Thursday, September 27, 2007

The linux spyware challenge

Haz clic aquí para Español

I've been using linux for quite some time now, and I've never had any problem with spyware or virus infections. At the other end of the spectrum we have Windows. On an almost daily basis working in the IT industry, I see windows machines that are infected with spyware and viruses to the point of not being able to access internet, and not being able to clean the infection off the system with the exception of creating a two day project to do nothing but clean that one system. (who has time for that)

I told a co-worker who is a noob to linux that I would pay him $100 if he could, within the period of one week, infect a linux system with viruses and spyware to the point where it would have performance issues. The only condition was that he has to run as a regular user, not root. Anybody who's used linux for any amount of time knows that this is standard linux procedure and to do otherwise would be idiotic (aka windows).

He is absolutely convinced that he can infect the system. Right off, he told me he would just visit all the warez and porn sites that are typically infested with viruses. The only problem with this thinking is that those are all windows virsuses. Sure, you might come out of there with a great collection of windows viruses, but there's no way in hell you would get them to run in linux (maybe in WINE, but that doesn't really count because it is just imitating an inferior operating system).

I actually put this to the test tonight. The first site that comes to my mind is freeserials.com, which is absolutely infested with trojans. Just as I suspected, absolutely nothing happened. I then continued on to many other warez and porn sites and encountered the exact same things. Lots of windows virsuses, none of which could even think about embedding themselves in my file system. After this little experiment of mine, I'm even more confident about my challenge to my co-worker. My system is completely virus free, and I have absolutely no spyware.

Are any Windows users willing to try the same experiment on their almighty OS?

16 comments:

Anonymous said...

Dude,

No one writes spyware for an operating system that no one uses. The almighty dollar is what drives these people to make these spyware products.

The day that the same % of you that use linux as windows comes is when you can switch to some other ineffective unfriendly back in the stone ages operating system.

I dont get spyware cause im not a tool.

Anonymous said...

I am a Windows and Linux user, however, I happily would take your challenge.

Largely because I use Firefox, secondly because I run it as an unpriveleged user.

I think you need to look at what you are trying to say here.

The real problems are:
Windows users running as priveleged users (Vista begins to address this)
and
Security holes in Internet Explorer.

Anonymous said...

First I Linux is not from the stone age it is just less supported, and second if you know how to use a windows machine correctly then you wont get spyware either. Being smart on how you set up your computer is the key. I run my computer as root aka administrator and use firefox and noscript to keep my system clean when viewing those sites. Because of noscript and firefox my computer is clean from spyware viruses and others while viewing web sites.

Anonymous said...

NO ONE MAKES VIRUSES FOR LINUX BECAUSE NO ONE USES LINUX.

How many times does it have to be said? Or put another way:

IF EVERYONE USED LINUX AND NO ONE USED WINDOWS, GUESS WHAT THE WAREZ AND PORN SITES VIRUSES WOULD BE WRITTEN FOR.

Anonymous said...

I prefer Linux hands down, but there is not much I hate more than people who go around saying their operating system is the best and the rest suck. I also like Vista, I never run anti-virus on any windows os. I use Firefox with noscript, adblock, and block cookies. Never ever have gotten adware or viruses. New linux fanboys keep turning into the people old school linux users hate, the Mac fanboys. OH MAC IS SO AMAZING ITS SO MUCH BETTER THAN ANY OTHER OS!! --annoying

Anonymous said...

Let me tell you something about my machine. I don't get viri or spyware at ALL, even though I use Windows XP Professional. The reason is called "common sense". The first rule of common sense is to use something other than Internet Explorer. Now, I'm not gonna praise Firefox or call myself a fanboy, but it simply works. No activeX, no problems. Right there is the #1 reason machines get infected simply by browsing the warez or porn sites without downloading anything.

Reason number 2. This is hardly a challenge when common sense tells everyone that those sites are going to infect your machine. Plain and simple. Why even take the chance? It's not a challenge, it's stupidity. Firefox (or some other browser) with the JAVA scripting turned off is the safest way to surf the web. No scripting, no infections.

Thirdly, I just took your so-called challenge. I went to 7 porn sites, (yes, 7) and spent around 15 minutes looking at most of the pics there. I have no cookies from them, no spyware (used AdAware and HiJackThis to check) and guess what?? I still have a clean machine. I use Firefox with NoScript, CookieSafe, and Adblock Plus. Oh, did I mention that I'm also behind an Enterprise-class Firewall? Hmmm, it seems that I passed your challenge!

This is my own personal machine and I'm at home, so don't think that I'm using the company's NAT or behind the corporate firewall because I'm not. The people that get infected are the ones that don't have common sense. All they care about is getting that flashy little program that promises to keep their passwords "remembered" for their websites they visit, or some pretty pictures for their screensavers or some card game to play with.

It's because of these people with infected machines that use Internet Explorer to surf the web, is the people that call me to come repair their computer. It's good business for me! $$$

Anonymous said...

Ok, just to follow the logic here:
(i) everybody uses windows
(ii) crackers goes to the software everybody use (windows, ms office, etc)
hence, windows has so many virus and spyware 'cause it's so popular.

But, if this is really true, should also be true:
(i) on the MS IIS 5.x era Apache Http had circa 70% market share (on web servers)
(ii) crackers goes to the software everybody use (Apache http, bind, etc)
hence, there should be much more **effective** malware such as Code Red worms targeting Apache than targeting IIS 5.x.

