The Inquirer-Home

Kaspersky Labs' slated for Linux virus FUD

Linux boffins say it doesn't work and help to make it work
Wed Apr 19 2006, 08:58
LINUX EXPERTS are dismissing as FUD a claim by Russian Anti-Virus outfit Kaspersky labs that it has invented a cross platform virus that can eat Windows and Linux systems.

The story was broken in Computerworld, here, and the source code was posted here, so people in the know could have a dekko.

It all made a damn fine headline, but when the Linux people sat down with it they found it didn't actually work on kernels later than 2.6.16.

The people at newsforge said that it remained to be seen whether malware authors could create a virus that can spread as easily on Linux as viruses on Windows. Besides it could all be stopped if Linux users refused to "run as root".

Linus Torvalds on the other hand was intrigued by the virus. He sat had to sit down and wrote a patch so that the virus worked on the latest kernel and he could play with it.

Torvalds was interested in the virus, not because it was spreadable and could cause the end of the operating system as we know it, but because it was a regular program which happens to work on both Windows and Linux, and that happens to do things like writing to files that are owned by the user. In the end he said the reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. He has coded a patch for the kernel to allow the virus to work on even the Linux kernel.

In other words the reason the virus did not spread on Linux was because of a flaw, which Torvalds has fixed and now everyone is excited.

If Kaspersky wanted everyone in the Linux community to download its Virus checkers because they were frightened of viruses it seems to have miscalculated that a tad. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?