JollyRoger
Posts: 154
Joined: Wed Feb 01, 2012 9:48 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 12:29 pm

I'm from the Windows environment, where viruses are a big problem. I know Linux is is not much affected by viruses, and I know the RasPi's architecture means that it too will be largely unaffected. But is there any risk at all from viruses on the Pi? And if so, can anyone recommend suitable antivirus software? Thanks in advance for any advice.

User avatar
alexandru.cucu
Posts: 75
Joined: Mon Sep 05, 2011 6:07 pm
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 12:45 pm

The risk of getting infected on a Linux machine is so small that you don't need to run antivirus software. Run Linux on ARM and you make the probability even smaller.

The biggest security hole is between the chair and the keyboard
https://launchpad.net/~alexandru.cucu

User avatar
RaTTuS
Posts: 10592
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK
Contact: Twitter YouTube

Re: Viruses on the RasPi

Thu Feb 09, 2012 12:49 pm

yes there is risc,

the only way not to have risk is not to switch it on,

if it is not connected to the net then you are safer

if you never run any software on it then you are safer

however - you are unlikely to see anything in the wild for it

clamav will probably run on the RPi
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

Lynbarn
Posts: 464
Joined: Wed Jan 04, 2012 11:03 pm
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 1:02 pm

RaTTuS said:


yes there is risc,

the only way not to have risk is not to switch it on,

if it is not connected to the net then you are safer

if you never run any software on it then you are safer

however – you are unlikely to see anything in the wild for it

clamav will probably run on the RPi


But of course, once pupils start to get to grips with it's architecture, and learn system-level programming, what self-respecting, angst-ridden, disaffected teenager with a streak of evil genius wouldn''t be tempted…

User avatar
crundy
Posts: 310
Joined: Fri Aug 12, 2011 7:47 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 1:16 pm

It's ignorant to suggest that there's no risk. All platforms have a malware risk, be it viruses (uncommon these days), worms, trojans, plugins etc etc. Two things to note:

1) As a lot of people (esp students) will be using the default distro and the foundation plans on selling a lot of devices worldwide, it makes creating a successful piece of malware easier to develop, and

2) As someone else suggested, the main target for the R-Pi is schoolkids, some of which will be mischievious schoolkids who want to learn how to code "viruses". If they develop a successful worm or similar on their R-Pi then it will target all R-Pis

Just something to consider before deciding whether or not you will install something like ClamAV when using your R-Pi on the internet. Sadly the arrogance of linux (and esp mac) users with their anti-microsoft preconceptions blinds them to the fact that there has been, currently is, and always will be malware against their platform.

Alchemy
Posts: 92
Joined: Mon Jan 30, 2012 2:10 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 1:21 pm

In terms of virus control RasPi is excellent. The students can't damage the x86 machines with the ARM implementations they are producing. And the x86 machines won't infect the RasPi.

Its a lot safer than teaching them programming on machines that later in the day are needed for word processing.

maven
Posts: 13
Joined: Tue Jan 31, 2012 7:58 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 1:26 pm

Crundy said:


there has been, currently is, and always will be malware against their platform.


I totally agree, but as we already said the probability of infection is several scales of magnitude smaller, because:

A you probably know what you're doing well enough to make your system pretty hack-proof.

B most viruses target Windows, because it's on something like 90% of consumer PCs

User avatar
crundy
Posts: 310
Joined: Fri Aug 12, 2011 7:47 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 1:34 pm

maven said:


Crundy said:


there has been, currently is, and always will be malware against their platform.


I totally agree, but as we already said the probability of infection is several scales of magnitude smaller, because:

A you probably know what you're doing well enough to make your system pretty hack-proof.

B most viruses target Windows, because it's on something like 90% of consumer PCs


I'm not saying that you're just as likely to get infected using linux or an R-Pi as you are with a windows PC. That isn't true. However reduced risk != no risk.

I've only ever had one machine completely taken over by spammers. The machine was a linux box with minimal software installed and locked down in the firewall to only allow SSH, SMTP and HTTP through. SMTP was totally locked down to avoid relaying, and I had the system autoupdate all packages on the system every night. It only served static pages and had no scripts running. All password were complex. Yet I still don't know how they got in, could not find any trace of what they were doing, and couldn't get rid of them. In the end I had to nuke the server and start from scratch, and they didn't come back, so I'm guessing it was either a 0day vulnerability on one of the services or they got lucky with one of the passwords. If there's an incentive to hack a machine you can bet someone will try.

User avatar
meltwater
Posts: 1015
Joined: Tue Oct 18, 2011 11:38 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 1:57 pm

Would it be possible to set up the RPi to use a read only SD card with say a flash drive for swap space and perhaps personal data online.

That would mean any mal-ware will be gone on the next boot (assuming you build the system clean).
______________
http://www.themagpi.com/
A Magazine for Raspberry Pi Users
Read Online or Download for Free.

