Viruses and Linux

Viruses and Linux

This is a very famous saying and one of the biggest myths around Linux that there are no viruses on Linux. Almost everybody using Linux thinks that they don't need an antivirus. This is not the case though.

In order to understand this we first need to understand what a Virus/worm/trojan etc. Is. In very simple verbiage, anything on your computer that is causing unwanted behavior. Anything that you did not install by our own with complete knowledge an is causing harm. Something that has sneaked into your computer and is performing unwanted operations would fall under the broad term Virus.

A program which is trying to make copies of itself, trying to delete files from your system, trying to monitor your system and sending information to some remote hacker etc... There are many more things that so called Virus/Malware/Adware/Worms/Trojans/rootkits/keyloggers etc... can do. These are specifically engineered pieces of software, designed to stay disguised and remain untraced for the most part, i case of a 0 Day threat and do the activities they were designed to do.

So there is a general purpose definition and then there are more specific definitions of these programs that we classify as Viruses/Malware/Adware/Worms/Trojans/rootkits/keyloggers etc.. Their classification entirely depends on the way they operate and what part of the System they attack. All viruses don't operate in the same way, hence their definitions are different.

Now let us understand what an Anti-virus does?

An antivirus is a Program which is aware of the Operation of these programs, The specific areas of the OS/Application that the viruses target and the way these operate. Like I said, Once viruses are classified based on what they do and how they do, Once could write a signature program for the class and using the Antivirus program, Once could catch these programs by scanning the computer. We however first need to understand and study the Virus and tell the Antivirus program what a Virus looks like. We call these signatures as AV Definitions. These are maintained by the Company making the AV.

Anti-virus software relies on the Virus definitions to stay up to date with new kind of Viruses, These definitions are maintained by the maker of the Anti-virus and are delivered via updates to the Anti-virus program.

The Scan Engine on the Anti-Virus program is specially designed to read files on the system and even the memory some times and compare them against the know virus signatures and  alert the user, The user can then choose to delete the files or clean them of the hidden viruses if possible.

The are are hundreds of viruses being designed every day. Each with different purpose. Antivirus software is getting smarter and so are the Virus writers.

As we all know that Microsoft Windows is the biggest target of these so called Virus Writers, But do we know for sure that Viruses are not being written for Linux? Or if you are using Linux there are no Chances of getting virus infections on your computer?

Well this is a bit complicated to answer so let me try to break it down for you.

Since Windows has the largest user base in entire PC market, It is obvious that it is the most targeted platform. Linux on the desktop has a very small to negligible footprint in comparison with Windows. So there are very less attacks/viruses.

There are however viruses for Linux as well but not too many.

For example I scanned my Laptop today and I got this

rajat@trusty:/tmp/sophos-av$ sudo savscan /

SAVScan virus detection utility

Version 5.12.0 [Linux/AMD64]

Virus data version 5.15, May 2015

Includes detection for 9239070 viruses, Trojans and worms

Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 10:15:17 IST, System date 13 August 2015

Quick Scanning

Could not open /run/user/1000/gvfs

Could not open /usr/share/doc/python-pyexiv2-doc/_static/jquery.js

>>> Virus 'Andr/DroidRt-M' found in file /home/rajat/XXX/XXXX/XXXXX motochopper BY djrbliss on droidrzr.com/motochopper/pwn

114411 files scanned in 25 minutes and 24 seconds.

4 errors were encountered.

1 virus was discovered.

1 file out of 114411 was infected.

If you need further advice regarding any detections please visit our

Threat Center at: http://www.sophos.com/en-us/threat-center.aspx

2 encrypted files were not checked.

This is a virus that affects android OS. Which is technically Linux.

A virus can be written for any platform or any application, It is just that there are not too many for Linux yet. Linux on the Desktop is not popular enough to gain traction from Virus writers to write viruses for. As you see there was only One Virus found in the total scan.

Linux is inherently secure. It is very difficult to write a virus that affects Linux seriously. The Shellshock and Heartbleed bugs were vulnerabilities in the Bash and Openssl Programs which were fixed quickly. There has not been any virus that could kill your machine, because Linux is secure by design.

There could be viruses written even for Linux that could do some really nasty things, Most of these would leverage vulnerabilities in the Applications installed and not in the Linux Kernel itself or may be they could. I don't know. However as of now Linux is not affected by many viruses.

So what I am saying is that it is a Myth that you don't get viruses when you are on Linux. You do, you don't have too many of them affecting Linux. A file that may seem totally harmless on your Linux Machine may cause havoc on some other platforms because it had a virus which did not affect you because you were on Linux and it literally killed some one's machine because they were using an alternate OS and did not have their Anti-virus software catch it in time.

We all should be aware that Viruses are possible for Linux,or for any OS for that matter, It is just that Writing Virus for Linux is a pain, and a totally no profit job, especially on the Desktop Side of things.

So Please consider installing an Anti-virus software like Clam AV, Sophos Commodo etc.. which are free and provide at least basic protection on Linux.

Thanks for reading.

How to stop distro hopping?!

How to stop distro hopping?!

This is the million dollar question. There are many Linux users out there who have a habit of installing a new Linux distribution on their machines just to check out the new stuff. This is very good if you are new to Linux and are trying to get yourself comfortable with Linux. Many people just like to tinker with their systems so they switch Linux Distributions often. Since Linux gives you the freedom you deserve, you are free to use whatever you want, and modify anything about your system.

Switching to a new Linux distribution for some really genuine reason is great. For example you wanted the latest version of a software and you can't get get it in the repos of your current Distro nor could you find any third party repo for your software. You are not able to compile it as well since its dependencies are too many to rebuild you would rather rebuild the whole system. In this case switching to a new distro where things are better would make sense. I appreciate this kind of distro hop. I have done it in the beginning and so did most of us.

Distro hopping is not a problem in the start of your journey in the Linux world. It is just a way to find the best Option for you. There are however times when people would switch distributions just because they feel to. Or they feel something is not working in the current distro and they came to know from somewhere that things would be better if they used a different distro.

Distro hopping can be frustrating at times when you find out that the very reason you switched from your earlier distro is still there. You can't get rid of the issues even with the new distribution, or may be your perception of the new Distro was actually not true. There is really not much difference between your current Distro, and found this only after spend a good couple of hours installing and setting things up for yourself with this new distro.

Many times because things did not fix by distro hopping, many people begin thinking as to whether they should be using Linux in the first place. The reasons behind distro hopping are always justified by the user, mostly because they are not able to do their work because of an issue and their perception that distro hopping is the only solution is the motivating force behind this behaviour. If distro hopping does not solve the issues or causes new issues but resolves the old ones This kind of forms a vicious circle and the end result is frustration.I am saying this from personal experience. There were times when I almost lost hope and wanted to go back to using Windows which I had already paid for while buying the hardware.

I have been using Linux since past 5 years. I have seen Linux on the desktop evolve to what it is now. I have been distrohopping all along these years. I have been mostly attracted by the urge to use new software and then Try different desktop environments.. I have used almost all the top 50 distributions on distrowatch. I liked one thing or the other from each of these distributions. It took me time to understand the philosophy behind each distro and then to realize the same while using them on a day to day basis.

I have finally settled down with Ubuntu 14.04.3 LTS. Because of practical implications. It is stable and will be supported for a long time. I have no pressing need for getting the latest and greatest of all software I use. Most of my favourite software are on their most recent versions via 3^rd party PPAs. Overall the System is stable and I love Unity Desktop Environment.

So How did I stop distro hopping?

My distro hopping was literally becoming my only OCD. I could' not stop thinking about how other Linux distros are better than my existing one. No matter I what distro I was using I always felt there was something better out there. I always thought I cloud do better with a different Desktop Environment and different Distribution.

I would format my Laptop almost every week. This happened for around 1 year. Over this period of time, my brain kept filtering the thoughts behind distro hoping. I was able to think only in terms of two distributions in the end. Ubuntu based and Arch Based.

I love Arch Linux and Ubuntu 14.04 LTS, I have been hopping from one to another over the past year. I must say both have their strengths and weaknesses. I don't want to compare both however I want to lay down a few points which could help you stop hopping distros.

Here is how this worked in my case

-- Since you have been distro hopping already for some time you should be able to write down the top reasons for switching from the current distro.

-- Then you should be able to figure out top reasons for switching to the new distro.

-- You should know your favourite Desktop Environment, In my case I like Unity and KDE.

-- You should know how comfortable you are around adding and removing software from a system. I mean whether or not you are more than a new Linux user. Do you understand the inner working of the distribution you are on currently and the new one you plan to switch to .

--Do you know your way around the System, package management etc.

--Does your current distro have all software you need in their repos, or is it easy to get a third party repo for it or even compile it from source?

-- Do you prefer a stable less changing system like I do or do you like to have the latest an greatest of everything and are not afraid of occasional breakages.

However the Only big question to ask yourself is this.

WHAT IS WRONG WITH THE CURRENT SYSTEM ?

And if there is , should you not rather fix the issue than changing to a new distribution? You would learn more things about the distribution while fixing your issues than installing a new distribution.

And if there are no ways to fix the issue, Should you not reinstall the same OS again and try, if not what is the assurance that the new distro will not give you the the same pain.

At the end of the day, We need our computers to do some work, Like I am writing this post, If I had to do a new Linux Distro installation every day, or every week, When would I be able to do productive work? I say no, Because so far I have only been formatting my system every week. sometimes 2-3 times a week, It was total madness !!

ARE ALL LINUX DISTRIBUTIONS NOT JUST THE SAME THING AT THE CORE! JUST GNU/LINUX ?

Considering all of the above I made a decision to use Ubuntu 14.04 until Ubuntu 16.04 comes out. I am sure that I will not switch OS anytime soon.

I would however miss GENTOO!!

Thanks for reading and I hope this helps you in stopping distro hopping.

