Talk:Linux malware

Linux/Lupper not a Linux vulnerability
Linux/Lupper is not a Linux virus...it doesn't affect the Linux kernel or any GNU tools. It attacks poorly written (and outdated, mind you) PHP and CGI blogging scripts. If you were to place it under the category of a Linux virus, that would also mean that Windows and the Mac OS are also vulnerable. This is fallacy.


 * You didn't sign. And I'm not a citeable person, no blog or anything. But attacking the kernel itself is actually quite rare. It's much more common for a virus or exploit to attack software running on the target machine. So yes, that's a virus. And yes, Windows and Mac OS are also vulnerable. Look at the Pwn2Own competition for an example, most of the attacks can be used on any of the OS's. I don't have a source, haven't bothered looking to be honest, but to reject something as a virus because it does not attack the kernel is naive. Chrissd21 (talk) 03:20, 6 October 2009 (UTC)


 * Read above: or any GNU tools. PHP and CGI scripts are not part of the operating system. Of course it may be worth mentioning that Linux doesn't make third party add ons safe (and neither do the Linux distributions). --LPfi (talk) 00:26, 7 October 2009 (UTC)

Email
Many linux virus scanners are actually designed to stop windows viruses passing through linux email servers —Preceding unsigned comment added by 86.16.160.17 (talk) 22:03, 3 January 2008 (UTC)

Proposed move
The list here is a small fraction of the viruses out there, and years out of date. There are virus databases that have current info on that subject. What should be the fate of the article? I'm considering a move to "Notable Linux computer viruses". Presumably virus notability comes under WP:SOFTWARE, although the criteria don't quite fit. Probably only viruses with mainstream press coverage really are notable. Comments? --John Nagle 17:53, 20 April 2006 (UTC)

Agree
I agree that this list is uninformative und would better be integrated somewhere else. I have nto fully understood, what your proposed article aims at: More warning about current virii -or- a sort of tracked list of virii (for example with a date of 1st occurrence and a date since when it is fixed in the distributions)? I personally would opt for the 2nd one because it provides it can provide an archive as well, thus replacing this outdated article nicely. -- And the list is not supposed to grow fast, I assume. ;-) Madmaxx 21:54, 25 May 2006 (UTC)


 * Agree too. An outdated list is misleading, as users may infer it is an exhaustive list. --Outlyer 17:17, 29 June 2006 (UTC)

Aren't most of these worms anyway, not viruses?
 * The maybe viruses should be replaced by malware. --Outlyer 17:17, 29 June 2006 (UTC)

And most, if not all, of the exploits that the virus/worms use have been fixed in newer versions of the kernel. --Jdm64 03:59, 11 January 2007 (UTC)

Multi-user does not prevent spread of malware / Article oversimplifies a complex subject
The following quote from the article makes a very silly assumption....

''Like other Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. As such, viruses typically have less of an ability to change and impact the host system. That is why none of the viruses written for Linux, including the ones below, have ever propagated successfully to a large number of machines. Also, the security holes that are exploited by the viruses have been fixed shortly after (or more often, before) the viruses started spreading. So the viruses listed no longer pose any concern as long as the Linux system is updated regularly.''

Malware does not need "root" access to a linux machine to spread itself. For example, no special privileges are needed to send an email with an attachment out, or download a file from the internet. As to vulnerabilities, most malware is spread via social engineering, not software vulnerabilities, and even if vulnerabilities are patched right away there is still the problem of users not installing security updates in a timelyt manner.

Like most writing about computers security on the net I've seen on the net, this article is oversimplifying a very complex subject.

I won't try to make a correction, since I think this article shouldn't exist or should be integrated somewhere else.

Have a great day! :) Toadlife 01:01, 30 October 2007 (UTC))

Actually, a worm does need access to spread via the mechanism that is usually used on Windows systems, some sort of network connection One of the problems of creating something like the web browser this is being typed in or a mail client like Thunderbird is that a normal user does not usually have the ability to create a network socket. A worm spreads via network connections it can open and since a normal user on Unix or Linux can not just open a socket at will this cuts off one of the avenues of spreading and severely limits it. Then there is the matter of the MAC (Mandatory Access Control) which are the rwx (Read, Write, and eXecute) flags of the file system. You can not just go writing files any place you want to on a Linux / Unix system. Windows could also have had this enhanced security but the people in Redmond had limited experience working with something like Unix, IBMs OS/400 or MVS or VM/CSE, DEC's OpenVMS and similar systems. So Microsoft did not wait when IBM said, let us implement some sort of MAC control for the HPFS. So out the door the incomplete HPFS went which became the NTFS. If Microsoft had waited the virus world would be an entirely different place than what we have today.

I also disagree that this article is not apropos. I think it should be retained and enhanced. For example, the Linux Malware Detect shows a missing link. I found it here: http://www.rfxn.com/linux-malware-detect-v1-3-3-making-good-things-better/. The other thing that would be useful is to see just how much worse the situation has become. It may be that nobody is writing malware for Linux because they don't see the percentage, but I find it hilarious that VirusTotal always asks me if I am submitting Linux / Unix malware. For me personally, WHAT LINUX MALWARE? Other than rootkits and the associated software that goes with them there isn't any. I have always missed the boat getting it and it is gone when I get there. Not only that but I am the creator of a blocking hosts file and I go through 2000-3000 host names per month both going and coming that are infected by infected Windows machines. That is something that has happened since this was written. The one point the article is in error on is that the Linux web-servers are kept up to date. They aren't, but the malware they are spreading attacks not Linux, but Microsoft Windows. Not only that, but since 2007, the Windows malware situation has got infinitely worse and if anything the Linux malware situation has got better except for these injected web servers. It is not that the Linux machine itself is infected. It is that links and Windows malware are forced into the web server pages. This article needs to be expanded to show this interplay and make a plea to Web Service Providers to keep their web server software UP TO DATE. That applies to both IIS and Apache, but of the two, out-of-date Apache is what I encounter most of the time.

Retain the article but upgrade it. For example, I would like to see how a top security consultant for Kaspersky sees the situation today. hhhobbit (talk) 01:43, 28 May 2010 (UTC)

Guideline on linux virus protection
Perhaps the advice should be included that a on-acces virusscanner is not required given that:
 * so little linux virusses exist and
 * given that due to permission restrictions even these can do little harm

Instead, regular or monthly schedualed virusscanning would suffice (and offcourse no firewall or other implementations regularly seen with Norton Antivirus, ... is required.

Hope you include this advice (would make sure linux is not made sluggish by inexperienced users. Cheers,

81.246.132.145 (talk) 16:51, 27 December 2007 (UTC)


 * Edit: already included information myself and tried to be as objective as possible. The rewrite is as follows:

The Linux operating system, along with Unix and other Unix-like computer operating systems, are generally regarded as well protected against computer viruses.

