Viruses for * n * x exist!
If you are sure that by going to Ubuntu you will insure against virus attacks, then the future of the Earth is at stake. * Nix-platforms are gaining global popularity, and with it the threat of a viral tsunami that will overwhelm the computers of inexperienced users is growing. Security * nix against viruses is relative, and in the near future, it seems to me, it will generally be recognized as a myth.
Here are a few facts that can dispel this myth, and make you install ClamAV and check it more often.
Surprisingly, the first viruses were written and functioned under Unix. It is worth mentioning such a charismatic sample as Elk Cloner, writtensomewhere in 1980-82 years. His malicious activity was to print a poem:
Well, in uncontrolled reproduction, of course. In addition to him, the virus construction pioneer Fred Cohen (Fred Cohen) and several of his viruses under VAX / 4BSD come to the memory - as yet fun, but still the Unix viruses that started it all.
It is difficult to leave your feelings without explanation. If it seems that Linux is invulnerable, there must besome reasons for this. That's what we usually invent.
In fact, this is so only until you go beyond user authority. If you are used to working in an administrator or root account, no rights will save you.
In my previous job, I naturally beat my programmers on my hands, if I managed to notice a window with root privileges on the screen. The window after beating closed without questions and save.
True, but have you ever been looking for them? Are you sure your copy is safe? And users of Ubuntu - how often do you install software from source ? Maybe you prefer binary packages? Are they also easy to scan for dangerous code? Admit it: you never looked at them. Are there already third-party repositories in your sources.list?
The exchange of programs between inexperienced users is in binary form, and this is not the reason for your peace of mind.
But it was a wide range of systems that gave birth to ANSI C and cross-platform software. The success of Firefox and the presence of theC-compiler on almost every copy of * nix-systems should dissuade you from this reason.
Standardizing the binary format for executable files further defies confidence. In addition, the assembler is everywhere an assembler, the question is only in the architecture of the processor of the target system. Do you have PowerPC, SPARC or Intel x86?
How a virus infects a computer depends only on the competence and imagination of the author of the virus, because there are many ways. Here are at least a few.
One of the easiest and most accessible ways to write a program ... or a virus. For a Unix virus, 200 bytes of shellcode is sufficient. The presence of various widespread powerful scripting languages (Perl, Python) only increases the danger.
An example of using shell scripts is the "man page" -virus that infects man's manual pages. It cannot spread unless you yourself give a formatted man page to someone, but thanks to the GNU troff capabilities, it can execute programs and access files. .
Well, the fact that the preference of Linux, and not Windows, does not reduce the number of users who run everything, especially that they were sentby e-mail or uploaded to ftp.
The most common class of viruses today does not wait until the user launches them - the worms actively penetrate the system using vulnerabilities. Further actions of these programs - again a matter of taste of the authors.
And the vulnerability in your Linux or BSD is definitely there - because the system is not naked like David, it is hung with a bunch of software that functions (including in the background, without your attention) every second while the computer is running. With the next update, look in the changelog for some packaging closer to the system part, are there many vulnerabilities covered by the developers? So you will understand that there were a few “holes”. How much is left - again, you do not know. By the way, how long have you been updating system packages?
There is in * nix an environment variable such as LD_PRELOAD. Theoretically, it should be used if your software requires a specific version of the library, and another version is installed on the system. Practically, if a virus is substituted for a specific library, then it is not your system.
To reduce the number of minuses for this post, the conceptual code of such a library I will not give here, but it is too easy to find on the Internet.
One of the most dangerous concepts is viruses capable of infiltrating into the kernel (kernel image) of a system. They will really be able to do anything with the system, it will be more difficult to get rid of them, so in the end it is one of the greatest dangers for careless Linux users. So far such viruses exist only theoretically, but sometime the theory will become a practice.
Surprisingly, many Trojans, viruses and worms for Windows can work under your Linux - just install Wine. Incomprehensible commitment of some switchers to Microsoft Internet Explorer coupled with installing it through the ies4linux script only enhances the effect - you get a leaky OS that functions less tightly inside. The chance of losing data or becoming a spam zombie increases (if you do not follow basic computer hygiene standards).
Here are a few facts that can dispel this myth, and make you install ClamAV and check it more often.
Pioneers
Surprisingly, the first viruses were written and functioned under Unix. It is worth mentioning such a charismatic sample as Elk Cloner, written
It will get on all your disks
It will infiltrate your chips
Yes it's Cloner!
It will stick to you like glue
It will modify ram too
Send in the Cloner!
Well, in uncontrolled reproduction, of course. In addition to him, the virus construction pioneer Fred Cohen (Fred Cohen) and several of his viruses under VAX / 4BSD come to the memory - as yet fun, but still the Unix viruses that started it all.
