The myths about malware in Unix / Linux

First, it's certainly possible to have viruses under Unix and Unix-like operating systems such as Linux. The inventor of the term computer virus, Fred Cohen, did his first experiments under 4.3BSD. A How-To document exists for writing Linux viruses, although it looks like it hasn't had an update since 2003.

Second, source code for sh-script computer viruses has floated around for better than 20 years. See Tom Duff's 1988 paper, and Doug McIllroy's 1988 paper. More recently, a platform-independent LaTeX virus got developed for a conference. Runs on Windows and Linux and *BSD. Naturally, its effects are worse under Windows...

Third, a handful of real, live computer viruses for (at least) Linux have appeared, although it's not clear if more than 2 or 3 of these (RST.a and RST.b) ever got found "in the wild".

So, the real question is not Can Linux/Unix/BSD contract computer viruses? but rather, Given how large the Linux desktop and server population is, why doesn't that population have the kind of amazing plague of viruses that Windows attracts?

I suspect that the reason has something to do with the mild protection given by traditional Unix user/group/other discretionary protections, and the fractured software base that Linux supports. I mean, my server still runs Slackware 12.1, but with a custom-compiled kernel and lots of re-compiled packages. My desktop runs Arch, which is a rolling release. Even though they both run "Linux", they don't have much in common.

The state of viruses on linux may actually be the normal equilibrium. The situation on Windows might be the "dragon king", really unusual situation. The Windows API is insanely baroque, Win32, NT-native API, magic device names like LPT, CON, AUX that can work from any directory, the ACLs that nobody understands, the tradition of single-user, nay, single root user, machines, marking files executable by using part of the file name (.exe), all of this probably contributes to the state of malware on Windows.

It helps prevent the spread of viruses in Windows

Remember that Linux is used in many ways, such as file and email servers.

Files in these servers (MS Office files, outlook messages, EXE programs) can be stored with an infection.

Even though they should not affect the servers themselves, one could configure the server to check every file at the moment that is stored to make sure that it is clean and prevent future spread when they are moved back to a Windows machine.

I myself have it installed for when a friend asks me to check why their Windows machine is not working, or for when I plug my pen drive on a Windows machine.

Viruses for Linux are possible in principle and there have been some, however in the wild, there are no widespread Linux viruses. The Linux user base is pretty small and under Linux it is much harder for a virus to do much harm as the user model is pretty restrictive in contrast to e.g. Windows XP. Therefore virus authors normally target Windows.

There is Linux Anti-Virus software, e.g. from McAfee, but no Linux user I know uses such software. It is by far more important to install only software from trustworthy sources and keep your system always up to date by installing security updates in a timely manner.