Viruses in GNU / Linux: Fact or Myth?

Whenever the debate over Virus y GNU / Linux it doesn't take long for the user to appear (usually Windows) what does it say:

«In Linux there are no viruses because the creators of these malicious programs do not waste time doing something for an Operating System that almost nobody uses »

To which I have always replied:

"The problem is not that, but the creators of these malicious programs will not waste time creating something that will be corrected with the first update of the system, even in less than 24 hours"

And I was not wrong, as this excellent article published in the Number 90 (Year 2008) from Todo Linux Magazine. His actor David Santo Orcero provides us in a technical way (but easy to understand) the explanation why GNU / Linux lacks this type of malicious software.

100% recommended. Now they will have more than convincing material to silence anyone who speaks without a solid basis on this subject.

Download Article (PDF): Myths and Facts: Linux and Viruses

 

EDITED:

Here is the transcribed article, as we consider that it is much more comfortable to read in this way:

================================================== ======================

The Linux and virus debate is not new. Every so often we see an email on a list asking if there are viruses for Linux; and automatically someone answers affirmatively and claims that if they are not more popular it is because Linux is not as widespread as Windows. There are also frequent press releases from antivirus developers saying that they release versions of Linux viruses.

Personally, I have had the occasional discussion with different people by mail, or by distribution list, regarding the issue of whether or not viruses exist in Linux. It is a myth, but it is complex to demolish a myth or, rather, a hoax, especially if it is caused by economic interest. Someone is interested in conveying the idea that if Linux does not have these kinds of problems, it is because very few people use it.

At the time of publishing this report I would have liked to write a definitive text on the existence of viruses in Linux. Unfortunately, when superstition and economic interest run rampant, it is difficult to build something definitive.
However, we will try to make a reasonably complete argument here to disarm the attacks of anyone who wants to argue.

What is a virus?

First of all, we are going to start by defining what a virus is. It is a program that copies and runs automatically, and that aims to alter the normal functioning of a computer, without the user's permission or knowledge. To do this, viruses replace executable files with others infected with their code. The definition is standard, and is a one-line summary of the Wikipedia entry on viruses.
The most important part of this definition, and the one that differentiates the virus from other malware, is that a virus installs itself, without the user's permission or knowledge. if it does not install itself, it is not a virus: it could be a rootkit, or a Trojan.

A rootkit is a kernel patch that allows you to hide certain processes from user area utilities. In other words, it is a modification of the kernel source code whose purpose is that the utilities that allow us to see what is running at any given time do not display a certain process, or a certain user.

A Trojan is analogous: it is a modification to the source code of a specific service to hide certain fraudulent activity. In both cases, it is necessary to obtain the source code of the exact version installed on the Linux machine, patch the code, recompile it, obtain administrator privileges, install the patched executable, and initialize the service –in the case of the Trojan– or the operating system. complete - in the case of
rootkit–. The process, as we see, is not trivial, and no one can do all this "by mistake". Both of them require in their installation that someone with administrator privileges, consciously, execute a series of steps making decisions of a technical nature.

Which is not an unimportant semantic nuance: for a virus to install itself, all we have to do is run an infected program as a common user. On the other hand, for the installation of a rootkit or a Trojan it is essential that a malicious human personally enters the root account of a machine, and in a non-automated way, performs a series of steps that are potentially detectable. a virus spreads quickly and efficiently; a rootkit or a trojan needs them to go after us specifically.

Virus transmission on Linux:

The transmission mechanism of a virus, therefore, is what really defines it as such, and is the basis for their existence. an operating system is more sensitive to viruses the easier it is to develop an efficient and automated transmission mechanism.

Suppose we have a virus that wants to spread itself. Suppose it has been launched by a normal user, innocently, when launching a program. This virus has exclusively two transmission mechanisms:

  • Replicate itself by touching the memory of other processes, anchoring itself to them at runtime.
  • Opening the filesystem executables, and adding their code –payload– to the executable.

All viruses that we can consider as such have at least one of these two transmission mechanisms. O The two. There are no more mechanisms.
Regarding the first mechanism, let's remember the virtual memory architecture of Linux and how intel processors work. These have four rings, numbered from 0 to 3; the fewer the number, the greater the privileges that the code that runs in that ring has. These rings correspond with states of the processor, and, therefore, with what can be done with a system being in a specific ring. Linux makes use of ring 0 for the kernel, and ring 3 for processes. there is no process code that runs on ring 0, and there is no kernel code that runs on ring 3. There is only a single entry point to the kernel from ring 3: the 80h interrupt, which allows jumping from the area where it is the user code to the area where the kernel code is.

The architecture of Unix in general and Linux in particular does not make the spread of viruses feasible.

The kernel by using virtual memory makes each process believe that it has all the memory to itself. A process –which works in ring 3– can only see the virtual memory that has been configured for it, for the ring in which it operates. It is not that the memory of the other processes is protected; is that for one process the memory of the others is outside the address space. If a process were to beat all memory addresses, it would not even be able to reference a memory address of another process.

Why can't this be cheated?
To modify what has been commented –for example, generate entry points in ring 0, modify interrupt vectors, modify virtual memory, modify LGDT… - it is only possible from ring 0.
That is, for a process to be able to touch the memory of other processes or the kernel, it should be the kernel itself. And the fact that there is a single entry point and that the parameters are passed through registers complicates the trap - in fact, what is to be done is passed by register, which is then implemented as a case in the attention routine. the 80h interruption.
Another scenario is the case of operating systems with hundreds of undocumented calls to ring 0, where this is possible - there can always be a poorly implemented forgotten call on which a trap can be developed - but in the case of an operating system with such a simple step mechanism, it is not.

For this reason, the virtual memory architecture prevents this transmission mechanism; no processes - not even those with root privileges - have a way to access the memory of others. We could argue that a process can see the kernel; it has it mapped from its logical memory address 0xC0000000. But, because of the processor ring that it runs on, you can't modify it; would generate a trap, since they are memory areas that belong to another ring.

The "solution" would be a program that modifies the kernel code when it is a file. But the fact that these are recompiled makes it impossible. The binary cannot be patched, as there are millions of different binary kernels in the world. Simply that when recompiling it they had put or removed something from the kernel executable, or they had changed the size of one of the labels that identify the compilation version - something that is done even involuntarily - the binary patch could not be applied. The alternative would be to download the source code from the Internet, patch it, configure it for the appropriate hardware, compile it, install it, and reboot the machine. All this should be done by a program, automatically. Quite a challenge for the field of Artificial Intelligence.
As we can see, not even a virus as root can jump this barrier. The only solution left is the transmission between executable files. Which does not work either as we will see below.

My experience as an administrator:

In more than ten years that I have been managing Linux, with installations on hundreds of machines in data centers, student laboratories, companies, etc.

  • I have never gotten a virus
  • I have never met someone who has
  • I have never met someone who has met someone who has

I know more people who have seen the Loch Ness Monster than have seen Linux viruses.
Personally, I admit that I have been reckless, and I have launched several programs that the self-proclaimed "specialists" call "viruses for Linux" - from now on, I will call them viruses, not to make the text pedantic -, from my usual account against my machine, to see if a virus is possible: both the bash virus that circulates around there - and which, by the way, did not infect any files - and a virus that became very famous, and appeared in the press. I tried to install it; and after twenty minutes of work, I gave up when I saw that one of his demands was to have the tmp directory on a partition of the MSDOS type. Personally, I don't know of anyone who creates a specific partition for tmp and formats it to FAT.
In fact, some so-called viruses that I have tested for Linux require a high level of knowledge and the root password to be installed. We could qualify, at the very least, as "crappy" a virus if it needs our active intervention to infect the machine. Furthermore, in some cases they require extensive knowledge of UNIX and the root password; which is quite far from the automatic installation that it is supposed to be.

Infecting executables on Linux:

On Linux, a process can simply do what its effective user and effective group allow. It is true that there are mechanisms to exchange the real user with cash, but little else. If we look at where the executables are, we will see that only root has write privileges both in these directories and in the contained files. In other words, only root can modify such files. This has been the case in Unix since the 70s, in Linux since its origins, and in a file system that supports privileges, no error has yet appeared that allows other behavior. The structure of the ELF executable files is known and well documented, so it is technically possible for a file of this type to load the payload in another ELF file ... as long as the effective user of the first or the effective group of the first have access privileges. reading, writing and execution on the second file. How many filesystem executables could it infect as a common user?
This question has a simple answer, if we want to know how many files we could "infect", we launch the command:

$ find / -type f -perm -o=rwx -o \( -perm -g=rwx -group `id -g` \) -o \( -perm -u=rwx -user `id -u` \) -print 2> /dev/null | grep -v /proc

