Discussion on:

With the rise of the Linux desktop, will viruses follow?

I've used windows since it first appeared thru Win95, now Win7 and there is always the risk of virus attacks even with paid virus protection software.

I've used Linux since Slackware was first introduced ... but have been an Ubuntu user for many years and have NEVER had even the hint of a virus and as far as I know, no one I am in communication with that uses Linux has ever seen a virus either.

I personally think about the only risk to Linux users is just plain basic system security common sense. Don't all root login via ssh, keep your password safe & use good passwords etc... which of course are the same things you'd do with Windows.

As system admins, engineers and developers we can prefer security, restrictions etc. but lots of the people will prefer to run everything without so much questions (remember how people hate from Vista) This is why they use linux. Of course when they lost their files due to a virus they'll start blaming but still they'll not run linux, because it'll be a very complex system for them. Even so many businesses will prefer to run insecure systems behind a firewall. Because when they install the new security patch so many applications will not work, will take a long time to fix and nobody can answer the claims. With current business model is it possible to dominate the desktop of average Joe?

You would also get more devs fixing holes.
In the end, I think it would balance out. Some unlucky people (probably face book users) will get viruses as they are fresh. But then patches will quickly appear and everyone else will be safe.
That and probably the most vulnerable code will be close source code like Flash and silverlight.

The first "viruses" were on Unix, and the usual attempt was to alter commands. To do that, they needed a "secure shell" like SSH or telnet. It is easy to move telnet to "guest" user and disable SSH port and then inhibit remote login to the few that needs it. There is no way you can change essential parts of Linux or MacOS without having to ask for the Admin password from the user, and been provided this. But, it is fully possible to embed a script in a Jpeg picture, that executes in the user's own context.
If the user wants to see picture effects, video (Flash definitely contains a dangerous script language) and rich media, you will need a way to connect the presentation of these to local applications. These must be able to execute scripts, also to verify and authenticate.
Knowing some of the flaws that allows viruses, I don't expect the developers will have to worry much, except that their code will be inspected to verify that it does just what it should and nothing else. The rest is simple. On Linux and MacOS, an application cannot modify another by accident. It cannot debug the kernel, it cannot chage the "rm" command. Should a pointer go way out in the blue, it will be trapped, and cannot "see" the memory of others (beside allocated shared memory).
I believe most hacks originates from Linux today, since they can leave without making a trace. They have seen to that their systems cannot be hacked. So those writing virus scanners today are facing a bleak future.

Maybe it is harder to crack, but impervious? Don't think so. Here's another theory:
Could it be that hackers see Linux as part of the same counter culture movement that they belong to so why would they break into their own house? OK... It's a bit cynical but I it's a theory - nothing more... Tthe lack of viruses on the platform is for real and there is definitely something to be said for the open source system helping to resolve these things. BTW I have an android tablet that had the rotate feature crippled by a manufacturer pushed upgrade in OS level. Problem is there is no vector to get to the manufacturer and they have no official response even though it is a known problem. Why do I mention this? Well taking this discussion into account - maybe Linux/ubuntu does have a future on the tablet platform. At least with open source somebody who can do something may actually be listening.. (hear this Acer???)

Hackers are a diverse lot.
1) There is the counter culture like Anonymous, they will break into government computers (linux or wintel). Lulz will do just everybody if you happen to piss them off...
2) There are criminal hackers like the Russian Business Network. they will break into anything where they expect to make money. Wintel offers bigger bonusses than linux, but that's not much of a safeguard.
3) State hackers like Chines Army, Iranian Guard, Israels Mossad and the American agencies like CIA, FBI, NSA. They will break into anything, which they suspect, Linux, wintel or Apple. Not much of a safeguard either.

In the end: with the rise of Linux there will be more break-ins. And a lot of break-ins are browser-attacks...

When you have a kernel built on a sound basis, you cannot hack it. If you ever wrote a production operating system, you would understand. With virtual memory on main frames you have "keys" for each user and that prevents them from accessing other users or the nucleus (kernel). While you may POSSIBLY be able to attack the application in a particular user's memory, you won't be able to attack another user's nor the kernel. A good kernel will not provide any back doors to other components, unlike Windows gives access to its other products .

Most viruses are not possible on Linux/MacOS. Only trojans, and for all, they can only get to the files you can get to without any effort. Regarding Linux on the tablet, most early days tablets ran Linux. Then the "analysts" demanded Windows, and Steve Jobs finally got them to make it with their variant of Unix: iOS. But the tablets came from Linux and will most likely return here because of the rich applications you find here.