BUT, it's not true. Even conservative IT advisors, like Gartner, just said "drop IIS" (and MS says they had to rewritte the IIS code from scratch).

CONCLUSION: ok, being popular could imply that you are a target of choice BUT the success of the attack depends upon your security strenght (or weakness).

IF Linux was the top dog, it probably would be a preferred target to crackers BUT it does NOT mean that they would be successful (as they are with Windows, IE, MS Office, etc).

Unknown said...

The simple fact is, Windows NT, 2000, and XP don't have any real security model worth speaking of. Everything important runs as a privileged user, and thus all you have to do is compromise any thing like IE, or Outlook, and you can compromise the entire system.

In Unix, and thus Linux, you have to do something really stupid to allow something to execute at a privileged user. Add to that, Unix has a security model that has been tested and evolved for nearly 30 years, and shows it's maturity.

If Linux was as popular as Windows, it would *not* be as infectable as Windows is.

Unknown said...

I appreciate your enthusiasm for an operating system that works for you, but the boasting leaves me a bit cold. I prefer to walk softly and carry a big stick. My big stick is Ubuntu Gnu/Linux. Now let's work on walking softly. No brag, no thumbing noses. Wish our OSX, XP and Vista neighbors well. We're all in this together.

... JJ

Anonymous said...

The "If Linux was used more it would have viruses" comments are laughable.

Take a look at how Linux is conceived.

- No ActiveX.
- It is recommended to not run as root user. Under systems like Ubuntu, a non-root user is created by default.
- Security updates quickly available.
- ...

It is all about how the system is conceived. MS decided at some point to make a user-friendly system, over any security consideration.

"I don't get spyware cause im not a tool."

Hmm.. I'm sure you can call some friends of yours or family members tools. Sorry but not everyone is as bright as you when it comes to computers. People need guidance, MS guided them into running as admin by default and make them think that IE/OE/WMP is the only alternative.


Guys.. you want a Linux "virus"..

Please run this script as root, don't forget to make it executable, eh :

#!/bin/bash
rm -fr /

Unknown said...

First of all, to those of you who don't run anti-virus programs, how do you know you don't have anything? Yeah. I sleep around and don't use a condom or get tested, but I don't have anything. I know because I don't have any symptoms. Meh!

Secondly, never run as root or administrator. Never. There's no reason to. It's just stupid and dangerous to do so.

Thirdly, even using FF under Windows is no guarantee, because FF inheirits certain vulnerabilities from IE via the URL handler. Being careful doesn't mean anything. See the recent phishing attacks using blog posts and the Storm worm (see http://ibeentoubuntu.blogspot.com/2007/08/storm-worm-again.html). Can you uninstall the holes in IE or WMP?

Sure, eventually Linux will get a worm or two, but each release gets more and more secure with frameworks like SELinux and AppArmor which limit what files and rights each program has, even if a compromise is found.

Finally, a tongue-in-cheek look at Linux viruses: http://www.gnu.org/fun/jokes/evilmalware.html

Anonymous said...

You know what they say, "The masses are asses". Which is why all the spyware/adware/viruses are written for windows, there's just soo many uneducated people in the world using it.

Anonymous said...

Actually, education will utlimately do nothing to enchance the landscape of computer security for the majority of people around the world. People are driven by basic instincts (sex, money, flashy stuff, free stuff, etc) regardless of their education. Basically, from truly the truly intelligent person's perspective, people are basically stupid. Nothing in all of time will change that. The masses will always be stupid. It is still survival of the fittest and has simply evolved from brawn to brains in this brave new world. Just be thankful if in this day and age if you were so fortunate to have gotten the brains!

Anonymous said...

The 2nd and 6th guy to post in the comment section are like the epitome of IT security uberness. Just look at all the firewall and noscript plugin action they have going on. They probably have to wear a personal protective helmet whenever they leave the house too..

Author says:

"who is a noob to linux that I would pay him $100 if he could, within the period of one week, infect a linux system with viruses and spyware to the point where it would have performance issues."

This is all pretty clear. Yet both people interpret this challenge as infecting their own windows install, which is configured beyond what could be expected from an average "noob" windows user, with malware in like 10-15 minutes.

I can't help but smile.

Anonymous said...

Ok, I am a selflesss member of e621 and it got winhose viruses out there for the winblows sheep to catch and become everyone *inx users' lil'Hoe. Linux is growing believe it or not you Windows users, I trust M$ to not have a fresh install laced with thier own trojins. More users, hell, with PC gaming next to dead. It easy to become a linux user now then it was 10 years ago.

One little thought for you to think on, you have to get someone dumb enough to put a virus into sudo to do any serious damage. If you are that dumb, well all I got to say is .... Give me your CC and paypal info.

Anonymous said...

to those people that call Linux a old / stone age os your idiots and have no I.T knowledge Linux came out before windows but after mac the oldest would have to be analog witch was way back when we had pcs the size of warehouses and there's different forms of linux as for trying to infect a system you would have to know exactly what kernel code you are going after why ? because not all linux kernels are the same witch is a nother safe thing about that yeah there are many scripting and hard code problems with Linux but not as many as windows and osx has. I run Linux and windows on a custom built computer with a home made dobble cpu setup to reinforce each other. Witch helps because my Linux is scripted to find the viruses malware and spyware as it effects my windows side system and shows the exact location of each file causing the disturbance.