My new book: goo.gl/dmVtsc

Meltwater's Pi Hardware - pihardware.com

Like the MagPi? @TheMagP1 @TheMagPiTeam

shigllgetcha
Posts: 4
Joined: Thu Feb 09, 2012 1:57 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 1:59 pm

the vast majority of pi's wont have anything on them worth stealing in the first place so there would be little point or effect in a virus

I know I dont plan to use any i get for anything that anyone else would be interested in stealing

Lynbarn
Posts: 464
Joined: Wed Jan 04, 2012 11:03 pm
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 2:06 pm

shigllgetcha said:


the vast majority of pi's wont have anything on them worth stealing in the first place so there would be little point or effect in a virus

I know I dont plan to use any i get for anything that anyone else would be interested in stealing


Malware writers have all sorts of reasons for plying their trade, gaining access to valuable data  is one, but notoriety, kudos, disruption, and just "because I can" are all in the mix ...

User avatar
crundy
Posts: 310
Joined: Fri Aug 12, 2011 7:47 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 2:07 pm

Lynbarn said:


shigllgetcha said:


the vast majority of pi"s wont have anything on them worth stealing in the first place so there would be little point or effect in a virus

I know I dont plan to use any i get for anything that anyone else would be interested in stealing


Malware writers have all sorts of reasons for plying their trade, gaining access to valuable data  is one, but notoriety, kudos, disruption, and just "because I can" are all in the mix ...


Simply having access to a "home" machine that's connected to the internet is like a gold mine to spammers.

andyl
Posts: 265
Joined: Tue Jan 10, 2012 11:05 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 2:54 pm

Crundy said:


maven said:


Crundy said:


there has been, currently is, and always will be malware against their platform.


I totally agree, but as we already said the probability of infection is several scales of magnitude smaller, because:

A you probably know what you're doing well enough to make your system pretty hack-proof.

B most viruses target Windows, because it's on something like 90% of consumer PCs


I'm not saying that you're just as likely to get infected using linux or an R-Pi as you are with a windows PC. That isn't true. However reduced risk != no risk.

I've only ever had one machine completely taken over by spammers. The machine was a linux box with minimal software installed and locked down


Yes, but that is different to what the OP asked.  Yes there are plenty of people who will try and hack Linux boxes (and some get on), there are security exploits (which is why you should auto-update the security fixes).  There have been a few instances of trojans too (good practice will help prevent them).

I don't think installing ClamAV will help all that much.  Firstly it is mainly used as an email gateway scanner, and secondly just how many Linux ARM virus signatures does it scan for?

As far as I am aware there are very few real Linux viruses out in the wild.  See https://help.ubuntu.com/community/Linuxvirus for details on ones that have documented.  Furthermore to get infected requires either a security exploit / hack attack or a bone-headed move by the user.  Privilege escalation in order to infect system files is incredibly difficult.

Also remember these are viruses for x86 Linux and so will not run on ARM at all.

Main things to remember

1. install security updates regularly

2. do not do anything as superuser unless it is needed and you know what you are doing.

3. the Unix culture is not to swap executables.  It is to pass source around.  Of course you can still get infected that way - but you have the source code.  Read it if you are unsure of what you are getting.  If you can't read it, don't run it.

Docteh
Posts: 32
Joined: Tue Jan 31, 2012 6:20 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 3:10 pm

Hey, When I get a raspi I could probably use it to do virus scans on the hard drive for my desktop.

Most of my linux server getting pwned problems were related to unpatched bugs hat were fixed for at least few months. Also used default ports in those days.

User avatar
crundy
Posts: 310
Joined: Fri Aug 12, 2011 7:47 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 3:13 pm

andyl said:


Main things to remember

1. install security updates regularly

2. do not do anything as superuser unless it is needed and you know what you are doing.

3. the Unix culture is not to swap executables.  It is to pass source around.  Of course you can still get infected that way - but you have the source code.  Read it if you are unsure of what you are getting.  If you can't read it, don't run it.


This is the best advice. As you say, the risk is very low and so reasonable protection is to make sure you keep up to date with patches and don't run as root.

User avatar
abishur
Posts: 4477
Joined: Thu Jul 28, 2011 4:10 am
Location: USA
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 3:30 pm

As everyone here seems to be saying the likelihood of you getting a virus on linux is low, not really because it's inherently more secure than Windows, but because of the percentage of people using a specific OS.  As the r-pi becomes more and more popular than sure, you might start to see some viruses pop up, but it's *really* a low possibility right off the bat or anytime in the immediate future.

