asen's Blog

Happy coding

一个Linux病毒艰辛短暂的一生(转载)

 

最近Windows下病毒肆虐,而且现在好多病毒重装系统都不管用了,看着身边的人以及网上
不认识的人花费大量的时间在杀毒上,我都替他们觉着累,当然在内心深处某个阴暗的角
落里还有那么一点点的暗爽--谁让你们不用Linux呢--这样不会太损rp吧:p

前段时间有个同学问我为什么Linux对病毒免疫,我也一时回答不出来。就在网上搜了一下
Linux virus,翻译了其中的一篇。如果什么地方翻译的不对,请指正,谢谢。

由于这篇文章写得比较早(Ray, June 10, 2000 (Updated: July 30, 2005),原文见htt
p://librenix.com/?inode=21 ),现在的知道的存在过的Linux病毒比当时多了一些,但
仍然屈指可数。

另外,可能不少人持这样一种观点,认为Linux病毒少是因为Linux不像Windows那么普及,
其实这种观点很早已经被人批驳过了。如果哪天比较闲的话我也可能会翻译一下。



The short life and hard times of a Linux virus
一个Linux病毒艰辛短暂的一生

Why aren't the existing Linux viruses[1] anything more than a topic for conver
sation? Why don't they affect you in your daily computing in the way that MS v
iruses affect Windows users?

为什么存在的Linux病毒[1]仅仅是一个谈话中的一个话题?在你日常用计算机的时候为
什么它们不会像MS病毒影响Windows用户一样影响到你?

There are several reasons for the non-issue of the Linux virus. Most of those 
reasons a Linux user would already be familiar with, but there is one, all imp
ortant, reason that a student of evolution or zoology would also appreciate.


Linux病毒不流行有好几个原因。大部分原因Linux用户都比较熟悉了,而有个重要的原因
,学进化学或动物学的学生会比较熟悉。

First, let's take a look at the way Linux has stacked the deck against the vir
us.

首先,让我们先看一下Linux是怎么筑起对抗病毒的甲板的。

For a Linux binary virus to infect executables, those executables must be writ
able by the user activating the virus. That is not likely to be the case. Chan
ces are, the programs are owned by root and the user is running from a non-pri
vileged account. Further, the less experienced the user, the lower the likelih
ood that he actually owns any executable programs. Therefore, the users who ar
e the least savvy about such hazards are also the ones with the least fertile 
home directories for viruses.

对一个二进制的Linux病毒,要感染可执行文件,这些可执行文件对启动这个病毒的用户一
定要是可写的。而实际情况通常并不是这样的。实际情况通常是,程序被root拥有,用户
通过无特权的帐号运行。而且,越是没有经验的用户,他拥有可执行文件的可能性就越小
。因此,越是不了解这种危险的用户的主目录越不适合病毒繁殖。

Even if the virus successfully infects a program owned by the user, its task o
f propagation is made much more difficult by the limited privileges of the use
r account. [For neophyte Linux users running a single-user system, of course, 
this argument may not apply. Such a user might be careless with the root accou
nt.]

即使这个病毒成功地感染了这个用户拥有的一个程序,由于这个用户权限受限,它进一步
传播的任务也会非常困难[当然,对于运行单用户系统的Linux新手,这个论证可能不适用
。这样的用户可能会对root帐户比较粗心。]

Linux networking programs are conservatively constructed, without the high-lev
el macro facilities that have enabled the recent Windows viruses to propagate 
so rapidly. This is not an inherent feature of Linux; it is simply a reflectio
n of the differences between the two user bases and the resulting differences 
between the products that are successful in those markets. The lessons learned
 from observing these problems will also serve as an innoculation for future L
inux products as well.

Linux网络程序构建地很保守,没有使现在Windows病毒如此快速传播变的可能的高级宏工
具。这并不是Linux的固有特征;它仅仅是两种用户基础的不同和这种不同导致的在这两种
市场中的成功产品的不同的反映。通过观察这些问题学到的经验也会被用到将来的Linux产
品中。

Linux applications and system software is almost all open source. Because so m
uch of the Linux market is accustomed to the availability of source code, bina
ry-only products are rare and have a harder time achieving a substantial marke
t presence. This has two effects on the virus. First, open source code is a to
ugh place for a virus to hide. Second, for the binary-only virus, a newly comp
iled installation cuts off a prime propagation vector.

Linux的应用软件和系统软件几乎都是开源的。因为这么多的Linux市场份额习惯了可获得
的源代码,仅提供二进制的产品很稀少,并且很难获得实质的市场份额。这对病毒有两方
面的影响。首先,病毒很难藏身于开源的代码中间。其次,对仅有二进制的病毒,一次新
的编译安装就截断了病毒一个主要的传播途径。

Each one of these obstacles represents a significant impediment to the success
 of a virus. It is when they are considered together, however, that the basic 
problem emerges.

这些障碍每一个都是病毒成功传播的一个重要阻碍。然而当把他们放在一起考虑的时候,
基本的问题才浮现出来。

A computer virus, like a biological virus, must have a reproduction rate that 
exceeds its death (eradication) rate in order to spread. Each of the above obs
tacles significantly reduces the reproduction rate of the Linux virus. If the 
reproduction rate falls below the threshold necessary to replace the existing 
population, the virus is doomed from the beginning -- even before news reports
 start to raise the awareness level of potential victims.

一个计算机病毒,像生物病毒一样,要想传播开来,其繁殖速度必须超过其死亡(被消灭
)的速度。上面提到的障碍有效地降低了Linux病毒的繁殖速度。如果它的繁殖速度降到取
代原来种群所需要的阈值之下,那么这个病毒的厄运从一开始就注定了--甚至在新闻报
告让潜在的受害人意识到之前。

The reason that we have not seen a real Linux virus epidemic in the wild is si
mply that none of the existing Linux viruses can thrive in the hostile environ
ment that Linux provides. The Linux viruses that exist today are nothing more 
than technical curiosities; the reality is that there is no viable Linux virus
.

我们没有看到一个真正的Linux病毒疯狂传播,原因就在于存在的Linux病毒中没有一个能
够在Linux提供的敌对的环境中茁壮成长。现在存在的Linux病毒仅仅是技术上的好奇;现
实是没有能养得活的Linux病毒。

Of course this doesn't mean that there can never be a Linux virus epidemic.[2]
 It does mean, however, that a successful Linux virus must be well-crafted and
 innovative to succeed in the inhospitable Linux ecosystem.

当然,这并不意味着永远没有Linux病毒能够流行[2]。然而它确实意味着一个成功的Li
nux病毒要在不适合生存的Linux生态系统中存活下来必须是精心制作并具创新的。

[1] Bliss is the only Linux-compatible virus seen in the wild. Staog is the fi
rst known Linux virus.

[2] For another perspective on this issue, try this article on freshmeat.net