Discussion on:

With the rise of the Linux desktop, will viruses follow?

Your users aren't *given* administrator passwords. They are users, you are the admin. The phishing email fails because *you* know better and your user couldn't make that mistake for you.

In the case of a networked/work station being run as part of a business then yes; but the article does not specifically refer to that it refers to Linux Desktops generically - so there may be no admin person who has that controlling admin password, a user may well have it having had their parent/friend etc install Linux on a Desktop machine. My point was that if there is the opportunity for people to act stupidly, some of them will do so.

you still get bugged for an admin password on almost every operation. One of the irritating things when I am using the Admin logon in Linux. I had to give the correct PW when logging on, and again and again on nearly every task. Yes, I can open up a "root terminal" (or root file manager), but there are still situations where I have to supply the PW over and over again.

BTW, anyone who has at least some knowledge and sets up a Linux desktop for Grandma (or Mom) should know better and set up an Admin account and then a user account (and don't tell her the password). I would also do the same for Windows (or a Mac).

if you want to

I am aware you can do that, but for a user maybe, but not the Admin (IMO and others).

Grandma should have the root password somewhere, in case you get hit by a truck. Give it to Cousin Bob or Aunt Sally, but make sure someone else has it.

UNCLE - that's who I will give it too. Problem is if "Grandma" is like my mother was, she would forget she had it and, if she remembered, she would forget where she put it.

yes,I'm sure the governments of china ,Russia and the USA already have viruses that can attack any type of Linux system,look at Iran's trouble with attacks on it's nuclear program,they probably are using Linux since it is illegal for any US company to sell them software.

Illegal to sell = highly lucrative and better still untaxable business opportunity.

Your tin foil hat, has huge holes in it.

being observed

The problem with Windows, is it was built on a garbage base. While that base has been improved over the years, it is still an unsound base. Much of the underlaying code is still the same - to maintain compatibility as much as possible. I had to buy a new desktop a year ago. It came with Windows 7 and I have probably had over a thousand updates since, about 85 - 90% being Microsoft security updates - I don't think I had that many on XP over 10 years of use. I also use Ubuntu and a couple of variants. I have not had anywhere near the high percentage of security updates as I have had on Windows. The Linux/Unix base is much more secure and tougher to break than the Windows base. If you are going to "break into the system", it would have to be through some application - e.g., Java. IBM mainframes have always been quite secure. I remember 2600 magazine, publishing an article, attempting to hack into IBM's VM system a few years back and could not do it. If you ever developed or worked on an operating system kernel (or a database), you would get a glimmer of what it takes to try and hack a well defined and crafted OS.

Those were Siemens systems running Windows in Iran.

that they bought from China - illegal copies, of course.

Of course they've hacked Linux, they'd be stupid not to

Viruses sprang up as a political protest to MS trading monopoly.Since then its developed into an industry and gravy train.A program was put together for OI Unix but there were very few users of the program as there were few viruses for this highly secure system.

Apple still has only a few problems after some ten years of exposure which sheds doubt on the theory that as adoption takes place viruses and malware goes up ?

Viruses predate Microsoft's desktop dominance.

On what system did they dominate. The interrnet wasn't well know untilpeople started using PCs. It was known to DARPA, some of the universities and some of the big businesses that interfaced with the universities and the military (even the military did not use it that widely - it was mostly for research and the connection was typically via telephone line. I first used it back in the 80s. We used it to communicate project and research information - exchanging ideas.

In the early days of the PC, you could get a 2400 baud (or less) modem for a "princely price) and connect to a local bulletin board (or if one had an 800 number or you had Gate's and Buffett's money and long distance was not a problem).

