We are now in the 21st century, but it is a bit astonishing how people still believe that Linux and Linux-based operating systems are virus-free and completely secure. Maybe “Security systems” and “Linux” are words which you may see them together.
As many people believe that OS X is immune to malware and viruses, also some Linux users have such misconception, but who can blame them for that? After all, vendors told them so for many years.
To be honest, the answer is No! There is no operating system on earth can be 100% immune to malware and viruses. But Linux still never have such widespread malware infection as it’s compared to Windows. But why? Let us find out reasons behind this and destroy all the common urban legends about the Linux security.
Linux Is Invulnerable and Virus-Free
“Linux is virus-free.” Even if there is no malware for Linux, does this mean that it’s safe? Undoubtedly, no. The number of threats nowadays goes way beyond getting the malware infection. Just imagine that you receive phishing emails or ending up on phishing websites. Will Linux-based operating system prevent you from giving your personal information or bank information? Of course, not at all.
Virus Writers Don’t Target Linux Because It Has a Low Market Share
Well, let me agree with you that it is true that Linux distributions have low market share in Desktop landscape but the same can’t be said for other markets as well. In Server landscape, Linux distributions have almost 40% of the market share, while they hold also near-monopoly on the supercomputers.
Finally, in Mobile landscape, the Linux-based Android has the majority of market share. There are more than billion devices with Android. Are you still sure that virus writers avoid Linux because of its market share?
Windows Malware Can’t Run On Linux
Furthermore, the Linux servers are usually used to harbor the Windows malware. When the user clicks on any malicious link, the likelihood is that it will direct that user to a Linux server.
Linux Users Install Software from Software Repositories That Contain Only Trusted Software
Not only social engineering is the way to get a malware infection, so are you safe completely only because you use those software repositories?
Let’s take as example when users search for: “How to install Java on Ubuntu?!” They’ll find immediately hundreds of step-by-step guides which will suggest them to add particular PPA repository in order for installing the latest version of Oracle Java.
But who maintains those repositories? It depends clearly on the link that user opened and on the repository which is suggested. But, in Java case, it’s not Oracle itself. That means the user doesn’t really know if it’s a legitimate or just a malicious repository.
Number of the “in the wild” threats for the Linux-based operating systems is still lower than threats for Apple OS X or Microsoft Windows. However, these threats are real. For instance, the Linux-based web servers are under attack constantly.
Canonical that is one of the most security-aware Linux companies, is also keeping a list of Linux malware:
Improve Your Linux Security Posture
Most Linux distributions usually come with advanced security systems and tools although most of them are usually pretty hard to configure and prone to misconfiguration.
So, if you think you’re a tech-savvy Linux user, you might at least look at basic security guidelines of your Linux distribution as following:
- Ubuntu: https://wiki.ubuntu.com/BasicSecurity
- Sabayon: https://wiki.sabayon.org/?title=En:Security
- Fedora: https://fedoraproject.org/wiki/SecurityBasics
- CentOS: http://wiki.centos.org/HowTos/OS_Protection
- openSUSE: https://activedoc.opensuse.org/book/opensuse-security-guide
- Arch: https://wiki.archlinux.org/index.php/security
Every computer which is attached to a network isn’t immune to viruses. But it’s relative, as with everything else. If we are comparing the vulnerability of Linux to Windows, we’ll easily understand why so many people say that Linux is immune.
The virus is any computer program which can copy itself and will infect a computer. Most people could consider a more specific definition that they used to say the term “computer virus” as a catch-all phrase in order to include all types of adware, malware, and spyware programs which don’t have the reproductive ability. So with these two definitions combined together, we could say that the computer virus is a type of malicious code or software which can either infect computers and distribute or replicate itself, or a piece of malicious code or software which can be unwittingly distributed through various electronic means.
Nowadays, there’s a new trend of cross-platform viruses which is getting very common. Some of the main measures you should implement, for Linux security system protection:
- Protect the bootloader.
- Check rootkits on a regular
- Encrypt Disk.
