Debunking the "Linux is virus free" Myth

Is Linux is virus free? The author of foobar blog provides some insight about the same. Linux users can’t just catch a virus by email or downloading malware from the Internet, contrary to “those Windows users”.

From the foobar blog post:


Then you save an email attachment under Linux, the execute flag is normally NOT set and thus, the file can’t be executed just by clicking on it. So, no luck?

Not so fast. Modern desktop environments, such as Gnome and KDE, conveniently offer a nice “workaround” called ‘launchers’. Those are small files that describe how something should be started. Just a few lines that specify the name, the icon that should be displayed and the actual command to execute. Conveniently, the syntax of those launcher files is the same for Gnome and KDE. And those launchers don’t have to have any execute permissions set on them! Desktop environments treat those files as a special case, so when you click on them Gnome or KDE will happily execute the command that was specified within the launcher description and without the need for the execute bit to be set on the launcher itself. Now we are getting somewhere!

Sure Linux is bit secure out of box, but Linux desktop is all together different thing. It is just matter of time, once Linux got popular crackers will target Linux desktop too (think of all those netbooks loaded with Linux). Right now there is not much protections for normal user account and users who will foolishly click on something in an email with attachments. However, SELinux or AppArmor may be used to protect the system.

Read more: How to write a Linux virus in 5 easy steps

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

21 comments… add one
  • iNT13 Nov 21, 2010 @ 0:18

    Self proclaimed security experts should eat their own dog food. The level of ignorance displayed by some of the Windoof fan bois in these posts is hilarious.
    Sophism is word they should try looking up in a dictionary, and while they’re there – look up “computer virus”. If your lips get sore here’s a summary:- self-replicating code. A worm is a form of computer virus that uses the network to propagate.
    Your knowledge of *nix and Windoof is seriously deficient.
    UAC does not protect your computer from malicious code – it reduces the damage done to your computer by the user (silent L) eg. *code* doesn’t need to physically move a mouse to elevate privileges. Yes, running as a member of Administrators increases the damage that malware can do – though that is not a problem unique to Windoof. It’s called “inheritance” and affects all OSs.
    The problem with Windoof is that escalation of priveleges is made easy due to the authentication flaws – one window authenticates calls from another window by…. asking it (Fail!).
    Numbers has nothing to do with whether an exploit is possible (more Windoof than Linux) – it just determines the value of a target for exploit developers, not the ease with which exploits can be developed. Hint:- Windoof is *not* the most common Operating System – it is not the operating system that is the highest value target. eg. access to the banking details of the average Windoof user is far less attractive to black hats than access to the Banks. But that’s the problem with ignorance – it’s used to dismiss what is not known on the basis of what some one wants to believe, rather than by empirical methods. Is French a language not worth anything just because some one doesn’t speak it? (does ATA_LOCK *not* work on Windoof?…).
    Most of Windoof “protection” comes from add-ons. With *nix the privelege system is build into the core. Not that *any* OS is totally secure.
    To say that Windoof is exploited because it’s more common just demonstrates ignorance…. what – more common on the desktop? It’s about as stupid as those that proclaim their Windoof machine to be clean. How do you know? I’m not a doctor, so I don’t “know” I don’t have cancer.
    I “know” my machine is clean of ‘some types of malware’ by studying the logs of a transparent proxy and sniffers – not because I have a “gut feeling”.
    I “know” that the examples of a ‘virus’ given here is bullshit, because I can understand what is meant by the term “virus” – through looking up the term and measuring it’s meaning against the examples given. Not through trying to justify some emotional investment in rubbish.
    Not that *nix fan bois are free of ignorance either… “many eyes” does not guarantee that the eyes see and understand everything. And before other point out the problems from backdoors in compilers – Windoof is built from C too (most OSs are).
    Windoof security problems are three-fold:-
    A core built on a stripped/dumbed down copy of *nix (CPM)
    A user-base with a silent L (who think Harvard architecture is an english building style)
    A marketing model based on obsolescence (nearly twenty years of patching).

    Pick a flavour of Windoof – measure the base install size, then add up the size of all the issued patches…. now think of Windoof as a car and patches as recalls. Is your car made of sand and spit?
    In the land of the blind the one-eyed man is king, and if 16 million believe a stupid thing – it. is. still. stupid.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.