Monday 4 March 2013

Linux and Viruses

Many people believe that Linux is immune to virus. However it's not true.

What is true though is that there are far fewer number of virus for Linux in comparison to windows.

Now why is that so?

Well for very simple reasons, And I will try to list them here:

1. All system related critical files and folders are well Protected under Linux:-


What this means is that the important folders in Linux that have system software's (folders similar to System32 and Windows of 'MS OS') and other important file are by default readable to user but not modifiable. They may execute the files but not change them. The root user may change this though.

So what changes because of this. Well simply speaking, if a virus or malware try to copy a file (virus) to such folders it wont be able to. you will explicitly have to provide it access by putting root user password. So if user is aware that he is installing a good program then this will protect his computer well.

System files are Gold mine for virus and they are not accessible to them by default in Linux.

2. Linux has a separate attributes that control if a program or a file may be executed or not. 

Linux has another layer of defense provided by the access controls. This 3 digit value tells if the user may read the file modify it or execute it. ( to read more Google chmod)

This also helps Linux a lot. By default when a file is created or copied its execution bit is set to '0'. So by default its not executable. In Windows on the other hand All executable files '.exe' files can execute using an Autorun file. Hell in XP 'autorun.exe' used to run directly whenever you open the folder it resided in.

This huge risk is not there in Linux.
Credit: G+ post on this point

3. Users are categorized into Groups.

Root user(Admin access [ Everything is possible in this world]).
Then there is the owner of the file. Then his group. And lastly the public user group(the world).

Also, you may create your own group and limit access to certain files or folders for your group.

How this helps is that the user can change permission for certain files to be read and executed only by him and by no one else. or read and modified by his group by executed only by him.

All this helps the user have control over who gets to access files and folders. so virus even when executed by a certain user may not have access to all files and only a certain set of files.

4. '.Exe' files are not the default executable files in Linux

Linux is mostly file extension independent. File extension by default are treated more as a name and not as a specifier to what the file may contain.

So .exe which is the general extension for executable files on windows may be transferred to Linux system and  it may not harm our Linux system at all. Where as in windows a simple double click on such file will cause it to execute.

5. Linux system architecture is much different from Windows

Moreover any Virus specifically written for Windows (which is the case for more than 75 % of the virus programs out there) wont work on Linux as the Linux system architecture and file system is much different from that of windows.

--
Even after all this, Antivirus Programs are available for Linux. Both open source and closed source. What they do in general is that they try and protect our Windows users from any Windows virus getting transferred from Linux system to windows system. As we might unknowingly copy a Windows Virus to a pen drive full of data and give it to our friends. The question that arise next will be " was this done unknowingly or ..."
[Grinning]

cheers

2 comments:

  1. Good read!
    You might add that running as root, SA or as admin is the best way to corrupt any system. Even unix or linux can unknowingly be killed by a user with too many permissions.

    ReplyDelete
  2. Valid point.
    I have done that a couple of times though. Is fun :D

    ReplyDelete