FLAMING RETORT: Cooling the friction when Linux meets anti-virus


Welcome to the first installment of a brand new Naked Security column, Flaming Retort!

Some of the topics we write about on this site provoke spirited comments from our readers, both here and on our Facebook page. Unsurprisingly – this is the internet, after all! – some of these comments represent what one might politely call an uncompromising position. And not a few of them are outright flames.

Flaming Retort does not exist to praise our readers’ best flames, nor to repeat them merely in the name of perverse humour, nor to return fire in the wearisome tradition of a flame war.

The goal of Flaming Retort is to comment on one or two recent flames which represent a position which a significant minority seem to believe, but which isn’t quite as true or as certain as they might think.

To kick off, then, we’ll consider malware on Linux. Naked Security writer Carole Theriault mentioned last week that Sophos had just won (yet another!) VB100 award for Ubuntu.

That’s right. Anti-virus on Linux.

As you can imagine, it wasn’t long before we had our first outspoken comment:

I object to running a Windows virus scanner on my *nix systems just to help prevent the spread of viruses to/from Windows machines. They want to run an insecure system, so be it, but leave me out of it. And certainly don't expect me to expend my CPU cycles to try (in vain) to solve Windows' security issues."

Wow! With friends like that, who needs enemies? As a follow-up remarked:

I buy and sell diseased animals intended for use as food. Never mind, I don't eat meat, I don't care.

Nice attitude.

Ouch. Hot dog, anyone?

The first comment doesn’t actually say that Unix is secure by design. It takes an “us-and-them” attitude, and simply says that “they” are insecure. But a later comment wasn’t so equivocal, stating explicitly that:

The architecture of Linux prevents malware from being a self-propagating problem.

That’s not exactly a flame, but it’s certainly a grandstanding position. And it would be lovely if it were true. But it’s not. The architectures of Windows and Linux are surprisingly similar – they’re much more alike than they are different – and although Linux malware is, happily, very rare, there is nothing about the architecture of the operating system which prevents it.

(Be careful of claiming that something is impossible in computer security. A single counter-example will knock you off your pedestal. And 12,238 counter-examples will leave you reeling. That’s the number of unique IP numbers SophosLabs enumerated, between May and July 2008, which were infected with the Linux/Rst-B virus. In 2008, this virus was already more than six years old. And we only counted computers on which the virus was running as root. It doesn’t call home if it’s not running as root, so the total number of active infections was probably significantly higher.)

So here’s my flaming retort to the Linux-heads out there:

* Linux malware exists. It’s not a huge problem. It’s easily avoided. But don’t be in denial. There’s no “magic smoke” inside your operating system which renders you automatically immune to a determined cybercrook.

* Windows systems aren’t invariably less secure than those running Linux. You may know how to secure a Linux system more tightly and more easily than a Windows one. But other Linux admins might not. And accept that at least some Windows admins will know how to secure their systems to a standard as high as yours.

* An injury to one is an injury to all. Stopping malware and spam even though it won’t harm you directly is just the sort of altruism which the internet needs. Please don’t be aloof about the problems which affect everyone.