Revisión de 21:44 30 abr 2008

Así que... ¿quieres saber si hay que usar un Antivirus en Ubuntu?

Ya tienes un sistema Ubuntu, y tus años de trabajo con Windows te hicieron preocuparte acerca de los virus -- eso es bueno. Si GNU/Linux (en general) ya es un sistema muy seguro de por si, Ubuntu viene de serie sin "puertos abiertos" (significa que las posibilidades de que los gusanos/worms pueden entrar en su sistema sin su consentimiento disminuyen drásticamente), pero siempre hay un cierto peligro con el software malicioso. Lo siguiente es un resumen de la lista entera de gusanos/worms y virus y demás malware conocido hasta ahora para GNU/Linux, cortesía de Wikipedia:

Gusanos

• Net-worm.linux.adm: Este gusano de 2001 el cual explotaba una vulnerabilidad de saturación del búfer (uno de los métodos más comunes de los virus). Escanea la red buscando ordenadores con puertos abiertos, intenta el ataque, infecta páginas web albergadas en el sistema para propagarse más. Este gusano no es peligroso pero provoca saturaciones del búfer. Sin embargo dicha vulnerabilidad que aprovechaba ha sido parcheada desde hace años, eso sin contar de que tu no tienes ningún puerto abierto.

• Adore: Un ordenador infectado escanea la red buscando DNS, FTP, y servidores de impresión (impresoras compartidas), infecta usando varios métodos. Se instala una puerta trasera (backdoor) y el gusano propaga por si mismoen sí. Este gusano no es peligroso para ti ya que los métodos de ataque también son del 2001 y las vulnerabilidades que usa han sido parcheadas desde hace mucho tiempo. Incluso si no hubieran sido parcheadas, no no tienes por defecto esos servicios funcionando en tu sistema Ubuntu.

• The Cheese Worm usa un backdoor el cual es instalado por otro gusano, eliminando el backdoor y propagándose. Es, de hecho, un intento de limpiar un sistema ya infectado. Este gusano no es peligroso ya que los gusanos que necesitan propagarse ya no son peligrosos. Eso si, si nunca fue peligroso en primer lugar es discutible.

• Devnull es un gusano de 2002 el cual infecta un sistema que use una versión antigua del OpenSSL, el cual pasa a formar parte de una botnet controlada por IRC. El gusano sólo puede propagarse si un compilador está presente en el sistema. La vulnerabilidad que usa este gusano ha sido parcheada desde hace ya tiempo. Además el OpenSSH no está instalado en tu sistema por defecto.

• The Kork Worm usa el servidor de impresión de Red Hat Linux 7.0 y necesita descargar una parte del mismo (del gusano) de una web. Esa web ya no existe. Red Hat 7.0 no es Ubuntu GNU/Linux. Tú estas seguro.

• The Lapper Worm no hay mucha información al respecto, pero se añadió a la lista en 2005, y cualquier vulnerabilidad que explotara ha sido casi con toda seguridad parcheada en la actualidad. No puedo decir si para algunos este gusano podría afectar a usted o no, pero la mayoría de las vulnerabilidades son parcheadas dentro de días, no semanas, por lo que en dos años es muy poco probable que pueda verse afectados por este.

• The L10n Worm (se pronuncia "Lion") estuvo activo en el 2001 y se uso como exploit para un servidor de impresión. La vulnerabilidad ha sido parcheada y ese servidor no se instala en Ubuntu. Este no es peligroso para ti.

• The Mighty Worm apareció en 2002 y se usó una vulnerabilidad en el módulo de sesión segura de un servidor web Apache antiguo, instalando una puerta trasera (backdoor) y uniéndolo a una red de bots (botnet) vía IRC. Esta vulnerabilidad ha sido parcheada, Apache no se instala en tu sistema, y toda la arquitectura del servidor web ha sido modificada. Nunca te podrás infectar.

• The Slapper Worm usa la misma vulnerabilidad que el The Mighty Worm y opera de forma similar. Del mismo modo te es inmune.

