[vox-tech] Linux's Vulnerability to E-mail Viruses

Micah Cowan vox-tech@lists.lugod.org
24 Apr 2002 22:00:56 -0700


On Wed, 2002-04-24 at 21:21, Richard S. Crawford wrote:
> I'm operating under the assumption that while viruses for Linux that
> spread like Windows viruses are very rare, there are still some out
> there.
> 
> So, given that, what level of vigilance is necessary against incoming
> viruses in a Linux system?

Viruses for Linux exist, but are rare.  E-mail viruses, as per your
subject line, don't exist at all (yet).  This is because Windows has
default settings which will actively run any scripts embedded in HTML
mail, which means that as soon as you read your email, that embedded
script can run, say, an attached executable with massively destructive
capabilities >:] >:] >:]

...Linux has no problems of this sort, for the simple reason that nobody
has been stupid enough to write mail clients which are capable of
automatically running executables.

However, if you have an attachment which is some sort of script, or is a
file which takes advantage of a buffer overflow, etc. it could still do
damage if you have mailcap settings which will automatically run it or
load it into an insecurely buggy program - that latter, however, is
extremely unlikel - still, with the zlib buffer problem that was
recently discovered, such things are certainly not impossible.  So, the
rule for Linux is basically the same as for Windows:  never view
attachments when you don't know the source.

But, as to Linux viruses in general: the reason they are so rare is that
they are not very effective unless the victim is unusually moronic. 
Because they can only do damage to things over which the victim has
privileges.  If you're an average joe-type user, the best it can do is
wipe out your particular files.  It can't touch anybody elses files, and
can't screw up your system, generally speaking.  Most of the "viruses"
around today aren't really viruses at all - they're trojans, which
require the user to run them as root (or at least a very priveleged
user).  Since root tends to be suspicious (hopefully) of strange
programs, such problems are rare indeed.

-Micah