Linux desktop growth could spur new malware activity

Computerworld - When the Indiana Department of Education began installing PCs running Linux in schools last year, it installed open-source antivirus software on servers to scan incoming e-mail. But it didn’t bother installing antivirus software on the desktop computers.

“I hate to admit this, but I wasn’t worried,” said Forrest Gaston, a consultant managing the project for the state. Despite heavy student usage of the Internet, Gaston’s optimism has so far been borne out: “It hasn’t been an issue,” he says.

Besides Linux’s low cost, its relative immunity from viruses, spyware, worms and other malware has long been one of the open-source operating system’s key attractions to potential desktop users. Vendors who will be at next week’s Desktop Linux Summit in San Diego certainly tout it.

“There are almost no viruses for Linux. Certainly, I’ve never seen one,” said Tom Welch, chief technology officer at Linspire Inc., a San Diego desktop Linux vendor and co-sponsor of the show.

Jeffrey Jaffe, the chief technology officer at Novell Inc., another show co-sponsor, feels much the same way. In a recent blog entry, Jaffe wrote that since joining Novell late last year and switching to Linux, viruses have become “things of the past.” Novell is pushing its SUSE Linux for corporate desktop use.

Even vendors hawking Linux antivirus products acknowledge that the operating system does not suffer today. “Our product is more used to filter Windows viruses than actual Linux viruses,” said Ron O’Brien, an analyst at U.K.-based antivirus software maker, Sophos PLC.

But experts warn that could change if Linux begins to win a mass audience on the desktop, bringing in millions of users who are less proficient technically and less security-conscious than today’s typical Linux user.

“Windows was the only game in town, but now Linux is offering a more tempting prize,” said John F. Andrews, president of open-source market research firm Evans Data Corp. in Santa Cruz, Calif.

Earlier this month, Evans released survey data showing that 11% of developers reported seeing malware on their Linux systems, with more than a third of those having three or more infections. While still low compared with infection rates among Windows users, they are the highest totals ever reported in Evans’ survey, which has been conducted twice per year since 2002.

Earlier this month, a cross-platform virus emerged that could theoretically infect both Windows and Linux. The virus, called Virus.Linux.Bi.a/Virus.Win32.Bi.a, has not been used in any known attacks.

But experts such as Johannes Ulrich, chief technology officer at the SANS Institue, a Bethesda, Md.-based Internet security group, say such proof-of-concept code has traditionally presaged the launch of actual malware. “I think we’ll see an increase in virus activity as Linux becomes more mainstream,” Ulrich said.