No viruses? How does that work?

[JuanKman94]

Hello. I want to know how does the security in works in Linux. Since I have Windows and fedora, I wanna know if, for example, I enter a website in fedora, can a virus go to my windows partition.

And how is it that in windows viruses download by themselves, and in fedora that is not risky? If it happened, where could I find them?
My guess is the system folder but still I wanna know how to recognize them and eliminate them safely

[csillva]

From what I've read, it's because Linux has a very different design than Windows which makes it much harder to get a virus, and much harder for that virus to spread if/when it is infected.

Think about the design of a car, versus the design of a motorcycle. They have very different designs, even though both get you from point A to point B. Operating systems can be designed the same way, very differently, even though offer similar features.

In this analogy you can think of getting a virus as the likely hood of falling over. Cars can roll, but it's much harder to do that than roll off a motorcycle. So yes, Linux can get viruses, it's just harder to do so, and harder for the virus creators to spread from machine to machine (which is the usual goal, if you're not being specifically targeted).

As for the second question, let's say you have shared data partition that both Windows and Linux use. And on Linux you download a pdf from a website that has a virus designed to attack windows. On linux nothing will happen. But if you open that document in Windows you will become infected.

As for identifying and removing viruses... I'm not sure. I don't use a virus checker on Fedora. I would imagine removal would be the same as Windows...total reinstall to be sure after zero'ing out the drive using something like dban.

[JuanKman94]

You just nailed my doubts with that metaphor. Thanks Could you help me with another one? I already know how to create shortcuts but I wanna creat a keyboard-shortcut.
Since rythmbox is the default media player, I wanna set VLC as the main one. I've tried to simply create a keyboard-shortcut in the System Setting/Keyboard/Custom first. But after that, if I press it, nothing happens. Got any similar experience

[secipolla]

You can scan files for Windows viruses in Linux with clamav.

[Bazu135]

Quote:

Originally Posted by JuanKman94

And how is it that in windows viruses download by themselves, and in fedora that is not risky?

For anything to be installed in Fedora, a user has to explicitly instruct it to be (there may be some exceptions, but I'm not aware of any). So while it is possible to have malware installed, basic common sense should prevent it (don't install it if you don't know what it is!). Additionally, since Linux has such a small userbase, most malware writers will overlook it, meaning that there are very few viruses/malware out there that affect Linux to begin with (not "none", but very few).

Additionally, because of how Linux's user management works, if any malware does get installed, it will only affect that user - in other words, it would still not affect the rest of the system. On top of that, no viruses could get to your Windows partition anyway if it isn't mounted in Fedora.

As others have said, there is a risk if you have a 'shared files' partition, and clamav can be used to help manage this risk. Obviously, a virus-checker in your Windows installation would help too

As for the media player issue; I can't check for sure since I'm at work at present, but I believe if you right-click on a media file and select 'open with' (or whatever the equivalent is) and select vlc from the options that come up, there should be a 'use as default' (or similar) check-box available. Other ways are available, but that's the easiest to describe without a reference in front of me.

[flyingfsck]

Here is why:
http://www.gnu.org/fun/jokes/evilmalware.html

[Bazu135]

Quote:

Originally Posted by flyingfsck

Here is why:
http://www.gnu.org/fun/jokes/evilmalware.html

This, I like

[jpollard]

1. Each user is fully separated from system resources

2. By default new files are not executable (this can be altered, but should not be - info is in "umask" man pages

3. discretionary access controls control owner (designated owner/creator of files), group (the group the user is a member of), and world (everyone else). info in "chmod" man pages.

4. by default there are no network services - meaning that even without a firewall there isn't anything to probe as nothing is listening. This MAY be different with systemd, but basically, no services are there.

5. Files created by the linker are made executable as the user is directing that a new executable program is to be created.

6. by default, access to system files is restricted to the root (designated owner of all system files). User access to some files (such as changing passwords) is controlled by explicitly granting SOME applications the ability to run as root (look up "setuid"). The standard programs (passwd, su, sudo) have had extensive analysis to reduce the chance of errors. (Can still happen though)

7. Most network services (not all though) that can be enabled, do not run as the root. This limits them to the capabilities given the user (such as apache for web services). Most services have had extensive analysis to reduce the chance of errors.(Can still happen though). Some services run as the designated "nobody" user identification. There are no files that "nobody" should own (can happen though - it points to a problem somewhere and sometimes occurs with misconfigured network file sharing).

8 In addition to this, Fedora/RH/CentOS/SL, include SELinux to support mandatory access controls. SELinux allows each individual executable to be tagged with a security label that defines what it may access. These controls are designed to not allow violation of the rules - the security rules must explicitly allow such. Essentially it defines a "sandbox" that limits the executable. All files are given security labels.

This CAN be disabled by the administrator, but really shouldn't be. It is better to learn how to function with the restrictions during development, then try to fix things afterwards (almost always fails somewhere, and can take longer to fix).

9. It is possible to scan files for integrity - see utilities like "tripwire". Antivirus scans are also possible - but the only virus signatures used are those for Windows.

10. For any identified security problems, the patch is usually available. Sometimes it takes a while for a distribution to get them (it has to go thorough some distribution specified validation/packaging). In most cases (at least up to F14 this was true, not so sure after that) such fixes are available from the project creating the application faster. The problem with F15... have to do with the changes that may be imposed by systemd.

There are some Linux virus code existing - the ones I know about are already dead. The big one was the "Lion" virus that affected domain name servers (mostly because I was actually affected by it) - the patch was available within days of its identification... Faster than the signature for the virus could be developed. Within a week or two, nearly all vulnerable servers were replaced - and the worm died. Distributions picked up the update in 3/4 weeks of the available code fixes within the project, and distributed them to complete the purge.

One of the reasons UNIX/Linux systems are less vulnerable is that it is easy to stop a vulnerability - just make the vulnerable executable non-executable. The ones remaining are withing services that are required for work. That is where the firewall comes in.

The built in firewall can be used to restrict network connections to required services to only those systems permitted to use the services. Setting this up can be a pain, but it mitigates the risk of running vulnerable services, and limits attacks to only those machines/people you know.

[w2ibc]

Quote:

Originally Posted by secipolla

You can scan files for Windows viruses in Linux with clamav.

ive done this quite a few times when ive been working on someone elses win machine. works very well.

Quote:

Originally Posted by csillva

From what I've read, it's because Linux has a very different design than Windows which makes it much harder to get a virus, and much harder for that virus to spread if/when it is infected.

Think about the design of a car, versus the design of a motorcycle. They have very different designs, even though both get you from point A to point B. Operating systems can be designed the same way, very differently, even though offer similar features.

In this analogy you can think of getting a virus as the likely hood of falling over. Cars can roll, but it's much harder to do that than roll off a motorcycle. So yes, Linux can get viruses, it's just harder to do so, and harder for the virus creators to spread from machine to machine (which is the usual goal, if you're not being specifically targeted).

As for the second question, let's say you have shared data partition that both Windows and Linux use. And on Linux you download a pdf from a website that has a virus designed to attack windows. On linux nothing will happen. But if you open that document in Windows you will become infected.

As for identifying and removing viruses... I'm not sure. I don't use a virus checker on Fedora. I would imagine removal would be the same as Windows...total reinstall to be sure after zero'ing out the drive using something like dban.

It's easy to highside on bikes.

[cazo]

Quote:

Originally Posted by JuanKman94

You just nailed my doubts with that metaphor. Thanks Could you help me with another one? I already know how to create shortcuts but I wanna creat a keyboard-shortcut.
Since rythmbox is the default media player, I wanna set VLC as the main one. I've tried to simply create a keyboard-shortcut in the System Setting/Keyboard/Custom first. But after that, if I press it, nothing happens. Got any similar experience

If you're using Gnome, click your username in the top right corner & select "System Settings". In the window that opens, select "Details", then click "Default Applications". "Music" is the 4th one down (followed by "Video"). VLC shows up under both for me. You can still right-click on a music file (ie: mp3) & select "Open With" to play it with something else should you want to.

[gurutech]

Another thing about viruses is that there is a much larger user base for Windows than there is for Linux or Mac, so most virus writers would want to dedicate their resources to infect the most amount of computers in the least amount of time - aka Windows machines.

[jpollard]

Quote:

Originally Posted by gurutech

Another thing about viruses is that there is a much larger user base for Windows than there is for Linux or Mac, so most virus writers would want to dedicate their resources to infect the most amount of computers in the least amount of time - aka Windows machines.

Not really relevant... as there are far more big Linux servers than there are big windows servers.

Think Google.

And then think HPC... where single systems have many thousands (if not 10s of thousands) of compute servers each. The top 500 are only the tip of the iceberg - there are many many thousands of Linux HPC clusters in the world.

Think financial systems. Nearly all the stock trading is done using Linux systems now.

[gurutech]

Quote:

Originally Posted by jpollard

Not really relevant... as there are far more big Linux servers than there are big windows servers.

Think Google.

And then think HPC... where single systems have many thousands (if not 10s of thousands) of compute servers each. The top 500 are only the tip of the iceberg - there are many many thousands of Linux HPC clusters in the world.

Think financial systems. Nearly all the stock trading is done using Linux systems now.

I realize more and more servers are running Linux/Unix based OS's, but I was referring to home users.

[jpollard]

It doesn't matter whether it is a "server" or not. A vulnerable system is always useful for illegal purposes.

Servers are actually easier to find than home users. With home users you have to get them to come to you.

The server systems are actually more valuable than home systems - with a home system you only get one or two usable pieces of information - with a server, you get hundreds of thousands.

And that does affect targeting of malware.

If MS provided updates as fast as Linux systems, it wouldn't have a problem either.