My point was that viruses weren't created to protest Microsoft, that viruses were around before Microsoft, even back in those 2400 baud days. They weren't as varied or malicious as today's malware (more like common colds than AIDS) but they've existed in some form ever since the first hacker decided he wanted to pull a prank on his BBS buddies.

used to rerun them on old apple II+ comps.

one of the best with the rise of the eisa pc, the "drink holder" from coke.
run it, it asks if you want a gift from coke, didn't matter what you did, it opened the cdrom

my favorite of them what the replace the prompt and everything the use did just got insults thrown at him, until they did a complete restart of the system.

they call them Windows System messages now, not abuse notes.

Just look at Android.

But that doesn't mean Linux is/was/or will ever be as insecure as Windows. The article hints but misses the reason for this:

Linux says, Hey hackers, heres my immune system! Find my weaknesses and use them to your advantage. And yet, they dont.

But they do! And this is precisely why Linux is more secure. The vulnerabilities have been found and subsequently fixed. Not only that, but many of the hackers that find the holes are also the ones who patch them. Only open-source OS's can offer such peace of mind.

Security through obscurity (the Microsoft/Apple way) is the true myth.

... that concern me. They tend to be destructive, overt, and [relatively] easily discernible. I'd be much more concerned about key-loggers and the like.

Even with my limited experience, I've already seen software that proclaimed the ability to be installed - or self-install - w/o admin authority. 'Twould be no great feat to make such an installation transparent to the current user. In truth, how do you know you're not infected right now? As in any security issue, you never know how good it was until it fails - then it wasn't good enough.

Apple went decades with the brag that they were virus-proof - one (1) of their brags of superiority over Windows. But I've seen a number of malware incidents mentioned in the last couple of years, after their user base increased. Since, in fact, they switched to OSX - a *nix derivative.

Sorry, Jack, but I don't find your conclusions tenable. Not all malicious intent is readily discernible. And the successful thief is the one who gets away. You'll only know if you've been attacked when something overt happens, and then it's too late. I can appreciate the thread of your thoughts, but I consider it foolhardy, at best: there's an old saying, which I can no longer quote, to the effect that whatever Man can build, Man can destroy. This falls into that venue.

Linux is an o/s that is used by IT literate people and that alone will protect anything within reason.

You have heard of pebkac I am sure. You have to at least give windows some leeway due to the number of users that self inflict and not know or understand what it is they do that annoys us.

If and only if it gets into mainstream use then there will be a few headaches for Linux as well..
Linux has a lot going for it to reduce the ongoing problems of viruses but they cannot reprogram users. Maybe Linux should stay as it is so we can have an o/s to use without hassle.

I have been using Linux platforms, since the millennium bug. prior to that I was blind and used Windoze. Never had an issue with Linux Desktops or Servers that warranted re-formatting.

Apart from warnings to rootkits from programs such as, chkrootkit and rkhunter, which notified me and subsequently removed said threat, as oppose to friends and family contacting me that they got this virus or trojan. I tell them that I am a Linux/NOC engineer but it seems to fall on deaf ears.

A very thought provoking article, for instance...
+ a virus doesn't create itself it is crafted by a maladjusted individual intent on causing harm and/or raising money
+ the nature of the Windows o/s may make it an easier target to crack than Linux, but the prevalence of Windows over Linux makes it far more profitable
+ admittedly, receiving a prompt for the admin/sudo password should ring alarm bells, but if you're installing from a repo, there is a miniscule chance that the repo has been hacked
+ although bug-fixing in the open source community sounds more robust than Windows, the user still faces the same choice: either apply all the updates under the sun & do without your 3rd party package until it's patched or run with what you have & hope you don't get caught
+ and finally, any feeble-minded user who is likely to click on a link in an unsolicited email is equally likely to enter the root password when prompted of course, it may be that the IT competence of an average Linux user is higher than the Windows counterpart

I voted "unsure" in the poll, because there is another element to take into account: statistics or even better, quantities. Besides the fact Unix (and maybe, particularly, Linux, because of the Open Source weakness handling) is much less vulnerable, the still very low user numbers mean it is not interesting for hackers compared to Windows with it's plethora of users and applications. Apple OS's (also Unix flavors for quite some time) came more and more under attack as Apple's market share developed. I'm afraid this might also happen to Linux, when there will be enough momentum in the system...

