Breaking Myths: Part I
- Published December 18th, 2005 in Tech Comment, GNU/Linux
People tend to establish some myths due to the lack of knowledge about some subject. And then they build their arguments upon then, which generate unreliable truths. From time to time, it’s important to vanish some of them.
The myth I’ll be talking today is that the number of virus is proportional to the popularity of the operating system. This is plain wrong and people who normally say this are Microsoft biased. They use this theory in order to forgive their so loved operating system of the infinitude of virus.
I’ll try to prove this wrong by conceptually building a virus that could attack another operating system that has a completely different architecture of what Windows has. Let’s pick a *nix based OS. For that matter, I’ll be choosing GNU/Linux due to my familiarity with it (I use it exclusively over the last 4 years, sharing some timeline with Mac OS X). I could have picked any other, like FreeBSD or Mac OS X.
Now, I would have two chances of designing a virus.
- Build a virus to explore a system flaw, an exploit therefore
- Have myself contented with ripping the user’s home directory
Now suppose you’ll be building a virus to explore a kernel’s flaw. Ok, as for GNU/Linux, please be kind and pick your kernel. It could be 2.6.15-rc5-mm3. Hmm, perhaps version mm4 would correct that bug. Let’s pick other that’s more common. Is 2.6.14 alright? But hey, don’t forget the last digit. Are you willing for 2.6.14.3 or 2.6.14.4? You gotta watch out!
We weren’t very successful with this approach. Instead, let’s try to explore a software that runs as root and does plenty of system calls. DHCP daemon. For example, dhcp3-server. Let’s target our virus for Ubuntu Hoary. That would correspond to dhcp3-server 3.0.1-1ubuntu4. But wait, this is after the security updates. Was the bug fixed by that time?
I think this is enough to get my point understood. It’s time to look at the second way of writing a virus to target GNU/Linux.
Ok, the user was dumb enough to run as root. This is damn rare nowadays so I won’t consider this. On the other hand, the user runs correctly as a normal user. Then he would get his home folder clean. This means that the worst the virus could do was rm -rf /home/usershome.
Plus, on the *nix world, you don’t get a virus by simply reading your email. But Windows users do. Check it out. You could easilly override this by using a good email client like Mozilla Thunderbird instead of Outlook Express.
To end my chronicle, I must say that *nix users aren’t that lucky to have RPC available by default so that a remote user at whatever place in the world can turn off your computer. That’s distributed computing allright :-)
i agree and disagree with you :)
the fact that linux could become a widely spread and used Operating System means that much of that could change. For example, you see today some organization (schools?) installing Ubuntu. suppose the sysadmins dont make the security updates (thats what happens in most of the windows cases)… that means the “2.6.14.3″ or “2.6.14.3-mmwhateverpatch” argument would not apply and the exploit could be out there in the open.
now, second argument: the virus could only remove the user directory. correct
but then you say, this is not likely to happen because virus dont spread by email. again, this is the case NOW. suppose again linux becomes a widely spread OS. this means lots of millions of people would probably be interested in programming stuff for linux (just like now there are lots of junk software for windows). To overcome dependencies and packaging problems, they would probably create only one binary file to run/install the app. of course right now almost nobody does this (realplayer does)
And its not that difficult also for that program to prompt the user for the root password so that it can be installed (faking a sudo for eg.)…. after that.. you know what ;)
still i agree with most of your post, and i use linux for 7 years now :)