We exclude the / proc directory because it is a virtual filesystem that displays information about how the operating system works. The file type files with execution privileges that we will find do not pose a problem, since they are often virtual links that appear to be read, written and executed, and if a user tries it, it never works. We also discard errors, plentiful - since, especially in / proc and / home, there are many directories where a common user cannot enter -. This script takes a long time. In our particular case, in a machine where four people work, the answer was:

/tmp/.ICE-unix/dcop52651205225188
/tmp/.ICE-unix/5279
/home/irbis/kradview-1.2/src
/kradview

The output shows three files that could be infected if a hypothetical virus were run. The first two are Unix socket type files that are deleted at startup –and cannot be affected by a virus–, and the third is a file of a development program, which is deleted every time it is recompiled. The virus, from a practical point of view, would not spread.
From what we see, the only way to spread the payload is by being root. In this case, for a virus to work, users must always have administrator privileges. In that case, it can infect files. But here's the catch: to spread the infection, you need to take another executable, mail it to another user who only uses the machine as root, and repeat the process.
In operating systems where it is necessary to be an administrator for common tasks or to run many daily applications, this can be the case. But in Unix it is necessary to be an administrator to configure the machine and modify the configuration files, so the number of users that the root account uses as a daily account is small. It's more; some Linux distributions don't even have the root account enabled. In almost all of them, if you access the graphical environment as such, the background changes to intense red, and constant messages are repeated to remind you that this account should not be used.
Finally, everything that has to be done as root can be done with a sudo command without risk.
For this reason, in Linux an executable cannot infect others as long as we are not using the root account as the common use account; And although antivirus companies insist on saying that there are viruses for Linux, really the closest thing that can be created in Linux is a Trojan in the user area. The only way that these Trojans can affect something on the system is by running it as root and with the necessary privileges. If we usually use the machine as ordinary users, it is not possible for a process launched by a common user to infect the system.

Myths and lies:

We found a lot of myths, hoaxes, and just plain lies about viruses in Linux. Let's make a list of them based on a discussion that took place some time ago with a representative of a manufacturer of antivirus for Linux who was very offended by an article published in this same magazine.
That discussion is a good reference example, as it touches on all aspects of viruses in Linux. We are going to review all these myths one by one as they were commented on in that specific discussion, but which has been repeated so many times in other forums.

Myth 1:
"Not all malicious programs, particularly viruses, need root privileges to infect, especially in the particular case of executable viruses (ELF format) that infect other executables".

Answer:
Whoever makes such a claim does not know how the Unix privilege system works. In order to affect a file, a virus needs the privilege of reading –it must be read to modify it–, and writing –it must be written for the modification to be valid– on the executable file it wants to execute.
This is always the case, without exceptions. And in each and every one of the distributions, non-root users do not have these privileges. Then simply with not being root, the infection is not possible. Empirical test: In the previous section we saw a simple script to check the range of files that can be affected by an infection. If we launch it on our machine, we will see how it is negligible, and with respect to system files, null. Also, unlike operating systems such as Windows, you do not need administrator privileges to perform common tasks with programs commonly used by normal users.

Myth 2:
"Nor do they need to be root to enter the system remotely, in the case of Slapper, a worm that exploiting a vulnerability in Apache's SSL (the certificates that allow secure communication), created its own network of zombie machines in September 2002".

Answer:
This example does not refer to a virus, but a worm. The difference is very important: a worm is a program that exploits a service for the Internet to transmit itself. It does not affect local programs. Therefore, it only affects servers; not to particular machines.
The worms have always been very few and of negligible incidence. The three really important ones were born in the 80s, a time when the Internet was innocent, and everyone trusted everyone. Let's remember that they were the ones that affected sendmail, fingerd and rexec. Today things are more complicated. Although we cannot deny that they still exist and that, if left unchecked, they are extremely dangerous. But now, reaction times to worms are very short. This is the case of the Slapper: a worm created on a vulnerability discovered - and patched - two months before the appearance of the worm itself.
Even assuming that everyone using Linux had Apache installed and running all the time, simply updating the packages monthly would have been more than enough to never run any risk.
It is true that the SSL bug that Slapper caused was critical - in fact, the biggest bug found in the entire history of SSL2 and SSL3 - and as such was fixed within hours. That two months after this problem was found and solved, someone made a worm on a bug that has already been corrected, and that this is the most powerful example that can be given as a vulnerability, at least it reassures.
As a general rule, the solution to worms is not to buy an antivirus, install it and waste computing time keeping it resident. The solution is to make use of the security update system of our distribution: having the distribution updated, there will be no problems. Running only the services we need is also a good idea for two reasons: we improve the use of resources, and we avoid security problems.

