Are there any Linux viruses that could jump from platform to platform?
There are some that I'm aware of that could run on Unix and Linux.
It's more about the applications that are running on top of Linux that can cause a problem.
Another problem occurs when Linux is providing data to Windows users -- for example, when an Apache Web server presents data to a Windows user. In an enterprise environment running Linux file servers via Samba to Windows users, you want to secure that Linux box as you would a Windows box. You don't want it to be a propagation point for viruses.
Also, if your CRM or e-commerce applications are connected to a Linux server, the scope of damage caused by a virus could be beyond imaginable. There are a relatively small number of Linux viruses, but you need programs to secure them. Plus the cost of running antivirus is small compared to the damage losing those applications could bring. Is Linux engineered to fend off malicious code better than Windows?
In a Linux environment, it's difficult to run an application at root. User privileges are much stricter. You can't run programs as freely as you can on Windows. With the latest Windows platforms, Microsoft is taking steps to do away with these rights for users.
Also, Linux has always had a simple firewall built into the system. From the start, Linux is more secure than Windows. Is malicious code written for Linux structurally different from code written for Windows?
They are more likely to use code that exploits some kind of vulnerability on existing software running on Linux, like OpenSSL or Apache. On the Windows side, viruses rely on users to execute an executable file.
The code itself is written differently. The Windows platform is so much different from Linux, there's a different skill set there.
With Slapper, that virus spread in source-code form. It is available for anyone to copy. Anyone could modify it to make a new one. Virus writers aren't writing malicious code for kicks any more, are they?
The main reason most viruses are written for Windows is because more end users are using Windows, Outlook and Internet Explorer. They want to write viruses that are going to affect 95% of PC users.
Today, viruses and malicious code [are] written by people who want to make money. Spamming, for example is a motive. Most of today's viruses install back doors that enable spammers to send spam from end users' computers. It's all about how you can make money writing viruses today.
Also, Linux is being used more on servers today running mission-critical services like CRM and Web servers on Apache. It's quite scary for an enterprise if one of these applications is not running any more because of a virus. Network-aware worms are considered more dangerous because they spread faster and can cause denial-of-service conditions?
Right. If you look at Slapper, that was a very fast-spreading worm. Once it infects a machine, it is programmed to look for other machines with the same vulnerabilities that are connected to the Internet. It can do this very quickly, [sometimes] in 15 minutes.
In the Linux world, viruses will be different. Corporations will need to do more than file scanning [of e-mail messages]. It's about firewalls and intrusion detection.
You can write a virus to any platform. Linux is more secure than Windows by default, but it's not difficult to make a malicious program that would run on Linux. There are about 100 viruses in existence for Linux. It's obviously a little different story on the Windows side.
On Windows, most of the viruses are e-mail borne. On the Linux side, today and in the future, viruses are network-aware, and [they] take advantage of vulnerabilities in networks or systems to infect machines. The Slapper worm, for example, attacked vulnerabilities in OpenSSL and Apache.
If and when Linux becomes used more in corporate environments, the prevalence of viruses will depend on the applications running on Linux.