Is Linux more secure than Windows? Probably, but it's hardly perfect. Equal growth, maybe not. But never say never. As Linux popularity increases the value of attacking it will increase. As that value increases, so will the attacks. It's pretty basic market economics. There are already a number of Linux server exploits. I suspect a lot of this is due in part to Linux popularity in that area.

I also think it makes no sense to define the problem narrowly. Rootkits, worms and other malware are problems. Malware is an issue for every OS, even Linux and BSD. It's only going to get worse as the value of attacks increase.

Finally, the OS isn't the only attack path. Applications present attack paths as well. Linux may provide better tools for dealing with this, but very few installations apply those tools effectively. It's only going to get worse when less technically oriented users become a higher proportion of the base.

unless some nitwit makes a distro which logs on as root for convenience and it becomes popular.

I have seen the same logic said for the Mac OS, yet it's met by derision by the Windows folks. Will it be the same here?

I am in year 11 of using Linux as my only system. During that time I have introduced family and friends to Linux and estimate we have collectively 60 years of run time and so far as I know the only successful attack was against my Daughters Yahoo online email address book which we caught right away and she had to change her password. That was a Yahoo problem and was a spam bot thst passed through emails that appeared to come from a friend.

... to [Yes (lots)] and [Yes (a few)] -- I mean, if the number of Linux viruses tripled, we'd get to what... 1 a year? I think there will be an increase, but not an alarming amount... Because of this fact, I did vote Yes, but I don't see this as "the end of the world."

It's human nature to "not fix what isn't broken" and I think a lot of the viruses for Linux that may be created in the future will not target the latest-n-greatest kernel, but concentrate on older vulnerabilities that people don't patch for. For this to be "cost effective" for the virus creators, there has to be a "critical mass" of Linux machines already (which *might* happen in the next few years) and then wait for these individuals to ignore the patch manager. It's also possible that the virus creators could target embedded machines (routers, wireless APs, etc.) that would not be patched on a regular basis -- there are a *lot* of those machines out there now.

And there are very secure closed-source operating systems out there - I don't believe there was ever a virus written for VMS, for example; and there were a *lot* of VAXen installed at one point in previous history... [[ Yes, I still have a couple in my basement... ]]

Since there are, to date, NO viirii in the wild, the appearance of one would be an increase. The increase in numbers of Linux machines is less the issue than what is to be gained by the cracker. No profit, no attack. Given the general profile of Linux users, if a successful attack was crafted, they would detect and kill it quickly. Thus no profit. It is possible there may be a few crackers out there who would go to the time and trouble of writing malware for Linux just to prove it could be done, but I do not forsee any serious efforts.

"Given the general profile of Linux users"

That may be true now, but if Linux were to draw a large number of users away from Windows(and possibly Mac) that general profile would change. One of the reasons that the recent Mac virii ave had success, even with a similar security setup to Linux/BSD/Unix, is that many of the users infected were previously Windows users that switched to the "virus-free" Mac. Rmember when Mac users and ads were spouting the line "there are no viruses for Macs"? People bought into that, got Macs, assumed they were safe and wound up authorizing the malware when hackers started writing it.

Switching to a "more secure" platform had not helped them in the least because the basic behaviours which got them into trouble in the past had not been corrected. And having masses of people switch to Linux would net the same effect. It does not matter how secure a platform is if the user behaviour is not fixed. Once the platform becomes a large enough target hackers will start trying to break it in earnest.

and expressed it better.

I totally agree with you. The protection offered by the need to enter sudo to gain admin rights is no protection if the user keeps typing it every time it is requested (or the password via GUI) without understanding what's happening.
As I teach in my training to users: the IT department with their AV, UTM and firewalls won't do much for you if you keep inviting the bad guys in. Users are the guardians of their system, period. You need to learn to use a computer safely and keep updating your skills.
The problem with computers today is that most users and specially business users have their priorities for attention and learning on the job they are supposed to complete; many see the PC and all its issues as a burden they don't want to go through. They just wan to "use" the computer without getting a "master degree" in its use. This is the most common complain among my company's users: "I don't want to be a computer expert; I wan to do my job".

I agree with the ROI camp. As the number of desktop, tablets etc grows it will become worthwhile to exploit. Just look at Android. Looks to be easily exploited through social engineering and poisoned apps. The distro will open Linux in general to attack.

As I remember Lindows did at one point log in as root.

Android is based on Linux. True, while it isn't an actual open source OS, it has had its vulnerabilities exploited. Why? I believe because of its popularity, and its use by people who have NO IDEA how to use it. I don't believe you need to verify passwords to install or change stuff on it either, whether because it's logged on as root, or whatever. That could be a point, as well.
I tried last night to put a program on my Linux desktop computer, it used to work, but with a few updates to the kernal and a new release under its belt, enough dependencies were broken to where I couldn't figure it out. "Compile from source" was the solution. Well, being the geek I am, I still haven't figured THAT out. The instructions were too vague and confusing. BUT I couldn't just download a new program and bam.. have it work (and who knows what came in with it?) True I could have gotten the updated version but I've tried that and it works horribly. I think I should have stuck with the old distro, the old versions, etc. where everything worked!
Part of the problem was, this is not a Linux native program, but converted for it from Windows. Most likely it's horribly complicated and never will "just work" on Linux.

I like the 4-point concept you noted. But, getting back to some basics, I think there are additional reasons for the low occurrence of vulnerabilities.

The Attack Surface
From a security stand-point, the greatest attack surface is always going to be the most likely target to produce a favorable outcome. In military terms, it's easier to hit a larger attack surface than a smaller one; EG: putting a 50-cal projectile through the top of a beer bottle is far more difficult than tossing a grenade into a fox hole.

We all have to justify our time output for likely success; if you never hit a target, the game becomes less productive towards the goal. This probability calculator must also apply to those that make viruses. Windows OS is the biggest target. Should Linux ever get to that place it may represent the greatest likelihood of attack success.

But, there is another important factor as well...

Corporate vs. Open Source Development
Developers know what to do and what not to do. Corporations need to release on a date though; software ready or not. A release date is not chosen for the greatest good of the software/product but by quarterly need to keep the executives off middle management backs; everything rolls down hill.

Open Source developers build with purpose and don't release until that purpose is met. They understand the importance of commenting their code, for example, so they don't forget the purpose of a code block and accidentally remove it at a later date during a rewrite. These comments serve as long-term memory and ultimately a set of requirements for the next go-round of development. You would be surprised how many large corporate development initiatives forgo this simple but important concept in the interest of time.

Then there are the 4 points you've noted. Only the most competent can achieve this kind of ninja-like movement. The corporate types could do this as well if they weren't trying to meet other deadlines.

It should be noted too that MS has less than a thousand developers and testers in their offices while open source projects will allow test results and bug reports from anyone in the world. Who has the bigger staff?

The last point is Software Regression
When an open source project puts in a fix it's in forever. Not till the next release or a new version - forever. A test case is added to cover the fix for the exploit and test automation is run on every subsequent build. Simple concept rarely happens in the corporation. In open source projects, if you see an exploit you're only likely to see it once and never again.

Security vs. Usability
The security design is the most important thing though. When a virus comes to the desktop the differences between Windows and Linux is clear:
1) Both accept email and store contents in a temporary location while you're reading a message. Linux stores them in /tmp and Windows, in a folder deep in the users applications directory.
2) During this temporary storage (pending user forward/reply/deleting the message) the difference is:
*Linux stores message and payload without the ability to execute.
*Windows stores message and payload with the ability to execute.
*This assertion is testable, test it.

Security vs. Usability is usually the argument I get at this point - not an issue. My Linux email works without the security gap just as Windows does with it.

This one security measure is (more likely was) the single greatest problem contributing to virus execution. Seems like a simple fix. Apparently, since Microsoft hasn't fixed it in 20 years, it's more complicated than that.

Either way, the easiest way to get a virus is to open Outlook and start forwarding joke emails. You'll find out just how funny they are soon enough.

Moving Forward
A heavier reliance on web-mail would fix most of these problems; then employ one server-side solution to scan emails for everyone before viruses make it to the desktop. I use a combination of postfix/greylisting (though it's more complicated that that) to filter messages before they ever hit MS Exchange.

Then you're (mostly) only left with web-based attacks, malicious scripting embedded in web sites; it's the one thing facebook and porno sites have in common.

After that, it's going to boil-down to a little training and common sense.

Good article, Jack

"With the rise of the Linux desktop..."

What rise? Anybody got numbers showing desktop installation beyond the same 5% of the market it has been stuck at for the last decade? Did I miss another 'Year of The Penguin' manifesto?

The increase in Linux viruses is doubtful because the increase in Linux desktops is doubtful.

I don't mind a differing opinion, but tell me who you are and what you disagreed with.

Obviously you have not been reading other articles regarding more people moving to Ubuntu from Windows. As the Linux desktop becomes easier to utilize you will have more people using it. Unfortunately for Microsoft more people are bashing Windows 8 and the Metro interface, many suggesting to stay with Windows 7 or move to a Linux based OS. And you might want to check your figures, 5% is rather low, or are you only looking at the users in the US?

NetMarketShare statistics show a slight DECREASE in desktop Linux
visitors to their sites over the past couple of months! That 5% is also
rather too high...probably a tad over 1%.
Here's an excerpt from a recent ZDNet post by Jack Schofield...
"Since October 2011, Windows' total market share has declined by .09 percentage points from 91.86 percent to 91.77 percent, while Mac OS X has grown by 0.19 percentage points from 6.94 percent to 7.13 percent. In a three-horse race, Linux has declined slightly from 1.19 percent to 1.10 percent. This may represent some open source supporters buying proprietary Macs, as described by Gnome co-founder Miguael de Icaza in a recent blog post, What Killed the Linux Desktop."
And here's the link to the post...
http://www.zdnet.com/windows-7-overtakes-xp-mac-os-x-steams-ahead-of-vista-7000003591/

And, if you don't like ZDNet, how about a link to another article at PingDom...
http://royal.pingdom.com/2012/02/28/linux-is-the-worlds-fastest-growing-desktop-os-up-64-percent-in-9-months/

http://en.wikipedia.org/wiki/Usage_share_of_operating_systems

although I can understand questioning Wikipedia's accuracy. There's this one, too:

http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8

I confess I didn't check before posting the 5% number. I assumed it would have at least held ground since I last checked. That figure is obviously out of date, unfortunately. Maybe it will see a bump after W8 is released; maybe.

I'd like to see Linux get a greater share of the desktop, but many of us have been hearing those trumpets blown for years. Besides, Linux is a success in every other platform and application; it doesn't need the desktop. Anyway, haven't we been hearing the desktop is dying for almost as long?

collect, as they say:
quote
We collect data from the browsers of site visitors to our exclusive on-demand network of HitsLink Analytics and SharePost clients.
end quote
I know lots of people who have security settings on their systems and browsers that kill the ability of web sites to collect this data, heck the settings are recommended by a lot of law enforcement organisations as part of Internet security. Also, I'm sure there are large numbers of people who do NOT visit any of the sites they use to collect data. All of which lowers the validity of the data collected.

As best as I can tell from the archives for the last few years they show very little growth in Linux desktops, yet we know a number of large government agencies in Europe have switched from Windows to Linux and have seen a significant growth in the use of Ubuntu Linux and its derivation in recent years as well - yet no change in the overall percentage by these people.

If the majority of their data collection is from USA based retail sites then I would expect to see results that reflect the US IT market sales trends. I would also expect them to be like those stats on Linux desktop usage based on retail sales of systems preloaded with Linux, a process that represents a one digit fraction of actual new Linux systems that bears no relationship to the numbers of Linux downloads.

It's highly possible these stats are representative of the major US sites, but I doubt they are really that representative of the world wide stats.

The problem I have with Schofield's analysis is he is using percentages. In one way it is not as meaningful as showing absolute numbers. For example, if there are a 1000 Windows users out there and 100 more people buy a new (or first) PC then the percent just for Windows is 10%. Now if you have 100 Apple users and 15 people buy a new Apple PC, it is also a 15% increase, but overall 15 out of 1100 is a bit more than 1%. Now if you have 10 Linux users and 5 people hop on the Linux bandwagon, you have a 50% increase, but less the 0.5% overall.

One thing that will hinder Linux catching on with the general public is Ubuntu's switch to Unity. To many in the Linux community, it is as bad as Microsoft switching to Metro (or whatever). The Gnome 2 desktop had sufficient familiarity to XP and earlier Windows versions - even Windows 7 (which has generated a lot of complaints from XP users). Other distros, such as Mint and other Ubuntu/Debian based distros, have different desktops and they are also affected by the move to Unity and Gnome 3. I have used the KDE desktop and, while it is OK, it is not Gnome 2. Now you have to install MATE or something similar to get the look and feel of Gnome 2. ZorinOS and SolusOS are trying to pick up the slack, but it will take a while before they gain popularity within the Linux community.

Remember, when you are posting on this type of web sites, you are not the average (or typical) home user, whose knowledge of PCs is extremely limited. They know how to log on, do e-mail, surf the web and maybe one or two other basic functions. One reason why tablets are so popular - a lot more portable, similar to their I-Phone (or clone) and do the basic functions. Typically, the e-mails sent are short, one liners (send from my I-phone) and/or pictures of the kiddies taken. Probably why Microsoft "seems to be abandoning" the desktop - they figure the business world has technical personnel (or access to a tech person) who can lead them to the desktop they have come to know (and, some, even love).

They just switched to Mint and other alternatives.

it was, is and always will be a duplication of MACOS ui, not windows.
KDE is windows look.
both are GARBAGE, way to bloated to be usable.

Those sites are completely unreliable for unbiased numbers for operating systems. NetMarketShare, for example, has had Linux numbers that vary relatively wildly up and down recently.