This good protection linux has against virusses from the moment it is installed is due to the fact that :


 * Like other Unix systems, Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. As such, viruses typically have less of an ability to change and impact the host system. That is why none of the viruses written for Linux, including the ones below, have ever propagated successfully to a large number of machines. The viruses below still pose a potential, although minimal threat to Linux. If an infected binary containing one of the below viruses was run the system would be infected. The infection level depends on what user runs the binary. A binary run under the root account would be able to infect the entire system.


 * Very little virusses that are written for linux exist anyhow

However, despite this limited risk, viruses can potentially damage insecure Linux systems and impact their operation, and even possibly spread to other systems. As such, aldough the risk is small enough to make continuous or on-access virusscanning not required regular or monthly schedueled virusscanning is still best incorporated. The virusscanner used herefore may be minimal aswell (no firewall, ... is required). As such, virusscanners as Clamav do well enough and have the added advantage of being totally free of charge and open-source.
 * Re-wrote it to be more encyclopedic, there shouldn't be a list or even guide lines on protection. Wolfmankurd (talk) 02:19, 29 December 2007 (UTC)

The following is a list of known Linux malware:


 * Wait.. You removed any mention of a firewall? *cringes*

Think of it like this. Your machine is a house, you're holding a party. The firewall is the bouncer, he makes sure that all the suspicious and unruly crowds are turned away at the door BEFORE THEY GET IN!!!. The antivirus is your doting father with a notepad, on that notepad are photos of people he thinks you shouldn't be hanging around with. Anyone who's face matches a photo will be kicked out. You want to stop a threat BEFORE it gets into your machine. And that list only works on known viruses. No offence, but your an idiot and lacking a great deal of knowledge if you say that people should run an antiviruse programs (AV from now on) and no firewall.

If you're going to include references to AV's, then you need to at least link to IP Tables, or a third party firewall for Linux systems. Above link is a list of Linux malware, as you can see, the most recent in there as of 06/10/2009 is 2009-07-14. And this list isn't little known malware, it's about big bugs. Both an AV and properly configured firewall/IP Tables are important to safe computing. Wrong topic but most viruses won't attack the kernel, they attack software, and the one thing consistent about a Linux distro is that it will be running certain software on it. If this article is a list only, an encylopaedic archive, then there is no need to mention AV or firewalls. If you are going to include a list of AV's, then at the very least include a link to IP Tables with something like "it is also reccomended the user properly configures IP Tables or installs a 3rd party firewall as they offer protection from more than just malware, and do not show a marked decrease in performance on the machine". And if the user only runs a scan for viruses once a week or so, then they are getting all the protection from the AV and no decrease in performance. —Preceding unsigned comment added by Chrissd21 (talk • contribs) 03:52, 6 October 2009 (UTC)

Worms

 * L10n (also known as Linux/Lion)
 * Kork (also known as lpdw0rm, lpdworm, Abditive)
 * Cheese
 * Adore (also known as Red)
 * Ramen
 * Slapper (also known as Cinik, Unlock, bugtraq.c, Apache/mod_ssl worm)
 * Mighty (also known as Devnull)
 * Adm (also known as ADMworm, ADMw0rm)
 * SSHD22
 * Millen (also known as Millenium, MWorm, Mworm)
 * Sorso
 * Lupper (also known as Lupii, Plupii, Mare)

Computer viruses

 * Alaeada
 * Binom
 * Bliss
 * Brundle
 * Diesel
 * Kagob
 * MetaPHOR (also known as Simile)
 * OSF.8759
 * RST
 * Staog
 * Vit
 * Winter
 * Winux (also known as Lindose and PEElf)
 * ZipWorm

No attack on Ubuntu mirrors?
AFAIK there has never been a (successful) attack on the Ubuntu mirrors, and the following seems to confirm this: https://lists.ubuntu.com/archives/sounder/2006-July/008231.html —Preceding unsigned comment added by 213.118.46.230 (talk) 01:45, 18 February 2008 (UTC)


 * I can't find any info either to confirm this ever happened. I believe it may have been put in the article in error. Besides that a mirror attack is not relevant to this article on viruses. I will removed it as "unsourced" - Ahunt (talk) 12:40, 20 February 2008 (UTC)


 * So what? Ubuntu is not Linux, it is *one* Linux distro, only.--72.218.114.15 (talk) 04:13, 11 October 2008 (UTC)

Article name
Since this article contains a lot more information than just a simple list of Linux viruses I am wondering if the article name shouldn't be changed to something more along the lines of "Linux computer viruses and worms" to better reflect the content? I would like some input from other editors watching this article to get a consensus on this. - Ahunt (talk) 12:20, 6 March 2008 (UTC)


 * I agree that the name should be changed. I'd suggest "Linux malware", as malware includes viruses and worms, and also spyware, etc. WalterGR (talk | contributions) 11:21, 8 March 2008 (UTC)


 * That is a nice short title! I like it! Anyone else have any thoughts on this? - Ahunt (talk) 15:24, 8 March 2008 (UTC)


 * Lacking any objections to renaming, I will go ahead and carry it out. - Ahunt (talk) 11:41, 10 March 2008 (UTC)


 * Thanks for doing that! WalterGR (talk | contributions) 12:01, 10 March 2008 (UTC)


 * No problem - thanks for suggested the best name! I changed all the links to it that I could find as well. - Ahunt (talk) 14:13, 10 March 2008 (UTC)

Removal of the Granneman quote
I removed the Granneman quote.


 * It's quite old (from 2003) and was written when Windows XP was Microsoft's main consumer OS.
 * As such, it doesn't take e.g. Vista into account, where the user isn't admin by default.
 * Some pretty important portions of the article were incorrect, and later corrected.
 * The article is largely about Windows susceptibility to e-mail attachments containing malware, rather than the security/insecurity of the platform as a whole.

I'm sure there are better references out there for why malware isn't as common on Linux.

