Monday, December 28, 2009

The dangerous myth of Linux virus invulnerability


I read an article recently about an easy way to create a virus against Linux. To be more specific, the article shows a very simple method to create a virus which takes advantage from a GNOME/KDE vulnerability. Here's the article, highly recommended for all KDE/GNOME users.

I started using Linux just over a year ago, but security and its alledged virus invulnerability were some of the reasons why I chose switching from Windows. Therefore, having read so many times that one is immune to viruses as long as one is using Linux, I was very scheptycal about that article. However, as I read more about it, my concern started growing.

It is true that the afore mentioned "virus" is more of a Trojan horse attack, and that it can't really do any harm unless the user makes a mistake, but the mere possibility of it happening is already worrying. Even more concerning is the fact that it is so easy to create and implement.

As I said before, this vulnerability seems specific to KDE and GNOME ".desktop" launchers, but these are probably the most extended desktop environments in the Linux world. It is important to understand that while Linux itself remains invulnerable to such problems, most desktop users do use one of these two desktop environments, so they are still vulnerable to attacks of this kind in the end. For the very same reason, Linux servers are not (as they do not use a desktop environment).

As the author of the article rightly puts it, the attack is limited as long as the user does not save and execute the launcher, and it could be argued that Linux users are somewhat more technically inclined and aware, but still it feels to me like something that could impact tons of users, even more as Linux keeps growing.

I agree 100% with the author that we Linux users should be critical instead of self complacent. We should not rest in our laurels assuming that we are free from attacks or security breaches, because that's not the case.

I encourage you all to contact GNOME/KDE developers so they take care of this potential security problem.

As for potential solutions to this kind of problem, prevention, as usual, is always best. Here are some suggestions:

1.- As a rule of thumb, avoid running any email attachment which can be executed, even if it comes from someone you trust (they could be infected).
2.- Never save and execute anything unless you are 100% confident it is safe, much less a ".desktop" file.
3.- Monitor your .local/share/applications folder to ensure whatever custom launchers are in there are doing what they are supposed to do. Just run this simple command from a terminal:

less .local/share/applications/*.desktop | grep Exec

4.- Understand that your PC can only be as smart as you are. It will not prevent your misuse.

Good Luck!