Illusions
It is difficult to leave your feelings without explanation. If it seems that Linux is invulnerable, there must be
The system of delineation of user rights does not leave the virus any chance
In fact, this is so only until you go beyond user authority. If you are used to working in an administrator or root account, no rights will save you.
In my previous job, I naturally beat my programmers on my hands, if I managed to notice a window with root privileges on the screen. The window after beating closed without questions and save.
Open source cannot contain viruses - they would be found right away.
True, but have you ever been looking for them? Are you sure your copy is safe? And users of Ubuntu - how often do you install software from source ? Maybe you prefer binary packages? Are they also easy to scan for dangerous code? Admit it: you never looked at them. Are there already third-party repositories in your sources.list?
The exchange of programs between inexperienced users is in binary form, and this is not the reason for your peace of mind.
There are so many different distributions of different * nix-systems. They have too many differences, viruses will not spread widely
But it was a wide range of systems that gave birth to ANSI C and cross-platform software. The success of Firefox and the presence of the
Standardizing the binary format for executable files further defies confidence. In addition, the assembler is everywhere an assembler, the question is only in the architecture of the processor of the target system. Do you have PowerPC, SPARC or Intel x86?
Ways
How a virus infects a computer depends only on the competence and imagination of the author of the virus, because there are many ways. Here are at least a few.
Shell scripts and unwary users
One of the easiest and most accessible ways to write a program ... or a virus. For a Unix virus, 200 bytes of shellcode is sufficient. The presence of various widespread powerful scripting languages (Perl, Python) only increases the danger.
An example of using shell scripts is the "man page" -virus that infects man's manual pages. It cannot spread unless you yourself give a formatted man page to someone, but thanks to the GNU troff capabilities, it can execute programs and access files. .
Well, the fact that the preference of Linux, and not Windows, does not reduce the number of users who run everything, especially that they were sent
Worms and Vulnerabilities
The most common class of viruses today does not wait until the user launches them - the worms actively penetrate the system using vulnerabilities. Further actions of these programs - again a matter of taste of the authors.
And the vulnerability in your Linux or BSD is definitely there - because the system is not naked like David, it is hung with a bunch of software that functions (including in the background, without your attention) every second while the computer is running. With the next update, look in the changelog for some packaging closer to the system part, are there many vulnerabilities covered by the developers? So you will understand that there were a few “holes”. How much is left - again, you do not know. By the way, how long have you been updating system packages?
Fake libraries
There is in * nix an environment variable such as LD_PRELOAD. Theoretically, it should be used if your software requires a specific version of the library, and another version is installed on the system. Practically, if a virus is substituted for a specific library, then it is not your system.
To reduce the number of minuses for this post, the conceptual code of such a library I will not give here, but it is too easy to find on the Internet.
Kernel viruses
One of the most dangerous concepts is viruses capable of infiltrating into the kernel (kernel image) of a system. They will really be able to do anything with the system, it will be more difficult to get rid of them, so in the end it is one of the greatest dangers for careless Linux users. So far such viruses exist only theoretically, but sometime the theory will become a practice.
Windows viruses and Wine
Surprisingly, many Trojans, viruses and worms for Windows can work under your Linux - just install Wine. Incomprehensible commitment of some switchers to Microsoft Internet Explorer coupled with installing it through the ies4linux script only enhances the effect - you get a leaky OS that functions less tightly inside. The chance of losing data or becoming a spam zombie increases (if you do not follow basic computer hygiene standards).
Examples
- Lion Worm infects Linux systems running the BIND DNS server version 8.2,
8.2-P1, 8.2.1,8.2.2-Px, and all8.2.3-beta. - Linux.Diesel Virus in AVP terminology "benign, nonmemory resident parasitic virus".
- Linux.Vit.4096 . The reference even has a diagram illustrating the principle of system damage.
- Ramen virus exploits security vulnerabilities in standard Red Hat Linux 6.2 and 7.0
- Winux Virus is a cross-platform concept virus for Windows and Linux. Not yet spread.
- * nix malware - results of 2005 and development trends - an old article on a topic from the Laboratory of citizen K.
Medicines
- http://www.clamav.net/ , of course;
- For Ubuntu users: fast, free and easy - http://ubuntuguide.org/wiki/Ubuntu:Feisty#How_to_install_ClamAV_AntiVirus_Server
- http://aachalon.de/AMaViS/
- http://www.Europe.Datafellows.com/
- http://www.sophos.com/downloads/eval/savunix.html
- http://www.antivirus.com/products/isvw/
- http://www.drsolomon.com/home/home.cfm
- http://www.mcafee.com/
- http://www.avp.ru/
')
Source: https://habr.com/ru/post/12600/
All Articles