I still do use ClamAV on my linux box though just because it's a file server for Windows PCs and if a virus sneaks into a file, I think my linux box would be more capable of getting rid of it than my Windows machine.
Dear forum: Play nice ;-)

S0litaire
Posts: 216
Joined: Thu Dec 29, 2011 4:24 pm
Location: Ayrshire, Scotland
Contact: ICQ Skype Twitter

Re: Viruses on the RasPi

Thu Feb 09, 2012 3:50 pm

To be honest there's probably more chance of catching a human virus from an R-Pi  than it being infected by a Computer virus. (If you're careful that is!) ^_~

side-note:

Just watched the episode of the Simpsons, at the weekend, where Bart catches Asian-Flu from his Krusty Happy Meal toy... lol
--
Laters

Bill "Solitaire" C

Anáil nathrach, ortha bhas betha, do cheol déanta

User avatar
Gert van Loo
Posts: 2487
Joined: Tue Aug 02, 2011 7:27 am
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 4:00 pm

The other advantage from the Raspi against all other machines is the fact that all data is on the SD-card. So booting from a clean machine only requires you to plug in a clean SD-card. (Which, in the near future, you can download from various sites)

What you also can do is plug the SD-card into a non-Raspi machine and scan it. (You will need a very special scanner which runs on machine A and detects viruses for machine B).

I assume in due time somebody will make an SD-card swap utility so you can swap  SD-cards whilst the system is running. Same principle: boot from a brand new clean card. Swap to the other card without running any SW from it and scan it.

Hummm... Idea! Has anybody already offered Linux PC cleaners? Boot into a Linux kernel which then scans your PC for PC viruses. I know you can get ready-to-run Linux images in all kinds of format.

mole125
Posts: 228
Joined: Tue Jan 10, 2012 2:01 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 4:16 pm

Gert said:


The other advantage from the Raspi against all other machines is the fact that all data is on the SD-card. So booting from a clean machine only requires you to plug in a clean SD-card. (Which, in the near future, you can download from various sites)


I fear that you'll only be able to download a clean image of the card and not download the actual card itself... Unless Gertboard 2 has much more functionality than you have let on?

kasperl
Posts: 90
Joined: Fri Jan 06, 2012 6:20 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 4:37 pm

As I most people said, Linux is rather safe compared to Windows. However, in the last two weeks I've had two (freshly updated) Linux boxes taken over. Both were through trivial user passwords and SSHD, but on one the3 attackers gained route as well. The other was used to spam others, when I found it there were 150k messages in the exim queue. Relaying was disabled, but a local user got taken over. We're still sorting out the blocklists on that.

ClamAV isn't much good for Linux viruses. I pointed it at the folder of some magic bash scripting and binary that kept IRC'ng home for commands., It said all the files were clean. Lovely.

That's another important point btw, most of that virus was Bash and crontabs, it didn't seem to need the binary except for payload code, all the communication was scripted, and cross-platform. Nice bit of code, too.

Prometheus
Posts: 308
Joined: Tue Dec 13, 2011 11:09 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 6:31 pm

This analysis from a few years back is probably somewhat relevant, here (a very short summary of some of the points made is here). It's interesting reading.

ReCreate
Posts: 48
Joined: Wed Feb 01, 2012 4:51 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 6:41 pm

I can't quite understand how people actually get viruses on their computers. It's been a few years now, for me, that I've gone without getting a virus (unintentionally ), I guess that as long as you know what you're doing well enough, and aren't being directly targeted.. It doesn't happen. O_o

Anyways, What hackers would want to target less than 1% of the computing market share for viruses? That's all. c:

User avatar
abishur
Posts: 4477
Joined: Thu Jul 28, 2011 4:10 am
Location: USA
Contact: Website

Re: Viruses on the RasPi

Thu Feb 09, 2012 6:44 pm

Actually, my wife got a virus from visiting Campbell's website about a year ago.  Didn't download anything, didn't give permission for anything to install.  Viruses are getting quite insidious.  I mean you can hide the buggers in a picture.  You'd be amazed at all the data stolen from your browsing trends all because an innocuous ad pops up on the side of a page!
Dear forum: Play nice ;-)

ReCreate
Posts: 48
Joined: Wed Feb 01, 2012 4:51 pm

Re: Viruses on the RasPi

Thu Feb 09, 2012 7:15 pm

Abishur said:


Actually, my wife got a virus from visiting Campbell"s website about a year ago.  Didn"t download anything, didn"t give permission for anything to install.  Viruses are getting quite insidious.  I mean you can hide the buggers in a picture.  You"d be amazed at all the data stolen from your browsing trends all because an innocuous ad pops up on the side of a page!


Yep! That"s an exploit in a web browser. Was it an old version of IE by any chance? New versions are quite more secure, and also, sandboxing! This can make anyone completely immune to even direct attacks against a browser exploit like this, just as long as you don't let it through to your system manually.

timgiles
Posts: 101
Joined: Thu Jan 12, 2012 8:58 am

Re: Viruses on the RasPi

Thu Feb 09, 2012 7:25 pm

ReCat - I was going to post the same. I simply dont understand how people get viruses nowadays. Decent AV, updated windows, updated browser. If you are running Linux, a firewall is about all you need.

Return to “General discussion”