Bug Watch: Is Linux safe from attack?

Fresh concerns have come to light regarding the vulnerabilities of open source operating systems to virus attacks. Last week's Red Worm virus was the latest in a long line to target Linux.

There's been a long-standing belief throughout the Linux community that hackers and virus writers had better things to do than target them with malicious attacks - a belief that is beginning to erode.

As Linux increasingly becomes a target for malicious attacks, the question arises as to how vendors and users should deal with the problem. Is it a case of developing antivirus defences specifically for Linux or is it the age old problem of increasing awareness of the threats within the open source community?

The appearance of the Ramen worm in January, the first significant virus to target Linux, should have sent alarm bells ringing throughout the community. As Linux begins to make more well-paved inroads into the market, there's no question as to whether it'll become a more popular target for virus writers. Users need to wake up to the fact that they're a viable target for malicious code writers and hackers.

Linux has quickly become the world's most popular web serving platform predominately because of its cheapness and reliability. In the past, it's exclusivity made it pretty much bomb proof because virus writers simply didn't have the expertise or desire to write custom-written code to take advantage of Linux.

Virus writers did not have the inclination for two reasons. Linux has always been at the heart of the coding community, and perhaps in Linus Torvalds they see a kindred spirit. Secondly, there was no real point in trying to develop virus code for an operating system that wasn't in popular use.

Virus writers follow trends in demand and, despite the leaps and bounds made by the Linux platform in recent years, it still sat at the edge of the user community.

However, this is changing. Linux virus writers can now easily create what looks like a legitimate program which fools the user into installing it. When the program fails to work as expected, users will either uninstall it or forget about it. Either way, the virus has been delivered and the user's machine has been successfully infected.

Although the number of people suffering attack from Linux viruses is small in comparison, attacks on open source operating systems are on the increase.

Antivirus vendors in the UK are starting to develop and introduce protection for email and networks running Linux. Furthermore, the National Security Agency (NSA) in the US has developed a secure version of Linux, proving that the virus threat to the system is being taken seriously.

So if the Linux virus threat is now being given such gravity by the community, what should antivirus vendors be putting in place to deal with the problem?

Do vendors need to work on developing solutions specifically to deal with the open source nature of Linux code, or are current defences sufficient? Or is it just a case of ensuring Linux users treat the possibility of a virus attack with as much seriousness as someone using a Microsoft operating system?

Open source users can all take immediate steps to help prevent attacks by obeying the same rules as somebody working on any other operating system, namely:

• Do not run software or other executable content from untrusted sources. This includes Java and JavaScript in web pages and documents, data from unknown sites, and compiling and installing untrusted source code.
• Always download software from official sites or official mirror sites.
• Make regular backups, preferably several copies, and store them on write-protected media.
• Acquire an antivirus scanner and use it properly.

The Linux threat can be easily resolved on both a common sense and product level. Awareness among the Linux community is on the increase, but it is the responsibility of the antivirus community to put the focus on Linux which it deserves.

The real point of interest is how virus writers follow trends: mobile, Linux, even AnnaKournikova. It's down to the antivirus community to be proactive in identifying these trends and ensure that we do our utmost to develop the software that keeps the virus threats at bay.

Next edition: 20 April