In-Depth

The Myth of Linux Invincibility

Linux viruses increasing

• By Mathew Schwartz
• 03/26/2003

No matter how inexpensive the operating system, consumers and corporate users still demand that their OS install out of the box. Linux is beginning to meet that need, and more user-friendly Linux distributions from Red Hat, Mandrake, SuSE, Xandros and Lindows.com are paving the way to a new generation of Linux users. Yet as converts increase, expect the amount of damage from Linux viruses to skyrocket (to say nothing of the number of Linux virsues circulating) and for users to get caught unaware, warns Central Command Inc., a PC anti-virus and computer security services company based in Medina, Ohio. The company (http://www.centralcommand.com/) offers Linux workstation, server and mail server virus protection software starting at $34.95.

Who’s at risk? Even diehard technology folks can fall behind with patches or mis-configure their security perimeter. Based on a range of support calls to Central Command, however, the company reports that it’s many of the new Linux users who are unaware of the viruses and security risks associated with Linux.

“Since the quantity of Windows-based viruses in circulation significantly outnumbers those written for the Linux operating system, many Linux users feel that by simply installing Linux that their computers are out of harms way,” says Steven Sundermeier, product manager at Central Command. “However, what most people are not realizing is that as consumers and corporations adapt Linux on the desktop their Linux systems can serve as a conduit between two Windows-based machines, creating a false sense of security within an organization.” That’s to say nothing of an attacker commandeering a poorly configured Linux machine or just crafting a Linux or Unix virus.

Linux viruses aren’t, of course, unheard of, and when it comes to installing back doors or root kits or initiating a denial-of-service attack, the person at the receiving end won’t care if it’s a Linux or Wintel box.

Take Linux/Slapper, which utilized a known, OpenSSL buffer exploit to initiate denial-of-service attacks. Or TR/Linux.JBellz, discovered in January, which has code to wipe the current user’s home directory files. Finally, W32/Winux, a proof-of-concept virus, starts on a Windows machine but can subsequently attack files on both a Windows or Linux machine. Though viruses that target multiple platforms are virtually unknown—W32/Winux was created to prove a point—expect their numbers to rise.

The bottom line: just because Linux has a reputation for being more secure, nothing’s perfect. Users must run virus scanners, even on Linux.