Search This Blog

Wednesday, August 12, 2015

Viruses and Linux


Viruses and Linux


This is a very famous saying and one of the biggest myths around Linux that there are no viruses on Linux. Almost everybody using Linux thinks that they don't need an antivirus. This is not the case though.

In order to understand this we first need to understand what a Virus/worm/trojan etc. Is. In very simple verbiage, anything on your computer that is causing unwanted behavior. Anything that you did not install by our own with complete knowledge an is causing harm. Something that has sneaked into your computer and is performing unwanted operations would fall under the broad term Virus.

A program which is trying to make copies of itself, trying to delete files from your system, trying to monitor your system and sending information to some remote hacker etc... There are many more things that so called Virus/Malware/Adware/Worms/Trojans/rootkits/keyloggers etc... can do. These are specifically engineered pieces of software, designed to stay disguised and remain untraced for the most part, i case of a 0 Day threat and do the activities they were designed to do.

So there is a general purpose definition and then there are more specific definitions of these programs that we classify as Viruses/Malware/Adware/Worms/Trojans/rootkits/keyloggers etc.. Their classification entirely depends on the way they operate and what part of the System they attack. All viruses don't operate in the same way, hence their definitions are different.

Now let us understand what an Anti-virus does?


An antivirus is a Program which is aware of the Operation of these programs, The specific areas of the OS/Application that the viruses target and the way these operate. Like I said, Once viruses are classified based on what they do and how they do, Once could write a signature program for the class and using the Antivirus program, Once could catch these programs by scanning the computer. We however first need to understand and study the Virus and tell the Antivirus program what a Virus looks like. We call these signatures as AV Definitions. These are maintained by the Company making the AV.

Anti-virus software relies on the Virus definitions to stay up to date with new kind of Viruses, These definitions are maintained by the maker of the Anti-virus and are delivered via updates to the Anti-virus program.

The Scan Engine on the Anti-Virus program is specially designed to read files on the system and even the memory some times and compare them against the know virus signatures and  alert the user, The user can then choose to delete the files or clean them of the hidden viruses if possible.


The are are hundreds of viruses being designed every day. Each with different purpose. Antivirus software is getting smarter and so are the Virus writers.

As we all know that Microsoft Windows is the biggest target of these so called Virus Writers, But do we know for sure that Viruses are not being written for Linux? Or if you are using Linux there are no Chances of getting virus infections on your computer?

Well this is a bit complicated to answer so let me try to break it down for you.

Since Windows has the largest user base in entire PC market, It is obvious that it is the most targeted platform. Linux on the desktop has a very small to negligible footprint in comparison with Windows. So there are very less attacks/viruses.

There are however viruses for Linux as well but not too many.

For example I scanned my Laptop today and I got this


rajat@trusty:/tmp/sophos-av$ sudo savscan /
SAVScan virus detection utility
Version 5.12.0 [Linux/AMD64]
Virus data version 5.15, May 2015
Includes detection for 9239070 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 10:15:17 IST, System date 13 August 2015

Quick Scanning

Could not open /run/user/1000/gvfs
Could not open /usr/share/doc/python-pyexiv2-doc/_static/jquery.js
>>> Virus 'Andr/DroidRt-M' found in file /home/rajat/XXX/XXXX/XXXXX motochopper BY djrbliss on droidrzr.com/motochopper/pwn

114411 files scanned in 25 minutes and 24 seconds.
4 errors were encountered.
1 virus was discovered.
1 file out of 114411 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
2 encrypted files were not checked.

This is a virus that affects android OS. Which is technically Linux.

A virus can be written for any platform or any application, It is just that there are not too many for Linux yet. Linux on the Desktop is not popular enough to gain traction from Virus writers to write viruses for. As you see there was only One Virus found in the total scan.

Linux is inherently secure. It is very difficult to write a virus that affects Linux seriously. The Shellshock and Heartbleed bugs were vulnerabilities in the Bash and Openssl Programs which were fixed quickly. There has not been any virus that could kill your machine, because Linux is secure by design.

There could be viruses written even for Linux that could do some really nasty things, Most of these would leverage vulnerabilities in the Applications installed and not in the Linux Kernel itself or may be they could. I don't know. However as of now Linux is not affected by many viruses.

So what I am saying is that it is a Myth that you don't get viruses when you are on Linux. You do, you don't have too many of them affecting Linux. A file that may seem totally harmless on your Linux Machine may cause havoc on some other platforms because it had a virus which did not affect you because you were on Linux and it literally killed some one's machine because they were using an alternate OS and did not have their Anti-virus software catch it in time.

We all should be aware that Viruses are possible for Linux,or for any OS for that matter, It is just that Writing Virus for Linux is a pain, and a totally no profit job, especially on the Desktop Side of things.

So Please consider installing an Anti-virus software like Clam AV, Sophos Commodo etc.. which are free and provide at least basic protection on Linux.

Thanks for reading.