WalterGR (talk | contribs) 06:37, 8 March 2008 (UTC)


 * No problem, if you think the quote is not helpful then it should go. I have changed the ref on the remaining quote so that the footnote works right. I have also removed the one-source tag, since there are currently three refs. I will also probably work on the external links in the list as they should be refs as well instead. - Ahunt (talk) 21:12, 8 March 2008 (UTC)


 * Thanks for fixing the broken ref! I just did "preview" on the section I edited so I didn't notice I had screwed it up. :/ WalterGR (talk | contributions) 21:15, 8 March 2008 (UTC)


 * That is the one problem with "section editing" - you don't see the refs! - Ahunt (talk) 22:17, 8 March 2008 (UTC)

Misc Comments
I think the article is too oversimplifying in the sense that it neither gives a non-techical user information about the real threat-level his/her gnu/linux system (this article doesn't even draw a clear line between the kernel and user-mode program) nor for technical users an overview of possible malware categories. Fri Apr 11 14:13:43 CEST 2008 —Preceding unsigned comment added by 130.60.228.144 (talk) 12:15, 11 April 2008 (UTC)


 * Feel free to expand it to make it better, as long as you have references! - Ahunt (talk) 13:10, 11 April 2008 (UTC)

Bias
This article is a load of biased cr*p. I'm using Linux myself and I'm sort of embarrassed to see this sort of propaganda in Wikipedia. Obviously, the primary reason that Linux is not as malware troubled as Windows is that Linux is installed on less than 5% of all desktops in the world. If you want to cause grief on the desktop, Linux is a poor target, simply because there is almost no Linux desktops out there. In other words, malware is not produced for Linux. Linux has good security, but that is most definitely a secondary reason. Also, please let go of the citations of some Linux zealot's blog - those are not reliable sources. —Preceding unsigned comment added by 83.89.0.118 (talk) 05:40, 2 July 2008 (UTC)


 * Anyone can call an article "load of biased cr*p". If you have references to back up your contention that it is the low level of usage rather than inherent security features incorporated in Linux that results in its virus non-susceptibility then let's by all means have a look at them and amend the article. Also please sign your posts with 4 tildes, it saves the SineBot from tracking you down! - Ahunt (talk) 10:58, 2 July 2008 (UTC)


 * It is incorrect to say that the low usage share of linux is the primary reason it has little malware threat. there are over 800 malware apps for linux and of these, none have become widespread or caused significant impact. on the other hand, if you consider the wildlist for windows viruses, a decent percentage have become widespead and an even higher percentage have caused significant impact. (I haven't included the actual numbers because the stats I am reading are from a restricted access thesis which I can't reference) Xavier Orr (talk) 00:56, 27 September 2008 (UTC)


 * Regardless of whether GNU/Linux is more or less secure than Windows, it's inherently biased to have this article but no Windows malware article. Superm401 - Talk 03:25, 19 December 2008 (UTC)


 * That may be true, but tagging this article as "POV" will not address that problem. There is an article addressing Windows viruses, it is Computer virus, because largely the history of computer viruses is a history of Windows viruses. In a way this article is just a subset of that article. If you think that Windows viruses need better coverage as a subject then it should either be a new article or an expanded section at Computer virus. Either way that will not impact this article. - Ahunt (talk) 11:17, 19 December 2008 (UTC)


 * Actually the unsigned person has a point. The main reason Linux systems aren't targeted are 1: Its low market share, if you attack you want to hit as many machines as possible. 2: Linux is an umbrella term, there is no one Linux, as such, there is no one way of setting things up. The systems differ from distro to distro, in how folders are organised (and thus the pathnames), in the console commands, etc. For a virus to work on a Linux system, it would have to target the kernel only (rare in the virus world, much more common to attack 3rd party software) and also have at least 2 different pathnames to try out, Red Hat, Ubuntu, then more for other distro's. Windows has just as much security built into it as your typical Linux system, taking into account that XP is over a decade old of course. Chrissd21 (talk) 03:28, 6 October 2009 (UTC)


 * There seems to be little evidence for the low market share argument. Linux isn't much targeted as a server either, although having quite a big market share.
 * The diversity is actually regarded as one of the strengths of Linux security wise. That means that even with 90 % market share for Linux any Linux variant would be a "low market share" target. It is of course possible to write Linux malware for any Linux installation having a targeted vulnerability – is there a shortage of common (unpatched) vulnerabilities?
 * --LPfi (talk) 00:41, 7 October 2009 (UTC)


 * Google "phase transition random graph" - thousands of papers is "little evidence"? 158.129.140.119 (talk) 14:35, 18 May 2017 (UTC)

Linux is not Unix
It's a Unix-like system, but it's not Unix. It's based on Minix, which also is not Unix. —Preceding unsigned comment added by 72.244.63.65 (talk) 21:57, 3 July 2008 (UTC)


 * Linux is not based on Minix at all... 81.2.106.229 (talk) 16:20, 10 July 2008 (UTC)


 * No, but that's a red herring here. Any Linux Standard Base system meets the same criteria as the Single Unix Specification -- since that's the underpinning of LSB -- and could therefore *legally* be called Unix if someone wanted to pay for the formal test suite to be run by SUS's owners, The Austin Group.  Therefore, it's pretty reasonable to say that Linux *is* UNIX, certainly in the general sense in which we say that BSD, SCO, or Solaris are, but in the more specific "UNIX is a registered trademark" sense, as well. --Baylink (talk) 22:24, 14 November 2009 (UTC)

Actually I think what both of you are trying to get at is Linux and Unix are both POSIX compliant operating systems. A Book by Mark G Sobell

A Practical Guide to Linux Commands, Editors, and Shell Programming Supernix (talk) 00:16, 31 July 2010 (UTC)

Malware can auto-start without root
The article says that Linux malware is not normally able to become root, preventing it from auto-starting. In KDE you can do the following without being root - create a symbolic link or executable for the malware under ~/.kde/Autostart. This ensures the malware runs every time the user logs in, which is good enough to help it monitor keystrokes, send spam, etc.

This should be fixed - while Linux servers may not have someone logged in using a GUI, Linux desktops/laptops mostly will have. —Preceding unsigned comment added by 81.2.106.229 (talk) 16:19, 10 July 2008 (UTC)


 * Most Linux systems do probably have cron available for any normal user. Any malware can restart itself from ~/.profile, ~/.xinit or similar. Whether it starts at boot or when the user logs in is usually of little importance.


 * The important thing about not being root is that root can find any anomalities, such as unusual activities or weird files, without having to boot from a trusted medium. Steps taken to hinder the user himself from finding the malware may make it more easily found by root. Suspicous software can also easily be run from limited accounts (the malware may of course have privilage escalation features).


 * --LPfi (talk) 10:42, 6 September 2008 (UTC)


 * Su and Sudo are also commands found on Linux and Unix systems which can be exploited by malware to gain temporary root access. Most users also won't properly configure the commands, so all you have to do is run them to gain root.