Myth 3:
"I don't think the core is invulnerable. In fact, there is a group of malicious programs called LRK (Linux Rootkits Kernel), which are based precisely on the fact that they exploit vulnerabilities in kernel modules and replace the system binaries.".

Answer:
A rootkit is basically a kernel patch that allows you to hide the existence of certain users and processes from the usual tools, thanks to the fact that they will not appear in the / proc directory. The normal thing is that they use it at the end of an attack, in the first place, they will exploit a remote vulnerability to gain access to our machine. Then they will undertake a sequence of attacks, to escalate privileges until they have the root account. The problem when they get it is how to install a service on our machine without being detected: that's where the rootkit comes in. A user is created that will be the effective user of the service that we want to hide, they install the rootkit, and they hide both said user and all the processes belonging to said user.
How to hide the existence of a user is useful to a virus is something that we could discuss at length, but a virus that uses a rootkit to install itself seems fun. Let's imagine the mechanics of the virus (in pseudocode):
1) The virus enters the system.
2) Locate the kernel source code. If it is not, he installs it himself.
3) Configure the kernel for the hardware options that apply to the machine in question.
4) Compile the kernel.
5) Install the new kernel; modifying LILO or GRUB if necessary.
6) Reboot the machine.

Steps (5) and (6) require root privileges. It is somewhat complicated that steps (4) and (6) are not detected by the infected. But the funny thing is that there is someone who believes that there is a program that can do step (2) and (3) automatically.
As a culmination, if we meet someone who tells us "when there are more Linux machines there will be more viruses", and recommends "having an antivirus installed and updating it constantly", possibly it is related to the company that markets the antivirus and updates . Be wary, possibly the same owner.

Antivirus for Linux:

It is true that there are good antivirus for Linux. The problem is, they don't do what antivirus advocates argue. Its function is to filter the mail that passes from malware and viruses to Windows, as well as to verify the existence of Windows viruses in folders exported via SAMBA; so if we use our machine as a mail gateway or as a NAS for Windows machines, we can protect them.

Clam-AV:

We will not finish our report without talking about the main antivirus for GNU / Linux: ClamAV.
ClamAV is a very powerful GPL antivirus that compiles for most of the Unix available on the market. It is designed to analyze attachments to mail messages passing through the station and filter them for viruses.
This application integrates perfectly with sendmail to allow the filtering of viruses that can be stored in the Linux servers that provide mail to companies; having a virus database that is updated daily, with digital support. The database is updated several times a day, and it is a lively and very interesting project.
This powerful program is capable of analyzing viruses even in attachments in more complex formats to open, such as RAR (2.0), Zip, Gzip, Bzip2, Tar, MS OLE2, MS Cabinet files, MS CHM (HTML Coprinted), and MS SZDD.
ClamAV also supports mbox, Maildir, and RAW format mail files, and Portable Executable files compressed with UPX, FSG, and Petite. The Clam AV and spamassassin pair are the perfect pair to protect our Windows clients from Unix mail servers.

CONCLUSION

To the question Are there vulnerabilities in Linux systems? the answer is certainly yes.
No one in their right mind doubts it; Linux is not OpenBSD. Another thing is the vulnerability window that a Linux system has that is properly updated. If we ask ourselves, are there tools to take advantage of these security holes, and exploit them? Well, yes, but these are not viruses, they are exploits.

The virus must overcome several more difficulties that have always been put as a Linux flaw / problem by Windows defenders, and that complicate the existence of real viruses - kernels that are recompiled, many versions of many applications, many distributions, things that they are not automatically passed transparently to the user, etc.–. The current theoretical "viruses" must be installed manually from the root account. But that cannot be considered a virus.
As I always tell my students: don't believe me, please. Download and install a rootkit on the machine. And if you want more, read the source code of the "viruses" on the market. The truth is in the source code. It is difficult for a "self-proclaimed" virus to keep naming it that way after reading its code. And if you don't know how to read code, a single simple security measure that I recommend: use the root account only to manage the machine, and keep security updates up to date.
Only with that it is impossible for viruses to enter you and it is very unlikely that worms or someone will attack your machine successfully.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

85 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Sebas_vv9127 said

    With the daily updates for Distro Linux your OS is fully protected.

