[Techtalk] Question about a virus risk

Mary linuxchix at puzzling.org
Sun Jun 23 11:09:14 EST 2002 

On Sat, Jun 22, 2002 at 03:50:09PM +0100, E. Sterling Wall wrote:
> Last night I was logged in to a KDE desktop instead of my usual Gnome
> desktop and suddenly a kmail window for a new mail openned up
> spontaneously with no "from", "to", or "body" text, but an attachment
> which was marked as being application/octet-stream. I closed the
> window and didn't save or send it, but now I'm worried...
> 
> What exactly is in this virus, and is it possible that it has infected
> my LINUX-ONLY computer? 

It's impossible to say, sorry, unless you can give us headers for the
mail you received, and possibly even a copy of the mail (don't send it
to the list, but if you want to forward one to me, that's fine. Please
not that if you do this I will remove identifying info and reply to the
list).

First of all, it is important to note that viruses do not infect
operating systems in generally, but infect particular programs or files
on that operating system. They might infect several at once, or delete
system critical files, but they don't infect "Linux" or "Windows" they
infect "Outlook" or "IIS".

Viruses are "just" programs that have a side-effect of attempting to
infect other computers, either by passively waiting until the program
they have infected is run, or actively exploiting holes in the program
to send themself out as email attachments etc. There's nothing about
that definition that screams "Linux" == "virus immune".

Now, having said that, here are the reasons viruses on Linux are
rare/unheard of:
 
 * It's a relatively rare OS, which runs on several different platforms,
 * which a binary virus would need

 * People use an immense number of mail clients, whereas a comparitively
   large % of Windows users use Outlook. Similarly, we use an immense
   number of word processors, window managers... whereas Windows users
   are a near mono-culture in several ways.

 * Linux programs are *less likely* to have settings that automatically
   run binaries from mail or word processing etc.

 * Because most Linux users log in as a non-privileged user, rather than
   root, the virus cannot damage system files (although my personal
   files are also important to me).

Having said that, there's no reason someone can't write a KMail or
Evolution or mutt virus, so yes, it is possible that was a virus. I
haven't heard of any, but it's possible. Linux, after all, can run
programs. It can even run programs like "rm -rf" which have the
potential to delete every single file on your system (if you run as
root) with no warning. So if a virus can get Evolution to run it (I have
no idea if Evo has settings like that, I'd imagine not, but it's
possible) it could be a Linux virus.

Summary: unlikely but possible. Please send more info ;)

-Mary.

More information about the Techtalk mailing list