Security un-awareness may help viruses to affect linux. Say one can stay logged in with the root and he wont read the popups/ messages/ warnings and will try to get rid of that by just clicking yes/ no.

Over the years (too long to remember) i have used windows - from 3.1 to 3.11 to 95 to 98 to 98SE to XP (gave ME and Vista a miss, tried W7, will never try or use W8) and over that time i have had numerous virus attacks and numerous crashes. With XP and the numerous anti-virus progs now available for free there really is no excuse to be caught out by viruses - if you use a smidgeon of common sense.

Meanwhile, i have one machine that has run Linux Mint for about 2 years, been operating non-stop for that time and have not had 1 crash, not one virus warning. So figure. So i guess that when MS stops updating XP i will be migrating all of my other computers (4 + laptop) to Linux. I am about to build another computer to try out some of the many Linux distros that are available.

With MS's business model for W8 I believe that more and more people (with multiple computers) will turn to Linux because they dont have to shell out hard cash for individual licenses for each of their computers and all upgrades for Linux are free.

So, with the rise of the Linux Desktop. will viruses follow??? Possibly, but only if someone from within the Linux community turns rogue and starts writing such programs - most unlikely, because the Linux community, collectively, has alot of reputations and pride tied up in Linux.

It is user error that causes viruses to get on machines. A virus can't get on your machine without you telling it to get on your machine (in one way or another). My Windows LT stays virus free as long as I don't let anyone else use it. On my home Windows desktop I have to keep virus software on because my wife and kids can't stop clicking on stupid stuff. My Windows LT and my Ubuntu LT have had the same number of viruses over the past 2 years: 0.

At the moment, the large majority of Linux users are knowledgeable in cyber security. The more the OS gets mainstream, the more "ID10T" errors will show up because more non-trained folks will start using them. The more mainstream an OS is, the more viruses are written for it. The combination of these two will mean that, yes, there will be more viruses for Linux. As many as for Windows? I doubt it, but viruses will infect those who can't help but click on stuff no matter what OS they run.

But there are people out there that randomly check IP addresses and run various exploits against your computer to find a weakness.

I used to get these all the time, and my outside server still sees them often.

One of my favorites was Win95/98/ME If you shared your C drive, after a little while you might notice new screen savors showing up. These were actually virus files. Or another that required the same situation, but I have no idea what it did, my old Nortan 2001 stomped it out every few hours.
XP and Win7 are not immune either, several commercial programs can install themselves without user permission, even if you are not on the domain.

Users however will never be secure. Therein lies the problem. Users will always want to run with the highest level of access, will always download and click on every link / malware they can find. The high point of linux is it is much harder for them to mess up the o/s. Windows has a bigger market share and is therefore a bigger target, because people have much more information online and the hackers want those passwords, bank pins, and confidential emails. Linux is a more safe o/s to use, but someone will find a way to hack it. Just harder to do.

I really dont see where Linux desktop is growing in popularity... Linux desktop are cool for having them at home and play with them. Enterprises (so, millions of desktops) keep on relying on Windows. Maintenance IT costs, tools, cheap consultants, millions of Microsoft partners, tons of business applications, keep on leveraging the use of Windows in the enterprise. I might see some timid improvements on the server side, but not on desktops, really???

"The Linux desktop is growing in popularity...."
Hey Jack? According to whom [besides you]? OS marke share still has Linux [all distros], stuck at around 1.2% for years - and that includes servers.
Macs have slowly increased in popularity and has also attracted malware [does anyone use the term virus - or is it even relevant now?].
But malware writers generally won't aim at an OS that has a small population - especially if they are hijacking the OS for money.

Linux has Virus Protection built into it's architecture, but computer virii are just one subset of the malware nastiness out there.

