[tlug] virus problem (was: Self-introduction)

[Attila Kinali <attila@example.com>]

On Sun, 28 Jun 2015 16:48:17 +0900
"Stephen J. Turnbull" <stephen@example.com> wrote:

> It's a question more Linux users should be asking themselves....  Not
> too seriously yet, but if the bad guys ever turn their attention to
> us, I doubt that there are many Linux users who could defend
> themselves against the kind of sustained attack that led to the
> antivirus subindustry in Windows.
> 
> Plain English: "Linux doesn't have a virus problem" is a mantra any
> moron can memorize, but I doubt there are all that many fanboys who
> can tell why it there's no problem now, and under what conditions a
> problem could arise.  You know more than you think you do. :-)

I know I am going here off on a tangent, but I actually think
that we already have a virus problem. A different one than windows,
but we already have it.

But first, I don't like to talk about virus, because that term,
in its original sense, does not apply to the malware we are seeing
today. 

On windows, most of us see worms. Small (or not so small) pieces of 
code that spread from computer to computer, but do not actually
infect other programs (hence are not a virus). Why is this the
biggest threat? Well, because there are so many windows machines,
that are barely protected, once you get behind the firewall.
Thus it is easy to infect the machines one by one if you get into
the network, and then let them connect outside to some CnC system
for the sinister work.

On linux, though, we have usually exploits that target some services.
Why? Because most linux machines are servers. They are almost always
directly connected to the internet with very little protection, thus
have to protect themselves. Hence, it is not easy to get another
linux box, once you are in the network. But the mechanism works the
same nevertheless: One machine gets infected and starts to search
for other machines with known exploits and tries to infect those.

The impact on linux is smaller, just because sysadmins tend to configure
their services they offer to the internet differently, have different
version, compiled with different parameters which makes exploitation
of bugs more difficult and limits the percentage of the linux population
that can be infected. But those who remember the early 2000s know that
there were several worms that targeted specific red hat installtions
and thus that this "biodiversity" protection isn't as good as we make
ourselves believe. With the current exploits targeting mostly common
webservices/frameworks (joomla, wordpress,...) this will get even worse.

Yes, we call these "problems" exploits, rather than "worms". But essentially
they are the same: automated exploits that spread from computer to computer.
And once you have such a bug on your system, it's as hard to get rid of
it as it is on windows.

I think the only reason why linux isn't yet such a big target, is because
it's still a lot easier to write exploits (and thus wurms) for windows
than for linux. And as such, windows is easier money than linux.
On the day, when windows levels the field by better security measures,
then linux will have a real problem.

			Attila Kinali


-- 
I must not become metastable. 
Metastability is the mind-killer.
Metastability is the little-death that brings total obliteration.
I will face my metastability. 
I will permit it to pass over me and through me. 
And when it has gone past I will turn the inner eye to see its path. 
Where the metastability has gone there will be nothing. Only I will remain.