Why is it difficult for viruses to “infect” Linux OS?
7 min readWhy is it difficult for viruses to “infect” Linux OS?
Why is it difficult for viruses to “infect” Linux OS?
Many people may hold the view that Linux has fewer viruses because Linux is not as popular as Windows. In fact, this view has been refuted for a long time.
One of the most powerful arguments is:
If the person who writes the virus writes Windows Viruses are destructive because of the large number of Windows users, so most of the servers on the Internet are based on Unix/Linux.
Wouldn’t it be more destructive to attack these servers?
For a binary Linux virus to infect executable files, these executable files must be writable by the user launching the virus. In practice, this is usually not the case.
The reality is usually that the program is owned by root and the user runs under an unprivileged account. Also, the more inexperienced the user is, the less likely he is to have an executable.
Therefore, the less aware of this danger the user’s home directory is less suitable for virus propagation.
Even if the virus successfully infects a program owned by this user, the task of its further spread would be very difficult due to this user’s limited privileges (of course, this argument may not apply to Linux newbies running single-user systems. Such Users may be careless with the root account).
Linux networking programs are built conservatively, without the advanced macro tools that make it possible for Windows viruses to spread so quickly these days.
This is not an inherent feature of Linux; it is simply a reflection of the differences in the two user bases and the resulting differences in successful products in the two markets.
Lessons learned by observing these problems will also be used in future Linux products.
Linux application software and system software are almost all open source. This affects the virus in two ways.
- First, it is difficult for viruses to hide in open source code.
- Second, for binary-only viruses, a new compilation and installation cuts off one of the main transmission routes of the virus.
Although Linux distributors also provide a large number of binary packages, users mostly download these packages from the reliable software repositories provided by the distributors, and most of them have the md5 verification mechanism and are extremely secure.
Each of these obstacles is a significant impediment to the successful spread of the virus. Yet when they are considered together, the basic question emerges.
For a computer virus, like a biological virus, to spread, it must multiply faster than it can die (be eliminated). The obstacles mentioned above effectively slow down the reproduction speed of Linux viruses.
If its reproduction rate falls below the threshold needed to displace the original population, the virus is doomed from the start — even before potential victims are aware of them.
The reason we haven’t seen a real Linux virus go viral is that none of the Linux viruses that exist can thrive in the hostile environment that Linux provides.
The Linux viruses that exist today are merely technical curiosity; the reality is that there are no Linux viruses that can survive.
Of course, this doesn’t mean that no Linux virus will ever catch on.
It does mean, however, that a successful Linux virus must be crafted and innovative to survive in an unfit Linux ecosystem.
Linux is “not afraid” of viruses, and it has become “no” viruses in Linux.
This argument can be crooked. Indeed, there are still many people who have misunderstandings about security (understanding) in a similar series of software, for example: firefox can be infected by viruses, because firefox does not have its own anti-virus software, so the security of firefox is also a myth.
In fact, not at all (nor), firefox’s internal isolation system, as well as the lack of support for ActiveX and VB itself, makes it difficult for viruses to exploit.
In the same way, as for the reason why there are fewer viruses under Linux, some people say that Linux was born in a relatively small age.
In fact, Linux, as a Unix-like system, has many BSD series programs running on it, and its design ideas and software have both. After a much longer test than windows.
In addition, it is said that there are few viruses, or there are few machines running Linux, and the economic benefits are low, so that hackers are disdainful.
In fact, a lot of really running large business data is Linux. And there are too many large-scale Linux-centric websites. At least any version has more than one such center.
According to the theory of quantity, as long as any one of these websites has problems, it will explode on a large scale, but it has never happened this kind of problem.
Therefore, these concepts are fundamentally confusing. If these can cause harm, the economic background and quantity of Linux are quite large. Unfortunately, these are all nonsense.
In fact, from the concept of computer virus, it is not a malicious program, with the characteristics of self-reproduction and destruction.
If the system is free from viruses, it means that such programs cannot be written, which is impossible in itself.
Although the concept is a bit abstract, how difficult is it for a programmer to write a program that can copy and multiply itself for malicious purposes? it is good).
But security is not solved by firewalls and antivirus software and a simple word like “be careful” or “watch”. Linux already has a set of methods to prevent this kind of problem.
The access control matrix is an access control matrix. Linuxer takes the trouble to enter passwords and then enter them.
Sometimes it is very annoying, but a well-guaranteed system lacks the opportunity to be modified by malware.
A virus can achieve proliferation and memory consumption in a very limited range at most, but it cannot be endanger the entire system.
Thread protection is also well done, and the space for privilege escalation is squeezed.
Each version comes with filters and firewalls. Many versions are installed directly. Although it will not be very good if it is not configured, it is better than nothing.
Moreover, the rapid upgrade and patching make the exploited vulnerabilities of the system very difficult to see, and the patching of the software is faster.
Microsoft’s kernel code is closed, so it should be more secure, but sometimes it is strange, the source code developed by Linux can better eliminate virus hidden dangers at the kernel level.
Linux often exposes kernel vulnerabilities, this is a normal phenomenon, not a disadvantage, this is an advantage, that is, many people are thinking about doing this, in order to be more secure, don’t make a fuss, they always think: “Writing like this What security problems might there be in the kernel of the Unix-like system?”
So we made changes, so our kernel upgrades and patches are not passive, but active in many cases, which is very common in Unix-like systems, such as OB, which is known for its safety, fundamentally reduces security problems through this inspection method, so it has achieved a good record that no loopholes have appeared in 6 years, and only 2 minor loopholes have been found in 10 years.
That is to say, once a patch is added to a Unix-like system, countless hidden dangers are eliminated. On the other hand, the thinking of windows is the opposite.
Windows can rarely be patched from the kernel level, and the upgrade speed is very slow.
Therefore, many patches are only temporary solutions, but not the root cause, and many of them cannot be solved by Windows light patches, such as thread permission control, which is impossible. Because of the existence of the virus, the structure of windows has changed.
Another advantage of the openness of Linux software is that it is open source, and he accepts public supervision and unified management.
It is difficult to hide virus codes, and most software in Unix-like systems is not downloaded and spread at will like windows, but It is maintained and uploaded by someone.
Once a problem occurs, it can be quickly located and the source of the virus can be found. I rarely see people installing software from their own sources.
Even if they are not from their own sources, they are websites like sorceforge, and the binary installation needs to be compiled, which cuts off the spread of the virus.
What the virus encounters here is A paradox: for a virus to work, it needs to form an executable file, and a virus that forms an executable file doesn’t work. (ps: admit my ignorance, in fact, I don’t know that compiling will make the virus disappear, this is not my research conclusion).
For most binary packages in the source, the general Linux software manager has a mandatory md5 verification mechanism, so if there is virus tampering, it is easy to find.
Want to spread the virus? There are too few opportunities for Linux to come through software.
When the transmission route is cut off, the exploits are patched, and the trigger conditions cannot be fulfilled, viruses—malicious programs—can’t become effective viruses, they can only be regarded as superfluous programs, and in many cases they are not even capable of infecting No, come when it comes, and then docilely wait until it is deleted along with the virus file. Therefore, although there are many anti-virus software under Linux, they mainly deal with viruses on windows during cross-platform operation.
Sum up:
In short: Linux “is not afraid” of viruses, not that Linux “does not have” viruses, borrowing the conclusion of an article: the Linux viruses that exist now are only technical curiosity; the reality is that there is no Linux virus that can be supported.
