Funny, I use the words 'linux' and 'virus' in the 'body must contain'
section for the just the last two years and get about 45 hits.
OK, so you got 45, I got 80-some. Point is, they're not Linux viruses.
Perhaps you're quibling about the definition of 'virus'. Here is one hit
that discusses several trojan horses
Yes, trojans are _not_ viruses. A virus spreads itself; a trojan needs
human intervention to install. A "virus" that comes with an
installation procedure that includes "OK, now change ownership to root,
make the file executable, become root and run it" just isn't going to
have legs.
that can be remotely inserted into
linux systems by the rpc.statd service (common on many unix systems
including linux). Once installed, the trojan's let a remote user into all
sorts of nasty places.
Yes, trojans exist and are fixed from time to time, usually without the
exploit getting into "the wild". Contrast this to Windows
virus-of-the-week in frequency, impact, and self-spreading to see the
dramatic difference. It's hardly "quibbling", the terminology has
distinct definitions.
Note the year on that one... it's notable that the example you chose is
5 years old...
An anti-virus product for Linux (now, why would Linux need such a product if
there are no virii?) that needs a patch because it doesn't detect the
Sober.D virus.
Yes, there are antivirus scanners for Mac, and for Linux, and for
Solaris, and so on, which do scan for Windows viruses. We use a Unix
host to do just that at work, because it mounts the same filesystems,
and filters the email, before the Windows clients get to it. Those are
windows viruses it's scanning for.
Includes a warning that linux systems may become infected by
Sober.D even though their antivirus definitions are up to date.
Can you show me a direct link to that please? sober.d doesn't show up
in the document you mention.
You aren't reading carefully, sorry. F-secure is one of the products
such as I mentioned above - runs on Unix to filter out Windows viruses.
That's what they mean by "servers (and) gateways" in the Description.
Nowhere in that document does it say that Linux systems can become
infected by sober.d, it says "F-secure Anti-Virus for Linux contains a
flaw that may prevent it from properly detecting the Sober.D virus.",
and that they "may not be filtering out the Sober.D virus". Says
nothing about an infection. I'm going to assume this is just an error
on your part, rather than an intentional distortion, because (a) I know
you, kind of, and (b) you're not the kind to give links and lie about
what they say.
A 'vulnerability' in /bin/login that allows a remote user to gain root
access to vulnerable versions of linux
http://www.cert.org/advisories/CA-1994-09.html
Yes, yes, and this is also not a virus by any definition.
A worm that propagates itself through Apache on linux systems.
http://www.cert.org/advisories/CA-2002-27.html
worm. Not virus, worm.
The last paragraph of the 'introduction' of Home Computer Security, stresses
that regardless of operating system, the issues are the same.
http://www.cert.org/homeusers/HomeComputerSecurity/
Issues, as in "know what you're running and who gave it to you", yes.
Issues as in "sober.d can infect your computer regardless of platform",
no.
The 'ramen' toolkit contains a mechanism to self-propagate and includes
methods for a virus write to exploit vulnerabilities in linux's rpc.statd.
http://www.cert.org/incident_notes/IN-2001-01.html
Also not a virus.
An announcement from SuSE regarding vulnerabilities in BIND8 on their Linux
distributions. Okay, it's not a virus, but it's a hole that leaves the
system pretty open to attack by a remote user.
http://www.kb.cert.org/vuls/id/JARL-5FTQ6G
You're right, that's not a virus.
The first known linux virus was found in 1996
http://www.f-secure.com/v-descs/staog.shtml
"Staog is not known to be in the wild at the time of this writing
(February 1997)". Sorry, but you're going to have to do better than an
8-year-old lab thought experiment.
Here's another virus information search page. Just typing in 'linux' finds a
few linux specific hits.
http://www.f-secure.com/v-descs/
These indicate to the informed user that Linux systems *do* suffer from
vulnerabilities that would allow malicious code to intrude and interfere
with operation, or allow remote use of a linux system in DOS attacks.
All of which are not _viruses_ by anyone's definition (but maybe yours).
The modularity of linux allows the community to address specific program
problems on an individual program basis (such as the rpc.statd, apache, or
/bin/login problems). But anyone so naive as to think they don't need to
worry about virii because they are using the 'xxx' OS, will someday find out
how wrong they are.
Get back to me when there are real viruses for OSX and Linux, in the
wild, and then we'll discuss it. In the meantime, it's more of the same
as you've shown me. It's fine that you enjoy Windows, and all that, but
distorting the definition of "virus" to make it look like (often
hypothetical) vulnerabilities are the same thing is disingenuous at
best.
To quote from an op-ed piece, "The single biggest security issue facing
Linux users at the moment is the misconception perpetuated by highly vocal
advocates that Linux is somehow impenetrable to security-based attacks,
Red-herring. You're better than that.
and
in particular, viruses and other malware."
Still no spyware, still no viruses. No matter how you try to redefine
it.
