Viruses and Linux
This is a very
famous saying and one of the biggest myths around Linux that there are no viruses on Linux. Almost
everybody using Linux thinks that they don't need an antivirus. This
is not the case though.
In order to
understand this we first need to understand what a Virus/worm/trojan
etc. Is. In very simple verbiage, anything on your computer that is
causing unwanted behavior. Anything that you did not install by our
own with complete knowledge an is causing harm. Something that has
sneaked into your computer and is performing unwanted operations would fall under the broad term Virus.
A program which is
trying to make copies of itself, trying to delete files from your
system, trying to monitor your system and sending information to some
remote hacker etc... There are many more things that so called
Virus/Malware/Adware/Worms/Trojans/rootkits/keyloggers etc... can do.
These are specifically engineered pieces of software, designed to
stay disguised and remain untraced for the most part, i case of a 0
Day threat and do the activities they were designed to do.
So there is a
general purpose definition and then there are more specific
definitions of these programs that we classify as
Viruses/Malware/Adware/Worms/Trojans/rootkits/keyloggers etc.. Their
classification entirely depends on the way they operate and what part
of the System they attack. All viruses don't operate in the same way,
hence their definitions are different.
Now let us understand what an Anti-virus does?
An antivirus is a
Program which is aware of the Operation of these programs, The
specific areas of the OS/Application that the viruses target and the
way these operate. Like I said, Once viruses are classified based on
what they do and how they do, Once could write a signature program for
the class and using the Antivirus program, Once could catch these
programs by scanning the computer. We however first need to
understand and study the Virus and tell the Antivirus program what a
Virus looks like. We call these signatures as AV Definitions. These
are maintained by the Company making the AV.
Anti-virus software relies on the Virus definitions to stay up to date with new kind of Viruses, These definitions are maintained by the maker of the Anti-virus and are delivered via updates to the Anti-virus program.
The Scan Engine on the Anti-Virus program is specially designed to read files on the system and even the memory some times and compare them against the know virus signatures and alert the user, The user can then choose to delete the files or clean them of the hidden viruses if possible.
The are are hundreds
of viruses being designed every day. Each with different purpose.
Antivirus software is getting smarter and so are the Virus writers.
As we all know
that Microsoft Windows is the biggest target of these so called Virus
Writers, But do we know for sure that Viruses are not being written
for Linux? Or if you are using Linux there are no Chances of
getting virus infections on your computer?
Well this is a bit complicated to answer so let me try to break it
down for you.
Since Windows has the largest user base in entire PC market, It is
obvious that it is the most targeted platform. Linux on the desktop
has a very small to negligible footprint in comparison with Windows.
So there are very less attacks/viruses.
There are however viruses for Linux as well but not too many.
For example I scanned my Laptop today and I got this
rajat@trusty:/tmp/sophos-av$ sudo savscan /
SAVScan virus detection utility
Version 5.12.0 [Linux/AMD64]
Virus data version 5.15, May 2015
Includes detection for 9239070 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.
System time 10:15:17 IST, System date 13 August 2015
Quick Scanning
Could not open /run/user/1000/gvfs
Could not open /usr/share/doc/python-pyexiv2-doc/_static/jquery.js
>>> Virus 'Andr/DroidRt-M' found in file
/home/rajat/XXX/XXXX/XXXXX motochopper BY djrbliss on
droidrzr.com/motochopper/pwn
114411 files scanned in 25 minutes and 24 seconds.
4 errors were encountered.
1 virus was discovered.
1 file out of 114411 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
2 encrypted files were not checked.
This is a virus
that affects android OS. Which is technically Linux.
A virus can be written for any platform or any application, It is
just that there are not too many for Linux yet. Linux on the Desktop
is not popular enough to gain traction from Virus writers to write
viruses for. As you see there was only One Virus found in the total
scan.
Linux is inherently secure. It is very difficult to write a virus
that affects Linux seriously. The Shellshock and Heartbleed bugs were
vulnerabilities in the Bash and Openssl Programs which were fixed
quickly. There has not been any virus that could kill your machine, because Linux is secure by design.
There could be viruses written even
for Linux that could do some really nasty things, Most of these would
leverage vulnerabilities in the Applications installed and not in the
Linux Kernel itself or may be they could. I don't know. However as of
now Linux is not affected by many viruses.
So what I am saying is that it is a Myth that you don't get viruses
when you are on Linux. You do, you don't have too many of them
affecting Linux. A file that may seem totally harmless on your Linux
Machine may cause havoc on some other platforms because it had a
virus which did not affect you because you were on Linux and it
literally killed some one's machine because they were using an
alternate OS and did not have their Anti-virus software catch it in
time.
We all should be aware that Viruses are possible for Linux,or for any
OS for that matter, It is just that Writing Virus for Linux is a pain,
and a totally no profit job, especially on the Desktop Side of
things.
So Please consider installing an Anti-virus software like Clam AV, Sophos Commodo etc.. which are free and provide at least basic
protection on Linux.
Thanks for reading.