- Protect Root with a strong Password.
- Provide the proper roles to users.
- Provide the appropriate permission to files.
- Implement the SELinux.
- Go behind a Firewall.
- Use an Antivirus.
- Don’t keep unnecessary packages or programs that may result into security Flaw.
Viruses can be transmitted in different ways, such as:
- Email attachments.
- Within applications like browser add-ons, as an example.
- Malicious URLs.
It’ll be my attempt to show you that although it’s very a very challenging task for any virus to infect Linux machines, which doesn’t mean that you should stay without any type of protection.
Rootkits are a real danger. The rootkit is a system of malicious software that are designed in order to obfuscate itself such that users have no idea that it was installed and it is running. Many people were victims of rootkits and due to that, I strongly suggest using the rkhunter tool. Honestly, when I install new Linux system, the rkhunter is my first tools to add and as soon as it’s added, it’s directly used.
Rootkits are such nasty pieces of software which once installed, it will be really difficult to remove, if not impossible. Some rootkits are very bad as they compromise users’ systems such that users can’t recover. If you’re wondering how many rootkits are out there in your system, install rkhunter, run it, and then you will see how many rootkits it will check for. You will be really surprised. Rootkits don’t just attack servers but also desktop machines. This’s especially true if the Linux machines live on static IPs without firewall protection between them and the outside world.
Why email attachments aren’t very dangerous in Linux? Well, it is, generally speaking, because almost all malicious attachments in emails target the Windows machines. When users get such suspect attachments, they’re usually in a form of .zip or .exe files. When the user clicks on the .exe file in Linux, his machine won’t really know what to do with it unless he has Wine software installed.
But what if the attachment has targeted Linux machines with a form of, for instance, .rpm, .deb, or .bin – so what then? Such types of files can be installed on Linux machines.
Well, if the file is in .deb format and you’re using the RPM-based system, nothing will happen. If you receive as an example an email with .rpm attachment, and you are using the RPM-based system, it’ll ask you for either your sudo password or your root according to your system security model. But on Windows, just double click the infected attachment and BOOM!
As Linux is an open source system, you can’t just trust every piece of the software available out there. However, you can trust such software which is distributed by your official distribution’s channels. For instance, software which is officially supported within Ubuntu Software Center will be safe. Others, you will under risk for installing malicious software.
That isn’t to say users shouldn’t trust any software that isn’t provided through the official channels of users’ distributions. The software is generally under lots of peer scrutiny because it’s open source and nobody wants to be known as a coder who created a malicious Linux software.
But if you’re of paranoid persuasion, you should just avoid installing any malicious code on your computer.
For me, I haven’t yet come across a URL which has done any direct damage to my Linux machine. But the harmful URLs aren’t only types of malicious URLs. An example type of URL is the spoofed address. The spoofed address is a malicious address which can masquerade itself as a safe address. Such can be in a form of fake bank account login screens or PayPal login forms. Thousands of addresses can be spoofed as well as any address which may require you to log in with your credentials is so dangerous when it’s spoofed.
Do such types of threats affect Linux operating system directly? No, but they affect the user himself. Fortunately, almost all modern browsers have add-ons for protecting users’ browsing experience. Such shouldn’t be neglected at all just because you’re using Linux.
Linux is very secure in its architecture that you even won’t need to go behind any kind of firewalls until you’re on a Network. The access control Security Policy in Linux which is called SELinux (Security-Enhanced Linux) is a set of user-space tools and Kernel modification that implement the security policies in Linux operating system. Even this Security-Enhanced Linux isn’t must for normal users, however, it’s very important for users who are on Network and/or Administrators.
So, after all that we mentioned above, what do you think? Are Linux and Linux-based operating systems immune to viruses and malware? I hope your answer also is “no.” because this answer will keep my and your Linux machines virus free for many years to come. If you’re cautious like many Linux users, you can enjoy virus-free computing for many years. But if you fall into traps of believing that Linux is immune to viruses perfectly, you might very well fall a victim to that naivety.