Ubuntu: What is the Ubuntu “built in virus protection”?


At ubuntu.com there is this "only in ubuntu" that says "Built in virus protection":enter image description here

What is the Ubuntu built it protection? What is the program in charge of this and how does it work?


"Built-in virus protection" is a simplification of the security features of Ubuntu.

  • Ubuntu requires applications to be run as super-user to cause any damage. It also includes AppArmor to supplement that.

  • There is also the safe and secure repository model which gives you access to thousands of applications through the Software Center which are tested by package maintainers.

  • Since it is free software more people have access to the source code and according to Linus's law: "Given enough eyeballs, all bugs are shallow", which means that

    Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.

  • The security exploits are quickly patched up and delivered to you through the Update Manager.


My 2 cents are that it is possible to get a virus for Ubuntu, but:

  • The way most Linux distributions are built make it very hard for virus/trojans/backdoors to take advantage of vulnerabilities in binary packages. Ubuntu changes every six months (and updates --sometimes annoying-- land at least every week). It makes it very difficult for a virus author to track all these changes. In contrast, windows takes several years to change. That gives some time to the virus author to try to be as destructive/invasive as it can.
  • AFAIK, there is a substantial difficulty to "leak" binary code or suspicious source code to Ubuntu's Official or Debian's official packaging systems.
  • There might be 3 ways to infect a Linux box:
    • You 've been running Linux for years without updating any of your internet-facing services/apps.
    • You installed a virus/trojan by yourself.
    • You downloaded the virus in source code, compiled it and ran it with administrator privileges ;)


I have had discussions with some people who claim that the Linux population makes it a less favorable target for viruses.

There are a number of things about Linux and other Unix based platforms that make them not pleasant environments for viruses.

  • Access to logs and log scanners make it simple to watch for thing indicating a problem.
  • Limited privileges for most users make it difficult to get a strong toehold on a system. Well managed systems make it extremely difficult to gain root access.
  • Ease of restricting access to services like cron which can be used to relaunch services.
  • A lot of tools have been scanned for race conditions which make it possible to change configuration files. (I was discouraged to see Linux security bug counts being considered equal to Windows when many of the bugs were of the type "race condition may allow high scores to be changed".)
  • Ease in providing read-only access to resources used by services. (Failure to do so is one vector enabling code injection into sites.
  • Ease of running and comparing checksums on files.
  • Heavy use of human readable configuration files.
  • Use of executable bit to enable file execution.
  • Ability to flag partitions to prevent automatic execution on the partion. Additional mount options exist to increase security.

In whole and in part these factors, make introducing viruses more difficult, easier to detect, and easier to disable.


I think what they mean by that is a) necessary privilege elevation (i.e. sudo) is necessary for doing potentially dangerous things and maybe b) (tongue-in-cheek) Linux is too obscure (and secure, see a) to draw much fire from virus writers..


The simplest answer is that it's very rare to find any virus designed to target an Ubuntu system.


Excerpt from Psychocats Tutorial Website:


Conventional wisdom in the Linux community says that there are either no or very few Linux viruses out in "the wild," and that most are just proof-of-concept theoretical viruses. Some people recommend installing a virus scanner like ClamAV in order to protect your Windows-using friends from Windows viruses you might accidentally send them. I don't really see how that's an issue, though. If you have an attachment you created in Linux, why would it have a Windows virus in it? If your computer has been compromised in such a way that you don't have control over what you send other people, then you have a lot more to worry about than spreading viruses to your Windows-using friends!


"Built-in virus protection" is probably just marketing speech for the fact that Linux uses a different binary format for executables than Windows, so a Windows-virus cannot run on Linux. (It might run under Wine, but who would try that?)

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »