Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2010  
January February March
     
     
     
About Diary's Authors
About Diary's Authors

The Analyst's Diary is a weblog maintained by virus analysts from Kaspersky Lab headed by Eugene Kaspersky. Find out more about the authors of this weblog.
Poll
How would you prefer to pay for your antivirus solution?
Using a prepay card
Via your mobile (SMS)
Via the Internet using a debit\ credit card
Using cash\ credit\ debit in a shop
Using an e-payment system (e.g. PayPal)
Other
  View responses
 

  Home / Weblog

Analyst's Diary

The illusion of invulnerability


  Magnus       May 09, 2006 | 17:36  GMT

comments (2)  

On Saturday "Linuxtag 2006" closed in Wiesbaden (Germany). According to the organisers, it’s Europe's biggest Linux Expo.

At the Kaspersky stand we talked to a lot of visitors. Pretty soon, it dawned on us exactly what the biggest threat to Linux systems is: the almost overwhelming belief in the invulnerability of Linux.

Nearly every visitor accepts the need to protect Windows against malicious code (although even at a Linux fair you find people believing that a firewall is all you need to keep viruses and worms away). But many people we spoke to were unable to think of Linux as potentially vulnerable; after all, they argued, a Linux user would never go online with root rights as typical Windows XP home users do.

But such thinking overlooks some important facts:

- You don’t need to have root privileges to delete a user’s home directory of a user or access his personal data - you only need to run malicious code with user privileges. (And not every user makes daily backups which could mitigate the potential damage.)
- The number of new malicious programs for an operating system isn’t related to the number of known security flaws, but to the number of installations. In Germany, the number of Linux distributions installed is growing rapidly, and overall, the number of malicious programs for Linux more than doubled between 2004 and 2005).
- To access a system, a virus writer doesn’t need 300 vulnerabilities - one is enough.
- Vulnerabilities exist prior to their being identified by the developers who report them. Virus writers actively search for vulnerabilities, but keep their discoveries to themselves.
- Only a perfect system can offer perfect security. In his "Areas for Improvement in the 2.6 Kernel Development Process" Andrew Morton (lead maintainer of the Linux production kernel) pointed out that the number of new bugs in the current 2.6 kernel are causing concern, and might lead to the development process being halted until existing problems are fixed.

Just to avoid any misunderstanding: of course Linux is currently more secure than the average Windows installation. This is due to things like user/root separation, a smaller number of installations, and rapid reaction to reported vulnerabilities. And currently, given the relatively small number of malicious programs for Linux, installing a virus scanner is more a gesture of friendship towards the Windows users you share files with. But taking all of this, and coming to the conclusion that your own system is practically invulnerable will make it easy for malware to spread on Linux systems in the future.

Let's take a look at what history teaches: In 2000, the VBS.Loveletter worm took just a few hours to spread across unsecured Windows computers around the world. So far, nothing on this scale has hit the Linux world. But the question is: when the day comes, will users and companies have enough time to choose and install a reliable virus scanner before their systems are hit?

 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com