    1.    elav <° Linux said

      This is UU

  2.   Kharzo said

    After reading this, the superiority in terms of vulnerabilities and general security compared to Windows is very clear, from what I have read it is quite difficult to exploit vulnerabilities in GNU / Linux, the truth is that in this OS I have always been surprised by the speed with the one that the security problems are corrected, like that time 40 vulnerabilities were detected in the Ubuntu Linux kernel, and the same day they were already solved ...

    1.    elav <° Linux said

      Welcome Kharzo:
      Well yes, these things should be read by those who proclaim themselves Gurus and Computer Scientists and have never left Windows. When we GNU / Linux users talk about the benefits of the OS, it is not to attack Windows, it is because we clearly know what the advantages / disadvantages of each of them are 😀

      1.    Perseus said

        OO, better explanation to the topic "evangelization" Linux -> Win impossible.

        +100

    2.    wilsongcm said

      simply excellent explanation ...
      although I am just a common user, I have my doubts and knowledge as anyone, but I definitely stay with linux, since 2006 ...

  3.   rogertux said

    To argue with friends! They always nag if linux this, what if the other ...

  4.   KZKG ^ Gaara said

    I definitely recommend reading the PDF ... really, masterful, brilliant, perfect ...

  5.   Yoyo said

    To lower it !!! 🙂

    1.    KZKG ^ Gaara said

      Actually ... I'm transcribing it right now, to make it more comfortable for everyone to read 😀
      In a while I update the post and leave the link to the PDF yes, but I will also put the content of it here.

      regards

      1.    Hache said

        Hey! Thank you very much for the transcript!
        A very interesting article!

    2.    Sergio Esau Arámbula Duran said

      I did not know that you read from linux Yoyo 🙂 like me as well as Muylinux and other XD

      1.    KZKG ^ Gaara said

        Yoyo shares several of our articles for G + haha… we are grateful to him for that 😀
        In fact… he's been reading us for quite some time 🙂

        1.    Sergio Esau Arámbula Duran said

          I'm happy about it, this page is very good

          1.    elav <° Linux said

            We are glad that you feel good about our blog ^^

  6.   moscosov said

    I know more people who have seen the Loch Ness Monster than have seen Linux viruses

    Hahahahaha remarkable.

    1.    Anonymous said

      I also loved the phrase hehehe

  7.   Rayonant said

    Without a doubt 100% recommended, more clearly impossible, thank you very much for sharing elav!

  8.   Manuel Villacorta said

    Very good article. And I thought that if I was exposed by not having antivirus.

    For the rest, it means that if it could be a carrier of a virus for Windows, of course it would not affect us, but if we could transmit it to other Windows users, right?

    Additionally, what if we run a program infected with wine? what's up with that

    1.    elav <° Linux said

      Welcome Manuel Villacorta:
      That is what many users tend to think. Here in my country some companies have even put Kaspersky (Linux version) on PCs with Linux (worth the redundancy) ...

      About Wine, I couldn't tell you, but I think that if it affects something, it must be the application itself within Wine .. 😕

  9.   3ndriago said

    Very good article, especially because it gives arguments based on technical data and not just talking

    1.    elav <° Linux said

      Likewise .. What did you think? I guess that's cool right? There you have for when you discuss with someone on Fb about the subject 😀

  10.   ren434 said

    Very good to silence anyone who says that there are juajua viruses in GNU / Linux.

    I will have it in markers for when I have to give the pela with the hasefroch.

  11.   Lucas Matias said

    It was worth the read 😀

  12.   Courage said

    What I think is that prevention never hurts, an exploit can hardly enter us but a Trojan is easier.

    As for the percentage, it is also due to the Linux permission system

  13.   Alba said

    LOL with the Loch Ness monster xD

    Well ... I was sinful of wanting to convince my colleagues to use Linux for the same reason that Windows users discredited distros: almost no one uses it, less likely that something will happen to them ... I know, my mistake. But with this I will be able to say why it is good ... Although I will have to explain it with pears and apples because not many of my colleagues would understand that as well as it goes lol

    thank you very much anyway for rescuing this info: 3

  14.   Perseus said

    Excellent, thanks for the info

  15.   Hairosv said

    Actually I would like to find a blog like this but for windows….

