A virus spreads when an infected application is run. The virus then looks for other running applications, or for applications on disk, and copies its own code into the other applications, thereby infecting them. When the newly-infected applications are run, they will try to infect other applications, and so on.
Both of these avenues of infection are severely limited or impossible under Linux. Since each application runs in its own protected memory space, it is not possible for a virus to infect another application running in memory. And Linux implements a file permission structure that greatly limits the damage that a virus can do.
In Unix systems, there are three main kind of permission for a file - read, write, and execute. There are three kinds of users this can apply to - the file's owner, users in the same group as the owner, and "others".
In practical terms, when a user runs a program infected with a virus, the virus can only infect the applications that the user has permission to write to. In the typical Linux system, this is very few applicaitons, and none of them are critical to the operation of the system.
There is one type of virus that can infect a Linux system - a boot-sector virus. This kind of virus does not use an operating system at all, but instead runs using the BIOS. When the boot-sector virus runs, Linux isn't even running yet, so it can't intercept it. However, no known boot-sector virus is written to work with Linux, and so as soon the machine is infected with such a virus, it probably won't boot. At this point, all you need to do is boot from a Linux floppy and erase the virus. In this sense, Linux is a great virus-detector!
Since viruses are difficult and not terribly impressive in the Linux world, crackers tend to try other means of compromising systems. There are two ways to approach this - "getting root" and "denial-of-service". In the first case, the cracker tries to get "root" or "superuser" access - more or less the same as "Administrator" under Windows NT. In the second, the cracker tries to impair the operation of the computer in some like, like a SYN flood or a WinNuke.
Linux is less prone to these sorts of attacks than most operating systems. This is partly because of its design and partly because of the open-source nature of Linux development. For example, Linux is designed so that the "sechole.exe" program (which gives any user Administrator access under Windows NT) is not possible - at least, by that method. The permissions structure described above means that even if a bug in one process is found, it does not affect other processes. Very few services run with a lot of permissions, and most of the bugs in those services have been found and removed. (Remember, Unix has been around for almost 30 years - performance and security problems have been continuously addressed that entire time.)
And because Linux is open-source, security bugs are fixed quickly, often within hours. Having the source open is a lot like having thousands of programmers audit the security of the system continuously.
Denial-of-service (DOS) attacks are also more limited under Linux. If you give users write permission to a share under Windows NT, those users can fill up the entire disk if they like, which can cause NT to become unstable. Linux supports disk quotas, which limit the amount of space a malicious or mistaken user can take up.
Linux also supports limits on other resources, to prevent users running too many processes, or opening too many network connections, or whatever.
For more information, check out the Linux Security HOWTO.
In the way of a testimonial, check out this story about an ISP that upgraded to Linux to improve security.
![[Prev]](../images/button-l.gif){kind=small}
![[Up]](../images/button-u.gif){kind=small}
![[Next]](../images/button-r.gif){kind=small}