Linux and viruses

The comforting "noone will ever bother writing Linux viruses" folklore is still floating around the net, but judging from how much viruses have annoyed me in the last couple of months, one of the premises is now false.

There are two reasons explaining why Linux will never have a major virus problem usually given. The first is the heterogeneity of Linux programs, meaning that its hard to write a virus that Linux users can catch, the second the inability of an unprivileged user to successfully execute commands that do serious damage to their hardware or operating system, meaning that once caught, the virus can’t do anything serious anyway.

The former may hold in a grand World Domination scenario, although I suspect the demands of corporate user support would force a convergence on several, or perhaps one, standard corporate Linux desktop. At present however, it’s certainly the case that Linux run a wide variety of the most common applications exploited by virus writers — mail readers, browsers, office applications, and the result is that there aren’t many widely catchable Linux viruses around. It may also be the case that these systems trust user input less than the current MS Windows equivalents, but time may tell otherwise.

The latter, however, seems to be completely irrelevant in the modern virus-ridden world. As far as I can tell, at the moment most successful viruses do not carry particularly harmful payloads, or, if they do, the effect of the payload is incidental to the havoc that the virus creates. The real problem the viruses cause are overloading common resources (mail servers, usually) to the point where they become more or less useless. And since at present, the standard privileges of a Linux user account normally allows it to send and receive data over the Internet, if there was a widely catchable virus for Linux, normal users would have more than enough privileges to propagate the virus, and bring down mail servers and hubs without the virus needing to go near the root account.

Moreover, Linux user accounts also have all the privileges they need to contribute to the problem by generating secondary traffic via mail bounces whether they caught the virus in question or not. In fact, most virus bounces are generated by slightly out of data server software that is not yet aware that any up-to-the-minute virus forges its origin, but as a general principle, you no longer need to be infected to be part of the problem, you just need to trust mail headers a little too much.

So the old adages no longer apply so well. The Linux desktop remains relatively free of catchable viruses, but Linux systems are as vulnerable as any other to the immense abuse of common resources and standard protocols by modern virus writers. In other words, if I receive 500 viruses in a day, it’s not the threat of being infected that’s particularly annoying, it’s the receipt of the damn viruses.