[plug] The Linux Virus Challenge

Christian christian at amnet.net.au
Tue Oct 16 13:14:43 WST 2001


On Sat, Oct 13, 2001 at 10:13:14AM +0800, skribe wrote:
> Silicon.com is running a story about some guy that is offering £10,000 to the 
> first person that can infect his machine with a virus. His theory is that a 
> properly set up linux system is immune to viruses. The story is here:
> 
> http://www.silicon.com/bin/bladerunner?REQUNIQ=1002938800&30REQEVENT=&REQINT1=48211&REQAUTH=21046&3010REQSUB=
> 
> Is this guy's reasoning flawed?

It's a complex issue but the answer is always going to be "yes".

Today most people's understanding of what constitutes a "virus" is rather
confused.  Worms and vulnerabilities are often mistakenly described as
"viruses", particularly by the online media.  The basic idea of a
Linux system being much more resilient to the traditional sorts of
viruses found on DOS-based systems is naturally well-founded due to the
enforcement kernel-based access controls.  However modern email worms
(regularly referred to as "viruses" by mistake) could easily affect
Linux systems at least in theory because they *mostly* spread by user
error.  Of course in practice this is unlikely/rare due to the less
user-friendly nature of Linux software and the fact that most Linux
users tend to be technically better informed. The other class of worms
that spread through exploitation of a security flaw, however, can easily
affect Linux systems (and have done in the past) since these have almost
as many security problems as Windows ones.  Certainly a "properly" (for
some no doubt highly arbitrary definition of "properly") set up Linux
system will likely be fairly resilient to worms but is it "immune"?  Of
course not.

In the end though this guy will probably not lose his money because this
is not a traditional "hacking" challenge.  Instead of challenging people
to try and break into this machine (which would almost certainly
happen), he is saying that "viruses" will not be able to compromise his
security.  For this to happen someone would have to write a virus that
is specifically able to exploit some, no doubt extremely obscure,
security vulnerability that affects his machine.  And, if they do this
then he will naturally argue that they specifically targetted his
machine and that they "hacked" it rather than it simply being infected
by a random, passing "virus".

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C



More information about the plug mailing list