    1.    Courage said

      Hardly because Muy suffers from a serious fanboyism

    2.    Alf said

      There is one, http://www.trucoswindows.com/ They are very serious, they are not fanboys.

      On some occasion I read a contributor how he recommended using ubuntu to solve a windows problem, but it was a long time ago.

  16.   pandev92 said

    Viruses are like everything, they are bad but at least they feed many people XD that otherwise I doubt that they would work, it is clear that in Linux it is difficult or almost impossible for you to enter one, but that argument is not enough to use Linux , because the same would apply to Mac osx.
    There are other things more important than that to using Linux.

    1.    Hache said

      What is also free? xD

  17.   Giorgio grappa said

    Very good article, thanks for linking it, it will be very useful to us.

    I would like to add an observation:

    "In Linux there are no viruses because the creators of these malicious programs do not waste time doing something for an Operating System that almost nobody uses"

    Actually, this statement is not exact either: most of the servers on the Internet - used by millions of people - work on GNU / Linux systems (Google's, for example, and wouldn't they represent good prey for manufacturers? virus?); 91% of the 4 most powerful supercomputers in the world, also [http://i.top500.org/stats].

    In short, if there are no "real" viruses against GNU / Linux, it is not due to lack of desire, but due to technical difficulties (so well explained in the article).

  18.   and the other UNIX-based systems? said

    Forgive my ignorance, but where are the other systems that are based on Unix, XNU or BSD? In the end GNU / Linux is based on UNIX and I know that Systems like AIX are even better servers thanks to their security, I also speak of MacOs X and FreeBSD.
    I think that the article, no matter how good it is, should not be based on Linux only, although this is a dedicated website

  19.   ubuntero said

    it was a very good magazine (all linux), it hurts what happened, thanks for rescuing the article! Cheers!

    1.    elav <° Linux said

      And what happend? : S

  20.   ErunamoJAZZ said

    Thu ... I ran the command find that they give there and I think it is not over yet, there are more than 2000 "possible infected" (?)

    Very good article.

    1.    OmarHB said

      Hehe, I do not detract from Ubuntu, in fact with that distro I started using GNU / Linux on my own, and I loved a derivation called Oz Unity, until I realized that I did not need most of the applications that include by default, and on the contrary, they increased the vulnerabilities in my OS. Therefore, and after reading enough and trying various distros, I decided to migrate to Debian, with which I am very comfortable, and only with what I really need. And if I need something else, no problem, surely I will find it in the official repositories, if not, to compile the sources. Ah! And by the way to the author, excellent article. Regards.

    2.    Andrelo said

      A lot of them also appear to me, but they are folders, also the only thing that the command does, is to look for the files that have permissions to be infected, it would be necessary to remove certain permissions, right? Then I will take a look with ClamAV, before a linuxero throws me dirt, I use it to disinfect units with windows

  21.   edwar said

    look thanks for the information but it is against produce to tell you that nobody uses linux when those of us who know the truth about microsoft use it

  22.   Eduardo Natali said

    Hi, mate! How about, I am dedicated to systems like you, I am writing to congratulate you, your article is pure truth, also EXCELLENT !!! and brilliant!! with all the basics. nice to read it! Thank you very much, Regards, Eduardo Natali

  23.   Jorge Manjarrez Lerma said

    That such.

    Microsoft and in particular its operating systems are at least 10 years behind * NIX systems (understand Unix, Linux and MacOS), although it must also be recognized that in most situations it is the fault of the users and the Microsoft's ability to provide the minimum documentation necessary for operating system security. * NIX systems have native characteristics that by their nature make the propagation of noxious informational fauna almost impossible (not 100% invatible). It is not that there are fewer people using * NIX and in particular Linux, rather the capabilities of these systems are very good and of quality, something that the windows brand does not have as a priority (remember Win Vista for example).

  24.   Felipe Salazar Schlotterbeck said

    Since I saw the ubuntu 7.04 with the clam I knew that there should be viruses for gnu / linux

  25.   Miguel said

    The truth is that the article is very good. Quite a job and time to answer so many questions that there are in this regard ... my congratulations.

  26.   jhoedram said

    The truth is that I had previously experienced some viruses in the system but it was my fault, everything was solved with an update.

  27.   pandev92 said

    Trojans in Linux, exist just as they exist in Mac OSX and to a greater extent in Windows, with the difference that in Linux it is more difficult, and if we talk about open bsd, even much more difficult.

