[linux-elitists] Comprehensive list of Linux malware

Rick Moen rick@linuxmafia.com
Fri Nov 19 12:33:09 PST 2004

For about ten years, I've had a set of four essays on Linux viruses on
the Web.  The four are at http://linuxmafia.com/~rick/faq/index.php?page=virus,
and have recently acquired a fifth.[1]  Over the years, they've become
ungainly through continual text-patching to address this-or-that special
case or common objection, but I think the central points still come
through well enough.  (And Alexander Bartolich's ELF Virus Writing
HOWTO[2] quotes from them and calls my Web pages "very inspiring", which
is flattering.)

My page is (as will be obvious) not aimed at Linux elitists, but rather
attempts to give Linux tire-kickers a reasonable, informed perspective
on the subject.  Originally, it was also concise; I lost that battle a
couple of kilowords ago.

The essays' main idea is this:   By and large, Linux malware is just an
after-effect of other sorts of security failure.  Therefore, worry about 
maintenance and sensible security policies; malware is the least of your
worries.  Meanwhile, the system architecture and surrounding culture are
designed to make it difficult for you to shoot yourself in the foot, and
to make doing the right thing easy if not the path of least resistance.

I wouldn't have though those ideas controversial, but they've garnered
objections -- sometimes angry ones, sometimes just disapproving  -- from
many commentators, many of them security and anti-virus industry pundits
This was mildly surprising, even making allowances for testosterone
poisoning and possibly a perceived critique to the pundits' profession.

David F. Skoll of Roaring Penguin Software, Inc. encountered the same
sort of attitude problem, in January when he asked on the Full
Disclosure mailing list if people could cite any Linux viruses that
actually pose any sort of real, current threat and could be blocked by
running Linux AV software.[3]

Experienced computerists' feedback to my own essays has generally been:

1.  "You Linux people are cocky.  Just see what happens if you ever have 
    significant market penetration."  (Ignores the already-established
    high share of Web servers, scientific workstations, and some other
2.  "Linux isn't invulnerable."   (Ignores the substance of my essays
    almost entirely.)
3.  "Linux will suffer an inevitable security & malware meltdown when/if
    it gets significant numbers of desktop users."  (Ignores the
    measures increasingly implemented to make the easy way the safe way,
    and the safe way the easy way.)

Novice users' feedback has generally been:

o   "Well, I don't know.  Haven't there been a bunch of successful Linux
    viruses?  Doesn't that mean I'm _still_ better off running an AV package?"

I may never succeed completely in answering the latter crowd, but virus
essay #5 is my best shot at a topic-killer.  Elitists may find it
interesting in that it attempts to list _all_ Linux malware to date, and
to analyse them in a proper historical and technical context.

And I take shots at a few of those aforementioned industry pundits -- not
unfairly, I hope.

[1] hic!
[2] http://www.lwfug.org/~abartoli/virus-writing-HOWTO/_html/
[3] http://lists.netsys.com/pipermail/full-disclosure/2004-January/015700.html
    Skoll eventually wrote a quite hilarious "virus challenge" essay based 
    in part on this exchange, which I mirror with his permission at
    http://linuxmafia.com/~rick/skoll/anti-virus.php .

Cheers,                 There are 10 kinds of people in the world, those who 
Rick Moen               know ternary, those who don't, and those who are now 
rick@linuxmafia.com     looking for their dictionaries.  -- Ron Fabre

More information about the linux-elitists mailing list