Security Portal: UNIX (and Linux especially) viruses – the real story

There’s been a lot of fooferaw about UNIX viruses recently,
and more specifically Linux viruses. A lot of it is complete
garbage. Many of these articles seem to have gotten a hold of virus
experts, which is good, but it seems these virus experts generally
have little knowledge of UNIX
, which isn’t surprising as most
viruses and anti-virus software is written for Windows (only in the
last year or two have many anti-virus vendors ported their products
to UNIX platforms). First of all let’s define the problem, and some
of the more important terms, since some of the articles I have seen
seem to mix things in strange ways. A virus is a piece of software
that can infect data and applications, often replicating itself, it
may or may not be harmless (intentionally or otherwise). For
example some viruses append themselves to executable files, and
these files can be later spread when users share files. Other
viruses (like the Melissa virus) would simply rifle the contents of
your email address book, and then send itself to all the people
listed in it, severely overloading mail servers in the

“Viruses need to be run by a user, and there are many, many ways
to trick a user into executing a file, simply attaching it to email
and saying it is a new game works most of the time. With Windows
there is a wide variety of ways to get code executed (ActiveX,
JavaScript, autorun.inf, and so on), especially since Microsoft has
chosen to mix data and program files together (i.e. macros in Word
or Excel – who uses them except for virus writers anymore?) and
given little ability to disable features (you cannot reliably
disable macros, or fine tune access to JavaScript for example).
Once run by the user the virus typically replicates itself, in the
past this was accomplished by attaching itself to executable files,
when you traded those files with a friend they would get infected
as well. With the spread of the Internet, it become relatively easy
to put files up for download that were infected, while major sites
tend to scan the software they offer, the types of software many
people want (i.e. copyrighted software) is usually not carried by
reputable sites (imagine that). As well the explosion of email has
eased the spread of viruses, and with the large number of Windows
users possessing mail software that can be made to automatically
run applications, the spread of viruses via email has