Don't dismiss possibility of malicious code on Linux

As Linux rises in popularity on the desktop and enterprise servers, virus and worm writers will start to pay more attention to exploiting holes in open-source.

Many in the Linux community scoff at the possibility of a major virus or worm slithering about their platform. With source code open to inspection, surely someone in the community will find and remediate dangerous vulnerabilities that could be exploited by pieces of malicious code similar to those that plague Windows.

But Central Command Inc., a Medina, Ohio-based antivirus vendor, warns that companies utilizing Linux in server or desktop environments cannot afford to be so dismissive in their thinking.

CEO Keith Peer said that, as Linux rises in popularity in distributed enterprises, administrators and security officers should not succumb to a false sense of security.

"If the operating system is damaged, it can be replaced in minutes, and it's free," Peer said. "The data that is lost is irreplaceable and valuable."

More virus writers are turning their attention to Linux and writing code specific to the platform. Peer estimates there have been fewer than 100 viruses written for Linux, including Ramen, Lion, Slapper and Lindose, which is a cross-platform worm that hits Windows and Linux ELF executables.

"We've seen a lot of Linux advocates who don't think viruses exist for Linux. That's wrong," Peer said. "Gurus argue that Linux is virus-free, and that's a false sense of security. The problem is driven down from Linux advocates who don't fully understand security."

Laura Koetzle, an analyst at Cambridge, Mass.-based Forrester Research, said that the cracker community is especially cognizant of the fact that Linux is delving deeper into enterprise data centers where a company's most precious assets often reside.

"As Linux is deployed in more corporate environments, the data becomes more interesting and expensive. People need to know that the hacker community is focusing more on Linux," Koetzle said. "A lot of these hackers use Linux and understand the operating system."

Koetzle added that Linux use in the enterprise is still not widespread as Windows and that Linux professionals are "tinkerers" and understand they need to turn off unnecessary services and install firewalls on Linux servers. She does point out recent vulnerabilities that have been exploited on Apache Web servers and Sendmail that run on Linux.

"Because of the way Linux is structured, it is less likely to have the self-propagating viruses that you get with Windows," she said. "However, viruses aren't the only threat. You can drop spyware [keystroke-logging Trojans for example] that exploits vulnerabilities in the applications that run on top of Linux. Running Linux is not as secure as some would like you to believe."

As Linux moves to more enterprise desktops, Peer adds that user competency about the platform will diminish. Users will eventually install applications as easily as they currently do on Windows and, if there isn't some sort of protection, downloads infected with Trojan horse programs and rootkits could be allowed to execute.

"The operating system has built-in security, but that's only as good as the user," Peer said.

Most enterprise security policies require antivirus software on any device that supports it. Peer said that, as Linux rolls out on more desktops, applications like OpenOffice, which support Microsoft Office documents, could be intermediaries in the spread of harmful malicious code -- without infecting the Linux system or application.

Worms also may pose problems on Linux platforms, exploiting vulnerabilities in servers and applications before they are patched.

"As software is built by one group of people, there is another group trying to figure out how to break it," Peer said. "Applications that utilize the Internet in some way can be exploited. They recently found a huge hole in SSH that was thought to be secure. There was a worm written that exploited it. No one can patch fast enough."

As for the future, Peer predicts more development of viruses and worms for Unix and Linux.

"It will be a wake-up call when a Fortune 200 or above commits to Linux on the desktop; you will start to see a lot of converts [to Linux]," Peer said. "If it proves a business case, you are going to see a lot [of] switchover. And there are going to be those writing malware wanting to exploit this. Virus writers prey on people's inability to self-secure. The average user doesn't know enough to be secure. That's what virus writers exploit."


FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Project addresses antivirus gap in open-source development"

SearchSecurity.com news exclusive: "Demand grows for antivirus for Linux"

Dig deeper on Alternative OS security: Mac, Linux, Unix, etc.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close