However, that's besides the point. You don't need root to infect a machine. Yes, it helps. A lot. But you can do without it. The article states "To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system". That is wrong. That is very, very wrong. I would like to point out that the article cited is a Linux site and as such is highly likely to be biased. As a security enthusiast, currently studying IT Security at uni, the main reasons Linux isn't targeted are not it's wonderfully secure setup. Windows has a very similar setup, as does Mac OS. But I'm straying here.

tl:dr You don't need root to run a virus, you can get root easily using improperly configured Su/Sudo/etc commands, the article cited backing that claim up is over 4 years old and has a marked bias. Chrissd21 (talk) 04:02, 6 October 2009 (UTC)


 * "To gain control over the system" you need root. Not to run a virus. Isn't that pretty much what was written above and in the article? And there are ways to get root, at least if you compromise the account of the administrator. These issues are well known. Read the section Linux malware. Is there some specific threat that is not handled well enough in the article? --LPfi (talk) 01:00, 7 October 2009 (UTC)

And the user can infect some linux computer by booting without noticing he left a pendrive connected.... if the boot sequence is the proper one. — Preceding unsigned comment added by 81.202.7.175 (talk) 04:32, 30 November 2014 (UTC)

Virus vs trojan
A virus is self spreading while a trojan requires the user to install it. I'm not sure if this article is clear with this or if it just calls any malware a 'virus'. So are the hundreds of viruses cited and the listed viruses all real viruses? Because I find it hard to believe that the much-less-frequently-used Linux had 800 viruses by the end of 2005 while in 2006 Sophos claimed to find the first Mac virus (which some still argue is just a trojan). What's up? Is the article inaccurate or not precise, or do people just love writing Linux viruses, or is OS X more secure? I'm not writing this as a point of conversation, but to make sure the article is correct. Althepal (talk) 18:37, 21 August 2008 (UTC)


 * A quick check on the ref cited in that para shows that it actually says:


 * "'In a report titled '2005: *nix Malware Evolution,' the Russian antivirus software developer pointed out that the number of Linux-based malicious programs -- viruses, Trojans, back-doors, exploits, and whatnot -- doubled from 422 to 863.'"


 * I have amended the para accordingly.- Ahunt (talk) 18:53, 21 August 2008 (UTC)

Linux Market Share
Is it really impossible to get a reasonable estimation of the market share of Linux from a quality source? My googling doesn't return anything good.

The hitlink reference now used doesn't tell what was measured or how it was measured. I suppose it tells about operating systems used for browsing, but whether clients are counted based on hits, sessions, individual users, individual hosts or something else isn't reported, neither how (or whether) the estimates are corrected for obvious errors (is there some explanation somewhere on the site?).

I suppose these statistics are collected and put on the net primarily to advance use of the firm's technology, and so the site is interested in good-looking statistics, not in reporting the problems involved, and not necessarily in the correctness of the figures.

Apart from that, share in different markets is interresting for makers of different malware. Exploiters of browser bugs would be primarily interrested in individual browswer's market share, those using worms probably in server market share and so on.

I think market share (in different markets) indeed is important for writers of malware, but research discussing how important that is, and what other factors there are, would of course be interestesting.

--LPfi (talk) 10:17, 6 September 2008 (UTC)

Cuckoo's Egg attack not on linux
in the 1st paragraph

"The Linux operating system, Unix and other Unix-like computer operating systems are generally regarded as well-protected against computer viruses.[1] There have been successful attacks, however, on both Linux and Unix systems, the most notable perhaps being the Cuckoo's Egg attacks on Unix systems in the 1980s."

The cuckoo's egg attack was a hacker breaking into unix systems in the 1980s, before linux was even conceived. it is not suitable for this article on linux malware and should be removed. Xavier Orr (talk) 02:16, 26 September 2008 (UTC)


 * I agree it is not relevant - removed. - Ahunt (talk) 11:34, 26 September 2008 (UTC)

cross-OS antivirus aspects
Do most/all Linux anti-virus tools scan just for Linux viri, or all known including windows? If I boot a Linux livecd to rescue a windows system, will it find the windows infections if it includes antivirus tools? These kinds of OS-related and cross-OS matters should be mentioned in all of the antivirus articles. Including virtual OSes running within the same and other OSes, and simpler matters like WINE within Linux... -69.87.199.190 (talk) 21:21, 2 December 2008 (UTC)


 * That is a good question and you are right, the article should address it. There are so few Linux viruses and none in the wild right now that a Linux-virus-only scanner wouldn't be much use, so Linux scanners like AVG and ClamAV scan for all known viruses, that is to say mostly Windows viruses. These are mostly used on Linux mail servers anyway, where they might be forwarding mail onto Windows PCs - Ahunt (talk) 00:31, 3 December 2008 (UTC)


 * I managed to find a ref and add a paragraph to the article. I hope that answers your question? - Ahunt (talk) 00:42, 3 December 2008 (UTC)

Vulnerabilities vs. viruses
There's a difference between number of viruses, and the number of critical bugs. I read a count that there are more, and more severe bugs in Linux than in ... I think it was Windows XP ... it's just that they haven't been exploited. (Does somebody have this reference? I read it about three years ago.) Anyhow, I remember showing this article to my not-very-OS-literate boss, who wanted to get rid of all the Windows computers because "Linux was better". He couldn't seem to wrap his head around the fact that all OS's have severe vulnerabilities. Piano non troppo (talk) 07:43, 29 December 2008 (UTC)


 * Not sure I see a point to your message, so you might should read WP:NOTFORUM (:p) but just for your information:
 * I'd bet there have been more (non-critical) "bugs" (this word has specific meaning in the open source world; a 'bug' does not require anyone to have ever complained about it, for example) found in Linux (probably either kernel or OS in general) code than Windows code, because people actually bother to look for them on purpose, undoubtedly at least partially because anyone can. They tend to be patched before most people could ever have a problem with them, and again, anyone can make the patch.  All software is going to be vulnerable to something at some point, but try not to choke on the Microsoft propaganda.  Do you think using Linux makes a person a "communist", too? (nevermind the question of whether communism is fundamentally bad or not)... that's another claim emanated from Microsoft. :p (good for a laugh :p http://www.kuro5hin.org/story/2004/2/15/71552/7795) ¦ Reisio (talk) 11:12, 29 December 2008 (UTC)


 * Wow.. Reisio, you're choking on Linux propaganda there. I'm a security enthusiast, so I try to get by without any bias towards a single distro, and Piano has a point. Linux systems have been known to have extremly bad bugs (talking about security exploits here, not a software bug), and they have been left for a very long time before being patched. There was an article written back around when you commented, that showed a bug that had been in the Linux kernel itself since the very start. There was quite a bit of discussion about why that had not been exploited, but ignoring that, it's propaganda and bias to assume one OS is inherently secure because it is not a MSFT system. And it's very bad form to quote wiki rules but then prove to be absolutely incompetent and biased that you cannot make a coherant comment. "so you might should read" for example. Chrissd21 (talk) 04:11, 6 October 2009 (UTC)

Too few details
It seems the anti-malware manufacturers have authored this article, not neutral editors.

