Experts react to 'Chinese Linux virus'

Experts agree that a virus could infect Linux, but warn, 'Don't believe the hype!' Will Knight reports

The debate over whether a virus could infect and seriously affect Linux has gathered momentum with leading advocates of the open source operating system conceding that clever malicious code could damage the system. At the same time, the methods employed by anti-virus companies to sell their wares were called into question.

Claims that an influx of Chinese viruses specifically targeted at Linux sparked off the debate following a ZDNet UK News article earlier this week. Most observers however, including programming guru and authority an all matters Linux, Alan Cox, suggest the warning from Russian anti-virus firm Kaspersky Lab Anti-Virus was nothing more than a marketing ploy, designed to talk up a new market. But the debate is far from over.

Says Cox in an email to ZDNet: "While I'm inclined to take this as someone talking up business for himself, vendors already take security seriously. All authentic Red Hat packages are cryptographically signed to avoid tampering or impersonation for example."

Bruce Schneier, a consultant for California based Counterpane Internet Security who publishes the monthly security newsletter CryptoGram, recently drew attention to what he sees as the growing trend to hype a security issue, while marketing a product that would conveniently deal with the problem. "There's a subtle difference between alerting customers to a danger and creating a problem," he says. "Viruses are definitely a problem but there's a lot less viruses out there than anti-virus companies say there are." Schneier agrees however, that this is a particularly complicated issue and adds: "Naturally there's nothing wrong with an anti-virus company wanting to talk about a problem."

Hundreds of responses were posted following the article to popular technology Weblog with much discussion focusing on whether Linux, based on Unix, could be brought down by malicious code. Cox is clear, "You can write a virus for any system." That said, Cox believes Linux has a strong advantage over competing operating systems, "On a properly designed system a user can only infect themselves. Unix application writers are also very aware of the issues of things like macro viruses and go to great lengths to avoid writing code that allows this sort of stuff."

Much of the discussion on Slashdot centred around the fact that Linux is an inherently multiuser OS, built with the notion of restricting the user's ability to modify files. As such, on a properly-administered Linux system, ordinary users would not be able to modify system files or, typically, system programs. Any virus would operate under the same constraints, effectively acting as if it were the user. As such, the virus would still be able to run riot over a user's personal files, although much of system would be protected. Neither Windows 95 or 98 have any such notions of file security, and a virus could and has corrupted data on those systems.

Several commentators pointed out that people's personal data is of course typically harder to replace than software, so a Linux virus may still be a significant threat.

Reasonably, British anti-virus companies are taking the threat of Linux viruses very seriously, so much so that a number already have Linux anti-virus products in development. Aled Miles, managing director for Symantec Anti-Virus UK and Ireland, believes anything less would be rash. "Would I go so far as to say that we'll see a Linux virus within the year? I think it's possible," he says.

Another major anti-virus firm, Sophos, airs on the side of caution. Researcher for Sophos, Graham Cluley reckons the real threat of Linux viruses is unclear. "It's impossible to predict how successful any virus is likely to be but any virus could get lucky."

Cluley goes on to say that nothing about the structure of a Unix operating system, including Linux, makes it more resistant to viruses and points out that one of the pioneers in virus research, Fred Cohen, focused entirely on Unix. "Virus-writers just need to think in a Unix way," says Cluley. "It's impossible to build a virus-proof OS because it would be an unusable operating system."

Cluley believes that although Linux viruses are a genuine possibility, the threat to Linux users is much less than to users of Windows and argues that the relatively inconspicuous position of Linux within the desktop market acts as an integral defence, for now.

And while the debate over whether a Linux virus could actually happen rages on, spare a thought for the anti-virus companies who are, according to Symantec's Miles, in a dilemma . "Sometimes we're damned if we do and damned if we don't [send out virus alerts.] There is a thin line between hype and information. There is clearly a discrepancy between anti-virus vendors. It has to do with technology [companies wanting to show how good their solutions are] and marketing desires."

ZDNet's Craig Paterson contributed to this report

Use Linux? Are you concerned about the threat of viruses or is this just hype to appease the marketeers? Tell the Mailroom.

Take me to the Linux Lounge