Discussion on:

With the rise of the Linux desktop, will viruses follow?

There are virii for linux, freebsd, Windows, Mac OS,

$man rkhunter

I think this should have been "With the rise of the Linux desktop, will malware follow? " and the answer would have been yes. Any OS written by humans is inherently insecure. This means someone else will find those insecurities and attack them.
Anyone who thinks their OS is "safe" is stupid. It just depends on (a) how many instances of this OS are accessible which determines (b) whether it's financially worth developing attacks. If (b) = yes then someone will.
I think the human is now becoming more of a target than the machine; why spend ages figuring complex ways of silently stealing data when you can flash up a big "You have a virus! Buy this software now!" sign in a web browser knowing that a lot of people will just accept it and spend the money? That's much easier...
If you want your workstation to remain secure, don't ever plug anything into the back of it. That way you should be safe.

The reason people think Apple's exposure hasn't been identified more frequently is that Macs are the virus! It's a confidence trick- part with your hard earned cash and receive some underperforming hardware that you think is great but doesn't really do anything. It should be shut down like a Ponzi scheme

Tags: joke, humour.

No one cares. Only the uber-geeks like you find in places like this.

The desktop as we know it is dying. With everything moving to the cloud who the **** cares what OS you're using?

This is a silly debate.

.

I think many people might not be considering the effect that popularity has been having on a newer and more recent addition to the *nix community, namely Android. Currently Android is facing a whole slew of new malware and custom attacks every day, and while I can see it eventually dropping and becoming less of a problem, I expect we'll see malware in some form on phones for the forseeable future. The problem isn't always the software, in fact the most common threats I've seen are the ones that were given permission by the user. If Linux desktops become more popular, then as their marketshare goes up and less savvy users start to become familiar/competent with the system, the more possibilities there will be of successful attacks.

The current Android ecosystem is somewhat similar to how Linux is set up. Android kernal is managed by Google, and the phone manufacturers/service providers create their "distros." The main difference of course is that the base Linux core has been in active development for many years, and I expect the distros are more careful with their coding (read, less pressure on releases) that they are inherently more secure (albeit there will always be security holes). With that said, with the user now being the greatest weakness I expect malware and virii to increase with Linux's adoption.

android is a custom JAVA environment.
the java runs on a very limited linux system, but androd is NOT a unix or unix-like os, it is just a java implementation.

I downloaded Android source code, it's Linux.

@Jaqui - The Android Open Source Project Licenses
http://source.android.com/source/licenses.html

"For example, the Linux kernel patches are under the GPLv2 license with system exceptions, which can be found on kernel.org."

Dude - READ - seriously. Now you look like a dOOsher - in public.

Android has people installing untrusted sofware with trojans. They are not being careful to use trusted sources. A trusted source doesn't have to be from Google or anyone else. If you expect an OS to distinguish good from bad instruction, you need to wait a couple of more centuries.

If a program is allowed (by the user) to install itself, then accountability has to be present to make sure the program is in complete alignment with the advertised literature. If something else (a Trojan) is present, no computer will prevent. it. People wrongly blame Android for malware when Trojans installed by the user are the real culprit. This has been a Microsoft ploy to discredit Android through misinformation, mainly through ZDNet and previous Ed Bott articles.

I've used Linux for 11 years, but I don't install untrusted software. I use the repository in Linux Mint which contains over 61,000, free, trusted applications whenever possible.

Some other programs are installed by their respective (trusted) website:

Google Chrome
Chromium
Opera
Lynx
Google Picasa
Google Earth
Google Voice, Google Call,
FileZilla
TrueCrypt
K3B
Bluefish HTML editor
etc.

Judging by the number of yes votes in the poll and most all of the comments, the Microsoft FUD machine is all over this article.

I guess it's time to start tracing IPs to see how many came from Redmond...

since I never say never. However, the author's point that the code for the operating system itself is available, and (therefore) any vulnerabilities that are there, can be found, and, we have to assume, have been found. Since there are no (reports of) virus-type problems with Linux, we might conclude that there won't be any

however, if there were 10million Linux machines being used for high-value applications, the target becomes too enticing.

that the FBI and the Brazil police could not break the encryption on his hard drive?

yeah, that one, encrypted with the OPEN SOURCE TrueCrypt package.
kind of puts the lie to source code available = easy to mess with doesn't it.

I believe that most hackers dont go to look for new system vulnerability, they just use the ones that are already know, and aim at system that havent been patched. That happens at windows, mac, linux.

"And certainly any user of Linux would know if an email attachment asked for an administrative-level password, shenanigans were afoot."

As the desktop rises in popularity, and more versions are user-friendly enough for non-techies to use, more and more people that are not high on the technical aptitude scale are using Linux. (My wife uses Linux Mint on our main PC, and no offense to her, she is not on the high end of the technical scale. She might enter that password, were I foolish enough to give it to her.)

Anyone who knows anything about security and malware will tell you (and you probably know this yourself) that there is no software fix for users performing foolish actions. Even the vaunted Linux platform is vulnerable to malware as long as there are actual people using it.

By the way, isn't Andriod based on Linux? And isn't Android malware increasing at a hugely disproportionate scale compared to the Windows platform?

https://www.google.com/search?q=android+malware+increase&sourceid=ie7&rls=com.microsoft:en-us:IE-Address&ie=&oe=#q=android+malware+increase&hl=en&safe=active&rls=com.microsoft:en-us:IE-Address&prmd=imvnsu&source=univ&tbm=nws&tbo=u&sa=X&ei=jARKUJa5JYOd2QWb0YCwDA&ved=0CCAQqAI&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&fp=dcd13b2428d16027&biw=1680&bih=900

from the java code they use to do everything, not the base OS. But that's based on reports from others more knowledgeable about android than I am.

If the Linux desktop gains significant popularity in the mainstream, viruses will still be rare in Linux, because they rely on security holes to gain traction. Trojans are much easier to propagate because they rely on user naivety to spread. Even Windows' security has gotten enough better so that Trojans are a lot more popular form of malware than viruses and worms are on that platform at present.

You can't stop users from installing Trojans without taking away their rights to install software. Trojans should be mitigated on Linux quite a bit because of the distribution repository approach to installation of software. However, they will most likely become more common than they are at this point because users still can go outside the walled garden in Linux easily enough if they want to.

go to load software in any way you get asked and have to make a decision, it's damned harder for a trojan to load itself in the background in Linux than it is in Windows.

due to web-based apps, it's not even necessary to install anything on a machine any more to be exploited thus, your actual OS becomes irrelevant. Aside from that, people of malicious intent are more than adept at tricking us into installing things for them and all it takes is one back-door. You could have all kinds and not even know it. For instance I run Linux Mint 11 on this machine. I'm experiencing inexplicable lag and processor slowness, I've checked all kinds of things, scanned with clam, I don't see anything happening that should be causing any performance decrease. Does this mean I picked up a nasty? no, and I'm pretty careful, but it's certainly not outside the realm of possibility either, and this behavior is one of the first signs that that I might have a nasty. plus, the type of people that create malware fall into the same demographic as the ones that would prefer to use Linux and there's two ways to look at that thought: they might consider Linux a safe-haven for themselves and want to preserve that haven (you don't **** where you eat), OR Linux being more familiar to them, and being very open to their manipulation, it might be even easier for them to remain undetected and defend themselves which is most likely the case, since they are more than capable of modifying source for their own use.

scammers and hackers love this over-confident mentality. It's what they all have wet-dreams about.

This artcle is not correct and it is misleading. Article is not showing exact practicle examples, What is the virus name you have seen in Linux OS?, What was that name?. I know all types of malwares and anti virus names from malware database repository.. I work for Linux Securty product .. i didn't see any virus which attacks linux. all viruses are targetted to Winodws only, because of it's simplicity it allows any kind of virus.

In early days i used Windows and experienced lot of virus attacks including harddisk damages due to virus attacks with Windows OS.

After installing Linux OS, i am able to protect my PC and didn't find any issues since 2 years.

Linux is secured environment, it doesn't allow virus. Before 2 years, i used to get lot of virus attacks and damaged my harddisk due to virus attacks, after installing Linux OS i am able to protect my PC and not issues found till now and it's more stable than Windows.

Although I haven't used Linux, from what I have read and have been told, Linux less vulnerable to viruses because of it structure and it is Open Source, there by allowing people to add to or subtract from it as they will. i believe that Windows is deliberately made vulnerable for partners of Microsoft to sell anti-Virus software, etc..

faults are soon found and corrected. Thus making it more secure. But the biggest advantage is the fact it's designed with security in mind from the ground up and heavily compartmented with security gateways between certain areas; thus making an attack having to jump a number of hoops to get anywhere. Any major changes also result in a check of all the code of the OS, which also happens on a regular basis so they can keep the code down. Any security issues result in a change of the faulty code to close out its possible use.

Microsoft is all hidden code and bloated because new code is often added without checking if the same thing can be done by just changing the old code. Security patches are just that. more code put on top to patch the hole, not a fix of the hole. but the biggest issue with Windows is Microsoft did NOT include any security in the base code at all, and any security since has been add ones that once you bypass them you have the whole system open to you to attack and use as you wish. Add in the very first version of Windows, and each since, also included back doors to allow other Microsoft software to interact faster by being able to bypass the few security gateways they put in later, and you can see why it's so easy to have an infections jump from one program into the OS as they use those wide open highways.

Now it is possible Microsoft have left other deliberate holes for use by malware as part of its efforts to push their vendor lock-in process they call Secured Computing (once called Palladium), no one has yet been able to find any definitive proof of that, despite there being some empirical data to support the claim. So it can't be said they HAVE done that.

Never forget that the weakest link in a chain make the strength of the chain. And the weakest link is the user...
As long as the majority of linux users are geeks, they know how to protect the system. No admin rights in usual days, just jump in when you need it and back to safe grounds as soon as possible. As soon as linux has to take anyone as main user, it'll have to stick to less safe zones or the user wil not be able even to install a printer. A possibility would be to jump automatically to admin area and back in specific modification but even that is definitly a great door open to virus makers. And imagine when your 10 years old son receives a downloadable game as a reward from Santa for his good behaviour. He'll click on the red "YES" button before you even realize it.

Windows. However Linux has in-built security that is better protection than what you get in Windows anyway.

that Linux runs the same way as Windows with the same vulnerabilities. First, Linux even requires the Admin to enter a password to make changes - unlike Windows (at least through XP - and even in Win. 7 if you click on "Continue" logged in Admin mode). Second, Linux is built on the same model OS as Unix - Windows is not - it was "hacked" together from a CP/M clone which, back in those days, function was to make the micro H/W work and security was not an issue back then. Unix was built and evolved in a "mainframe world" with different considerations. Inherently, Unix (thus Linux) is a much more secure system. BTW, if you get into the IBM mainframe world, when was the last time you ever heard of one of their systems being hacked? Especially, their zVM system? There are ways, of course, but it would take "cooperation" of the user installation by adding "hooks" to allow for outside users to hack into it and, even then, it would be near impossible.

Remember, CP/M, its clones and many other micro PC OSes back in the early days were essentially "hobbyist" - just make the H/W work so one could write their Basic and Assembler language programs to do some of the "neat things" PCs can do. I suspect if IBM had developed the PC code "in-house", the OS (and inherent security) would have been considerably different. Even OS/2 was jointly developed in the early years - BTW, OS/2 is still in use today - especially in the Banking industry.

And as D.E. points out, you have A/V S/W available as well as Firewall protection.

Do not misinform. Unix is as far from the mainframe as you can come, it was developed on a 16 bit mini, PDP11. The mainframe OS has a lot in common with Windows - even with VMS it was fully possible to address other parts of the memory - just as Windows, and execute from it.
DEC developed the "minicomputer" and Unix was developed by Bell Labs and licensed by them. So nobody could make Unix variants but the universities that had participated. This remained Unix 4.2 "BSD" while Bell later NCR managed the trademark "Unix" and certified every port of their code. Linux is a complete re-write of everything, to adhere to the POSIX standard that was defined.
Had Microsoft been allowed to make it "their way" they would have made a Unix variant with full exposure of the protection, even in the Intel hardware that is no longer used. MS-DOS was a stunt made to sell to IBM, that is a pretty good rewrite of the VMS from 1960....

Now you are having a larf.

@knuthf
My girlfriend worked for Amdahl in the 80's as the QA automation lead to test the Unix kernel for their systems:
http://en.wikipedia.org/wiki/Amdahl_Corporation

And, since she was one of a few hundred people that had actually done this kind of work, she later worked for Tandem doing the same thing on the Tandem NonStop UX OS:
http://en.wikipedia.org/wiki/Tandem_Computers

While it is true mainframes didn't start out with Unix, they have all since been re-designed to use it - and for more than 20 years, they have been nothing else.

Today, mainframes are no longer sold, but maintained via service contract. If you want the modern equivalent, say an IBM Z server, it's all highly-customized Linux goodness.

But, if you want the real thing, just lay down the PO number for Linux on IBM System z:
http://www-03.ibm.com/systems/z/os/linux/

The HP NonStop server too (formerly Tandem); (now) a highly-customized POSIX-compliant OS:
http://goo.gl/Or0Kk

Although IBM and HP would have you believe they created an entire OS, out of the mist, as they did with all other computing. If creating OSs was so easy, there wouldn't be just 3 (Win/Lin/Mac) contenders; really there are only 2 as Linux and Mac are more brothers than anything else.

Your history is splotchy at best; messy.

All the posts here and not one Linux user complaining of being infected. User installed Trojans not withstanding.

Or, tell me how to get my Linux Mint 14 infected after 11 years of use with no anti-virus.

Most viruii require some action on the part of the user. And until retailers start selling computers with linux pre-installed windows will retain the bulk of the type of users virus makers prey on.