The article doesn't build a picture that supports the intro. The intro says that Linux is vulnerable (and idiotically alleges that Linux has a 0.93% market share, which is pure bogus and irrelevant in this context because there's a lot of Linux web servers that can potentially be exploited) and that Linux users shall beware, lest evil viruses will invade their computers en masse in the future. That might be true, but the rest of the article doesn't support any statement at all: it just lists viruses and malware. To improve matters, the rest of the article should try to analyse important malware, time when first seen, how extensive the spread, how many infected computers, etc. One tough trouble for the anti-virus manufacturers is that an entire operating system upgrade will accomplish very much the same as installing and running an antivirus program, but it will also accomplish so much more. It would be important to know how upgrading the OS inhibits the malware spreading opportunities, and that this fact might actually be a reason why malware constructors cannot be very successfull on Linux and other free Unix lookalikes. ... said: Rursus (bork²) 08:47, 23 January 2009 (UTC)


 * Why it is very hard to know the estimates of Linux users: HERE!. Desktop market share numbers of 0.93% is:
 * temporary,
 * misleading,
 * irrelevant in this context, since servers are more likely to be directly connected to the web.
 * ... said: Rursus (bork²) 08:57, 23 January 2009 (UTC)

Removed biased strawman quote
I removed this: ''One of the vulnerabilities of Linux is that many users think it is not vulnerable to viruses. Tom Ferris, a researcher with Mission Viejo, California-based Security Protocols, said in 2006, "In people's minds, if it's non-Windows, it's secure, and that's not the case. They think nobody writes malware for Linux or Mac OS X. But that's not necessarily true ..." ''

Who are those people who believe that nobody writes malware for Linux? He just made them up. There are people who believe that virus are a non-issue on Linux -- I'm one of them. We certainly don't believe there's no malware, however. The problem is that this guy, along with many other trying to sell their snake-oil, equate virus with malware when it suits them. Antivirus software generally only protect about actual viruses, not other classes of malware. Niczar ⏎ 19:15, 22 May 2009 (UTC)


 * Niczar.. Wtf was that? Virus is a subtype of malware. To say malware is perfectly acceptable. And the "if it's not MSFT based it's secure" is a very common mindset. Why was that comment removed? It could have been the saving point of this page. As it is, all I see are biased editors who have no idea about what they're doing. Leave your bias outside before removing comments. If no-one objects, i'll place that comment back in. When I figure out the wiki rules on doing so of course.. Chrissd21 (talk) 04:16, 6 October 2009 (UTC)
 * Well the proper response according to verifiability policy would be to say neither unless a proper source is cited. And even then, a proper source should be more than an editorial, but perhaps someone who's studied the prevalence or various malware. I'll see if I can look into it more. —Preceding unsigned comment added by HamburgerRadio (talk • contribs) 04:46, 6 October 2009 (UTC)

Moved quote
Granneman quote at end of Linux malware doesn't sit right. I found a better home for it just before Linux malware.--Rfsmit (talk) 15:47, 14 July 2009 (UTC)


 * Makes sense to me. - Ahunt (talk) 15:50, 14 July 2009 (UTC)

Software Installation Method is the Linux Advantage Here
Is not the real reason for a low malware count on Linux the fact that most distributions install software from a central repository and the fact that Linux users are not using technologies like ActiveX, which appears to even more of an issue than Javascript and Java in MS browsers? This is also an advantage for any of the BSD variants and most UNIX systems in general. The real dangers for Linux still come from potential future drive by downloads due to bugs in the Javascript and Java in web browsers, so using noscript is really necessary for Linux as well I would think. —Preceding unsigned comment added by 69.219.231.2 (talk) 05:30, 4 November 2009 (UTC)


 * That is certainly one advantage, but the permissions environment certainly plays a big role as well. - Ahunt (talk) 12:47, 4 November 2009 (UTC)

Deployment of programs (including viruses) on Linux is hard
Another reason for lack of viruses could be that it's hard to write a program that works on all Linux systems, and is easy to install everywhere. 

You see, a virus needs to make certain assumptions about your platform. Certain libraries existing, with particular ABI's. Certain data being accessible through particular API's. In other words, a common set of core components that are available on every install of your system so that the virus's code can be small and compact and yet infect as many machines as possible.

Wait, this sounds familiar. Oh yea, that's right: real software needs that too. Why is there no proprietary software for Linux? because for all practical purposes DEPLOYMENT IS IMPOSSIBLE. The Linux market is so small that there's no point going after it unless you try to support all Linux deployments. Hmm, well what does that mean? At least 3-4 major distros, which all have multiple versions of the past few years with different kernels and different libraries and different versions of GTK and different ways to integrate into the start menu, and different broken versions of evolution. (...)

— Preceding unsigned comment added by Mainbegan1 (talk • contribs)


 * Probably true, but anonymous blogs aren't WP:RS. See also WP:SPS. If you have a reliable source this can be added in. - Ahunt (talk) 16:48, 6 February 2011 (UTC)

Irrelevant comments
Why this comment is relevant: "These are the equivalents of User Account Control and Windows Update in modern Windows operating systems"?

It doesn't clarify anything, nor it needs to, the terms used in the article are generic and self explaining...

I'm removing the comment. --Ismael Luceno (talk) 13:32, 22 February 2011 (UTC)


 * Removing that makes sense to me! - Ahunt (talk) 15:17, 22 February 2011 (UTC)

Dead link
Reference 66 is a dead link. Not sure how to remove it. — Preceding unsigned comment added by 77.75.187.116 (talk) 09:56, 26 May 2011 (UTC)


 * Thanks for pointing that out. It isn't available on Archive.org so it gets tagged as per WP:LINKROT. - Ahunt (talk) 12:36, 26 May 2011 (UTC)

Should Android malware be included here?
Seeing as though Android is Linux-based, should the vast cocktail of malware that has been written for Android be included here? It would definitely make sense, wouldn't it? --Kenny Strawn —Preceding undated comment added 20:27, 10 August 2011 (UTC).


