Filed under: Security, Features, Linux, Open Source
Flipping the Linux switch: The anti-virus question
by Kristin Shoemaker Feb 14th 2008 at 10:00PM
We were at a major electronics retailer a few days ago, gazing lovingly at the little ASUS Eee. We were not alone. There were three other people poking, prodding, and tapping the tiny machine.We watched as a couple approached the little machine with a salesman. They jiggled the keys. They ran their fingers on the touchpad. They asked why the user interface wasn't as familiar as their home machine.
"Linux," said the salesman. (He was ever so helpful.)
The next question, "Does it come with anti-virus?"
That certainly stumped the salesman. He answered a non-answer, really. "Linux," he said, "It has Linux anti-virus."
For the record, the Eee, which runs a form of Xandros, does in fact have anti-virus. We are pretty sure the reason for this is two-fold. One, it puts some people's minds at rest to have something called "anti-virus" on their computer. Two, it does isolate and quarantine viruses -- viruses that might not affect Linux itself, but could easily be passed on to a Windows machine.
That's not to say there aren't viruses that can target Linux. Historically, there have been some. And there are browser exploits, of course, that no operating system is completely immune from. However, viruses, as we think of them in the Windows world, are highly unusual.
Why is this? People say it's because not as many people use Linux, so it's not as appealing a target for the virus creators. And certainly, to some degree, this is a true statement. There aren't as many Linux users, and when you're setting out to wreak havoc on as many computers as fast as possible, it makes sense to target the operating system the most people are using.
But that's not the whole story. Even the Linux viruses that have surfaced haven't been particularly widespread. This can be largely attributed to the way that Linux handles user accounts and permissions.
When you first install Linux, every one says, "Do as little as the root user as possible." First and foremost new users are told this to protect their new systems from themselves. It's easy to forget you're root, or forget where you are in the system, and really screw things up. But viruses are another good reason.
No doubt, you've noticed when installing a program from your distro's repository, you are asked for your root password. If you cancel out, or try to continue without root privileges, you won't get terribly far with the install process. If you've added a new repository, you might get warnings about trusted sources, and references to keys. As inconvenient as it might seem at times, this is the first line of defense against any nasties that might come to your system.
When you're wearing the root hat, you've got to know at least one (and preferably both) of the following things: Can you trust the repository or software source you're using? Do you know what the software you're installing really does? Generally, if you're installing from your system's repositories, you've got little to worry about. But if you're installing from an unknown source, know exactly what's coming wrapped in your package.
The good news is if you take the "don't run as root ever" advice (except when installing/removing programs), you're safe from the nasty things other people might send your way.
Regular users can not install programs to the larger system as a whole. They can install them to their home directories. So, then, what happens if a hypothetical virus, somehow, sneakily worms its way into your home directory?
Your home directory could be infected. If you don't have (or give) the malicious program root privileges, it's not going anywhere else. There are more than a few ways of eradicating this hypothetical virus (including deleting the user and their respective home directory, and creating the account afresh). But, as we said, Linux viruses are really quite uncommon.
There is another reason why. Ever download an executable file from a browser in Linux? It's different than Windows. If you download an executable script in Windows, it's ready to install. In Linux, in order to run the script, there's an extra step. It has to be made executable. Once again, this has to be done as root, so give it some thought before doing it. It's good to know, though, that the chances of an executable script taking off and doing its own thing on your Linux system is slim to none.
You can install anti-virus in Linux, if you really want. Certainly if you are setting up a file server in your home, or a mail server at work, you might want to run something like ClamAV. The systems that will benefit most from this aren't the Linux systems, but the Windows machines on the network.
Using Linux, of course, isn't an excuse to throw all caution to the wind. There are very real threats out there that aren't carried out by particularly clever bits of malicious code or disguised attachments. It can not protect you against phishing, for instance. But with a little due diligence, your system, and data, are safe. No yearly subscription required.
With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet.
They key to getting good at Graveyard Shift is learning to use ...
Reader Comments (Page 1 of 1)
kojo87 said 11:01PM on 2-14-2008
i just bought a EeePC 4GB but it has not arrived yet. i hadnt even considered anti-virus until after i ordered it and this is very helpful information since i will probably install eeeXubuntu on it.
at what store were you looking at the Eee? i couldnt find a brick and mortar store that sold them so i shipped it from Newegg. it woulda been kinda nice to see it in person first though.
Reply
Kristin Shoemaker said 8:10AM on 2-15-2008
Hi Kojo87,
I am fortunate enough to live close to a Microcenter, and I understand that a few locations throughout the country do have one or more floor models in their stores. (Please do not construe this as an endorsement and/or condemnation of Microcenter)
Definitely check out the wiki at eeeUser.com on installing eeeXubuntu. Been using eeeXubuntu for a few days now and I'm really quite happy with it over the stock Xandros (which was acceptable, but I just like eeeXubuntu better).
Kris said 12:59AM on 2-15-2008
Just an FYI, programs do not NEED to be made as root, in fact most people discourage one from compiling as root if possible. This this leaves the install part where root is usually need for a system wide installation of a program.
-Kris
Reply
nadiv said 5:24AM on 2-15-2008
What about firewalls? Is there a simple firewall application for my linux machine?
Reply
Huw said 5:51AM on 2-15-2008
Nadiv, Linux has a built-in firewall called iptables. On Linux, rather than running a firewall application, what you do is run a front-end for iptables. It amounts to the same thing though. I recommend Firestarter due to its user-friendliness.
Huw said 3:31AM on 2-15-2008
Great article, Kristin. I never bother to run AV software on Linux. I don't think anyone else I know does either. I don't care if any nasties make their way to Windows machines, they're bound to get them sooner or later anyway. ;)
Reply
Kristin Shoemaker said 8:13AM on 2-15-2008
Hi Huw,
I remember when I started with Linux, wondering if it was really true that I didn't need anti-virus. Seven years later, still virus free using no anti-virus software.
I really do think they put it on some (desktop) distributions as more of a peace of mind thing than anything else.
Marc Telesha said 12:26AM on 2-26-2008
I use Linux AV on Live CDs like Trinity Rescue. This is my main way of clearing up a Windows Computer. The live CD runs in Memory while it updates the definitions of the AV and Anti-Malware. It scans it and there is no reason to mess with System Restore or that the little buggers are working inside of the Linux operating system since its a CD :)
I have to say this is my common practice with my family and friends computers. 5 Minutes plugging in an ethernet cable and boot from a CD and press one key to scan all drives. I then come back a few hours later and see what eas found and placed in a .tar :)
Reply
mtelesha said 12:29AM on 2-26-2008
I use Linux AV on Live CDs like Trinity Rescue. This is my main way of clearing up a Windows Computer. The live CD runs in Memory while it updates the definitions of the AV and Anti-Malware. It scans it and there is no reason to mess with System Restore or that the little buggers are working inside of the Linux operating system since its a CD :)
I have to say this is my common practice with my family and friends computers. 5 Minutes plugging in an ethernet cable and boot from a CD and press one key to scan all drives. I then come back a few hours later and see what eas found and placed in a .tar :)
Reply
Steve Parker said 8:45PM on 3-09-2008
Strictly speaking, I could download a script and have it automatically exectuable; particularly if I save it to a VFAT partition, but in any case, the mount options, which specify the umask, could make it executable. This isn't done by default usually, but it is possible.
Then there's the fact that Internet Explorer (still?) offers a "Run" button, whilst all other major web browsers only offer "Save", followed by an "Open" option, if you really really do want to run the saved file.
Not to dismiss the overall gist of the article, but just a minor correction, of course.
Reply