Since there seems to be some misinformation, misunderstanding and general confusion about viruses on Linux, I hope to be able to explain a few things.

As we all know, a virus is a program that has malicious intent.
There are many forms in which they appear, but there is not reason for me to explain the ins and outs of virii, so let’s crack on with the issue at hand.

I will be looking at the difference between the Windows OS and Linux OS (specifically Ubuntu). I would use Mac OSX too, but eventhough it’s a Unix operating system, I have not used it enough to be able to speak about it confidently.

Let me start off by dispelling one common held belief.

It’s often said that the reason for a lack in viruses on Linux is because such a small amount of users worldwide use Linux, it is better for virus programmers to target Windows than it is Linux.

Every part of this statement is false.
If you are a clever virus programmer, you are better off targeting Linux than you would be Windows.
Windows is a Desktop operating system which could render home users and businesses useless.
Whilst this seems a great idea, it’s not very clever.
Since the majority of worldwide servers run a Linux distrobution, targeting them would be far more interesting, since they are connected more vitally to others than any home computer or single business.
For instance, if you were to target a virus to the server of a major internet company, instead of it irritating the people in head office, you are now shutting the company down.

But Linux isn’t just servers and a few home computers. There is the Android OS, many car computers, robots and even space systems are running Linux.
In fact, I actually believe more people on this planet use Linux than any other OS.
Actually, if you are anti-Linux, I think you most likely are using Linux many times a day.

So with that myth dealt with let’s actually look at the real issue.

Let us look at the system structure on a Windows OS and it’s security, or lack of.
And I’m not just talking about anti-virus here by the way.

At it’s core, the file structure begins at the hard drive on which the OS is installed, this is usually C:
For comparison purposes, we will call this point ‘root’. Since everything starts from this point, root is possibly the best word for it.

From root, you typically find (on a 32bit system) the Windows folder, Program Files folder, Users folder, and perhaps some others.

When you enter the Windows folder, and head on over to the System32 folder, you will find a lot of files.
These files are the core of a Windows system.
If you have ever encountered the annoying Blue Screen of Death or unrecoverable system crashes, the most likely place where things have gone wrong is in this folder.

Now simply open a file which is vital to the system with Notepad, and change something and save it, or delete a few files (by the way this is for illustrative purposes, DO NOT DO THIS, I will not be held responsible) and congratulations, you have just broken Windows.
Simple isn’t it?

Let me just say before I get told how wrong I am, that I am building this on Windows XP and perhaps Vista. I have never used Windows 7, and Vista was extremely brief, so I expect things to have changed.

What this comes down to is simple security.

It’s all well having anti-viruses but if your system is so easy to tamper with, it’s like lying awake at night with a baseball bat in case burglars come in whilst leaving your front door open. You are more or less prolonging the inevitable.

Now let us look at Linux.

Linux begins at it’s root, actually known as root.
Root in Linux is not given a letter like in Windows, rather it’s symbol is a forward slash (/).
From this point, all the file structure starts.
Linux does not like to throw every important file in one general folder.
Every type of folder holds it’s specific type of file.
For instance, all the configuration files are held in /etc, and /usr hold application files.

However, it gets a little more complicated than that.

For those folders you always need an administration password.

There is also a folder in the root directory called /home.
Within this folder you will find folders named after the different users of the computer.
Going into these folders will hold all the personal files such as pictures, music, videos, etc etc.
But typically, hidden away are separate copies of configuration files and applications.
These do not require a password.

This serves multiple purposes.
Firstly, if for an application such as Emesene (a Linux Windows Live Messenger application) you have individual configuration files within your own home folder, it means that each person has their own login name shown, and other users aren’t shown.
Secondly, if something does not require the use of important administrative programs, then it would make more sense to have it in the home folder.

So let’s now look at how viruses can be made and how easy with each OS.
Technically speaking, if I wanted to just cause damage and nothing else, all I would need to do for Windows is to create an application that deletes files in the Windows folder.
Then I would have achieved my goal and usually without problems in security.

With Linux it’s a different story.
If I wanted to create damage, I would first have to think of where the damage has to be done.
If I simply wanted to damage users files, then I could write a script that deletes things in the users directory because that requires no administrator passwords.
However, it would make no change to the OS which would still run just as well.

If I wanted to damage the system and render it useless, then I rely on skill and the user being somewhat naive.

Firstly, I could write a script that would empty the harddrive.
Funnily, if you are running Linux, whilst still using it, you could empty the harddrive, although most Linux distributions no longer allow you to run the script needed, which for obvious reasons I’m not going to supply.

The issue with this is no matter whether you create a cunning app, or a script, it requires administration rights. Which in debian based systems is sudo and more server style OS’s as su.
They will then be asked for their password.

Now if someone is naive and hasn’t checked the code and just runs it, of course it will do damage.
But usually someone will have checked the code and warned others.
If they aren’t naive they won’t run it.

Also an added bonus that Linux has is their ideals for OpenSource.
Most software is written using scripts (like Bash) or languages (like Python) which most times have the sourcecode easily obtainable and open to scrutiny.
Meaning that the chances in passing a virus in even complex applications is very very small.

But you might also be wondering how anti-viruses work.
Even though that is slightly irrelevant to this article, I do want to explain.

Anti-virus software is not all magical with it’s ability to know what a program does and therefore stop it in it’s track.
In fact, it works totally different than that.

If you have anti-virus software you will have noticed that you hear that a database has been updated, or is not up to date.
What happens is the people who work for companies like Norton, and AVG, find out there is a new virus on the loose.
They scrutinize a copy of this virus and how it reacts.
Then they record it’s patterns in a database which is sent to you.
If you catch that virus it checks the database to see if it matches any in the database and then stops it.
So this also means that if you are the first person to get the newest most evil virus ever, your in trouble since it isn’t in the database.

Now there are many anti-virus software on the market for Windows, but only a couple for Linux.
Most of the basic reasons why I have outlined.

But there is also the point of arrival for the different OS’s.

Windows users are used to getting their software from a website, where, if we are honest, anybody could have created it for whatever purpose and even under different guises.

Linux doesn’t approach software this way.
Linux uses package management. Ubuntu uses the Ubuntu Software Centre, and Debian uses Synaptic for example.
These package managers are thoroughly checked so that you know that whatever software you download is safe.
Sometimes you download software from websites but this isn’t always encouraged, and usually someone warns you if it’s not safe.

Now these are not all the reasons for the reason why Linux viruses are rare, for they do exist.
But they are the most basic reasons.

My advice:
If you cannot find a piece of software you are after in the software centre or Synaptic, and have to download from a website.
First ensure it is safe by seeing what others have to say about it.
If someone promotes a script (as I have for Paltalk and Lotro) first see what others have said about it, and then if you have not enough information, read through the code, or have someone else read through it, to ensure that it’s safe to use.
And obviously, if a script or program asks you for your password, don’t just jump in and give it, find out why it needs it.

Advertisements