Wikimedia stats numbers are much more unbiased and believable. The only issue with them is that Linux growth on the desktop appears relatively flat percentagewise because of the growth of mobile over recent years. If you consider only the percentage of non-mobile Linux use compared to total non-mobile figures you will see that Linux desktop use has grown pretty steadily since the numbers started in 2009, with over a 30 percent increase during that time period. Whether this will continue or not I couldn't tell you, but it appears that Linux desktop use has been rising.

"...since the numbers started in 2009, with over a 30 percent increase during that time period."

Source, please.

A 30% growth from even a 5% starting point is less than 7%. Depending on the method of measuring, that might be within the margin of error.

and centre, I wonder just WHERE these people are getting their stats from. They claim Linux desktops are static or decreasing, but it's during a period when European agencies are switching to Linux and Unix by the bucket load. I also know of groups of people in third world countries putting Linux on used equipment due to not being able to afford legal copies of Windows and the pressure to clean up pirate copies has had an effect in their area.

I strongly suspect the stats are based mainly on US usage and possibly on units sold with Linux preloaded, which means they aren't truly representative of the world usage.

A few fanatics and one or two clusters.

Oh and don't start with the fanboy crap. I work and play on both.

I don't believe the windows stats either.

And there are thousands of exploits for Linux servers. Just because the vulnerability has been patched doesn't mean there aren't countless exploitable servers still in the wild. If you stay on top of things and are constantly installing updates then you can stay reasonably secure but there is still the possibility of getting hit with a 0-day, the same as on any other platform.

Obviously no system is completely immune. Linux was, is and will probably keep being order(s) of magnitude more secure than Windows, especially because of the availability of white box peer review.

Nonetheless, and even taking into account the patching system you describe, when (if) the userbase increases well enough, there will be eventually a sufficient number of careless users who will disable automatic updates AND ignore every advise about updating unsecure packages (maybe carrying over a history of doing that in the windows world).

When (if) that number is significant enough, linux viruses may get to a point of being viable and they may appear.

What I think is that, for a security relatively conscious user, linux will remain orders of magnitude more secure than windows and easier to mantain clean.

But this statement is simply not true
>any user of Linux would know if an email attachment asked for an administrative-level password, shenanigans were afoot.

Every IT support professional knows that you cannot underestimate the stupidity of the end-user. If the email was phrased correctly then some would.

Mr Wallen is saying we'd treat just being asked as suspicious,whereas unfortunatley many windows users either wouldn't get prompted becasue they turned UAC off, or would curse it and click okay.

Social attacks, aside from not allowing the user any privileges on their machine, only education can alleviate.

I can't tell you how many times I've stood beside a user and watch him click 'Yes' or 'OK', then have them be unable to tell me what he just clicked. I've seen them get two different errors but refer to them as the same one. They just don't look.

It makes sense, this new trend towards silent crashing instead of error messages that phones are setting.

The user is complaining that all there data keeps getting deleted.

So I watch them, they click the "override totals" checkbox, which spawns a message asking if they want to delete the existing data, Yes, No, Cancel.
And without reading it, they click Yes, and then say "see, all the data is gone, make it stop doing that"
So I have to show them that if they click No, that doesn't happen, they didn't even read the message. And this isn't just one person, around 30 people have had this issue.

Your users aren't *given* administrator passwords. They are users, you are the admin. The phishing email fails because *you* know better and your user couldn't make that mistake for you.

In the case of a networked/work station being run as part of a business then yes; but the article does not specifically refer to that it refers to Linux Desktops generically - so there may be no admin person who has that controlling admin password, a user may well have it having had their parent/friend etc install Linux on a Desktop machine. My point was that if there is the opportunity for people to act stupidly, some of them will do so.

you still get bugged for an admin password on almost every operation. One of the irritating things when I am using the Admin logon in Linux. I had to give the correct PW when logging on, and again and again on nearly every task. Yes, I can open up a "root terminal" (or root file manager), but there are still situations where I have to supply the PW over and over again.

BTW, anyone who has at least some knowledge and sets up a Linux desktop for Grandma (or Mom) should know better and set up an Admin account and then a user account (and don't tell her the password). I would also do the same for Windows (or a Mac).

if you want to

I am aware you can do that, but for a user maybe, but not the Admin (IMO and others).

Grandma should have the root password somewhere, in case you get hit by a truck. Give it to Cousin Bob or Aunt Sally, but make sure someone else has it.

UNCLE - that's who I will give it too. Problem is if "Grandma" is like my mother was, she would forget she had it and, if she remembered, she would forget where she put it.

yes,I'm sure the governments of china ,Russia and the USA already have viruses that can attack any type of Linux system,look at Iran's trouble with attacks on it's nuclear program,they probably are using Linux since it is illegal for any US company to sell them software.