Viruses

• The Alaeda Virus is relatively recent (May) and infects other binary (program) files in the same directory. If you run as a normal user doing non-programming work, you should not have any other binaries in your home folder. Alaeda won't have anything to infect. This is a good reason why you shouldn't download and install random files off the Internet. If you don't know why you're typing in your password, don't do it. Realistically, though, ELF files (the Linux equivalent of a Wondows .exe) are pretty picky about what system they run on, so sthe chance of getting infected is slight.

• The Binom Virus is from 2004 and affected ELF files in a similar manner to Alaeda. The same conditions apply here. You chance of getting infected is zilch if you don't give a password, and not much even if you do. Be safe, though, and don't run random attachments.

• The Bliss Virus was probably a proof-of-concept by someone from 1997 trying to prove that Linux could be infected. Because of the Linux user privilege system and the thousands of versions of Linux, it didn't do well at all. This one is in the same boat as the two others. Almost nothing about the Linux kernel is the same as it was in 1997. Don't worry.

• The Brundle-Fly Virus was a research virus for an operating systems course and was never in the wild. It even has a web page and an uninstaller. If you want to get infected by a virus, this one is good. You'll need to compile it for your system, though, so be prepare to follow a lot of complicated instructions.

• The Diesel Virus is called "relatively harmless" by viruslict.com. It's an ELF virus, just like the others, discovered in 2002. No need to be concerned

• The Kagob Virus comes in two flavors and even contains a copyright notice (2001). There are no symptoms of infection. Interestingly, when run, the virus disinfects the infected file to a temporary directory before running, then deletes the file after it is executed. Same ELF problems as before. You won't get this one, either.

• The MetaPHOR Virus is another project with its own web page. The exact function and evolution of the virus is laid out. From 2002, it shouldn't represent any risk, even if you can find one in the wild. If you really want to get infected, download the source and compile it yourself.

• OSF.8759 is the first really dangerous virus on the list. It not only infects all files in the directory (and system files if run as root), but also installs a backdoor into your system. The backdoor doesn't suffer from the problems of normal ELF viruses because the virus itself loads the backdoor. This means that the virus still needs to work under ELF, though, limiting the chance that it will work on your system. Since the virus is from 2002, there is virtually no chance that it will run on your system. If a new version becomes available, you might need to worry.

• The RST Virus is also from 2002 and also installs a backdoor. It, however, operates under normal ELF rules, making it virtually harmless to today's sytems.

• The Staog Virus was the first Linux virus, created in 1996. It used vulnerabilities which have loog been patched. It cannot harm you.

• The VIT Virus is another ELF virus, this time from 2000. Since Ubuntu didn't exist seven years ago, you won't be running a system that old and won't be infected.

• The Winter Virus is also from 2000 and is the smallest known Linux virus. It suffers from the same problems as all ELF viruses.

• The Lindose Virus is another proof-of-concept virus, showing how a virus can be constructed to infect both Windows and Linux computers. It has never been seen in the wild. From 2001.

• The ZipWorm Virus passes by infection of .zip files. When run, the virus infects all other .zip files in the directory. It has no other ill effects. From 2001, it is unlikely you'll ever run across it.

That's the entire list of Linux viruses and worms. Fewer than thirty. Compare that to the estimated 140,000 viruses for Wndows, and you'll understand why people say you don't need a virus scanner on Linux.

The Reality

If you are going to trade files in a Windows world, you'll need to scan those fies for viruses. You won't get infected, but you may help infect someone else. There are two ways to do this:

  1. Run all the files through a server which checks for you. GMail, Yahoo mail, and Hotmail all have wonderful checking software.
  2. Check the files for viruses yourself. You can install a program called AVScan. Install the package. It won't appear in the menu. Run it by pressing Alt-F2, typing avscan, and pressing Run.

You can now scan files (or your entire system) for viruses and worms.

This information was copied from http://ibeentoubuntu.blogspot.com/2007/10/so-you-want-to-know-how-to-use-anti.html by the original writer.