Why Linux machines are less likely to face virus attacks.
Co authored by me and Babu Kalakrishnan.
The first week of May 2000 saw the nasty "I Love You" virus destroy data on PCs all over the world, causing damage worth billions of dollars. And it isnt the first time such an event has occurred (remember Melissa just a few months back)? Significantly, not even one of the PCs running Linux was affected. Does this mean that Linux is immune to viruses? Or is it just that virus writers havent targeted Linux machines as yet?
Is Linux really immune?
A virus or virus-like program can be written for any operating system. There have been reports of at least one replicating virus Bliss, May 1997 specifically targeted at Linux executables. Destructive code can also be written very easily using scripting languages like Perl available on most Linux distributions. Even a bash script can be quite powerful.
The relative immunity of Linux stems from the implementation of security at the operating system level. If a user executes a piece of destructive code, the files that the program can infect or destroy are restricted to those for which the user has permissions to write to. All the binaries of the standard programs are normally installed with write permissions only to the super-user (root) and hence cant be modified (unless youre running the program as root). Read the Linux Security HOWTO to understand why you shouldnt be doing that anyway.
Open Source is secure
Another reason why Linux is relatively immune to virus attacks, is because most software used in Linux is available either as Open Source or free software. A major mode of propagation of viruses is through cracked or pirated commercial software, where you cant verify the authenticity of the copy you obtained. As for Linux applications, most are freely downloadable from the Net, and cryptographic signatures of packages are generally available at the official Websites of the distributors. So, you can verify the authenticity of the package, even if you obtained the software from a different source.
In addition, the most vital aspect of Linux-based software is that the source code is always available for anyone to read, inspect, and verify. Backdoors, loopholes, and other exploits quickly get detected, given that you can compile your own version of a program. Sometimes, availability of the source is considered a weakness, as access to the source code supposedly permits flaws in the operating system to be found easily. However, you should realize that Linux is a huge community effort, and that at any point, hundreds of people are co-operating towards finding, solving, and securing loopholes in the operating system.
Consider the following analogy. If some company only releases software in the form of binaries, then finding and removing security flaws in that software is limited to that company. This situation is equivalent to a leaky roof with just one person at work finding the leaky spots, and patching them. Now consider the Linux community and the old proverb of "Many hands make light work". Hundreds of people, who use the software and look into the source files, find errors and send solutions or patches. Imagine hundreds of hands working together to clean up a leaky roof.
The fact that Linux has its roots in Unix and is strongly oriented towards a networked environment has also contributed to its relative immunity to a large extent. Most Linux applications, being Open Source, are subject to intense peer review and therefore application programmers tend to develop a security-conscious culture while writing code. If a mail-reading package came out today for Linux, claiming capability to automatically execute embedded script attachments in an e-mail message, its certain that flames would fly all over Linux newsgroups in a matter of hours.
Network threats
The major security threats faced by Linux installations is not from viruses, but from security holes in applications like the sendmail bug which was exploited by the (in)famous "Internet worm" in 1988. This is generally of concern on servers, which cater to multiple users and are constantly exposed to the Internet. However, as soon as a program bug with security implications is discovered in any application, security advisories are posted on various Websites and patches get released in a matter of hours.
Since most script-based viruses cant attack Linux machines, you could use Linux as the first and most vital line of defense against malicious mail-based viruses. For example, imagine a heterogeneous network environment with both Linux and DOS/Windows/ Macintosh local clients. Now typically, a Linux or Unix server serves the local workstations via a POP3 or IMAP service. Wouldnt it be nice to ensure that attachments coming via e-mail are scanned for viruses before they reach a system? Well, thats what anti-virus packages in Linux are typically meant to do.
These anti-virus packages reside on the server that handles your incoming mail. When a mail arrives, instead of being delivered directly, its passed through a script that extracts all attachments from the mail, decompresses the attachment if required, and scans them using a virus scanner. For a list of some of the scanners available, visit www.linuxburg.net/conhtml/sys_ scanners.html. These packages even offer you the facility of intercepting a mail containing a virus and sending a notification to the sender and the recipient, as well as the system administrator. If this isnt enough, its also possible to scan attachments against multiple virus definition files, using different scanners.
Today, the Linux user community is rather small and closely knit, and is fairly knowledgeable about computers and security. This situation will certainly change in coming years with user-friendly interfaces for the common man in fact, its already started happening. Its then that the real test for Linux will come, as youll probably find a large percentage of users having only one user on a machine called "root"! And there may be more viruses on the prowl, targeted at Linux machines. Beware!