43

At ubuntu.com there is this "only in ubuntu" that says "Built in virus protection":enter image description here

What is the Ubuntu built it protection? What is the program in charge of this and how does it work?

Jorge Castro
  • 71,754
amosrivera
  • 1,226

7 Answers7

39

"Built-in virus protection" is a simplification of the security features of Ubuntu.

  • Ubuntu requires applications to be run as super-user to cause any damage. It also includes AppArmor to supplement that.

  • There is also the safe and secure repository model which gives you access to thousands of applications through the Software Center which are tested by package maintainers.

  • Since it is free software more people have access to the source code and according to Linus's law: "Given enough eyeballs, all bugs are shallow", which means that

    Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.

  • The security exploits are quickly patched up and delivered to you through the Update Manager.

Lincity
  • 25,371
  • 8
    Note that you don't need super-user access to damage the files belonging to the user, and those are what's important. If can always reinstall my system, but if my personal documents, videos etc gets mangled, I hope I have a recent backup. – Egil May 12 '11 at 18:25
  • @Egil True but you still have to have a way to transport the malware to the computer . – Lincity May 12 '11 at 18:27
  • Yes, no doubt about that. – Egil May 12 '11 at 18:42
  • @Alaukik: there are a lot of ways, of course, social engineering being probably the most dangerous, then software vulnerabilities (browser, media autorun etc). An example: http://www.omgubuntu.co.uk/2011/02/how-usb-autorun-malware-could-easily-infect-linux/ – arrange May 12 '11 at 18:46
  • if this is all it is then the quote is just marketing noise. It may be that the "given enough eyeballs" idea is sound which I doubt, but the reality is that there are few eyeballs. – David Heffernan May 13 '11 at 06:53
  • somebody please explain how the famous ssh bug existed for 18 months in the face of there thousands of eyes. – David Heffernan May 13 '11 at 07:47
  • 2
    @DavidHeffernan - humans make mistakes, but - maybe surprisingly - more humans means less mistakes. For every 18 month bug you find in free software, I can show you two 5 year bugs in proprietary software. For example, the MD5 signed crackable Microsoft code signing certificates (http://technet.microsoft.com/en-us/security/advisory/961509, detected 2008, fixed 2013), or the iOS CoreText crash bug (http://techcrunch.com/2013/08/29/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps/, fixed in iOS 7 - not sure how long it was there, but likely since iOS 1) – Guss Aug 30 '13 at 16:19
10

My 2 cents are that it is possible to get a virus for Ubuntu, but:

  • The way most Linux distributions are built make it very hard for virus/trojans/backdoors to take advantage of vulnerabilities in binary packages. Ubuntu changes every six months (and updates --sometimes annoying-- land at least every week). It makes it very difficult for a virus author to track all these changes. In contrast, windows takes several years to change. That gives some time to the virus author to try to be as destructive/invasive as it can.
  • AFAIK, there is a substantial difficulty to "leak" binary code or suspicious source code to Ubuntu's Official or Debian's official packaging systems.
  • There might be 3 ways to infect a Linux box:
    • You 've been running Linux for years without updating any of your internet-facing services/apps.
    • You installed a virus/trojan by yourself.
    • You downloaded the virus in source code, compiled it and ran it with administrator privileges ;)
Noe Nieto
  • 339
  • 3
    A minor nit against your first point: I get nagged for new Windows updates about as often as I get new Ubuntu updates. – JSBձոգչ May 12 '11 at 17:01
  • 3
    I think his point is that there are major upgrades in each release, as opposed to relatively minor bug fixes. Then, there are the kernel updates every month or so. Compare this to the Windows model where the new OS takes upwards of 4-5 years to come out, with 3-4 service packs (depending on the edition) in that time, that may or may not have kernel upgrades or other major fixes (consider this: XP was admin and allow-first by default until SP3). – Shauna May 12 '11 at 17:31
  • 1
    @JSBangs Yes, you're right. MacOS has that too, but since I'm not a MacOS user, I don't know how annoying are these. – Noe Nieto May 20 '11 at 20:15
8

I have had discussions with some people who claim that the Linux population makes it a less favorable target for viruses.

