Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (39)
  • add to favourites
    Add to Bookmarks

Open source does not mean secure

Read: 20571 Comments: 4 Rating: 10

Thursday, July 26, 2018


  1. The author of this issue has a background in software development for Unix-like systems.
  2. Nothing mentioned below can be deemed as an attempt to prove that one platform is superior or inferior to another.

Because of a security misconfiguration, thousands of NoSQL servers ( are accepting external queries, giving out their data to anyone who wants it, without proper authentication. Security researchers with Risk Based Security examined 30,239 publicly available Redis servers and concluded that as many as 6,338 of them were compromised.

The upsurge in malicious activity correlates with the time when the vulnerability CVE-2015-4335 was discovered last year.

A typical news item except for the fact that it concerns free operating systems. How would people respond if the incident affected Windows? Administrators would do nothing more than apply a security patch and/or change settings. Some of the technical details would probably be reviewed in forum discussions. We’re not saying that Linux administrators are unwilling to resolve security issues, but look at the reactions on forums…

Come on, 90% of the affected servers are maintained by wannabe sophomore admins who usually connect with their friends in the neighbourhood.

Another 9.99% are test servers.

Alcohol-fuelled admins are responsible for the remaining fraction of servers where attackers can gain access to their stashes of porn and cat pictures.

All in all, the pros don't care, and the amateurs shouldn't have involved themselves in the first place.

No casualties.

And whenever news posts about malware (such as the ones below) emerge:

In June, our security researchers detected a Trojan for Linux—Linux.BackDoor.Irc.13—which is a modification of Linux.BackDoor.Tsunami; but, it cannot carry out DDoS attacks. This Trojan executes commands received via the IRC (Internet Relay Chat) text-messaging protocol.

In April, Doctor Web security researchers detected several such Trojans simultaneously and named them Linux.BackDoor.Xudp.1, Linux.BackDoor.Xudp.2, and Linux.BackDoor.Xudp.3 respectively.

The infection begins with the ELF file, which is detected by Dr.Web as Linux.Downloader.77. It is noteworthy that this application was initially designed to send out UDP packets to a specified address. Linux.Downloader.77 is a trojanised version of this program. Acting independently, potential victims download this utility and run it on their computers. Users are then prompted to grant the program root privileges, which it needs in order to operate.

…the number of people wanting to demonstrate how intelligent they are is increasing dramatically:

It's not even a Trojan but a utility that helps hackers coordinate DDoS attacks.

Well, some inexperienced users can't tell good from bad.

Since the repository doesn't include it, where else am I supposed to download it from?

How can I download the application to test it?

This is all about marketing and SEO specialists who have to earn their bread and butter—they write malware for Linux and distribute it over all sorts of rubbish dumps to make people download/install/buy anti-viruses for Linux rather than try to understand how to stay immune to malware infections.

This is a conspiracy

Bring those viruses on! I'll launch them right away. :)

A pathetic marketing campaign and yellow journalism. "We found something scary. Beware! But we're not going to tell you what it is. Just beware. And bring us your money".

And what does Linux have to do with it? It’s the same old story: blaming Linux for loopholes in third-party applications.

Where can I download the stuff? When will we have our ebuild?

"Security researchers with Kaspersky Lab"

Stopped reading right there; I couldn't bear that laboratory assistants' nonsense…

That's just fine :)

And those comments are left by professionals. More often than not, when a news post about issues involving Windows appears, someone will claim that none of this would have happened if Linux had been used.

Of course, the number of malicious programs for Unix-like systems is not comparable to that for Windows or Android—but these operating systems enjoy much greater popularity than Linux. Why are some people so convinced that malware for Linux can’t exist?

We're not saying that Linux is a bad operating system. It has its advantages—after all, most high-performance servers servicing Dr.Web anti-virus service subscribers do not use Windows, and their administrators use open source databases as their Dr.Web AV-Desk server repositories. The problem is that some advocates of this operating system firmly believe and perpetuate certain myths:

  • Linux is secure because its code is reviewed by experts on a regular basis. This is arguable to say the least since vulnerabilities that have remained unpatched for years are being discovered regularly in open source programs.
  • Thanks to open source, security patches are released promptly for the discovered vulnerabilities. To some extent, this is true, but two problems exist:
    • Patches for commercial programs can be tested against a variety of software and hardware configurations. When it comes to free operating systems, the patches made for them are tested by users.
    • Linux administrators and users are as reluctant to install updates as users of other platforms. Even security patches for publicised loopholes often never get installed.
  • Since Linux users don't use administrator accounts, they can't launch malware. The same is true for other operating systems too. However, ordinary Linux users are no different from people using Windows. It’s unlikely that switching from Windows to Linux is going to change the habits of an accountant who clicks on links willy-nilly and doesn't use a strong password.

> Users are not supposed to have an IT background.

Well, they should.

Before you start doing something, read up on the subject. This is true for construction, driving, repairing furniture, sewing, cooking, doing laundry, going fishing and engaging in sports. Generally it’s true for everything. Surely using sophisticated data processing and transmission equipment must require some training.

Am I the only person who understands that this has nothing to do with reality?

  • Fragmentation keeps Linux safe. Malware must be compiled for each specific distribution. First, attackers may target the most popular distributions. Second, a malicious script can be run on any Linux machine.

But these are general problems (and far from all the myths!). There also exist specific security-related problems:

  • No matter what we may think or say about Microsoft, the latest versions of Windows are being constantly upgraded with new security routines, making it more difficult for attackers to exploit vulnerabilities and design new malicious programs. Even if a Trojan acquires administrator permissions, it will have a hard time eliminating the anti-virus because Dr.Web’s self-protection routines operate as system drivers. Meanwhile, issuing the kill-9 command in Linux will shut down any process including the anti-virus.
  • Most encryption ransomware programs for Windows incorporate all the code they need to perform their tasks. Linux already includes everything necessary to encrypt data. Attackers only need to write a script that to use out-of-the-box features.

The Anti-virus Times recommends

We use all sorts of services, devices and computers. We automatically trust their owners and administrators, but we can never be sure that they have been configured properly or that they have no gaping loopholes in them. So no matter how reliable services appear to be, your computer should be ready to deal with any security issue.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.