only the Win9X-series have lousy enough security to get viruses as easily as you claim. Microsoft have the recent years gotten their act togheter on security. *Obviously* because they have fucked up so much in the past and don’t want to piss people more off.
The list is probably something more like this:
1. Checks mail
2. Mail asks that you open attachment (and executable file)
3. User is stupid and actually does open it without even checking it
4. Get’s virus
And if they’re running Vista they get a UAC-dialog. (and if the computer have been configured in a more secure manner by a admin the virus probably won’t do all that much damage.) Not completely safe though, you always have those nasty buffer-overflow things and such…
That being said I still find Vista to be crap and it is one of the main reasons I’m migrating to Linux. And Linux is probably still ahead of Vista, but saying Vista’s security sucks is a bit stretching the truth a bit.