| The virus threat to Linux |
(Mar. 27, 2003)
Do you really need to install antivirus software on your LinuxOS-based computer? You just might. The topic of computer viruses and Linux has caused considerable discussion in recent weeks. Mixed computing environments, servers, and growing market share all increase the risk of Linux as a target and vehicle for malicious viruses.
DesktopLinux.com talks with CEO Keith Peer of top Linux antivirus vendor Central Command to discover where vulnerabilities exist, the cost to companies, and the growing interest in Linux from virus writers . . .
DesktopLinux.com: Security, and freedom from viruses, has been one of the key selling points for moving to Linux in the home and for the enterprise. How is Linux at risk from viruses today?
Keith Peer: Currently there are under 100 native Linux viruses known but in many organizations the fact that a Linux viruses exists is enough reason to install and use Linux antivirus protection on Linux desktops and servers. Additionaly users of StarOffice and OpenOffice.org have the ability to open and view Microsoft Office documents that may contain viruses. These viruses may not infect the Linux computer but the user can easily attach and send these infected documents unknowingly to someone else and that is a serious problem.
As system administrators move to Linux files servers they have a real problem to deal with since the Linux file server can store Windows-based viruses. Windows-based viruses can write to a Linux/Samba network share as easily as they can on a Microsoft Windows based network. System administrators must protect the Linux server from storing these viruses. The only way is through active antivirus defense on the Linux server itself. Our Vexira Antivirus for Linux, as an example, detects not only Linux-based viruses but also Windows and DOS-based as well, I think the current number of malicious or potentially malicious applications (viruses, trojans, worms, etc...) we detect is above 74,000 now.
DesktopLinux.com: Vulnerabilities to Unix/Linux would seem to only be able to proliferate in a situation where a user had root access. Is this true? (are there any example of non-root based exploits?)
Keith Peer: At Central Command we are concerned over all malicious and potentially malicious programs and they do not need root access to cause damage. All that is need is write permission within the current users access rights even if it is just to the users /home directory. If a malicious program can execute and delete or infect anything within the contents of the current users /home directory it is dangerous enough. Typically when root access is needed it is to access a core Linux operating system component or to install a patch or some software application that requires root access. One of the problems is that as Linux moves on the corporate and consumer desktops the level of sophistication by the average user will go down significantly and then we will have millions and millions of people who will install/uninstall Linux applications daily and many under the root account. These people will never look at source code and if they did it would be meaningless to them. They would not know if the code is good, bad or malicious, they will just install it and try it. This is when Linux antivirus software will become very important, as important as it is today on Microsoft Windows computers.
DesktopLinux.com: Central Command has discussed that it has seen numerous viruses, worms, and other malicious applications written to exploit vulnerabilities within Linux or Linux applications.Can you talk about the frequency of these reports -- are they increasing?
Keith Peer: We are seeing a growing interest by virus writers and virus writing groups to produce more Linux-based viruses, trojans and worms. While the relative number of Linux-based viruses is still small the initiative is there. On the Internet you can find Linux virus writing How-to's and Linux virus source code. Not too long ago Central Command's, Emergency Virus Response Team discovered the first cross compatible Windows/Linux virus named W32/Winux. This proof-of-concept virus demontrated that it is possible to build a virus that operates in both Windows and Linux and can infect executables in both operating systems. There is a growing resource list and tools to help existing and future virus writers to improve their work, sadly.
DesktopLinux.com: What about mixed computing environments -- if a user opens an infected Windows-hosted file from Micrsoft Word in Open Office under Linux, explain what happens with a real world situation.
Keith Peer: In the real world usually nothing to infect the Linux desktop currently since Visual Basic is not fully supported on the Linux desktop. The real problem is that these same users can receive, view, and save a file that may contain a virus and they would not even know it. They can and would unknowingly use and transmit this file to other parties. This is where the problem becomes focused since the document would come from a trusted source (the sender) the recipient would explicitly trust the document and may infect themselves because of this trust.
