What is the Ubuntu «built in virus protection»?
At ubuntu.com there is this «only in ubuntu» that says «Built in virus protection»: What is the Ubuntu built it protection? What is the program in charge of this and how does it work?
7 Answers 7
«Built-in virus protection» is a simplification of the security features of Ubuntu.
- Ubuntu requires applications to be run as super-user to cause any damage. It also includes AppArmor to supplement that.
- There is also the safe and secure repository model which gives you access to thousands of applications through the Software Center which are tested by package maintainers.
- Since it is free software more people have access to the source code and according to Linus’s law: «Given enough eyeballs, all bugs are shallow«, which means that
Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.
Note that you don’t need super-user access to damage the files belonging to the user, and those are what’s important. If can always reinstall my system, but if my personal documents, videos etc gets mangled, I hope I have a recent backup.
@Alaukik: there are a lot of ways, of course, social engineering being probably the most dangerous, then software vulnerabilities (browser, media autorun etc). An example: omgubuntu.co.uk/2011/02/…
@DavidHeffernan — humans make mistakes, but — maybe surprisingly — more humans means less mistakes. For every 18 month bug you find in free software, I can show you two 5 year bugs in proprietary software. For example, the MD5 signed crackable Microsoft code signing certificates (technet.microsoft.com/en-us/security/advisory/961509, detected 2008, fixed 2013), or the iOS CoreText crash bug (techcrunch.com/2013/08/29/…, fixed in iOS 7 — not sure how long it was there, but likely since iOS 1)
My 2 cents are that it is possible to get a virus for Ubuntu, but:
- The way most Linux distributions are built make it very hard for virus/trojans/backdoors to take advantage of vulnerabilities in binary packages. Ubuntu changes every six months (and updates —sometimes annoying— land at least every week). It makes it very difficult for a virus author to track all these changes. In contrast, windows takes several years to change. That gives some time to the virus author to try to be as destructive/invasive as it can.
- AFAIK, there is a substantial difficulty to «leak» binary code or suspicious source code to Ubuntu’s Official or Debian’s official packaging systems.
- There might be 3 ways to infect a Linux box:
- You ‘ve been running Linux for years without updating any of your internet-facing services/apps.
- You installed a virus/trojan by yourself.
- You downloaded the virus in source code, compiled it and ran it with administrator privileges 😉
A minor nit against your first point: I get nagged for new Windows updates about as often as I get new Ubuntu updates.
I think his point is that there are major upgrades in each release, as opposed to relatively minor bug fixes. Then, there are the kernel updates every month or so. Compare this to the Windows model where the new OS takes upwards of 4-5 years to come out, with 3-4 service packs (depending on the edition) in that time, that may or may not have kernel upgrades or other major fixes (consider this: XP was admin and allow-first by default until SP3).
@JSBangs Yes, you’re right. MacOS has that too, but since I’m not a MacOS user, I don’t know how annoying are these.
I have had discussions with some people who claim that the Linux population makes it a less favorable target for viruses.
There are a number of things about Linux and other Unix based platforms that make them not pleasant environments for viruses.
- Access to logs and log scanners make it simple to watch for thing indicating a problem.
- Limited privileges for most users make it difficult to get a strong toehold on a system. Well managed systems make it extremely difficult to gain root access.
- Ease of restricting access to services like cron which can be used to relaunch services.
- A lot of tools have been scanned for race conditions which make it possible to change configuration files. (I was discouraged to see Linux security bug counts being considered equal to Windows when many of the bugs were of the type «race condition may allow high scores to be changed».)
- Ease in providing read-only access to resources used by services. (Failure to do so is one vector enabling code injection into sites.
- Ease of running and comparing checksums on files.
- Heavy use of human readable configuration files.
- Use of executable bit to enable file execution.
- Ability to flag partitions to prevent automatic execution on the partion. Additional mount options exist to increase security.
In whole and in part these factors, make introducing viruses more difficult, easier to detect, and easier to disable.
I think what they mean by that is a) necessary privilege elevation (i.e. sudo) is necessary for doing potentially dangerous things and maybe b) (tongue-in-cheek) Linux is too obscure (and secure, see a) to draw much fire from virus writers..
The simplest answer is that it’s very rare to find any virus designed to target an Ubuntu system.
«Built-in virus protection» is probably just marketing speech for the fact that Linux uses a different binary format for executables than Windows, so a Windows-virus cannot run on Linux. (It might run under Wine, but who would try that?)
It is surely a marketing speech, but this has nothing to do with binary format. The security model adopted by Linux in general is superior to Windows. This is a bigger reason than binary format reason
Claiming it has nothing to do with the binary format is a bit far fetched. It might not be the only reason, but it sure is noteworthy. Files might not be executable by default, might not be run with root permissions etc, but that can easily be worked around by human error. Take omgubuntu.co.uk/2011/05/… for instance. «Just download this script and execute it with sudo, and there you go.» You get similar advice from lots of sites, and I bet that many users don’t scrutinize the commands they run.
@Egil By binary format, I meant different binary format between windows and linux. Second thing, an OS cannot deal with situations when people listen to any random instruction. Your local police cannot prevent a robbery from happening if the robbers managed to convince you to somehow open the door. You can disable sudo (lock the door permanently) but that would be annoying and create more problems to you than the intruders.
Excerpt from Psychocats Tutorial Website:
Conventional wisdom in the Linux community says that there are either no or very few Linux viruses out in «the wild,» and that most are just proof-of-concept theoretical viruses. Some people recommend installing a virus scanner like ClamAV in order to protect your Windows-using friends from Windows viruses you might accidentally send them. I don’t really see how that’s an issue, though. If you have an attachment you created in Linux, why would it have a Windows virus in it? If your computer has been compromised in such a way that you don’t have control over what you send other people, then you have a lot more to worry about than spreading viruses to your Windows-using friends!