Virus

De doc.ubuntu-es
(Diferencias entre revisiones)
Saltar a: navegación, buscar
(Iniciando traducción)
 
Línea 1: Línea 1:
= So You Want to Know How to Use Anti-virus Software on Ubuntu? =
+
= Así que... ¿quieres saber si hay que usar un Antivirus en Ubuntu? =
 +
 
 +
Ya tienes un sistema Ubuntu, y tus años de trabajo con Windows te hiceron preocuparte acerca de los virus -- eso es bueno. Si GNU/Linux (en general) ya es un sistema muy seguro de por si, Ubuntu viene de serie sin "puertos abiertos" (esto significa quecomes with no "open ports" (significa que las posibilidades de que los gusanos/worms pueden entrar en su sistema sin su consentimiento disminuyen drasticamente), pero siempre hay un cierto peligro con el software malicioso. Lo siguinete es un resumente de la lista entera de gusanos/worms y virus y demás malware conocido hasta ahora para GNU/Linux, cortesía de [http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses Wikipedia]:
  
You've got an Ubuntu system, and your years of working with Windows makes you concerned about viruses -- that's fine. While Ubuntu (and Linux in general) is a very secure system, and Ubuntu comes with no "open ports" (that means avenues by which worms can get into your system without your assistance), there is always a certain danger from malicious software. The following is an overview of the entire list of Linux worms viruses and worms known at this time, courtesy of [http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses Wikipedia]:
 
 
== Worms ==
 
== Worms ==
  
    * '''Net-worm.linux.adm''': This is a worm from 2001 which exploited a buffer overrun (one of the most common methods for viruses). It scans the network for computers with open ports, tries the attack, infects web pages hosted on the system and propogates further. This worm is not dangerous to you because the buffer overruns have been patched for years and you do not have any open ports.
+
* '''Net-worm.linux.adm''': Este gusano de 2001 el cual explotaba una vulnerabilidad de saturación del búfer (uno de los métodos más comunes de los virus). Escanea la red buscando ordenadores con puertos abiertos, intenta el ataque, infecta páginas web albergadas en el sistema para propagarse más. Este gusano no es peligroso pero provoca saturaciones del búfer. Sin embargo dicha vulnerabilidad que aprovechaba ha sido parcheada desde hace años, eso sin contar de que tu no tienes ningún puerto abierto.
    * '''Adore''': An infected computer scans the network for DNS, FTP, and printer servers, infecting them using various methods. A backdoor is installed and the worm propogates itself. This worm is not dangerous to you because the methods of attack are also from 2001 and have been long patched. Even if the weren't patched, you don't have these services running on your Ubuntu system.
+
  
    * '''The Cheese Worm''' uses a backdoor which was installed by another worm, removing the backdoor and propogating. It is, in fact, an attempt to clean and already infected system. This worm is not dangerous because the worms it needed to propogate are no longer dangerous. Whether is was ever dangerous in the first place is debatable.
+
* '''Adore''': Un ordenador infectado escanea la red buscando DNS, FTP, y servidores de impresión (impresoras compartidas), infecta usando varios métodos. Se instala una puerta trasera (backdoor) y el gusano propaga por si mismoen sí. Este gusano no es peligroso para ti ya que los métodos de ataque tambien son del 2001 y las vulnerabilidades que usa han sido parcheadas desde hace mucho tiempo. Incluso si no hubieran sido parcheadas, no no tienes por defecto esos servicios funcionando en tu sistema Ubuntu.
    * '''Devnull''' is a worm from 2002 which used an old OpenSSL to infect a system, becmoing part of an IRC controlled botnet. The worm could only propogate if a compiler was present on the system. The vulnerability this worm used has long been patched. OpenSSH is not installed on your system by default.
+
 
    * '''The Kork Worm''' uses the Red Hat Linux 7.0 print server and needs to download part of itself from a website. That website no longer exists. Red Hat 7.0 is not Ubuntu Linux. You are safe.
+
* '''The Cheese Worm''' uses a backdoor which was installed by another worm, removing the backdoor and propogating. It is, in fact, an attempt to clean and already infected system. This worm is not dangerous because the worms it needed to propogate are no longer dangerous. Whether is was ever dangerous in the first place is debatable.
    * '''The Lapper Worm''' has no information about it at all, anywhere, so I can't give you and information about it, but it was added to the list in 2005, and any vulnerabilities it exploited have almost certainly been patched by now. I can't say for certain whether this worm could affect you or not, but most vulnerabilities are patched within days, not weeks, so two years makes it very unlikely you could be affected by this.
+
 