There are a number of things about Linux and other Unix based platforms that make them not pleasant environments for viruses.

  • Access to logs and log scanners make it simple to watch for thing indicating a problem.
  • Limited privileges for most users make it difficult to get a strong toehold on a system. Well managed systems make it extremely difficult to gain root access.
  • Ease of restricting access to services like cron which can be used to relaunch services.
  • A lot of tools have been scanned for race conditions which make it possible to change configuration files. (I was discouraged to see Linux security bug counts being considered equal to Windows when many of the bugs were of the type "race condition may allow high scores to be changed".)
  • Ease in providing read-only access to resources used by services. (Failure to do so is one vector enabling code injection into sites.
  • Ease of running and comparing checksums on files.
  • Heavy use of human readable configuration files.
  • Use of executable bit to enable file execution.
  • Ability to flag partitions to prevent automatic execution on the partion. Additional mount options exist to increase security.

In whole and in part these factors, make introducing viruses more difficult, easier to detect, and easier to disable.

BillThor
  • 4,698
2

I think what they mean by that is a) necessary privilege elevation (i.e. sudo) is necessary for doing potentially dangerous things and maybe b) (tongue-in-cheek) Linux is too obscure (and secure, see a) to draw much fire from virus writers..

Christoph
  • 3,108
2

The simplest answer is that it's very rare to find any virus designed to target an Ubuntu system.

belacqua
  • 23,120
Mahmudin Ashar
  • 386
1

"Built-in virus protection" is probably just marketing speech for the fact that Linux uses a different binary format for executables than Windows, so a Windows-virus cannot run on Linux. (It might run under Wine, but who would try that?)

Lincity
  • 25,371
Egil
  • 14,162
  • 3
    It is surely a marketing speech, but this has nothing to do with binary format. The security model adopted by Linux in general is superior to Windows. This is a bigger reason than binary format reason – Manish Sinha May 12 '11 at 18:19
  • 2
    Claiming it has nothing to do with the binary format is a bit far fetched. It might not be the only reason, but it sure is noteworthy. Files might not be executable by default, might not be run with root permissions etc, but that can easily be worked around by human error. Take http://www.omgubuntu.co.uk/2011/05/how-to-fix-the-plymouth-boot-screen-when-using-proprietary-graphics-drivers/ for instance. "Just download this script and execute it with sudo, and there you go." You get similar advice from lots of sites, and I bet that many users don't scrutinize the commands they run. – Egil May 12 '11 at 18:32
  • ...marketing speech... - you got that right. – Habitual May 13 '11 at 00:12
  • in what way is linux security superior? You may be right but I don't see hard evidence. – David Heffernan May 13 '11 at 06:50
  • There is, at least as far as viruses are concerned. Just look at total number of Windows and Linux viruses and compare these figures. – arrange May 13 '11 at 09:43
  • 1
    @Egil By binary format, I meant different binary format between windows and linux. Second thing, an OS cannot deal with situations when people listen to any random instruction. Your local police cannot prevent a robbery from happening if the robbers managed to convince you to somehow open the door. You can disable sudo (lock the door permanently) but that would be annoying and create more problems to you than the intruders. – Manish Sinha May 16 '11 at 04:32
0

Excerpt from Psychocats Tutorial Website:

http://www.psychocats.net/ubuntu/security#firewallantivirus

Conventional wisdom in the Linux community says that there are either no or very few Linux viruses out in "the wild," and that most are just proof-of-concept theoretical viruses. Some people recommend installing a virus scanner like ClamAV in order to protect your Windows-using friends from Windows viruses you might accidentally send them. I don't really see how that's an issue, though. If you have an attachment you created in Linux, why would it have a Windows virus in it? If your computer has been compromised in such a way that you don't have control over what you send other people, then you have a lot more to worry about than spreading viruses to your Windows-using friends!

scouser73
  • 4,334