Worms, Rootkits and their ilk DO strike Linux systems. A virus is for a Linux user a very minor concern. The permissions system, and the vaguaries of the file system setup will keep it confined to a single user area.

However, there will always be a need for vigilance. In most systems, even Windows, the weakest link in the security chain is the end user. Windows users are used to thinking that virus are the only threat, but they are just one kind. There are other kinds of threats.

Any system can be broken, if the vandal has physical access.

Unix has been around for 40 years. It was built on a much more secure and protective base - same for IBM mainframes. Since Linux is nothing more than a Unix clone, it follows the same framework. I know Apple based their OS on FreeBSD, but how much worms, malware, etc. have they really picked up? Are the holes in the Apple systems via some of their applications - or via S/W like Java, Adobe, etc.?

What would be interesting would be the percentage of Windows systems that get infected vs the percentage of Apple systems that get infected vs the percentage of "nix" systems that get infected. Also include the actual numbers.

I check the update logs on my Windows 7 system and close to 90% of the hundreds of updates are for "security" purposes - I don't recall it being that high for XP. On my Linux system the number (and percentage) of security updates is way far less.

But while there may be no viruses as such in the wild (so we are led to believe) there most certainly are a massive number of exploits. Somewhere recently I was reading an article about compromised mail servers dishing out SPAM and a large number of *nix servers were detected.
Having been involved in tracking a couple script kiddies down and getting to watch their interviews it comes across that they target the MS operating systems because more often than not they want to teach a lesson to MS for one reason, they have a deep seated distain for authority or they want to show how talented they are. The last one is kind of funnyn as most of them are using tools created by someone else. They do however tend to run Linux distros and a couple have stated they do so because they can not infect their own machines.
The clowns that write virus or malware have varying reasons for why they do this with the single biggest one being they usually don't fit in with society and having spoke to a few people in the mental health area it comes across that it is often a deep seated need for recognition - even if that recognition is from other no-hopers.

I have been a Windows user since Windows 98 to now Windows 8 (Consumer Preview which I fully intend to upgrade to Professional later when it's out) and never have I seen any virus alerts or any symptoms that tells me that I'm infected like the rest of the computers that I fixed before. It boils down to your usage.

Since Windows 7 (I think) there have been an emphasis on usage of higher admin privilege that cannot be grabbed by most apps without user acknowledgement (UAC). If played right, I think UAC can serve similar purpose to "root" on Linux.

The reason why only Windows has virus threats thus far is due to it's popularity and vast usage. When Linux dominate a market someday, I think that viruses will follow suit. Not that it matters to me though.

Unix has been around since the 70s. How often do you see a Unix system getting hacked? Granted, they are controlled in an IT shop, but so is Windows in the business community and you hear more credit cards, social security numbers and the like being stolen from a Windows installation than you do an Unix installation. Makes you wonder why more businesses are switching to Linux servers over Windows (besides the cost savings and reliability).

to put a layer between those who habitually run windows as admin and the OS, they didn't like it did they? Most popular query about UAC, was How do I turn this sh*t off.

Oh and do not confuse UAC with proper privilege separation, the latter cannot be turned off.

nt

Sorry, but when only the very core of the os is even remotely identical across all distros, the variations make widespread virus vulnerabilities to ANY linux install extremely unlikely.
even a kernel base exploit would only affect a small fraction of systems, because each distro has a slightly different kernel level, so the vulnerability impacting 1 particular release might only impact .2% of installed systems.

the LSB CORE, with the addition of xorg is the base for widespread code usage, and different cimpile options can make even that base hugely different.

so no matter how widespread linux desktop installs become, it is extremely unlikely that there would be an increase in virus activity for the os.

since I started with linux, way back when kernel 2.2 was bleeding edge, never had a virus, and [ despite cannoical's claims of it being extremely common ] only 1 time was there any attempt to crack the root account on ANY of my systems. [ like I would be stupid enough to have root login enabled in ssh anyways. ]