Makestation

Full Version: Linux very secure against viruses?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I've always heard that Linux should be very secure against viruses because there are hardly any.

But if everyone switches to Linux against virus protection and everyone switches to Linux to avoid data collection, wouldn't it make a lot of sense for people to try to attack Linux and collect data because everyone thinks it's so safe?

Or when people download the Linux distribution Tails, which is there to protect the private sphere. Wouldn't hackers find these special operating systems and people installing these operating systems the most interesting? Huh
Install Wine. Get all the viruses you like.

Linux doesn’t attract viruses because people who know what they are doing are the primary people who use it.
API emulator Wine also runs Windows and DOS applications under Linux. <= Is This Wine?
(April 27th, 2020 at 8:55 AM)tc4me Wrote: [ -> ]API emulator Wine also runs Windows and DOS applications under Linux. <= Is This Wine?

Yes.
Yeah Linux is only 'secure' because very little people use it, so people who write viruses don't want to waste their time possibly infecting 1% of people when they can write a virus for Windows and possibly infect 50% of people.

Also, Linux is much more, uh, 'modular' for lack of a better word. The virus might try to steal saved passwords from Firefox files, but you might have installed Firefox to a different location, or even a different partition on the disk, and set up $PATH to point to a different install location to keep your ease-of-use. But the virus will only be searching for the right files in certain parts of the computer, most likely using utilities like 'find', 'which', or even 'grep' so if you configured those utilities differently, you'd also have different results which the virus might not recognize.

Or you might not have Firefox installed (as /bin/firefox ) but you might have the ESR build installed instead (/bin/firefox-esr ) and /bin/firefox might be a simlink to the binary instead, so again, an extra hurdle that the virus needs to deal with.

But with Windows, most people install to default locations because it's easy. Even if they don't, programs typically use default appdata directories to store their data like cookies, saved passwords, profiles, cache, etc. and as a result, just parse those directories and you'll find what you're looking for 99% of the time.

But there's definitely lots of malware for Linux, and just like any other operating system, if you don't know what you're doing, you're probably going to get infected.
so here's the big thing regarding linux and security.

the main deal is that the linux user account system is more secure (to the point that windows has been trying to emulate it.)

this goes back to how things were done on unix, but basically when someone does something without an admin account they can't edit system files without a password, this includes passwords on the computer, network passwords, basically they're stuck in the user directory and what that user has access too.

in this way, unless the hacker/virus can get root it's sorta stuck making it more secure against attacks.

this is why the few linux viruses that do exist really only work when installed on root via social engineering or by sneaking in through some exploit or another which are rare and quickly patched thanks to the code being looked at by the community.

it also helps that there's a stigma against software needing to use root to run.

that's the other security advantage.
the majority of exploits, security flaws, etc with new releases are found very quickly and patched by dedicated users. I'm sure @Lain knows what I'm talking about.
(April 27th, 2020 at 11:37 PM)SpookyZalost Wrote: [ -> ]the majority of exploits, security flaws, etc with new releases are found very quickly and patched by dedicated users.  I'm sure Lain knows what I'm talking about.

Only for the base kernel, GNUtils, standard binaries/libraries, and SOMETIMES other system/root level daemons tbh.

Reminder that systemd has hardly been updated at all over the last two or three years, and we still find vulnerabilities that have been around forever and seem extremely trivial to either spot in the codebase or to exploit as an attacker. 

Never anything insanely hard to spot like some kind of writeable+executable memory segment that could be used for shellcode but you'll only find by analyzing every single thread and pointer. We're talking stuff like infinite loops with while(){continue;}, buffer overflows/mem corruption because they don't check whether it's dhcpv6 or dhcpv4, honestly really trivial stuff that can be found with any simple fuzzing framework in a couple hours, if you're lazy, but aren't really too difficult to spot or understand if you already have some experience with exploit dev.

So yeah, most of the barebones GNU/Linux  system (incl. GNUtils) gets patched pretty quickly or vulns never even make it to the RC/testing branches, and if they do, it's usually some really f*** bytecode/architecture-specific problem. I mean, when we were hearing about Spectre/Meltdown, there were a TON of Linux vulns also popping up that had similar behaviour even though they didn't actually follow any of the actual Intel/x86_64 related vulnerability whitepapers. And while ARM branches also got f*** by those bugs (i.e. not x86 specific like Spec/Melt) you could also note that RISC-V builds were entirely unaffected by all of them.

So yeah. Linux security might be better in that regard, but we're talking targeted attacks. I mean, most of the 'vulnerabilities' that get caught in typically root-level services are DoS at most. You could possibly escalate them to RCE if you have some shellcode to write outside the buffers, but then you also need to rely on the segment you're writing to to actually be executable, and ASLR mitigates that risk quite a bit, or at least forces the attacker to also write a NOP-sled in hopes that the shellcode can get to an executable location before the whole thing segfaults and you get a normal crash.

In other words, it's much more unlikely to find malware that exploits something low-level like that. 95% of the time, it's just some kid who found a cracked copy of NanoCore and is throwing download links to his payload at every single person he can online.
That's kind of my point though, most hackers want low level root access if they're attacking a system so they can gain control of it.  If we're talking of prankster hackers that's different, but modern black hats seem to want 3 things, control over a system, destruction of a system, or to steal pii and secure information.  The first is far more difficult to pull in nix based systems.  The second is usually only caused by people not knowing what they're doing or having a vulnerability that can cause chaos. And the third is mostly people not understanding proper user security/infosec.
The low market share of Linux combined with things that make the Unix kernel inherently more secure combine to make Linux a very safe experience.
In my opinion, there is no operating system on earth that can be 100% immune to malware and viruses. But Linux still never have such widespread malware infection as it's compared to Windows.
(November 3rd, 2020 at 10:04 AM)Divya165 Wrote: [ -> ]In my opinion, there is no operating system on earth that can be 100% immune to malware and viruses. But Linux still never have such widespread malware infection as it's compared to Windows.

Linux doesn't get as many viruses because they're all compiled for .exe and therefore, windows.
@s3_gunzel that's only part of the story though.

unix and by extension linux is also more secure in it's user permissions and structure.

on top of that it's decentralized nature means a virus can be more easily quarantined and purged without catastrophic damage to the system.
(November 5th, 2020 at 2:09 AM)SpookyZalost Wrote: [ -> ]unix and by extension linux is also more secure in it's user permissions and structure.

Well, yes.
Linux also has it's own AV and is being increasingly targeted due to it's primary install base being servers.

the problem is it's difficult to get in and control linux like you can windows so a lot of attacks on linux servers are two fold, there's the payload of course but there's also a lot of social engineering which linux sys admins are actually being trained to recognize due to the increasing usage of it.
Linux is much more secure than Windows.
@Thomas indeed.

I will say this though, linux has it's own problems, but as far as security goes, when a problem does come up, it's a lot easier to fix than in windows XD