Illegal to sell = highly lucrative and better still untaxable business opportunity.

Your tin foil hat, has huge holes in it.

being observed

The problem with Windows, is it was built on a garbage base. While that base has been improved over the years, it is still an unsound base. Much of the underlaying code is still the same - to maintain compatibility as much as possible. I had to buy a new desktop a year ago. It came with Windows 7 and I have probably had over a thousand updates since, about 85 - 90% being Microsoft security updates - I don't think I had that many on XP over 10 years of use. I also use Ubuntu and a couple of variants. I have not had anywhere near the high percentage of security updates as I have had on Windows. The Linux/Unix base is much more secure and tougher to break than the Windows base. If you are going to "break into the system", it would have to be through some application - e.g., Java. IBM mainframes have always been quite secure. I remember 2600 magazine, publishing an article, attempting to hack into IBM's VM system a few years back and could not do it. If you ever developed or worked on an operating system kernel (or a database), you would get a glimmer of what it takes to try and hack a well defined and crafted OS.

Those were Siemens systems running Windows in Iran.

that they bought from China - illegal copies, of course.

Of course they've hacked Linux, they'd be stupid not to

Viruses sprang up as a political protest to MS trading monopoly.Since then its developed into an industry and gravy train.A program was put together for OI Unix but there were very few users of the program as there were few viruses for this highly secure system.

Apple still has only a few problems after some ten years of exposure which sheds doubt on the theory that as adoption takes place viruses and malware goes up ?

Viruses predate Microsoft's desktop dominance.

On what system did they dominate. The interrnet wasn't well know untilpeople started using PCs. It was known to DARPA, some of the universities and some of the big businesses that interfaced with the universities and the military (even the military did not use it that widely - it was mostly for research and the connection was typically via telephone line. I first used it back in the 80s. We used it to communicate project and research information - exchanging ideas.

In the early days of the PC, you could get a 2400 baud (or less) modem for a "princely price) and connect to a local bulletin board (or if one had an 800 number or you had Gate's and Buffett's money and long distance was not a problem).

My point was that viruses weren't created to protest Microsoft, that viruses were around before Microsoft, even back in those 2400 baud days. They weren't as varied or malicious as today's malware (more like common colds than AIDS) but they've existed in some form ever since the first hacker decided he wanted to pull a prank on his BBS buddies.

used to rerun them on old apple II+ comps.

one of the best with the rise of the eisa pc, the "drink holder" from coke.
run it, it asks if you want a gift from coke, didn't matter what you did, it opened the cdrom

my favorite of them what the replace the prompt and everything the use did just got insults thrown at him, until they did a complete restart of the system.

they call them Windows System messages now, not abuse notes.

Just look at Android.

But that doesn't mean Linux is/was/or will ever be as insecure as Windows. The article hints but misses the reason for this:

Linux says, Hey hackers, heres my immune system! Find my weaknesses and use them to your advantage. And yet, they dont.

But they do! And this is precisely why Linux is more secure. The vulnerabilities have been found and subsequently fixed. Not only that, but many of the hackers that find the holes are also the ones who patch them. Only open-source OS's can offer such peace of mind.

Security through obscurity (the Microsoft/Apple way) is the true myth.

... that concern me. They tend to be destructive, overt, and [relatively] easily discernible. I'd be much more concerned about key-loggers and the like.

Even with my limited experience, I've already seen software that proclaimed the ability to be installed - or self-install - w/o admin authority. 'Twould be no great feat to make such an installation transparent to the current user. In truth, how do you know you're not infected right now? As in any security issue, you never know how good it was until it fails - then it wasn't good enough.

Apple went decades with the brag that they were virus-proof - one (1) of their brags of superiority over Windows. But I've seen a number of malware incidents mentioned in the last couple of years, after their user base increased. Since, in fact, they switched to OSX - a *nix derivative.

Sorry, Jack, but I don't find your conclusions tenable. Not all malicious intent is readily discernible. And the successful thief is the one who gets away. You'll only know if you've been attacked when something overt happens, and then it's too late. I can appreciate the thread of your thoughts, but I consider it foolhardy, at best: there's an old saying, which I can no longer quote, to the effect that whatever Man can build, Man can destroy. This falls into that venue.

Linux is an o/s that is used by IT literate people and that alone will protect anything within reason.

You have heard of pebkac I am sure. You have to at least give windows some leeway due to the number of users that self inflict and not know or understand what it is they do that annoys us.

If and only if it gets into mainstream use then there will be a few headaches for Linux as well..
Linux has a lot going for it to reduce the ongoing problems of viruses but they cannot reprogram users. Maybe Linux should stay as it is so we can have an o/s to use without hassle.