    * '''The L10n Worm''' (pronounced "Lion") was active in 2001 and used a printer server for exploit. The vulnerability has been patched and the server is not installed on Ubuntu. This is no danger to you.
+
* '''Devnull''' is a worm from 2002 which used an old OpenSSL to infect a system, becmoing part of an IRC controlled botnet. The worm could only propogate if a compiler was present on the system. The vulnerability this worm used has long been patched. OpenSSH is not installed on your system by default.
    * '''The Mighty Worm''' appeared in 2002 and used a vulnerability in the secure session module of the old Apache web server, installing a backdoor and joining an IRC botnet. This vulnerability has been patched, Apache is not installed on your system, and the entire architecture of the web server has changed. You can never get infected.
+
 
    * '''The Slapper Worm''' used the same vulnerability as the Mighty Worm and operated similarly. You can't get this one, either.
+
* '''The Kork Worm''' uses the Red Hat Linux 7.0 print server and needs to download part of itself from a website. That website no longer exists. Red Hat 7.0 is not Ubuntu Linux. You are safe.
 +
 
 +
* '''The Lapper Worm''' has no information about it at all, anywhere, so I can't give you and information about it, but it was added to the list in 2005, and any vulnerabilities it exploited have almost certainly been patched by now. I can't say for certain whether this worm could affect you or not, but most vulnerabilities are patched within days, not weeks, so two years makes it very unlikely you could be affected by this.
 +
 
 +
* '''The L10n Worm''' (pronounced "Lion") was active in 2001 and used a printer server for exploit. The vulnerability has been patched and the server is not installed on Ubuntu. This is no danger to you.
 +
 
 +
* '''The Mighty Worm''' appeared in 2002 and used a vulnerability in the secure session module of the old Apache web server, installing a backdoor and joining an IRC botnet. This vulnerability has been patched, Apache is not installed on your system, and the entire architecture of the web server has changed. You can never get infected.
 +
 
 +
* '''The Slapper Worm''' used the same vulnerability as the Mighty Worm and operated similarly. You can't get this one, either.
  
 
== Viruses ==
 
== Viruses ==
  
    * '''The Alaeda Virus''' is relatively recent (May) and infects other binary (program) files in the same directory. If you run as a normal user doing non-programming work, you should not have any other binaries in your home folder. Alaeda won't have anything to infect. This is a good reason why you shouldn't download and install random files off the Internet. If you don't know why you're typing in your password, don't do it. Realistically, though, ELF files (the Linux equivalent of a Wondows .exe) are pretty picky about what system they run on, so sthe chance of getting infected is slight.
+
* '''The Alaeda Virus''' is relatively recent (May) and infects other binary (program) files in the same directory. If you run as a normal user doing non-programming work, you should not have any other binaries in your home folder. Alaeda won't have anything to infect. This is a good reason why you shouldn't download and install random files off the Internet. If you don't know why you're typing in your password, don't do it. Realistically, though, ELF files (the Linux equivalent of a Wondows .exe) are pretty picky about what system they run on, so sthe chance of getting infected is slight.
    * '''The Binom Virus''' is from 2004 and affected ELF files in a similar manner to Alaeda. The same conditions apply here. You chance of getting infected is zilch if you don't give a password, and not much even if you do. Be safe, though, and don't run random attachments.
+
 
    * '''The Bliss Virus''' was probably a proof-of-concept by someone from 1997 trying to prove that Linux could be infected. Because of the Linux user privilege system and the thousands of versions of Linux, it didn't do well at all. This one is in the same boat as the two others. Almost nothing about the Linux kernel is the same as it was in 1997. Don't worry.
+
* '''The Binom Virus''' is from 2004 and affected ELF files in a similar manner to Alaeda. The same conditions apply here. You chance of getting infected is zilch if you don't give a password, and not much even if you do. Be safe, though, and don't run random attachments.
    * '''The Brundle-Fly Virus''' was a research virus for an operating systems course and was never in the wild. It even has a [http://www.roqe.org/brundle-fly/ web page] and an uninstaller. If you want to get infected by a virus, this one is good. You'll need to compile it for your system, though, so be prepare to follow a lot of complicated instructions.
+
 
    * '''The Diesel Virus''' is called "relatively harmless" by viruslict.com. It's an ELF virus, just like the others, discovered in 2002. No need to be concerned
+
* '''The Bliss Virus''' was probably a proof-of-concept by someone from 1997 trying to prove that Linux could be infected. Because of the Linux user privilege system and the thousands of versions of Linux, it didn't do well at all. This one is in the same boat as the two others. Almost nothing about the Linux kernel is the same as it was in 1997. Don't worry.
    * '''The Kagob Virus''' comes in two flavors and even contains a copyright notice (2001). There are no symptoms of infection. Interestingly, when run, the virus disinfects the infected file to a temporary directory before running, then deletes the file after it is executed. Same ELF problems as before. You won't get this one, either.
+
 
    * '''The MetaPHOR Virus''' is another project with its own [http://vx.netlux.org/lib/vmd01.html web page]. The exact function and evolution of the virus is laid out. From 2002, it shouldn't represent any risk, even if you can find one in the wild. If you really want to get infected, download the source and compile it yourself.
+
* '''The Brundle-Fly Virus''' was a research virus for an operating systems course and was never in the wild. It even has a [http://www.roqe.org/brundle-fly/ web page] and an uninstaller. If you want to get infected by a virus, this one is good. You'll need to compile it for your system, though, so be prepare to follow a lot of complicated instructions.
    * '''OSF.8759''' is the first really dangerous virus on the list. It not only infects all files in the directory (and system files if run as root), but also installs a backdoor into your system. The backdoor doesn't suffer from the problems of normal ELF viruses because the virus itself loads the backdoor. This means that the virus still needs to work under ELF, though, limiting the chance that it will work on your system. Since the virus is from 2002, there is virtually no chance that it will run on your system. If a new version becomes available, you might need to worry.
+
 
    * '''The RST Virus''' is also from 2002 and also installs a backdoor. It, however, operates under normal ELF rules, making it virtually harmless to today's sytems.
+
* '''The Diesel Virus''' is called "relatively harmless" by viruslict.com. It's an ELF virus, just like the others, discovered in 2002. No need to be concerned
    * '''The Staog Virus''' was the first Linux virus, created in 1996. It used vulnerabilities which have loog been patched. It cannot harm you.
+
 
    * '''The VIT Virus''' is another ELF virus, this time from 2000. Since Ubuntu didn't exist seven years ago, you won't be running a system that old and won't be infected.
+
* '''The Kagob Virus''' comes in two flavors and even contains a copyright notice (2001). There are no symptoms of infection. Interestingly, when run, the virus disinfects the infected file to a temporary directory before running, then deletes the file after it is executed. Same ELF problems as before. You won't get this one, either.
    * '''The Winter Virus''' is also from 2000 and is the smallest known Linux virus. It suffers from the same problems as all ELF viruses.
+
 
    * '''The Lindose Virus''' is another proof-of-concept virus, showing how a virus can be constructed to infect both Windows and Linux computers. It has never been seen in the wild. From 2001.
+
* '''The MetaPHOR Virus''' is another project with its own [http://vx.netlux.org/lib/vmd01.html web page]. The exact function and evolution of the virus is laid out. From 2002, it shouldn't represent any risk, even if you can find one in the wild. If you really want to get infected, download the source and compile it yourself.
    * '''The ZipWorm Virus''' passes by infection of .zip files. When run, the virus infects all other .zip files in the directory. It has no other ill effects. From 2001, it is unlikely you'll ever run across it.
+
 
 +
* '''OSF.8759''' is the first really dangerous virus on the list. It not only infects all files in the directory (and system files if run as root), but also installs a backdoor into your system. The backdoor doesn't suffer from the problems of normal ELF viruses because the virus itself loads the backdoor. This means that the virus still needs to work under ELF, though, limiting the chance that it will work on your system. Since the virus is from 2002, there is virtually no chance that it will run on your system. If a new version becomes available, you might need to worry.
 +
 
 +
* '''The RST Virus''' is also from 2002 and also installs a backdoor. It, however, operates under normal ELF rules, making it virtually harmless to today's sytems.
 +
 
 +
* '''The Staog Virus''' was the first Linux virus, created in 1996. It used vulnerabilities which have loog been patched. It cannot harm you.
 +
 
 +
* '''The VIT Virus''' is another ELF virus, this time from 2000. Since Ubuntu didn't exist seven years ago, you won't be running a system that old and won't be infected.
 +
 
 +
* '''The Winter Virus''' is also from 2000 and is the smallest known Linux virus. It suffers from the same problems as all ELF viruses.
 +
 
 +
* '''The Lindose Virus''' is another proof-of-concept virus, showing how a virus can be constructed to infect both Windows and Linux computers. It has never been seen in the wild. From 2001.
 +
 
 +
* '''The ZipWorm Virus''' passes by infection of .zip files. When run, the virus infects all other .zip files in the directory. It has no other ill effects. From 2001, it is unlikely you'll ever run across it.
  
 
That's the entire list of Linux viruses and worms. Fewer than thirty. Compare that to the estimated 140,000 viruses for Wndows, and you'll understand why people say you don't need a virus scanner on Linux.
 
That's the entire list of Linux viruses and worms. Fewer than thirty. Compare that to the estimated 140,000 viruses for Wndows, and you'll understand why people say you don't need a virus scanner on Linux.

Revisión de 20:36 30 abr 2008

Contenido

Así que... ¿quieres saber si hay que usar un Antivirus en Ubuntu?

Ya tienes un sistema Ubuntu, y tus años de trabajo con Windows te hiceron preocuparte acerca de los virus -- eso es bueno. Si GNU/Linux (en general) ya es un sistema muy seguro de por si, Ubuntu viene de serie sin "puertos abiertos" (esto significa quecomes with no "open ports" (significa que las posibilidades de que los gusanos/worms pueden entrar en su sistema sin su consentimiento disminuyen drasticamente), pero siempre hay un cierto peligro con el software malicioso. Lo siguinete es un resumente de la lista entera de gusanos/worms y virus y demás malware conocido hasta ahora para GNU/Linux, cortesía de Wikipedia:

Worms

  • Net-worm.linux.adm: Este gusano de 2001 el cual explotaba una vulnerabilidad de saturación del búfer (uno de los métodos más comunes de los virus). Escanea la red buscando ordenadores con puertos abiertos, intenta el ataque, infecta páginas web albergadas en el sistema para propagarse más. Este gusano no es peligroso pero provoca saturaciones del búfer. Sin embargo dicha vulnerabilidad que aprovechaba ha sido parcheada desde hace años, eso sin contar de que tu no tienes ningún puerto abierto.
  • Adore: Un ordenador infectado escanea la red buscando DNS, FTP, y servidores de impresión (impresoras compartidas), infecta usando varios métodos. Se instala una puerta trasera (backdoor) y el gusano propaga por si mismoen sí. Este gusano no es peligroso para ti ya que los métodos de ataque tambien son del 2001 y las vulnerabilidades que usa han sido parcheadas desde hace mucho tiempo. Incluso si no hubieran sido parcheadas, no no tienes por defecto esos servicios funcionando en tu sistema Ubuntu.
  • The Cheese Worm uses a backdoor which was installed by another worm, removing the backdoor and propogating. It is, in fact, an attempt to clean and already infected system. This worm is not dangerous because the worms it needed to propogate are no longer dangerous. Whether is was ever dangerous in the first place is debatable.
  • Devnull is a worm from 2002 which used an old OpenSSL to infect a system, becmoing part of an IRC controlled botnet. The worm could only propogate if a compiler was present on the system. The vulnerability this worm used has long been patched. OpenSSH is not installed on your system by default.
  • The Kork Worm uses the Red Hat Linux 7.0 print server and needs to download part of itself from a website. That website no longer exists. Red Hat 7.0 is not Ubuntu Linux. You are safe.
  • The Lapper Worm has no information about it at all, anywhere, so I can't give you and information about it, but it was added to the list in 2005, and any vulnerabilities it exploited have almost certainly been patched by now. I can't say for certain whether this worm could affect you or not, but most vulnerabilities are patched within days, not weeks, so two years makes it very unlikely you could be affected by this.
  • The L10n Worm (pronounced "Lion") was active in 2001 and used a printer server for exploit. The vulnerability has been patched and the server is not installed on Ubuntu. This is no danger to you.
  • The Mighty Worm appeared in 2002 and used a vulnerability in the secure session module of the old Apache web server, installing a backdoor and joining an IRC botnet. This vulnerability has been patched, Apache is not installed on your system, and the entire architecture of the web server has changed. You can never get infected.
  • The Slapper Worm used the same vulnerability as the Mighty Worm and operated similarly. You can't get this one, either.

Viruses

  • The Alaeda Virus is relatively recent (May) and infects other binary (program) files in the same directory. If you run as a normal user doing non-programming work, you should not have any other binaries in your home folder. Alaeda won't have anything to infect. This is a good reason why you shouldn't download and install random files off the Internet. If you don't know why you're typing in your password, don't do it. Realistically, though, ELF files (the Linux equivalent of a Wondows .exe) are pretty picky about what system they run on, so sthe chance of getting infected is slight.
  • The Binom Virus is from 2004 and affected ELF files in a similar manner to Alaeda. The same conditions apply here. You chance of getting infected is zilch if you don't give a password, and not much even if you do. Be safe, though, and don't run random attachments.
  • The Bliss Virus was probably a proof-of-concept by someone from 1997 trying to prove that Linux could be infected. Because of the Linux user privilege system and the thousands of versions of Linux, it didn't do well at all. This one is in the same boat as the two others. Almost nothing about the Linux kernel is the same as it was in 1997. Don't worry.
  • The Brundle-Fly Virus was a research virus for an operating systems course and was never in the wild. It even has a web page and an uninstaller. If you want to get infected by a virus, this one is good. You'll need to compile it for your system, though, so be prepare to follow a lot of complicated instructions.
  • The Diesel Virus is called "relatively harmless" by viruslict.com. It's an ELF virus, just like the others, discovered in 2002. No need to be concerned
  • The Kagob Virus comes in two flavors and even contains a copyright notice (2001). There are no symptoms of infection. Interestingly, when run, the virus disinfects the infected file to a temporary directory before running, then deletes the file after it is executed. Same ELF problems as before. You won't get this one, either.
  • The MetaPHOR Virus is another project with its own web page. The exact function and evolution of the virus is laid out. From 2002, it shouldn't represent any risk, even if you can find one in the wild. If you really want to get infected, download the source and compile it yourself.
  • OSF.8759 is the first really dangerous virus on the list. It not only infects all files in the directory (and system files if run as root), but also installs a backdoor into your system. The backdoor doesn't suffer from the problems of normal ELF viruses because the virus itself loads the backdoor. This means that the virus still needs to work under ELF, though, limiting the chance that it will work on your system. Since the virus is from 2002, there is virtually no chance that it will run on your system. If a new version becomes available, you might need to worry.
  • The RST Virus is also from 2002 and also installs a backdoor. It, however, operates under normal ELF rules, making it virtually harmless to today's sytems.
  • The Staog Virus was the first Linux virus, created in 1996. It used vulnerabilities which have loog been patched. It cannot harm you.
  • The VIT Virus is another ELF virus, this time from 2000. Since Ubuntu didn't exist seven years ago, you won't be running a system that old and won't be infected.
  • The Winter Virus is also from 2000 and is the smallest known Linux virus. It suffers from the same problems as all ELF viruses.
  • The Lindose Virus is another proof-of-concept virus, showing how a virus can be constructed to infect both Windows and Linux computers. It has never been seen in the wild. From 2001.
  • The ZipWorm Virus passes by infection of .zip files. When run, the virus infects all other .zip files in the directory. It has no other ill effects. From 2001, it is unlikely you'll ever run across it.

That's the entire list of Linux viruses and worms. Fewer than thirty. Compare that to the estimated 140,000 viruses for Wndows, and you'll understand why people say you don't need a virus scanner on Linux.

The Reality

If you are going to trade files in a Windows world, you'll need to scan those fies for viruses. You won't get infected, but you may help infect someone else. There are two ways to do this:

  1. Run all the files through a server which checks for you. GMail, Yahoo mail, and Hotmail all have wonderful checking software.
  2. Check the files for viruses yourself. You can install a program called AVScan. Install the package. It won't appear in the menu. Run it by pressing Alt-F2, typing avscan, and pressing Run.

You can now scan files (or your entire system) for viruses and worms.

This information was copied from http://ibeentoubuntu.blogspot.com/2007/10/so-you-want-to-know-how-to-use-anti.html by the original writer.

Herramientas personales