malware on Linux
Running desktop Linux certainly puts you in a minority, but malware doesn’t discriminate when it comes to your OS.
at one stage utterances of the form “Linux doesn’t get viruses” were commonplace. They still are, by fans of the operating system and even by distro makers (see right https://manjaro.org). Unfortunately such talk was never quite true and it’s more fallacious now than it ever was. Worms, rootkits and all kinds of other nasties existed on UNIX systems while Linux was still just a twinkle in Linus’s eye. Many of the techniques they used were adapted to the Linux platform when it fructified.
As far as desktop Linux is concerned, things are reasonably clear cut: there are far fewer attacks reported, and the list of known malware strains is far shorter than on Windows machines. Given desktop Linux’s market share (somewhere around two per cent), this makes sense – attackers will be more inclined to go after whatever the masses are using. In 2006 the ‘Get a Mac’ series of television commercials claimed “Macs don’t get viruses”. Since then, its desktop market share has increased to somewhere around ten per cent, and the number of threats has increased proportionally. This in spite of Apple’s walledgarden approach to software installation.
These days opinion is divided on whether or not antivirus software is helpful on Windows, not because it doesn’t do what it claims to do, but because it sometimes (due to poor programming) opens the system up to new, potentially more dangerous attacks. Security guru Tavis Ormandy, part of Google’s Project Zero security team, has been particularly vocal about this threat. Programs that run with the highest level of privilege, as is required for antivirus to scan system files or privileged memory, need to be watertight. If these are vulnerable, then so is the system, possibly more so than if no such antivirus was running.
More often than not you don’t need to rely on a vulnerable program to exploit a system: a vulnerable user will do just fine. Writing a program to encrypt all user files, to log/inject keystrokes (at least in X – see https://github.com/coolervoid/rootstealer), to
launch an FTP server (making a machine’s files available to the world), even to wipe all local storage if that user has root privileges and can be tricked into entering a password – all this is trivial. The trick is getting a suitably gullible user to run it. Likewise, with some knowledge of a potential mark, a carefully crafted phishing email could trick them into visiting a fake website from whence their passwords can be swallowed, opening a poisoned PDF, or even just running a malicious executable – if somehow that wasn’t blocked by either email provider or the target’s email client. Humans have a bad habit of trusting things when they (seemingly) come from someone they know, so it’s easy to see how these things can cascade and become a large-scale outbreak.