[conspire] linux antivirus?

Blue Boar BlueBoar at thievco.com
Wed Sep 10 22:25:54 PDT 2003

Rick Moen wrote:
> o  Should I get anti-virus software for my Linux box? 

Why don't you discuss RST.A, RST.B, and OSF?  Those are the most 
"successful" Linux viruses I've seen in the wild.

> o  Don't the rise of Linux worms like Ramen, 1i0n, Red Worm, Adore,
 >    Cheese, lpdw0rm, and Slapper show that Linux now has a virus problem?

You state at one point "cannot take over (infect) the local machine (or any 
other): It lacks permission to do so. Nor can the other Linux/Unix viruses 
/ worms / trojan horses thus far known."

The worms most certainly do so, that's the definition of a worm.  I've 
personally tracked (at peak) thousands of infected linux machines for the 
three variants of lion and lpdw0rm.  Most of them get root by popping a 
root service, too.

> o  Isn't Microsoft Corporation's market dominance, making Linux an
>    insignificant target, the only reason it doesn't have a virus problem? 

I'm of the opinion that the market dominance thing is a valid argument, but 
that's just my opinion.  It's only anyone's opinion until Linux is running 
on 90%+ of the desktops.  You can observer that the most popular malicious 
code platform used to be DOS when that was the most popular platform, now 
it's Windows.  There's a correlation, but you can't prove causality.

Most of the people I know who use Linux as a desktop OS run as root, I do. 
  I also run my windows boxes as administrator.  I don't get infected 
because I know what I'm doing, I know what malicious code looks like, and I 
know what risky behaviour is.  The problem is ignorant users.  When all the 
ignorant users move to Linux, they will bring the malicious code problems 
with them.  You can have all the security measures you like (NT4/2K/XP/2K3 
have them) but ignorant users don't use them.


More information about the conspire mailing list