How to Increase the battery backup of your Laptop under Ubuntu

How to Increase the battery backup of your Laptop under Ubuntu

Ubuntu and its derivatives form the major chunk of Linux on Desktop/Laptop. Ubuntu forms a very solid base for other distributions and that is why it is the most forked distro out there.If you want to start someone on Linux you would probably hand them over something like a Linux Mint or a Zorin OS. Linux has come a long way and it is not a difficult to use Linux on the Desktop/Laptop. The hardware compatibility has improved to a great extent. Most of the hardware these days supports Linux, The support for Graphics Cards has improved, Almost all hardware on all branded laptops and desktops supports Linux out of the box. Big names like Dell, HP and Lenovo are coming up with some systems with Linux preloaded, Even if Linux is not preloaded, there is a good Chance that you would get Linux to work on most of the Systems these companies make.

I am currently using a Lenovo, Z50-70 Laptop which came pre loaded with Windows 8.1. I installed Linux on it and everything worked out of the box with no problem what so ever, WIFI, Bluetooth, Touch pad, etc.. all worked well.

However there are two major problems with Linux on Laptops like mine, One is Hybrid Graphics and the other is battery Life. Battery life on Linux is generally very low in comparison with Windows, This could be a deal breaker at times.

With Bumblebee technology at our disposal, Hybrid Graphics can be managed and used  with a great degree of success. I have written a couple of blogs around the same. You can read those in detail and the concepts are presented with respect to Ubuntu as a base distribution. The way it works is same across all distributions.

I have been struggling for some time with the battery backup. The machine I am referring to is a mid variant with Intel Ci5 processor and Nvidia GT 820 M for my games. Even with windows the machine does not give enough backup. It hardly lasts 2 -2.5 hours of regular use, Web surfing email, chat etc.

When I switched to Linux the battery backup was reduced by 45 Minutes. I would only get 1.45 hours to 2 hours at max. I began wondering if there was a way to get this equal to Windows. I kept searching all over the place and found that one could use laptop-mode-tools and it would get you  almost at par with Windows as far as battery backup goes. However the options which you can tweak are not a lot in number. You could tweak it to some extent but not a lot.

Then I found TLP. I have been testing TLP across various versions of Ubuntu, Mint, Arch, Manjaro, OpenSuse etc... and I found the tool to be very effective, I got the same battery backup as I was getting with Windows and  I could get it to extend more than 3 hours by tweaking a few parameters.

Without further delay, let me provide you steps to get TLP installed and configured properly under Ubuntu.

Assumption:- You have a laptop with Intel CPU. If not then you should rather use laptop-mode tools or just don't edit the TLP configuration.

Steps:-

1) Add the TLP Repository and Install TLP

sudo apt-add-repository ppa:linrunner/tlp
sudo apt-get update && sud apt-get install tlp tlp-rdw -y

2) Start TLP

sudo tlp start

The default configuration should work for most cases and should get your battery performance up to what you get under Windows.

Location of config file is /etc/default/tlp

However you could tweak a few more parameters to make it better. One could do that however the implications should be clearly understood before making changes

First Option.

#Select a CPU frequency scaling governor:

This Option basically controls how the CPU on the machine responds to load conditions with respect  to power conditions.

This is not enabled by default in the configuration.  It gives a bit of an explanation around what it does. It has two states powersave and performance.

It is obvious that one would expect the best performance while connected to AC power, However when on battery power one would want some powersaving. Hence one needs to set the below.

CPU_SCALING_GOVERNOR_ON_AC=ondemand
CPU_SCALING_GOVERNOR_ON_BAT=powersave

By running sudo gedit /etc/defaut/tlp one can edit and setup these options.

Second Option

Like the first Option, this is also not setup by default. This should be setup manually.

# Set the min/max frequency available for the scaling governor.

This is something that I would set up very carefully. Using these settings you control how the CPU cycles. Setting up too low values may cause degradation in performance beyond bearable limit. I have done some calculations and Here are my configured values.

CPU_SCALING_MIN_FREQ_ON_BAT=500
CPU_SCALING_MAX_FREQ_ON_BAT=1000

My CPU is 1.7 GHZ with turbo boost up to 2.4. When on battery I don't play games or run any CPU intensive tasks, I mostly read and write , for my purpose it works great and I get great backup. I plug in the charger when I need it to do heavy lifting.

Third Option

# Set Intel P-state performance: 0..100 (%)

This one is again related to CPU and it sets the maximum performance of the Intel Pstate driver on your Laptop
I have set it up as below.

CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30

On battery It goes up to only 30 % of the Max performance. I ab basically causing the CPU to under perform on Battery so that the battery life extends more.

Fourth Option

This is related to turbo boost technology from Intel. If you have an Intel processor capable of turbo boost you need to set this up for saving battery life.

CPU_BOOST_ON_AC=1
CPU_BOOST_ON_BAT=0

This means that on battery turbo boost feature stays disabled.

These are the only 4 Options In addition to what TLP sets up by default which can save you precious battery life.

Please bear in mind that by setting up these options there will be a performance hit to some extent however in exchange you will get more juice out of the battery.

Please exert caution while Implementing these or else just use the defaults.

I hope this will help many people.

Thanks for reading.