>So you see, by your own accounts we can figure that they do exist and Linux systems do get infected. The fact that your systems don't get infected would not reflect the potential user community at-large if say Linux was in use in 50% of the end-user market since we can safely say you keep on top of OS developments.
>
>For one you would have to have the odds of the masses to be able to entice someone to open a message from your boss saying "I LOVE YOU" :)


No, it doesn't work that way. Linux email apps don't have anything similar to scripting engines that run attached or embedded executables. You have nothing to fear when opening an email in a Linux OS. I deliberate open WinXX viri when I receive them. They do nothing, of course. I can view the enticement and the payload. Linux does not run WinXX exe, com or bat files. I even opened WINE and then opened an email containing the SirCam virus. It attempted to deploy, as best it could without a register to operate on, added a couple of files in Windows/system and put an executable in temp and in the trashbin. But, without outlook express running, which wasn't on my box, and nothing similar to 'services' running, it had nothing to do. I looked at the executable with a hexeditor, then deleted the SirCam files.

Linux began in 1992. In ten years, less than a dozen viri with potential have appeared. None have risen above the 'curiosity' stage and and only Ramen, Lion (a Ramen clone) and Bliss pose a risk. All three have appeared in the wild, but none did any know harm to a linux system. To understand why you have to realize that Linux users normally don't run as root. In fact, even when doing system maintenance they never log into root! They run maintenance apps with 'su' (superuser) permission from their user account. While Linux systems that are poorly installed, without root passwords or with users running as root get hacked into, I have yet to hear of a Linux system being trashed by a Linux virus. If such an event ever happened you can rest assured that Microsoft, the AV software houses, ZDNet and a bunch of other people would spare nothing to make sure that absolutely everyone heard about it.

The big reason why Linux viri fail, even when users open an email containing an embeeded or attached viri, is become the user would then have to directly execute the payload after the email was opened. Very few Linux users would do that. Even if they did, the worst that could happen is that their user account files are deleted, necessitating a restoration from a backup CD. Five minutes later the account and its files are restored and the problem over.

You have to set aside your MS Hat when thinking about Linux. They are two totally different animals.

>
>>>>>http://www.cnn.com/2002/TECH/internet/06/13/picture.virus.ap/index.html
>>>>
>>>-snip-
>>>>
>>>>AV software will not be an economically viable business on the Linux OS, and I think they are beginning to realize it. In five years of using Linux I have never had a successful viri attack on my box. In my mailbox I have had countless WinXX viri trigger harmlessly or fail to trigger at all. It makes doing a post mortum easy and risk free. Under WINE, I once fired the SirCam viri just to see it work. It was easy to follow and the results were easy to reverse. All the changes stood out like a sore thumb, and none could in any way affect the Linux installation. In fact, only those who run their Linux installation as 'root' or have no root password, which are really stupid things to do, will ever be affected by a linux virus, if a serious one ever appears. The worst thing that could happen is the a user's account files are deleted, which would take all of 30 seconds to recreate, and a minute or two to restore other files from backups.
>>>>
>>>>JLK
>>>
>>>Of course one other reason why AV software is not economically viable in the Linux environment is because it has not reached the masses of the end-user market. I don't think the reason is because Linux is somehow intrinsically virus-resistant. Let us not forget that the whole hacker and trojan horse thing was born in the Unix environment.
>>>
>>>They might not spread in the same way, attack in the same way or even be called the same (virus vs trojan or backdoor, generally) but they are out there.
>>
>>"They are out there"? X-Files, or an urban myth popular in MS circles?
>>
>>"Russell Pavlicek
>>The Linux virus threat?
>>SOME OF THE recent press regarding the "Goner" e-mail virus has brought about interesting commentary from anti-virus manufacturers. It seems that a number of these folks feel that Linux viruses soon will be rampaging through the Internet alongside their Windows brethren.
>>Don't hold your breath."
>>http://www.infoworld.com/articles/op/xml/01/12/17/011217opsource.xml
>>
>>I dual booted Linux for two years and have run it as my sole OS for three years. Not once have I seen a Linux virus. I process as many as 1K to 5K email and newsgroup msgs per week and only ONCE in five years have I ever encountered any person claiming to have experienced a Linux virus infection. That was Alan Cox on the Linux kernel email list, discussing 'Bliss' in 1997.
>>
>>There are only a few known Linux viri, and only a few of them represents a threat. To get them to work requires user cooperation. In fact, Linux viri are so rare that the discovery of one is a worthy news Item beyond the standard security annoucement. Consider also Apache vs IIS. Apache is used 66% to 25% for IIS across all domains: http://www.securityspace.com/s_survey/data/200205/index.html Despite the fact it is used only half as much as Apache, the vast majority of viri are written against IIS because it is less secure, i.e. easier to crack.
>>One would think that based on relative use Apache viri would outnumber IIS viri 2 to 1.
>>
>>The site: http://www.viruslist.com/eng/viruslistfind.html?findTxt=linux&findWhere=011&page=1 while showing nearly 1,000 Windows viri for various versions of WinXX, it lists only 19 Linux viri, and not all of them are truely or solely Linux, but like the jpeg 'crossplatform' virus, have only a remote chance of being successful because very few Linux users run their systems as root. More than 1/3rd of the viri are noted as 'harmless' or 'benign', etc..., which leaves less than a dozen known Linux viri. Writing a successful Linux viri is hard to do because, as I pointed out before, few people run their Linux system as root, and it is only as root that you can do any real damage.
>>
>>Examples of some Linux viri:
>>http://math-www.uni-paderborn.de/~axel/bliss/ This is the first known Linux virus
>>http://www.viruslist.com/eng/viruslist.html?id=3135 This is the second known linux virus
>>Remote shell: http://linux.oreillynet.com/pub/a/linux/2001/09/18/insecurities.html
>>
>>Like most other applications on the Linux platform, a Linux Virus-writing-Howto is included:
>>http://librenix.com/?inode=1806
>>
>>
>>Sophos reported in http://www.sophos.com/virusinfo/articles/lindose.html that cross platform viri pose a low threat. Sophos makes the only Linux virus scanner I know of. It primarily scans for the Ramen virus and for WinXX viri, but scanning for WinXX viri is a waste of time because they are harmless in a Linux environment.
>>
>>Over that last couple of years various news portals, especially ones whose revenue are dependend on MS software and hardware, publish stories about how viri on the Linux platform are 'going to explode', or are exploding. All of them were, of course, pure nonsense if not FUD.
>>Example: http://news.bbc.co.uk/hi/english/sci/tech/newsid_1344000/1344344.stm or http://news.zdnet.co.uk/story/0,,s2076527,00.html or http://www.computeruser.com/news/02/01/08/news1.html are stories about epidemics that never happened.
>>
>>The big threat will be to those newbies from the Windows environment who install Linux, log in as root, and remain in that account to run the system. The dimmer bulbs will get burned once and then they will learn.