[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hit by virus !? Help, please...

> I'm curious about virii and Linux...
> 
> Am I wrong to assume that Linux is not immune to virii (I don't even know if 
> virii is a word - but it just sounds cool  :) ?  Obviously the security 
> features of Linux can prevent some virii from affecting certain files on your 
> system... but what about the boot sector?  And what if you happen to be su'd 
> or logged in as root when you get (and heaven forbid) execute an infected 
> program?

Viruses activate when infected files or bootsectors are executed.  Some
dos viruses also "take over" certain system calls.  

Viruses can be written for linux, but it haven't happened yet as far as I know.
Dos/windows viruses are usually incompatible and can't work with linux,
just as dos programs don't run in linux (unless a suitable emulator is used).

So a linux-only machine is very safe.  It can be vulnerable to booting
with a boot-virus infected diskette in the drive, because such a thing
may obliterate the harddisk before linux is loaded.  These viruses will
usually only mess with lilo though, possibly making the machine unbootable
but no damaged files.  
These viruses may install their own int 13 handler (bios disk access)
but linux doesn't use that after the kernel is loaded, so it is
effectively isolated.

dos-Viruses that affect files doesn't understand ext2 or the various
linux executable formats, so no danger there.  The only way to activate
such a virus is by running some dos program in an emulator.  The emulator
will stop the virus from obliterating the disk (i.e. dos fdisk activities
don't work in linux)  The virus will only be able to mess with
files that the user is allowed to mess with, and it won't find dos/windows
executables among those.  It can only spread to other dos files.
It may crash the dos emulator only, not linux.

A dual-boot system is worse.  The viruses can do anything when dos/windows
is running, but they don't understand ext2.  Infection can spread to
the boot sector of the linux partition, not the files.
Of course the virus may do damage enough by interpreting the ext2
partition as a FAT partition and write to it in this manner.  Virus
writers don't bother testing for such mistakes.  Also, overwriting
random disk sectors is a common way to to damage when the virus
pull the trigger.

If you want a real safe machine, make it linux only.  No dos
partition, no dos emulator.  And set it up so it won't try booting
from the floppy drive.  (You can always change that back if you ever
need to boot a floppy.)  Such a machine will be immune until a
linux virus is written.  And a linux virus wouldn't be able
to do much damage other than destroying the user's personal files.


Helge Hafting
Reply to: