Malware in Ubuntu

Asked by Richard Reinhart on 2012-10-11

I understand that malware in Ubuntu is unlikely. However, when using Chromium, I often find threats detected by ClamAV, such as PUA.Phishing.Bank, among others.

My question relates to the safety of doing such activities as online banking that require passwords and logins utilizing a web browser such as Chromium or Firefox. Is it safer to use Ubuntu than Windows for such activities requiring login and passwords?
Thanks

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu clamav Edit question
Assignee:
No assignee Edit question
Last query:
2012-10-11
Last reply:
2015-01-06

The malware may be downloaded but it will be ineffectual as your OS is not Windows. The files will not find any user data or do anything as the Windows constructs, files and binaries needed simply are not present :)

N1ck 7h0m4d4k15 (nicktux) said : #2

On 10/11/2012 10:36 AM, Richard Reinhart wrote:
> New question #210910 on Ubuntu:
> https://answers.launchpad.net/ubuntu/+question/210910
>
> I understand that malware in Ubuntu is unlikely. However, when using Chromium, I often find threats detected by ClamAV, such as PUA.Phishing.Bank, among others.
>
> My question relates to the safety of doing such activities as online banking that require passwords and logins utilizing a web browser such as Chromium or Firefox. Is it safer to use Ubuntu than Windows for such activities requiring login and passwords?
> Thanks
>
In general I agree with @actionparsnip. For example , a keyloger needs
specific files (windows files) to be installable to you PC .

But browser vulnerability is browser vulnerability. Most viruses are
created to search specific windows file, but java and flash viruses can
affect a browser in Linux too.

IMO yes, linux is most secure for such activities (bank accounts etc).

Thanks

Richard Reinhart (reinhartr) said : #3

It is understandable that a virus written for windows files will only work within windows.

Are web browsers such as Chromium and Firefox working within linux immune to the effect of a virus as well? In other words, can a virus downloaded from web via a web browser work its mischief within the web browser itself without the need for files external to the browser?
Thanks

Yes as they work differently. There are Linux viruses but few to none are wild.

Richard Reinhart (reinhartr) said : #5

In other words, a virus can do harm within a web browser that is running in a linux OS?

Or does this mean that the web browser written for a linux environment is also immune to a downloaded virus that is written for a windows system?

Thank you for your patience.

Warren Hill (warren-hill) said : #6

For any piece of malicious code to do damage to your system it has to run.

The majority of problems on any system come from people allowing programs to run. Windows users often run programs without intending to as the windows security model is weak. With Linux any program needs permission to run. This is why with Linux Viruses are almost a non-issue. On windows however, its too easy to install things and that's why Anti-virus software is required.

No system is totally invulnerable but provided you take reasonable precautions: don't run as root, have decent passwords, Not installing anything that isn't in the official repositories (at least without thinking about it first). Linux is probably as safe as it gets. I certainly feel happier running my Ubuntu box without any anti-virus than I do using my windows PC with Norton 360.

Programs like Norton are looking for specific programs. If someone wrote a windows virus today then somebody has to get infected before these programs know what to look for. The big strength of Linux is that most software is open source so lots of people get to look at the code and see what people are doing. Most windows software is closed source so you don't know what is hidden inside.

PUA.Phishing.Bank is a windows virus and will not upset a Linux machine.

ser nerd (searchnetinfo) said : #7

hi richard. thanks for your info and tech godness! i just want to clarify before i go and change all my passwords since i am only a geekling, by not upset a linux machine you mean i don't need to fret about any passwords i entered since it snuck into my machine? i know exactly when it got into my machine for it says it's an opera thing and i hadn't used that browser in ages before the past few days.

sa (myprivacysphere) said : #8

Question to Warren Hill after reading comment "For any piece of malicious code to do damage to your system it has to run."

First off - thx for writing such a complex technical area in terms I understand and can reflect on

You say PUA phishing bank is a windows virus that will not upset a Linux machine (written for a different source of language)

My question

1
- Can Java and flash affect Linux? - If so - Can i virus like Phishing bank be able to lure password though running e.g. firefox in Linux?
- Isn't Java and flash separate languages - therefore universal regardless of Linux or windows..., - by that i mean it can work cross
   platform?

2. Can a virus like PUA Phishing Bank affect / execute/ course damage if you e.g. are using Wine and/ or Pipelight + Flash?

comment on above would be highly appriciated

Geoffrey Morrison (gsnoorky) said : #9

Sa

Java and Flash for open source invoke totally different versions from those for Winodws or Mac. The code for open source is totally different--it won't work on those OSes. Each OS mentioned here is exclusive of the others. (Of course, open source offers dozens of distributions--distros. Each of those has their own code base--they're own separate repositories. Windows and Mac (OSX) are commercial, proprietary products. Only compiled and binary executable code is availble to users: That's about as useful to users (and hackers, too) as "gobbledegook!" The source code is secret: It's guarded really closely. Strict open source code is freely available. Open source/Linux package management systems prove far superior to that analogous for Windows. (Apple controls their environment very stringently--only certain devices qualify to have drivers or other Apple software created.)

These days, Linux may read NTFS filesystems--that for windows XP and later. (Also, the previous FAT and FAT32 partitions prove readeable, as well.) The thing is that the user needs to invoke the root password to access such partitions from Linux. Microsft and Apple OSes can't change, read, and access Linux/open souce filesystems.

Given invoking username/root password,, one might transfer files between Linux and Microsoft partitions. It is possible then to transfer malware to Windows. (Windows malware does get into Linux via surfing. I find it's often in Chrome's or Chromium's "cache" --temporary storage, and sometimes in browser extensions. Iceweasel/Firefox might gather Windows malware, as well. That's why I run ClamAV occasionally--I like to think I'm keeping such viruses from entering the Windows community--or, my dual-booted system's Windows partitions..

Merchant sites and financial sites are pretty bad concerning transferring malware--it's a flood. I've noted that small banks simply let weird transfers and other transactions run (until they become a significant problem)--they can't hire or constantly call expensive security people. Windows is a huge target. Increasingly, Google (Chrome/Chromium) is a large target. Apple has been a target, too--since its early days. (I noted their viruses with the early Macs at school.) Windows is by far the largest target.

Running Clamav in an open source partition won't give the massive false-positive results that running it on a Windows partition might. Valid files for Windows pop up often then with ClamAV. Be extremely cautious with using ClamAV for Windows partitions--it's far better to run commercial software for such partitions instead. The commercial software likely can't check Linux partitions, though.

Always, I use current open source distros (Debian Wheezy now) to conduct banking, financial, and merchant transactions--I use Iceweasel (a re-named Firefox version for Debian) solely for that. Generally, I use Chromium for gmail. Firefox/Iceweasel certainly is competent for obtaining and managing gmail, too. Virtually always, I surf with open source. Windows hangs around here since it's useful for certain multimedia tasks (and, PC gaming). Related multimedia devices require Windows drivers--open source drivers usually are not avaialable. (Such camera, musical instrument, ormulti media creation companies don't care about Linux--it offers no dollars. Such a company's personnel likely would know next to nothing concerning software.)) A specialized device is a "paperweight" without drivers. Driver incompatibility has been a thorn in the sides of Linux and Apple for many decades now. Windows supports perhaps 70,000 devices--no other OS comes close. Driver compatiblity is a key reason why Windows and Microsoft Office are loved by business people....

Can you help with this problem?

Provide an answer of your own, or ask Richard Reinhart for more information if necessary.

To post a message you must log in.