 * It would, but if there is enough documented text perhaps it would be more useful to have an Android malware article linked from this one. - Ahunt (talk) 20:33, 10 August 2011 (UTC)


 * I'd leave it out. The Android kernel is not the same kernel that people use outside of Android when they use Linux, with large portions of the Android kernel being completely new -- the Android "linux" simply isn't what people get when they download the source from kernel.org. Any Android virus which doesn't actually exploit problems in the kernel is simply not a Linux virus -- also if it's not exploiting something that also exists in the mainline kernel, it's simply not relevant to Torvald's version. — Preceding unsigned comment added by 80.162.60.16 (talk) 11:23, 26 January 2012 (UTC)


 * I think it should be left out, as detailed bellow. --SF007 (talk) 09:27, 13 March 2012 (UTC)

Scott Granneman ref
One IP editor keeps removing the Scott Granneman assertion that Linux is more secure than Windows with edit summaries like "Source article's arguments involve social engineering/end-user attacks and third party or optional software. Does not discuss native OS protection mechanisms..." Clearly the ref deals with fundamental flaws in the operating system as it discusses root user accounts and the flaws in native application software included in Windows. As far as I can see Granneman's criticisms were valid when he wrote that in 2003 and they have not been addressed. As a result there is no reason to remove this other than to avoid making Windows look bad. - Ahunt (talk) 11:08, 11 January 2012 (UTC)


 * The question is whether they have been addressed. I have not looked at the latest versions of Windows, but I'd have a hard time believing there isn't at least claims they have been addressed. A newer cite would be good to have. On the other hand I have seen no news about viruses not anymore plaguing Windows or having become a real problem on GNU/Linux. --LPfi (talk) 12:31, 13 January 2012 (UTC)


 * The evidence is in the virus count - there are more than a million Windows viruses now and the list is growing fast. There is no evidence that the problem has been addressed, although if a ref showing this can be located then the text can be updated, but not removed. Old information doesn't just get removed from Wikipedia, if it is dated then this should be indicated in the text, but the history should be retained. Even if an actually secure version of Windows were invented then the text should indicate that "until Windows X came along Linux was more secure than older versions of Windows..." or something similar. As far as can be discerned Granneman's comments from 2003 are still valid, which says something important by itself and should be retained in the article. - Ahunt (talk) 12:49, 13 January 2012 (UTC)


 * Okay with more than a week passed I think we now have a consensus to reinstate the deleted text. - 19:28, 19 January 2012 (UTC)
 * That text made two statements, one is attributable to the source and is a Linux advocates opinion, not any kind of fact. The second "nothing has changed since" is NOT attributable to the source and is WP:OR, and also ridiculous. SchmuckyTheCat (talk)

Should Android malware be considered Linux malware?
Since Android is based (albeit loosely) on Linux, I am asking for your opinions here: Should Android malware actually be included in this article, or is Android so different from upstream Linux that you don't think it's an issue? Thank you. Kenny Strawn (talk) 01:54, 7 March 2012 (UTC)


 * We already had this discussion two sections up, but did not reach a conclusion. - Ahunt (talk) 13:05, 7 March 2012 (UTC)

Lets see... malware is "malicious software", so by definition all Android malware is Android software... So lets try to answer (the more general):

"Is Android software Linux software?"


 * From a purely technical perspective, a "typical" Android app is "running on" the Dalvik VM, which itself is "running on" the Linux kernel. The app does not know about the kernel, nor should it care anything about it. In theory, since Android is open source and documented, it should be perfectly possible to create an "alternative Dalvik VM", running on a completely different system like the ipad, in fact, that is exactly what "Alien Dalvik" seems to be trying to do.. I dare to say, then, that this "typical app" is not really a "Linux App" (regardless of the interpretation of "Linux"), sure, it may "run (indirectly) on Linux", but that is hardly relevant since it can provably run on a completely different kernel ("Alien Dalvik"). So the answer would be: No


 * From a "marketing perspective" - Is "Android software" usually referred to as "Linux software"? As far as I know, this never happens, so the answer would be: No


 * From a trademark/legal perspective - I doubt any end-user application todays exists that is both certified "Linux Standard Base"-compatible and "Android"-compatible. So the answer would be: No


 * From a common sense / popular usage perspective - Do people refer to "Android software" as "Linux software"? I don't think that is common, or even used, so the answer would be No

Of course, talking again specifically about malware, if a malicious exploit targeted a specific version of the linux kernel used by a specific Android version (2.3.x for example), then, from a "common sense" perspective we could label it both "Linux malware" and "Android malware", but I don't think that is the case for most (if any) Android malware. So my conclusion is that we avoid labeling "Android malware" as "Linux malware", unless supported by reliable sources. --SF007 (talk) 09:26, 13 March 2012 (UTC)

See also list
Is there any reason why an IP editor keeps reverting the see also list so it reads:


 * List of computer viruses
 * List of computer viruses (Numeric)
 * List of computer viruses (A-D)
 * List of computer viruses (E-K)
 * List of computer viruses (L-R)
 * List of computer viruses (S-Z)

Each one of these is a redirect to List of computer viruses. What is the point of having six links to the same article? - Ahunt (talk) 20:34, 29 September 2012 (UTC)


 * Okay since there doesn't seem to be any immediate discussion on this topic I propose removing all these links but the first one, since they all redirect to the same place. - Ahunt (talk) 12:47, 1 October 2012 (UTC)


 * With no objections or discussion for over a week, as per WP:SILENCE we have consensus to go ahead and remove these. - Ahunt (talk) 12:27, 9 October 2012 (UTC)

Malware in Hosting environments
IMHO there should be a separate section in the article talking about hosting-environments. Thats because there is a bunch of Malware targeted to attack Hosting-Environments. As an example there are lots of PHP-Shells, like WSO and other. Once uploaded on a server they will help you gain further access or host malware on the compromised website. These threads are quite different from those targeted at personal computers and unfortunately often neglected. I think it is important to talk about this kind of malware, because to cut down the overall level of malware one step is to secure webservers and prevent them of being compromised and starting to distribute malware.

Usually the existing AV-Scanners are really bad at detecting stuff like that. One Software, that was made to detect this kind of malware would be Linux Malware Detect. It can be used in combination with ClamAV. Here is a HowTo, that also includes a short statement in how Linux Malware Detect differs from common AV-Scanners. Trumpf Puur (talk) 10:41, 19 November 2012 (UTC)

Rick Moen quote no longer relevant?
At the top is a block quote from Rick Moen rebutting the market share argument, saying that most servers are Linux and could be infected by Linux malware, "yet it doesn't happen." Maybe not when that was written, but it happens frequently now. Just this spring, over 20,000 Apache servers were compromised by "Darkleech." Compromised servers are very common, and most user infections now come from compromised websites (run by compromised servers).

We should definitely give a view opposed to the market share argument, but that one just doesn't seem realistic anymore. Anyone opposed to replacing it with something else? And if so, any suggestions for what to replace it with?

