GNU/Linux: Don’t Call Them PC Viruses

by gene

I use a PC. Actually, I use several PCs. My small business has 5 tower PC systems and 1 laptop PC system. All of these are what is called a PC. Any computer that can be purchased by an individual and used by said person for personal “stuff” is by definition a Personal Computer also known as a PC. That includes Apple Computer Systems Personal Computers known as “Macs”. All of these devices are PCs.

So, we all can agree that all of these devices are PC systems. The fact that malware are written primarily for PC systems is a given and is well reported in the news. The fact that malware are written primarily for Microsoft Windows based PC systems is often not reported. When such a connection is made in the press or on a Microsoft friendly web site then the caveat is often added that Microsoft Windows suffers from popularity. The argument is that because Microsoft Windows is so ubiquitous it gives a good “Return On Investment” to malware writers. Supposedly these malware writers do not target other operating systems because they want to get the most bang for their buck. I call that hogwash. The reason Microsoft Windows is so often successfully attacked is because of its flawed security design. I run FreeBSD Unix and Mandriva GNU/Linux on my PC systems. I keep my systems patched with up to date bug fixes and security fixes. I will not install software that I do not know from whence it originates. I do not run any anti-virus software and yet I will never get a “PC Virus” on these systems. There is no such thing as a “PC Virus”, call them “Microsoft Windows Viruses” or “GNU/Linux Viruses” or “Apple OS X Viruses” depending on the operating system which they successfully attack. Don’t call them “PC Viruses”.

What is a Virus? I refer people to this definition when asked: The Difference Between a Computer Virus, Worm and Trojan Horse. So, a Virus must be able to be shared and operate easily by user to user transfer to be successful.

All PC systems are targeted for attacks regardless of the operating system. Do not believe any person who says otherwise. The only difference is that some systems are attacked successfully more easily than others. Those more easy systems are almost all Microsoft Windows based PC systems. Anyone who has monitored an internet facing server of any type knows that systems connected to the internet are constantly probed for weaknesses in their open services. (Thank you China, may I have another?) These probes are often looking for unpatched services with known flaws that can be exploited. This is true of Unix, including OS X, GNU/Linux and Microsoft Windows based servers. Any of these open services that are not kept up to date can potentially be exploited. The only mitigating factor would be the underlying operating system on top of which the services are running.

If an attacker can get a root shell prompt, root being the “administrator” account, by exploiting a service flaw on a Unix or GNU/Linux system then the game is over, the attacker basically owns the system at that point. Further, since internet facing systems are often servers that handle traffic for a handful of users up to thousands of users these would be a cherry to pick that is much more “tasty” than some lone PC or even dozens of PC systems. So why do we read so much about successful Microsoft Windows based malware attacks yet read so little about malware exploits of internet facing servers? Well, most of these are running some form of Unix or Unix-like operating system, such as GNU/Linux. The security by design nature of these Unix based systems make them a very tough nut to crack. Only the really, really smart attackers can figure out how to exploit these systems. The chance of exploiting very many is low because all one has to do to keep an internet facing server “safe” is make sure it is running a Unix based operating system and keep the open services that face the internet up to date. (Yes, I know one can maybe do this with Microsoft based servers too, but they are not in the majority when it comes to internet facing servers.) The majority of system administrators managing internet servers know this. Creating a Virus that can successfully attack these systems using the definition above is likely possible, but spreading it very much is not probable. Just because something is possible, writing a Virus for GNU/Linux, does not make something else probable, the easy spreading of said GNU/Linux Virus. So, attackers that target Unix based systems have to give them personal attention in most cases to find a successful attack vector. These folk are known as Crackers and are a different breed from the plethora of malware writers. Like malware writers Crackers are slime, they are just a smarter level of slime.

What we Unix and GNU/Linux folk worry about most are Crackers, Worms and Trojan Horses. Of course if one keeps service applications like BIND domain server, Apache web server, Postfix mail server, CUPS print server and so on up to date the probability of a successful Cracker or Worm attack is very low. If one uses only secured sources for installable applications and updates the probability of a successful Trojan Horse attack is also very low. Again these would not be called “PC Crack”, “PC Worm” or “PC Trojan Horse”. They would be called by the service they successfully attack, such as a BIND Worm that exploits known flaws in unpatched versions of BIND or an Apache Crack that allows a Cracker to successfully “get root” through an unpatched Apache web server. Do these attacks succeed? Yes they do sometimes. But they are much less successful than Viruses that are written to take advantage of user ignorance and Microsoft Windows design flaws.

So, if we ever do see a successful GNU/Linux Virus “in the wild” we will call it a “GNU/Linux Virus”. As unlikely as that scenario is due to the mitigating factors that make up the security by design model used with GNU/Linux. Or will all you people that insist on calling Microsoft Windows Viruses by the misnomer “PC Virus” also insist we call a GNU/Linux Virus a “PC Virus”? Suuuure you will.

source