I have been using Linux platforms, since the millennium bug. prior to that I was blind and used Windoze. Never had an issue with Linux Desktops or Servers that warranted re-formatting.

Apart from warnings to rootkits from programs such as, chkrootkit and rkhunter, which notified me and subsequently removed said threat, as oppose to friends and family contacting me that they got this virus or trojan. I tell them that I am a Linux/NOC engineer but it seems to fall on deaf ears.

A very thought provoking article, for instance...
+ a virus doesn't create itself it is crafted by a maladjusted individual intent on causing harm and/or raising money
+ the nature of the Windows o/s may make it an easier target to crack than Linux, but the prevalence of Windows over Linux makes it far more profitable
+ admittedly, receiving a prompt for the admin/sudo password should ring alarm bells, but if you're installing from a repo, there is a miniscule chance that the repo has been hacked
+ although bug-fixing in the open source community sounds more robust than Windows, the user still faces the same choice: either apply all the updates under the sun & do without your 3rd party package until it's patched or run with what you have & hope you don't get caught
+ and finally, any feeble-minded user who is likely to click on a link in an unsolicited email is equally likely to enter the root password when prompted of course, it may be that the IT competence of an average Linux user is higher than the Windows counterpart

I voted "unsure" in the poll, because there is another element to take into account: statistics or even better, quantities. Besides the fact Unix (and maybe, particularly, Linux, because of the Open Source weakness handling) is much less vulnerable, the still very low user numbers mean it is not interesting for hackers compared to Windows with it's plethora of users and applications. Apple OS's (also Unix flavors for quite some time) came more and more under attack as Apple's market share developed. I'm afraid this might also happen to Linux, when there will be enough momentum in the system...

Security un-awareness may help viruses to affect linux. Say one can stay logged in with the root and he wont read the popups/ messages/ warnings and will try to get rid of that by just clicking yes/ no.

Over the years (too long to remember) i have used windows - from 3.1 to 3.11 to 95 to 98 to 98SE to XP (gave ME and Vista a miss, tried W7, will never try or use W8) and over that time i have had numerous virus attacks and numerous crashes. With XP and the numerous anti-virus progs now available for free there really is no excuse to be caught out by viruses - if you use a smidgeon of common sense.

Meanwhile, i have one machine that has run Linux Mint for about 2 years, been operating non-stop for that time and have not had 1 crash, not one virus warning. So figure. So i guess that when MS stops updating XP i will be migrating all of my other computers (4 + laptop) to Linux. I am about to build another computer to try out some of the many Linux distros that are available.

With MS's business model for W8 I believe that more and more people (with multiple computers) will turn to Linux because they dont have to shell out hard cash for individual licenses for each of their computers and all upgrades for Linux are free.

So, with the rise of the Linux Desktop. will viruses follow??? Possibly, but only if someone from within the Linux community turns rogue and starts writing such programs - most unlikely, because the Linux community, collectively, has alot of reputations and pride tied up in Linux.

It is user error that causes viruses to get on machines. A virus can't get on your machine without you telling it to get on your machine (in one way or another). My Windows LT stays virus free as long as I don't let anyone else use it. On my home Windows desktop I have to keep virus software on because my wife and kids can't stop clicking on stupid stuff. My Windows LT and my Ubuntu LT have had the same number of viruses over the past 2 years: 0.

At the moment, the large majority of Linux users are knowledgeable in cyber security. The more the OS gets mainstream, the more "ID10T" errors will show up because more non-trained folks will start using them. The more mainstream an OS is, the more viruses are written for it. The combination of these two will mean that, yes, there will be more viruses for Linux. As many as for Windows? I doubt it, but viruses will infect those who can't help but click on stuff no matter what OS they run.

But there are people out there that randomly check IP addresses and run various exploits against your computer to find a weakness.

I used to get these all the time, and my outside server still sees them often.

One of my favorites was Win95/98/ME If you shared your C drive, after a little while you might notice new screen savors showing up. These were actually virus files. Or another that required the same situation, but I have no idea what it did, my old Nortan 2001 stomped it out every few hours.
XP and Win7 are not immune either, several commercial programs can install themselves without user permission, even if you are not on the domain.

Users however will never be secure. Therein lies the problem. Users will always want to run with the highest level of access, will always download and click on every link / malware they can find. The high point of linux is it is much harder for them to mess up the o/s. Windows has a bigger market share and is therefore a bigger target, because people have much more information online and the hackers want those passwords, bank pins, and confidential emails. Linux is a more safe o/s to use, but someone will find a way to hack it. Just harder to do.