  28.   Lunatic_Barrington said

    Thank you very much for this article! I think it is very useful for all those newbies like me who are interested in learning a little more about how Linux works. 🙂

  29.   Ghermain said

    Although this article has been published for several days, it has not expired, so, with your permission, I copy-paste your credits. 😉

  30.   Fernando MS said

    Very interesting, without a doubt I will have to download the PDF article to be able to read it and thus draw my own conclusions.

  31.   Angamo1998 said

    If I also thought not, I had the board's computer and it downloaded the most malicious viruses from the internet and nothing, but one day I downloaded my kernel and investigating I created a virus, as I thought nothing would happen, I ran it, because everything to shit at school they tried to fix me, dog couldn't.
    My virus uninstalled drivers, packages and I eliminated programs, when I fixed it as I could every time I started the session it returned me to the start session menu.
    ZAS EN TODA LA BOCA
    postscript (my computer was also believed to be samsung and it is toshiba, revised)

  32.   Gabriel said

    The article is very old, but the information is still valid, I cleared many doubts ... Thanks

  33.   vania said

    Well, I think that linux is not as serious as they say, since both windows and linux tend to have viruses, but this does not mean that linux does not have better functions than windows ...

  34.   sergio said

    Thanks for your art, it helped me a lot, I just started in Debian and I see many things in favor. The issue is essential for people who do not know this OS and are not well informed. I will recommend reading it. Thank you.

  35.   Solomon Benitez said

    I with Mint installed the Rootkit Hunter. I basically used it and didn't see a single rootkit detected from the terminal. So it was more of a fun than a necessity to use it.
    Now that I use OpenSUSE I didn't bother to install it. It is also a matter of common sense: when you start in the Linux world, you know the need to leave the root account for the most essential needs and create another type of user. Likewise, you will not put the root password on every window that pops up without knowing what process it will do.
    I think that the myth of viruses in Linux is one of the many mental barriers to overcome in other people, as well as two of the main ones: "I don't understand Linux, I don't know how to use Linux" and wanting to windose everything, expecting it to work Linux operating system the same or similar to that of Microsoft.

  36.   Liher said

    The article is simply great, I thought it was great, thank you very much for writing it. I've read it cover to cover. Congratulations, with this article everything is explained and, for my part, settled 😀

  37.   desikoder said

    Viruses can be made for all systems. What's more, I can put the code of a backdoor for linux from one line of code. The question is not the existence of viruses, but the possibility of infection.

    Answers (in my opinion)

    You can make viruses in linux: Yes
    There are viruses in Linux: Few, and without success
    There are chances of getting infected: Very few

    1.    desikoder said

      By the way, for the record, I hate windows, and I don't defend it. If it appears in my user-agent it is because I am in a phone booth because I do not have internet at home now.

      Greetings 😉

  38.   Matías Demarchi said

    I read everything, I see that it is not only the least amount of security holes, but because of the kernel design itself, but why does Android suffer almost as much as Windows from virus problems and long-term slowdowns?

    1.    kuk said

      because android users usually do not know how to manage their system and install anything from anywhere besides that google is not interested in security in android because it is a juicy business that it is not so secure also there is a big difference between a OS GNU / Linux and android even if they have the same kernel

      1.    Sebas said

        "Because android users usually do not know how to manage their system and install anything from anywhere"

        That is an answer that would be valid if we said it for any operating system.
        So never the merit has been in the design of the system and the fault has always been in the (ab) use of the user.

    2.    Gabo said

      No no, you have to read everything again, take a good look and don't fall into the silly game of generalizing viruses, eat any computer failure. The one above is a bit right but in general infecting a device that uses a linux kernel with spyware and malware is always the fault of the user who is giving permissions to everything he installs, whether on android or windows. Google does what it can that is why terminals with root access are not given.

      1.    kuk said

        The truth is that Google does not care or will never worry in a serious way about the security of android and it hurts because android would have the possibility of being a great system but it does not make them more tangled from the android factory thanks to Google's control it incorporates backdoors so that institutions like the NSA have access to your private data. Is that worrying about the security of a system? also Gabo is right many users but not all root their system without knowing many times that this is a double-edged sword, which should only be used by people who know what they are doing.

    3.    Roberto said

      Because many Android use them as root. But viruses are still rare. Well true that the Galaxy do not allow you to be root, so I never got infected, neither did my tablets.

    4.    Sebas said

      Because everything argued in the article is pseudo-technical nonsense.