--Qwerty0 (talk) 22:23, 7 August 2013 (UTC)


 * Referenced Darkleech code appears to be yet another trojan, which is to say a post-compromise toolkit, and the article speculates the avenue of exploit was buggy add-on Cpanel, Plesk, or other vulnerable add-on Web app, or password cracking, social engineering, or other unknown attacks on bugs in ancillary code. No evidence appears to exist, in these cases, of attacks against Apache httpd or the host Linux system -- by anything, let alone by the malware. (And by definition a trojan couldn't.)  The pair of securi.net articles are almost totally vague about avenue of compromise (and says nothing at all obout host OSes), but buggy add-on WordPress and Plesk installations appear to be heavily featured.  When local admins go out of their way to, e.g., retrofit infamously buggy Web apps on otherwise decent Linux Web hosts, leave those buggy apps unmaintained (because installed from tarball other otherwise), later get security-compromised, and still later get a trojan installed as post-compromise exploit code, is it really accurate to say that this is a problem of being "infected by Linux malware"?   — Preceding unsigned comment added by 2603:3024:182F:D100:E9AF:AF67:F1EA:2A1A (talk) 02:32, 17 June 2018 (UTC)


 * Well I think one way to deal with it is to show how the perspectives have changed at different times, retaining the Moen quote, but indicating the dates involved. it is still worth noting that there seems to be few threats at present to desktop Linux use. - Ahunt (talk) 22:26, 7 August 2013 (UTC)


 * That sounds like a great compromise. Absolutely true about desktop malware. Both the proponents and detractors of the market share argument agree that there isn't much desktop malware. But the particular point Moen makes against the market share argument just isn't the reality anymore. Linux has a large market share on servers, and it also has a large share of the malware.


 * As for writing the article, obviously I know how time has made his point moot, and I can write that. But if anyone could provide an updated perspective from the market share argument doubters, that'd be helpful.


 * --Qwerty0 (talk) 06:42, 8 August 2013 (UTC)


 * I think that will work best. Since Wikipedia is an encyclopedia, it is important to focus on the history of each subject and not just where it is today! - Ahunt (talk) 15:32, 9 August 2013 (UTC)

FWIW, Moen has for some time commented immediately following "it doesn't happen" as follows: "(I first made the above comment in 1995; alleged refutals since then, vaguely citing "thousands" of Linux hosts, have inevitably turned out, upon examination, to entail doorknob-twisting of default security credentials, exploiting of notoriously security-defective & field-added Web apps, totally unmaintained embedded appliances, or more than one of those -- the point being that the operators had much more fundamental security problems than "viruses".)"  — Preceding unsigned comment added by 2603:3024:182F:D100:1DD7:6F6A:8C06:69E9 (talk) 22:53, 15 June 2018 (UTC)

Who counters what, now?
On the section Linux Vulnerability, Shane Coursen is quoted suggesting that the increase in Linux malware is a direct result of the increase in Linux usage, particularly as a Desktop OS. This is followed by a quote from Rick Moen that is said to "counter" the one from Shane Coursen. But reading the source, Rick Moen is actually addressing this question: "Isn't Microsoft Corporation's market dominance, making Linux an insignificant target, the only reason it doesn't have a virus problem?" As you can see, he's responding to a statement that is almost the opposite of Shane Coursen's comment. Reading the two together makes Rick Moen sound deaf and distracted, but I can't think of a better way to phrase it. I'm just going to do a quick edit now, but if someone would like to restructure the section to make more sense, it is sorely needed. 12:18, 27 August 2013 (UTC) — Preceding unsigned comment added by 69.166.186.220 (talk)

Comodo and ESET Linux binaries
I would like to have some of the content in

http://www.in2job.org/info/Malware#Linux

incorporated into this article,

particularly the links to where to download Linux binaries from Comodo and ESET.

Plus, does anyone know how to obtain Sophos's client-side/end-user GNU/Linux binaries?


 * Speaking of Sophos, they offer a "Cloud" anti-malware solution. This is an emerging thing that is part of the broader increase in Virtualisation / Cloud / Service-orientated architecture (trend in I.T.).

--Fleetwoodta (talk) 11:55, 11 June 2014 (UTC)


 * I reverted your additions. External links are not used in article text and your additions fall afoul of WP:SPAM, WP:SPS and WP:EL. They are not appropriate to include. - Ahunt (talk) 18:28, 12 June 2014 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 4 one external links on Linux malware. Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive https://web.archive.org/20080514013935/http://www.roqe.org:80/brundle-fly/ to http://www.roqe.org/brundle-fly/
 * Added archive https://web.archive.org/20071028171058/http://www.viruslist.com/en/viruslist.html?id=3994&key=00001000050000200004 to http://www.viruslist.com/en/viruslist.html?id=3994&key=00001000050000200004
 * Added archive https://web.archive.org/20071107040844/http://www.viruslist.com/en/viruslist.html?id=3135&key=00001000050000200003 to http://www.viruslist.com/en/viruslist.html?id=3135&key=00001000050000200003
 * Added archive https://web.archive.org/20080621115415/http://www.f-secure.com:80/v-descs/lindose.shtml to http://www.f-secure.com/v-descs/lindose.shtml

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers. —cyberbot II  Talk to my owner :Online 16:08, 18 October 2015 (UTC)
 * ✔️ - Ahunt (talk) 17:03, 20 October 2015 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 7 external links on Linux malware. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20120117122655/http://vx.netlux.org/lib/apf29.html to http://vx.netlux.org/lib/apf29.html
 * Added archive https://web.archive.org/web/20120117122247/http://vx.netlux.org/lib/apf31.html to http://vx.netlux.org/lib/apf31.html
 * Added archive https://web.archive.org/web/20120117121406/http://vx.netlux.org/lib/apf30.html to http://vx.netlux.org/lib/apf30.html
 * Added archive https://web.archive.org/web/20120206235015/http://vx.netlux.org/herm1t/Lacrimae_EN.txt to http://vx.netlux.org/herm1t/Lacrimae_EN.txt
 * Added archive https://web.archive.org/web/20120117122703/http://vx.netlux.org/lib/apf12.html to http://vx.netlux.org/lib/apf12.html
 * Added archive https://web.archive.org/web/20070602061547/http://vx.netlux.org/lib/vmd01.html to http://vx.netlux.org/lib/vmd01.html
 * Added archive https://web.archive.org/web/20120117122359/http://vx.netlux.org/lib/apf37.html to http://vx.netlux.org/lib/apf37.html