If the sender had adequate virus protection in place the infected document would have been stopped before it could have been resent or saved for use by another user. This is why our Vexira Antivirus for Linux antivirus solutions use the same virus database files as our Vexira Antivirus for Windows products.
Linux systems can be indirectly affected by viruses arising on vulnerable mixed environment systems. File-sharing services from a Linux machine to others on its network, such as NFS or Samba, could store infected programs on the shared volumes. The Linux boot process could be interrupted by operation of a virus originating in MS-Windows, and affecting boot-sensitive areas such as the Master Boot Record. These seem to be areas of vulnerability that are the result of mixed OS computing environments. What else is at risk on these systems?
File-sharing is a great example of why antivirus should be installed on Linux desktops and servers. Linux users could quickly and easily store and make available malicious programs on a network. Again the only way to defend against this is to have reliable antivirus protection running on the Linux computer itself. This stops the Linux computer from becoming the host for spreading or distributing a virus or other malicious application.
If the user has a dual boot system and picked to use the DOS file system a Windows-based virus could potentially damage the Linux files but we don't see a lot of Linux on DOS files systems. Another problem is boot viruses. Boot sector viruses have steadily fallen over the years as people use less and less diskettes but file viruses can install Boot sector viruses and this potentially can render a computer non-bootable and a recovery of the Master Boot Record (MBR) would be needed. If the user has a dual boot system with Linux and Windows it could cause neither to start.
DesktopLinux.com: What is the "cost" to a company per incident?
Keith Peer: Virus incident costs are very hard to calculate. Here is a very simple explanation, all costs are low, per incident:
Average clean up time per computer = 60 minutes
Average wage for a technician = $15 per hour
Average employee wage per hour = $15 per hour
Loss productivity per hour = unknown, but we'll use just $150 per
hour and assume no corupted or lost data which would significanly
increase the cost. Since every business is different the loss per
hour is different.
Total infected computers:
1 (($15*1)+($15*1)+$150)*1 = $180.00
5 (($15*1)+($15*1)+$150)*5 = $900.00
10 (($15*1)+($15*1)+$150)*10 = $1800.00
25 (($15*1)+($15*1)+$150)*25 = $4,500.00
100 (($15*1)+($15*1)+$150)*100 = $18,000.00
500 (($15*1)+($15*1)+$150)*500 = $90,000.00
1000 (($15*1)+($15*1)+$150)*1000 = $180,000.00
2500 (($15*1)+($15*1)+$150)*2500 = $450,000.00
5000 (($15*1)+($15*1)+$150)*5000 = $900,000.00
10000 (($15*1)+($15*1)+$150)*10000 = $1,800,000.00
DesktopLinux.com: How does this compare with the vulnerabilities and incurred costs experienced on Windows-based systems?
Keith Peer: I would say from a virus infection point of view, they are the same.
DesktopLinux.com: Security expert Simon Garfinkel discussed that Linux was virus free back in 2000 due in large part to "lack of interest from the virus writers." Does that prediction hold true today?
Keith Peer: No, I don't think so. In 2000 I think that there were less than 5 Linux viruses. As Linux moves onto the Desktop the attractiveness to virus writers will increase. The proof that Linux viruses can exist has already been established and with the growing availability of Linux virus source code, and virus writing documentation it is only demonstrating the contnued interest in Linux by virus writers.
DesktopLinux.com: What are you seeing in the real world to dispel the virus-free notion of Linux? Are there are any more current studies or data that supports the increased incidence of viruses under Linux?
Keith Peer: There is not a lot of Linux virus case studies done but I don't think it is hard to understand why it is becoming more and more important as Linux moves into the Desktop corporate and consumer market.
DesktopLinux.com: Central Command has created the anti-virus software natively in Linux, rather than porting it from Windows. How is the Central Command approach to virus protection differ from other vendors?
