Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Portal: UNIX (and Linux especially) viruses - the real story

Mar 08, 2000, 07:06 (7 Talkback[s])
(Other stories by Kurt Seifried)

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"There's been a lot of fooferaw about UNIX viruses recently, and more specifically Linux viruses. A lot of it is complete garbage. Many of these articles seem to have gotten a hold of virus experts, which is good, but it seems these virus experts generally have little knowledge of UNIX, which isn't surprising as most viruses and anti-virus software is written for Windows (only in the last year or two have many anti-virus vendors ported their products to UNIX platforms). First of all let's define the problem, and some of the more important terms, since some of the articles I have seen seem to mix things in strange ways. A virus is a piece of software that can infect data and applications, often replicating itself, it may or may not be harmless (intentionally or otherwise). For example some viruses append themselves to executable files, and these files can be later spread when users share files. Other viruses (like the Melissa virus) would simply rifle the contents of your email address book, and then send itself to all the people listed in it, severely overloading mail servers in the process."

"Viruses need to be run by a user, and there are many, many ways to trick a user into executing a file, simply attaching it to email and saying it is a new game works most of the time. With Windows there is a wide variety of ways to get code executed (ActiveX, JavaScript, autorun.inf, and so on), especially since Microsoft has chosen to mix data and program files together (i.e. macros in Word or Excel - who uses them except for virus writers anymore?) and given little ability to disable features (you cannot reliably disable macros, or fine tune access to JavaScript for example). Once run by the user the virus typically replicates itself, in the past this was accomplished by attaching itself to executable files, when you traded those files with a friend they would get infected as well. With the spread of the Internet, it become relatively easy to put files up for download that were infected, while major sites tend to scan the software they offer, the types of software many people want (i.e. copyrighted software) is usually not carried by reputable sites (imagine that). As well the explosion of email has eased the spread of viruses, and with the large number of Windows users possessing mail software that can be made to automatically run applications, the spread of viruses via email has exploded."

Complete Story

Related Stories: