> I'm curious about virii and Linux... > > Am I wrong to assume that Linux is not immune to virii (I don't even know if > virii is a word - but it just sounds cool :) ? Obviously the security > features of Linux can prevent some virii from affecting certain files on your > system... but what about the boot sector? And what if you happen to be su'd > or logged in as root when you get (and heaven forbid) execute an infected > program?
Viruses activate when infected files or bootsectors are executed. Some dos viruses also "take over" certain system calls. Viruses can be written for linux, but it haven't happened yet as far as I know. Dos/windows viruses are usually incompatible and can't work with linux, just as dos programs don't run in linux (unless a suitable emulator is used). So a linux-only machine is very safe. It can be vulnerable to booting with a boot-virus infected diskette in the drive, because such a thing may obliterate the harddisk before linux is loaded. These viruses will usually only mess with lilo though, possibly making the machine unbootable but no damaged files. These viruses may install their own int 13 handler (bios disk access) but linux doesn't use that after the kernel is loaded, so it is effectively isolated. dos-Viruses that affect files doesn't understand ext2 or the various linux executable formats, so no danger there. The only way to activate such a virus is by running some dos program in an emulator. The emulator will stop the virus from obliterating the disk (i.e. dos fdisk activities don't work in linux) The virus will only be able to mess with files that the user is allowed to mess with, and it won't find dos/windows executables among those. It can only spread to other dos files. It may crash the dos emulator only, not linux. A dual-boot system is worse. The viruses can do anything when dos/windows is running, but they don't understand ext2. Infection can spread to the boot sector of the linux partition, not the files. Of course the virus may do damage enough by interpreting the ext2 partition as a FAT partition and write to it in this manner. Virus writers don't bother testing for such mistakes. Also, overwriting random disk sectors is a common way to to damage when the virus pull the trigger. If you want a real safe machine, make it linux only. No dos partition, no dos emulator. And set it up so it won't try booting from the floppy drive. (You can always change that back if you ever need to boot a floppy.) Such a machine will be immune until a linux virus is written. And a linux virus wouldn't be able to do much damage other than destroying the user's personal files. Helge Hafting