Malware for The Linux Desktop | Free Antivirus

More than four years have passed since my contribution to the usefulness of virus scanners under Linux. The post is still one of the most viewed daily and is by far the most positively rated post on this website. Current developments now make an update necessary. But first: there is no need to panic or install a virus scanner under Linux.

In the current reporting, two malicious programs are making the rounds that are tailored to the Linux desktop, i.e. Linux on user computers, not on servers. The two programs are called EvilGnome and Winnti, with the second name referring to a group of hackers whose malware, which has not yet been individually named, is probably in Windows and Linux versions.

Contrary to my original assumption in 2016 that we would see an extortion trojan for the Linux desktop in the foreseeable future, these are spy programs that can take screenshots, log keyboard entries and perform comparable functions, i.e. tools for targeted attacks on specific targets, which should work in the context of a normal user rights. There are indications that such software is distributed using so-called spear-phishing techniques, i.e. the targeted attack on a specific company or even a specific user, not with mass distribution means such as e-mail campaigns or drive-by downloads.

Spear phishing tries to get the target to install the malware by providing more or less credible reasons why it should be done. Even the Heise-Verlag has already fallen victim to this, albeit here via an MS Office document that was attached to an alleged answer in an ongoing dialog via email. This is the first reason why concern remains unfounded for the time being: How likely is it that you will be the victim of a targeted attack? So far, political and economic goals have been mentioned, not private individuals. And at least EvilGnome seems a long way from being mature.

However, there are also technical reasons that speak against the widespread use of this software. As before, Linux users usually get their software from a repository (marketing spokesman: App Store) and don't download it anywhere, let alone get it sent by email. Infecting a repository is not impossible, but it is much more difficult and short-lived.

An e-mail attachment is a targeted alternative, but it is still true that you cannot send Linux programs that can be executed directly via e-mail. These must first be executed by yourself or installed using the distribution's package manager. Both of these are a bigger hurdle than allowing an Office macro or even double-clicking on a file with an executable format that was not recognized due to a hidden or obscure file extension.

I couldn't find much about winning, but EvilGnome is a kind of extension for the Gnome Desktop. It is not yet clear to what extent this works at all on Linux systems that do not use Gnome. But I think that the complexity of Linux, which gives the user great freedom, for example when choosing the graphical user interface, will continue to make it difficult to implement comprehensive infections.

I still stick to my opinion that a virus scanner for Linux is pointless. It is still not likely that such a virus scanner will ever receive signatures for the programs mentioned. And the ballast of Windows signatures remains.

As a final note, I would like to add that Microsoft itself outlined a vision of a modern operating system in May 2019, which was commonly understood as an indication of the next (and thus not the current and previous) Windows. According to this, such a system should not only be user-friendly but also meet the following technical requirements:

·         Updates should be installed inconspicuously and without interruption in the background, without requiring constant restart.

·         Applications and the system should be neatly separated from each other at the process level.

Linux (and not only Linux but also macOS, for example) has met both requirements for ages. In fact, it is Windows that is the only system that has not yet achieved this level of “modernity”. What is still missing from the list is a clean and enforced separation of administration and user levels. Then even Microsoft could someday manage to bring a modern and secure operating system onto the market.

Find the best free antivirus for Desktop