When Malware Comes to Linux
Nov 27, 2013 5:00 AM PT
This story was originally published on Aug. 19, 2013, and is brought to you today as part of our Best of ECT News series.
There once was a time when Windows users could feel relatively safe and secure as they made their online excursions around the World Wide Web.
Those days ended relatively quickly, of course, followed soon afterwards by a similar waning of confidence on the Mac side.
For those of us who prefer Linux, however, the Age of Innocence -- as one might call it -- has lasted much longer. Indeed, the recent discovery of the "Hand of Thief" Trojan has brought that fact to the forefront of many users' minds, frequently accompanied by a raft of fresh doubts and insecurities.
'Should We Be Afraid?'
"Given the recent Hand of Thief news in which RSA's Limor Kessem explains how a Linux malware kit is sold on Russian websites, I have been contemplating about Linux security again," began blogger Hans Kwint on LXer, for example, in a recent post entitled, "Linux Malware: Should We Be Afraid?
"Here's my question to you," Kwint added. "Are you afraid attackers [will] break into your Linux boxes? Do you scan for rootkits from time to time, and check md5-sums of executables against your 'trusted-list?' Do you consider one distro safer as another? What is your level of paranoia?"
Linux bloggers, as per their wont, didn't wait for a second invitation.
'Working Security Features'
"Linux malware isn't new, but for one reason or another it never seems to spread far," Hyperlogos blogger Martin Espinoza began. "Sure, users could be tricked into installing malware from repositories in Ubuntu, but that could happen on any distribution with meaningful package management.
"Linux at least has some generally working security features that help keep infection down," Espinoza added.
"I've been using GNU/Linux for more than a decade and never saw any malware on it while I have seen hundreds of infections on a single PC running that other OS," blogger Robert Pogson agreed. "Malware does exist, but GNU/Linux has so many layers of defense that unless a repository distributes it, the malware may not even run on a GNU/Linux system.
"There are all kinds of checks against that happening unless someone sneaks it into the source code," he explained. "With the open development process of FLOSS, that is very unlikely to happen."
'An Honorable History'
Any device that runs code can get malware, Google+ blogger Kevin O'Brien told Linux Girl. "This is undeniable. So while Linux has an honorable history of being security-conscious, much depends on what the user does.
"If you run as root instead of as an ordinary user, if you do not require a login to your system, if you have no firewall between you and the Internet, well, you are asking to be a an object lesson," O'Brien explained.
"The fact is that Windows 8 has pretty much caught up and is a good, secure system if used properly," he concluded. "Mac OSX is basically BSD at its core. So the only advantage Linux really has now is low market share (on the desktop). That is not a very powerful shield, so learning safe computing applies to us as well."
Indeed, "everybody is shocked and amazed that there's malware for Linux. I say, big deal," opined Linux Rants blogger Mike Stone.
"It's a Trojan Horse," Stone explained. "Do you know what operating systems are immune to Trojan Horses? It's a pretty straightforward answer: None of them are. Ever. There's not an operating system that's ever been written that's immune to a Trojan Horse."
Meanwhile, "there will be people that make the claim that Linux is becoming more of a target because it's becoming more popular," Stone added. "I say bunk to that too. People that make that claim ignore the fact that Linux is extremely prevalent in every market it's a member of."
Linux may not yet be crushing its competition on the desktop, but "who thinks that there's no reason to attack the operating system that runs the majority of the world's websites, a massive chunk of the Internet, over 90 percent of the supercomputers out there and now a vast majority of the smartphones sold in the world?
"The Stock Exchanges in New York, London and Tokyo all run on Linux," he pointed out. "No reason to attack that? Please."
'Nothing Has Changed'
So, should we be afraid?
"No, not really," Stone concluded. "We should be careful, but that has always been the case. Nothing has changed about that since the power switch was flipped on the very first computer.
"The rules are simple, and they haven't changed," he added. "Use some common sense about where you go and what you do on the Internet, and for Pete's sake, don't believe everything you read. Just because an email says it's from your bank doesn't mean that it is."
In fact, most Linux malware is actually "malicious scripts that run inside the browser thanks to other, third-party software -- something proprietary like Java or Flash," Google+ blogger Gonzalo Velasco C. offered.
"I'm not too much concerned," he added. "GNU/Linux, because of its architecture, is safer than other OSes. The recommendation is always the same: Beware where you click, what you download, which sites you visit. In the case of GNU/Linux machines: never work/run things like the 'root' user and you'll be protected enough."
'Malware Will Come'
"The threat profile for Linux malware is fundamentally different than it is for Windows due to a number of historical differences between the user bases," Travers continued. "In particular, the security models are based on sufficiently different assumptions that these are not really comparable.
"Malware will come to target consumers on Linux, and when it does, we will need to address the challenges it poses," he concluded. "Everything from code management to repository management will need to evolve to meet such a threat, but it will. The software evolves. The culture evolves. That is life."
'A Legitimate Threat'
There is no such thing as a safe OS, Slashdot blogger hairyfeet agreed.
"The reasons why are simple: 1. ALL modern OSes are some of the most complex programs ever written by man; 2. Man is fallible and makes mistakes, which translates into holes; and 3. With a larger presence comes more attention from all including malware writers."
So, "'Hand Of Thief' is just the beginning, folks, because as more and more virus writers find out that Android bugs can often run on Linux and that 'How to write a Linux Virus in 5 easy steps' works, then more and more malware writers will simply make their wares cross-platform."
The real question now, hairyfeet concluded, "is whether the Linux community will 'man up,' accept this is the case and take steps to minimize risks? Only time will tell, but it IS a legitimate threat."
'We Must Be Afraid'
Similarly, "YES! We must be afraid and take action," Google+ blogger Alessandro Ebersol urged.
"Years of no significant attacks on GNU/Linux made the users kinda of lazy," Ebersol explained.
"I, for one, installed NoScript and am avoiding websites that are not well-known," he concluded. "Every security measure must be taken to assure GNU/Linux won't be the new win XP for virus and exploits."