Last week saw one of the worst worm outbreaks of the past few months. The Klez worm is a particularly virulent infection and as it mutated itself around first the Internet and then local networks, it brought tens of thousands of machines to a grinding halt.
However, being a Linux user in a Windows world, there is a consolation: Klez, as with most other worms doing the rounds, is a Windows worm and doesn`t affect my system in the slightest. It is a distinction that most of the media, even the technical media, very often fails to point out.
In reality, the chance of a virus crippling a Unix or Linux box is significantly less than a box running a traditional Microsoft setup.
Alastair Otter, journalist, ITWeb
At the same time, however, it never ceases to amaze me that the users who are aware of this important distinction - particularly the IT managers and developers - still place so much stock in running absolutely everything on Windows machines, despite the ever-present threat of complete shutdown thanks to a cleverly crafted virus.
In reality, the chance of a virus crippling a Unix or Linux box is significantly less than a box running a traditional Microsoft setup. The reason is relatively simple: The design of the Unix (and Unix-like) operating systems puts far too many barriers in the way of a worm spreading itself.
A Linux box, for example, runs a number of independent accounts, one for each of the users authorised to use the machine. Each user logs on to the machine and is supplied with a set number of files they have access to. This does not include the system files and most likely only includes the user`s home directory. When a user executes an application, it is launched with the same privileges as the user. So an application launched by UserX is only able to do what UserX is allowed to do, and does not have access to critical systems. Likewise, a virus or worm launched accidentally by UserX also has limited powers and while at worst it may delete the content of the user`s home directory, it is highly unlikely to exceed those boundaries.
Maximum impact
To do real damage to a Linux system, worms need to be launched by the root user: the superuser account that is used by the administrator for system maintenance and repair. This is typically done by an experienced user who is well aware of the threats and will, hopefully, take extra precaution. The result is that the average user is unlikely to ever activate any code that will do any significant damage to the system.
Another reason that Linux is relatively virus-free is that virus writers traditionally write their malicious code for maximum impact. Achieving this goal on a Unix box with these barriers in place is just too much work for the average programmer. Also, worms on a Linux platform are likely to be discovered and removed long before they have had time to do any real damage.
This is not to say there will never be any successful Linux viruses, but the chances are significantly lower than on many other operating systems, and it still surprises me that more IT managers are not switching their business-critical systems over to the Linux platform.
Share