The Truth About Linux and Viruses
1. If you run Linux and only Linux, you do not need antivirus software. In its efforts to make Windows easier to use, Microsoft simplified the process of running executables under its operating system many years ago. Not only can a user launch a program by clicking an e-mail attachment, but it's possible for an executable to launch automatically just by hitting the preview pane of some email packages, including older versions of Outlook and Outlook Express.
Under Linux the steps for launching an executable from an e-mail are separate, discrete steps. A user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable. And to be truly damaging, the latter two would have to be done as root — not something informed users would allow.
2. If you dual boot Linux and Windows and get a virus-infected mail in Linux, it can NOT jump to your Windows partition. Nor can it spread over the local network to other systems. You can even store the attachment in your /home directory and open the zip or click the file, and it will be dead in the water. Windows executables won't run under Linux. Linux files need to be granted permission to become executable. And even then, it can't spread beyond the home folder. (This is also why Linux AV programs do not have a "live guard" module in them — the virus does not execute or move.) You could even leave a virus executable there as long as you wanted to without risk. Windows will not get infected, unless you deliberately copy the virus to your Windows partition.
3. If you dual boot, however, you better get a good antivirus program for Windows. Microsoft's operating system and its bundled applications, Outlook and Internet Explorer, offer users powerful functionality in their attempts to be easy to use and easy to update. As a result, it's all too easy for virus writers to exploit the same functionality in a malicious way. Don't leave them an opening. Install an antivirus program and keep it updated.
4. The only time you'll need a Linux antivirus program is if you're running a mail server. And that's just good social behavior. It's not to protect your Linux server or client computer so much as to make sure you don't pass a virus on to a Windows system.
http://www.linuxclues.com/articles/21.htm
Nice fairy tale... how nice would it have been on Linux, if it had had those security features well written and well used
.
In the fact, the kernel is full of security quirks (enabling one to get root access when they have gor ANY user-access - namely ptrace one, shmat one, poll...), and the apps contain so much holes in their protocols (buffer overruns, weak keys - remeber that 2^15-key isue with debian/ubuntu SSH keygen
... so it's really quite easy to 0wn a machine of a particular end-user.
And, lost/forgotten/deposited backdoor/rootkit installer or some of its file is the only thing that might get you clue that this happened to you. And, here might be the antivirus useful.
2) is wrong fully, because nearly all distros mount the different partitions with NTFS/VFAT as well, and there are even viruses, that can infect both ELF and PE executables (so called hybrid viruses:
http://antivirus.about.com/library/weekly/aa032801a.htm , for example Benny's Win32:Winux, really no rocket science ).
Yes, it's very easy to catch some infection on freshly-installed windows (even when doing nothing - sasser's blind connections:). It faar more difficult to get one while browsing under Linux, but when your computer is in the focus of a bad guy, the security level is approximately the same.
so, use linux, but don't believe it's the solution by itself - isn't
.
regards,
pc