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 13:42, 16 May 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 12 external links on Linux malware. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20080324042224/http://www.symantec.com/enterprise/security_response/weblog/2007/06/bad_bunny.html to http://www.symantec.com/enterprise/security_response/weblog/2007/06/bad_bunny.html
 * Added tag to http://service1.symantec.com/SUPPORT/ent-security.nsf/ppfdocs/2005110716014248
 * Added archive https://web.archive.org/web/20080512082347/http://www.eset.com/products/linux_mail.php to http://www.eset.com/products/linux_mail.php
 * Added archive https://web.archive.org/web/20080510143951/http://www.eset.com/products/gateway.php to http://www.eset.com/products/gateway.php
 * Added archive https://web.archive.org/web/20130305191528/http://rootkit.nl/projects/rootkit_hunter.html to http://www.rootkit.nl/projects/rootkit_hunter.html
 * Added archive http://webarchive.loc.gov/all/20110217010903/https://www.volatilesystems.com/ to http://www.volatilesystems.com/
 * Added archive https://www.webcitation.org/65lFpGKJC?url=http://vx.eof-project.net/viewtopic.php?pid=1049 to http://vx.eof-project.net/viewtopic.php?pid=1049
 * Added tag to http://vil.nai.com/vil/content/v_130506.htm
 * Added archive https://web.archive.org/web/20080302053542/http://www.symantec.com/enterprise/security_response/weblog/2007/04/the_ipod_virus.html to http://www.symantec.com/enterprise/security_response/weblog/2007/04/the_ipod_virus.html
 * Added archive https://web.archive.org/web/20071107040802/http://www.viruslist.com/en/viruses/encyclopedia?virusid=21734 to http://www.viruslist.com/en/viruses/encyclopedia?virusid=21734
 * Added archive https://web.archive.org/web/20071110002308/http://www.viruslist.com/en/viruses/encyclopedia?virusid=21756 to http://www.viruslist.com/en/viruses/encyclopedia?virusid=21756
 * Added archive https://web.archive.org/web/20071030074550/http://www.viruslist.com/en/viruses/encyclopedia?virusid=23854 to http://www.viruslist.com/en/viruses/encyclopedia?virusid=23854
 * Added archive https://web.archive.org/web/20071028171038/http://www.viruslist.com/en/viruses/encyclopedia?virusid=23856 to http://www.viruslist.com/en/viruses/encyclopedia?virusid=23856
 * Added tag to http://vil.nai.com/vil/content/v_136821.htm
 * Added archive https://web.archive.org/web/20071107040820/http://www.viruslist.com/en/viruses/encyclopedia?virusid=23864 to http://www.viruslist.com/en/viruses/encyclopedia?virusid=23864

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 10:33, 10 December 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on Linux malware. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20130815040638/http://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/ to https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 22:09, 23 December 2017 (UTC)

HiddenWasp malware targeted at Linux users
Would be good if someone knowledgeable could add this at the right place in this entry. Thanks. — Preceding unsigned comment added by Uflinks (talk • contribs) 14:53, 9 June 2019 (UTC)
 * You will need to provide a ref so we know what you are referring to. - Ahunt (talk) 15:50, 9 June 2019 (UTC)

Linux and windows on virus
What is the difference between the method of virus spreading in linux and windows 49.36.41.91 (talk) 04:20, 29 November 2021 (UTC)
 * There is no basic difference, it is just that Windows is far more vulnerable to malware than Linux is. - Ahunt (talk) 13:16, 29 November 2021 (UTC)
 * This reply lacks any proofs and talks about that as if it's common knowledge. It's not. We are in 2022, not in 2000. Artem S. Tashkinov (talk) 19:42, 5 June 2022 (UTC)
 * Most of this article is stuck in the early 2000s. Aletheiatus (talk) 19:31, 22 November 2023 (UTC)

The second paragraph
Is mostly a load of "I want to believe in" "backed up" with dubious low-quality sources, to be precise blog posts from absolute no ones disguised as "reputable" sources in order to satisfy the WP rules on citation and verifiability. This paragraph is far outside of what Wikipedia stands for. Lastly, opinionated blog posts with no actual research or data cannot be used as reputable sources but whatever.

I'll leave my version here because it actually cites large well-known organizations doing Linux malware research: ''Linux-based devices have been implicated in a number of botnets. This is a direct result of many devices based on the Linux kernel lacking proper updates or means of installing them. The issue has been known for over a decade.''

Extra fresh new highly reputable sources:
 * https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-at-linux-threats-risks-and-recommendations
 * https://hothardware.com/news/millions-of-home-wi-fi-routers-linux-exploits
 * https://securityboulevard.com/2021/12/home-routers-are-full-of-security-bugs-patch-now/
 * https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/

The truth is outside of Linux servers (and many of them continue not to receive updates) there are literally millions of vulnerable Linux devices because no one is updating them or updates are no longer offered: WiFi routers, switches, IoT, etc. etc. etc. This issue has been known for over a decade but "There's no malware for Linux", yeah, right, except when hundreds of thousands of such devices are used to perform DDoS attacks or hack into networks. And what do all those hacked devices run? Right, malware which "doesn't exist". This article is afraid to talk about this issue because again, it's penned by the people who love fairy tales, not facts of life.

I will not touch any Linux related articles on WP ever again. Last time I did that 10 years ago, now it's my last time. I'm OK with fanboys on r/Linux, phoronix.com, LWN.net, etc. but seeing this on WP is kinda atrocious and disgusting. Artem S. Tashkinov (talk) 19:42, 5 June 2022 (UTC)


 * Are you going to propose changes to the article or are you just here to rant? - Ahunt (talk) 20:01, 5 June 2022 (UTC)


 * Challenging a dubious stale opinion with no relevant citations and research (blog posts by journalists do not count as a citation) while providing solid proofs backed up with a lot of industry recognized research is nowadays called "rant"? I don't have any proposals, oh, wait, it's the third paragraph of my comment. Artem S. Tashkinov (talk) 15:27, 6 June 2022 (UTC)
 * Please leave my comments intact and I don't care about this article any longer. I will never touch anything related to Linux on WP. Again, thank you for the insult of calling my valid objection and well researched edit a "rant". Artem S. Tashkinov (talk) 15:43, 6 June 2022 (UTC)

Outdated sourcing and structure
The article appears to have very outdated sources. A significant amout of sources is from the early 2000s and it is highly questionable how relevant they are still for the current situation. The main part of the article completly ignores iOT devices and Bot nets like Mirai, or maleware like Hummingbad, which both have an article on Wikipedia and both have infected multiple million devices. I do belive it would be more sencible to differentiate between maleware on IoT, Server, Android (as it is Linux based) and home usage. The current article does primarily focus on the home usage but kind of ignores the rest, which can appear very biased. Aletheiatus (talk) 19:29, 22 November 2023 (UTC)

"Go-written" wtf
The emphasis of a small part of an IBM report, stating that the Go programming language is increasingly used for malware, is strange. Why is that important enough to have a separate section with a heading? Is the increase more than the increase in general of the use of Go in development? If this is important, the section should be clarified, and at least be linking to the page for the Go language. 5.186.55.135 (talk) 09:15, 19 July 2024 (UTC)