Keith Peer: Vexira Antivirus is written by developers who understand Linux and Unix. Vexira Antivirus for Linux is known to be fast and effective with fully command-line control. We don't have a GUI, and the software doesn't need one to operate. Vexira is built to be controlled from the shell entirely and system administrators appreciate that. We make Vexira to be as close to "install and forget" as we possibly can.
DesktopLinux.com: What are you seeing in terms of increased demand for Linux virus protection? Enterprises would likely insist on some type of fail safe system. Are you making any inroads here? Can you discuss any large-scale deployments?
Keith Peer: We are seeing a growing interest in Vexira Antivirus for Linux. Vexira is known to be the best-of-breed for Linux antivirus protection and we are working with a few fortune 100 customers who are considering rolling out Linux across their enterprises. Currently they are involved in business case studies to determine the feasibility of Linux on the desktop and antivirus is just one of thesoftware applications being tested.
DesktopLinux.com: How do you see Desktop Linux getting a foothold in the desktop computing market?
Keith Peer : I think the best thing to happen to Linux is when a very large company decides to move to Linux globally on the desktop. This will entice other large companies to consider the Linux alternative as well. Once this happens it will be a lot easier for Linux to gain mass appeal among corporations and move from the server to the desktop quickly.
DesktopLinux.com: Where do you see the Desktop Linux market in five years?
Keith Peer: I think Redhat, SuSE, Mandrake, Lindows.com, Xandros and others are driving Linux to the desktop because it is a viable desktop operating system. In 5 years I predict that 33% of the Fortune 500 companies will be using Linux on the Desktop.
DesktopLinux.com: Thanks!
(Click here for further information)
|
|
|
Approaching the Linux Desktop
The purpose of this paper is to help organizations evaluate the Linux desktop against their own enterprise needs and discover what benefits the Linux desktop might bring to their organizations.
Migrating To Linux: Application Challenges and Solutions
Several solutions exist to help organizations migrate in an orderly fashion from Windows to Linux desktops. This paper establishes the characteristics of an ideal cross-platform solution and reviews these alternatives in light of this ideal standard. The paper takes a closer look at the pros and cons of various solutions and outlines the business benefits that can be achieved.
Linux Advantages: Publicly Available Information on Linux Software
This paper offers a brief summary of readily-available Linux information to help businesses sort out this widely misunderstood operating system.
Top 5 Strategies for Managing Linux
Despite continuous evolution in the manageability of Linux, a 2006 survey cited manageability concerns as a top reason why organizations are hesitating to adopt Linux. Levanta believes Linux can be as manageable, if not more so, than other operating systems by following key strategies. These strategic recommendations were developed from experiences in numerous customer environments, both large and small.
Why Choose Novell for Linux?
This paper outlines the benefits of switching to the Linux platform and choosing Novell as a high-performance, enterprise solution.
Enterprise Linux Selection Guide
Considering moving your enterprise to the Linux operating system? Since there are so many similar versions, choosing the right one can be tough. This paper offers a clear process to help you make an informed decision and get the features, support, and cost that are right for your business and technical needs.
Overcoming Challenges in Managing Linux
Levanta has created a new administration model with innovative technology that breaks down the barriers to making the most of Linux systems. This paper will provide an in-depth look at the workings of Levanta’s product, the first Linux appliance of its kind.
SUSE Linux Enterprise 10 for Retail Businesses
Discover why major retailers have switched to SUSE Linux Enterprise Desktop in the back office. SUSE Linux Enterprise Desktop 10 is a low-cost desktop that offers a complete set of productivity applications and interoperates seamlessly with the other Windows, Macintosh and UNIX desktops in your store.
Moving to a Linux Desktop
Migrating from Windows to Linux on the desktop can be a substantial undertaking because it has the potential for touching -- and perhaps disrupting -- every user in your organization. Unlike a data center (server and infrastructure) migration that is largely transparent to users, the cultural and administrative transitions and environment readiness required to support a Linux desktop migration are extensive.
Seven Good Reasons to Exchange Exchange
This paper describes seven compelling reasons why you should switch from Exchange to Scalix.
|
|
|
|
|
news feed