I really dont see where Linux desktop is growing in popularity... Linux desktop are cool for having them at home and play with them. Enterprises (so, millions of desktops) keep on relying on Windows. Maintenance IT costs, tools, cheap consultants, millions of Microsoft partners, tons of business applications, keep on leveraging the use of Windows in the enterprise. I might see some timid improvements on the server side, but not on desktops, really???

"The Linux desktop is growing in popularity...."
Hey Jack? According to whom [besides you]? OS marke share still has Linux [all distros], stuck at around 1.2% for years - and that includes servers.
Macs have slowly increased in popularity and has also attracted malware [does anyone use the term virus - or is it even relevant now?].
But malware writers generally won't aim at an OS that has a small population - especially if they are hijacking the OS for money.

Linux has Virus Protection built into it's architecture, but computer virii are just one subset of the malware nastiness out there.

Worms, Rootkits and their ilk DO strike Linux systems. A virus is for a Linux user a very minor concern. The permissions system, and the vaguaries of the file system setup will keep it confined to a single user area.

However, there will always be a need for vigilance. In most systems, even Windows, the weakest link in the security chain is the end user. Windows users are used to thinking that virus are the only threat, but they are just one kind. There are other kinds of threats.

Any system can be broken, if the vandal has physical access.

Unix has been around for 40 years. It was built on a much more secure and protective base - same for IBM mainframes. Since Linux is nothing more than a Unix clone, it follows the same framework. I know Apple based their OS on FreeBSD, but how much worms, malware, etc. have they really picked up? Are the holes in the Apple systems via some of their applications - or via S/W like Java, Adobe, etc.?

What would be interesting would be the percentage of Windows systems that get infected vs the percentage of Apple systems that get infected vs the percentage of "nix" systems that get infected. Also include the actual numbers.

I check the update logs on my Windows 7 system and close to 90% of the hundreds of updates are for "security" purposes - I don't recall it being that high for XP. On my Linux system the number (and percentage) of security updates is way far less.

But while there may be no viruses as such in the wild (so we are led to believe) there most certainly are a massive number of exploits. Somewhere recently I was reading an article about compromised mail servers dishing out SPAM and a large number of *nix servers were detected.
Having been involved in tracking a couple script kiddies down and getting to watch their interviews it comes across that they target the MS operating systems because more often than not they want to teach a lesson to MS for one reason, they have a deep seated distain for authority or they want to show how talented they are. The last one is kind of funnyn as most of them are using tools created by someone else. They do however tend to run Linux distros and a couple have stated they do so because they can not infect their own machines.
The clowns that write virus or malware have varying reasons for why they do this with the single biggest one being they usually don't fit in with society and having spoke to a few people in the mental health area it comes across that it is often a deep seated need for recognition - even if that recognition is from other no-hopers.

I have been a Windows user since Windows 98 to now Windows 8 (Consumer Preview which I fully intend to upgrade to Professional later when it's out) and never have I seen any virus alerts or any symptoms that tells me that I'm infected like the rest of the computers that I fixed before. It boils down to your usage.

Since Windows 7 (I think) there have been an emphasis on usage of higher admin privilege that cannot be grabbed by most apps without user acknowledgement (UAC). If played right, I think UAC can serve similar purpose to "root" on Linux.

The reason why only Windows has virus threats thus far is due to it's popularity and vast usage. When Linux dominate a market someday, I think that viruses will follow suit. Not that it matters to me though.

Unix has been around since the 70s. How often do you see a Unix system getting hacked? Granted, they are controlled in an IT shop, but so is Windows in the business community and you hear more credit cards, social security numbers and the like being stolen from a Windows installation than you do an Unix installation. Makes you wonder why more businesses are switching to Linux servers over Windows (besides the cost savings and reliability).

to put a layer between those who habitually run windows as admin and the OS, they didn't like it did they? Most popular query about UAC, was How do I turn this sh*t off.

Oh and do not confuse UAC with proper privilege separation, the latter cannot be turned off.

nt

Sorry, but when only the very core of the os is even remotely identical across all distros, the variations make widespread virus vulnerabilities to ANY linux install extremely unlikely.
even a kernel base exploit would only affect a small fraction of systems, because each distro has a slightly different kernel level, so the vulnerability impacting 1 particular release might only impact .2% of installed systems.

the LSB CORE, with the addition of xorg is the base for widespread code usage, and different cimpile options can make even that base hugely different.

so no matter how widespread linux desktop installs become, it is extremely unlikely that there would be an increase in virus activity for the os.

since I started with linux, way back when kernel 2.2 was bleeding edge, never had a virus, and [ despite cannoical's claims of it being extremely common ] only 1 time was there any attempt to crack the root account on ANY of my systems. [ like I would be stupid enough to have root login enabled in ssh anyways. ]