[LUNI] Free anti virus for Linux...

Larry Garfield larry at garfieldtech.com
Mon Nov 22 18:58:41 CST 2004 

Peter Harkins wrote:

>>Here's the short version of the answer: No. If you simply never run
>>untrusted executables while logged in as the root user (or equivalent),
>>all the "virus checkers" in the world will be at best superfluous; at
>>worst, downright harmful. "Hostile" executables (including viruses) are
>>almost unfindable in the Linux world  and no real threat to it  because
>>they lack root-user authority...
> 
> The problem with this article of faith is that it's blatantly false; a virus
> could be very, very successful without root privileges. It can replicate,
> slowly corrupt or quickly destroy a user's files, and make the machine into
> a jumping-off point for spammers and crackers; and a virus could escalate
> its privileges through root over time, especially if it the author provides
> a mechanism for the virus to obtain new exploit code.
> 
> It is a fact that Linux virus scanners are now unneeded, but this will not
> always be true due to some inherent property of Linux's design or user
> community. 

Actually, it is the case the the Unix architecture is more 
virus-resistant (not virus-proof, virus-resistant) than the Windows 
architecture.  Most Windows users I know run their computers as an 
administrator, because the computer is only marginally useful otherwise. 
  You can't install software, perform certain updates, or even run some 
programs unless you are an administrator.  That means any malware you 
download are ALSO administrator, and can do all kinds of evil things.

In Unix, the multi-user architecture is much better designed so that no 
one except Linspire users runs as root by default.  That means that a 
malware program, by default, is limited in the scope of what it can do. 
  Executables are not available to it.  Trojans are a threat, but viral 
infection is much much harder to contract.  That will remain the case as 
long as there is a clear split between normal and administrator users, 
and users aren't always in admin-mode.  There will come more viruses and 
malware for Linux, but they will be much harder to write and, generally, 
will be much more limited in the damage they can cause.

Which means we need to be extra-careful to educate people to NOT be 
stupid and run as root all the time, which means keeping people away 
from Linspire. :-)

-- 
Larry Garfield			AIM: LOLG42
larry at garfieldtech.com		ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an 
idea, which an individual may exclusively possess as long as he keeps it 
to himself; but the moment it is divulged, it forces itself into the 
possession of every one, and the receiver cannot dispossess himself of 
it."  -- Thomas Jefferson

More information about the luni mailing list