      They sell you the idea that the "absence" of viruses is not due to the low market share but because the super powerful Linux kernel prevents its spread, but then an Operating System appears with said kernel and is widely used and there are viruses, slowdowns, hang up and all kinds of problems.

      There is no design that prevents the existence and spread of viruses, because they reach Windows in the same way that they can reach any system: The user searches for it, puts it on his computer and executes it ignoring any kind of warning. When those conditions don't happen, infections tend to zero even on Windows.

      The slowdowns happen when you install / uninstall crap. There is no system and design immune to crap. The more popular an Operating System is, the more developments there will be, whatever their quality and dedication.

      And to notice slowdowns in the long term, it is necessary to have the system installed for a long term !, a condition that usually does not even happen in Linux due to the daily formatting, either to change the distro, to "update" the distro or to recover it from any daily break that it has had.

  39.   Emilio Moreno said

    Great information, it has clarified a lot about viruses and Linux

  40.   Is said

    The best, I recommend it!

  41.   kuk said

    Well, no system is 100% secure and that includes GNU / Linux

  42.   Slenderman said

    But an antivirus not only protects you from viruses, there is malware everywhere, and a good AV can protect you from it. Anyone who does not use antivirus because he has GNU / Linux (I also use it), but is exposed to many threats.

    1.    Gabo said

      You have to think that an antivirus in unix systems is not very useful, if perhaps what they would suffer the most will be from xploits and with the updates activated it would be enough, of course if we take into account that some distros (in the case of GNU / Linux) they update their kernel up to 2 times a year.

  43.   daryo said

    there is something that viruses completely ignore for deb or rpm packages, people hardly analyze these packages and they need root access to install.

    1.    Thomas Sandoval said

      It's true, but most of us will use the corresponding repository. There are people who have been dedicated to this for a long time and have a history working in Linux, sometimes those credentials help to know whether to trust or not.

  44.   oscar lopez said

    excellent post, I did not know these things about linx, thank you very much for sharing.

  45.   Manuel Fernando Marulanda said

    Excellent article, it helped me a lot to clear up some doubts in my head.

  46.   Pablulu said

    Thanks, I have little idea of ​​the subject and the article has helped me a lot. A greeting!

  47.   Miguel said

    Good website, did not know.
    I really liked your explanation of viruses.
    I link you from my website,
    Regards,
    Miguel

  48.   Juan Rojas said

    Hello, I manage more than 3000 different Linux server websites, today I can tell you that if I have had viruses and I have neutralized them with clam av, despite having a firewall with good rules, it did not spread. Same but if there were
    The problem, the mails and page templates of unauthorized exchange

    regards

    1.    elav said

      What virus did you have? Because a virus enters the mail, especially from a sender using Windows, is not uncommon, but from there to affecting the system it goes a very long way. So I ask again what virus was it?

  49.   aiko said

    very, good, excellent information

  50.   Roberto said

    Interesting. Perhaps due to the extensive use of root on Android, there are viruses for Android. But hey they are rather scarce.

  51.   G said

    I guess ransomware doesn't do its job on Linux either.

    Greetings and congratulations for the post. Very very good !!!

    G

  52.   skan said

    "THEY WILL NOT WASTE TIME IN CREATING SOMETHING THAT WILL BE CORRECTED WITH THE FIRST UPDATE OF THE SYSTEM, EVEN IN LESS THAN 24 HOURS"
    that will be if it is detected and made public.
    Well, there are no infected computers and their users do not find out until it is too late.
    There are even viruses that come from the factory in BIOS, firmware, etc ... even produced by government agencies. It goes without saying that there are many functional viruses for Linux or OSX, although not as many as for Windows, of course.

  53.   Daniel said

    Everything you say is more or less true, but not much. You rely on myths to dismantle other myths….

    Have a Debian server with Kernel 4 for 6 months connected to the internet serving a static html (the simplest thing) and then you can delete more than 80% of your post.

  54.   Earl said

    It is not impossible for a hacker to penetrate an os with his viruses and spyware.

  55.   Yoshiki said

    I think 12 years later, we would deserve a remake of this article. Discuss new technologies, new threats ... and if we are now literally virus-free or not.

    Otherwise, excellent article (which I already read eons ago).

  56.   Alejandro Alvarez said

    If I have Windows and Linux installed, can a virus enter my pc when I use Linux and switch to Windows?