Chuck Norris is not a Linux virus
Can Linux-based network routers get it? Yes. Is it malware like Windows' viruses and worms? No.
Get a grip people. A recent story about the so-called Chuck Norris botnet implies that it breaks Linux's security. Wrong.
Windows malware, whether it comes in the form of a Trojan, virus, or worm, works by exploiting security holes in either the operating system itself or an application like Adobe Reader or Internet Explorer. Whatever the bug or the method it uses to arrive on a Windows PC, the fundamental way it uses to exploit the system is that Windows itself is inherently insecure.
While Chuck Norris runs on Linux-based DSL modems and routers, it doesn't actually attack Linux at all. Instead, it runs as a normal Linux application. So how does it get there if it doesn't try to crack Linux? It infects routers by trying common and default passwords. That's it. That's all there is to it.
To blame Linux because someone is so dumb as to not change the default password is kind of like blaming Honda or Ford for their car anti-thief systems for not preventing your car from being stolen if you left the doors unlocked and the key in the ignition. At some point, the user has to take responsibility for basic security and this most recent assault on modems and routers is a perfect example.
How do you prevent this from happening to you in the first place? Look up how to change your device's password and give it a new one that's not mindlessly simple to guess. And, how do you get rid of it if you already have it? Reboot the device. Don't know how to do that? Try pulling the plug and then putting it back in. Mission accomplished.
Linux has security problems. This isn't one of them. This is a network security for dummies problem.
Any time you get a device that uses a password -- DSL modem, cable modem, router, whatever -- the first thing you should do after making sure it works is to change the default password to something that combines letters and numbers and isn't easy to guess. That alone will stop Chuck Norris faster than Bruce Lee did in Way of the Dragon and 99% of all other common router password attacks.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @ITworld
Brian Proffitt
openSUSE: Not for sale today
pasmith
Two new sources fuel the Verizon iPhone rumor mill
sjvn
The Corporation has gone Open Source
Mike Elgan
What to do with your Google 'Social Circle'
Sandra Henry-Stocker
Unix How To: Give me that old-time security!
Dan Tynan
What's worse than privacy legislation? No privacy legislation
The IFA consumer electronics exhibition turns 50
Albert Einstein opened the 7th Great German Radio and Phonograph Show, the forerunner to today's IFA, in Berlin in 1930. The show marked the public debut of a prototype 'television receiver.' Since then, some products, like the 3DTV, were ahead of their time. Others, like the MiniDisc...well, just never got off the ground. Here's a look at IFA's storied past.
IFA 2010
Samsung launches Galaxy Tab
3D content is king at giant tech show
PlayStation 3 will be ready for 3D by October
Sony announces music service, hints at TV service
Google's Schmidt to speak at Berlin show
3D, tablets galore expected at consumer electronics show
I love these "Linux gets a virus" stories.
They expose the worst in the logic used by the Microsoft trolls and shills. "All systems are insecure" (True), therefore all systems are equally insecure (Not true)". They want so badly to appear as secure as GNU/Linux so they try to make it look as atrocious as Microsoft's Windows.Come on boys, let's see what you've got.
Its not the operating system, its the vendor
This does represent malware compiled for the Linux platform, how is that not a "virus"? Its also not the first (Google for "psyb0t").Why do you define a virus by its propagation method? Also, major vulnerability databases classify default passwords as a VULNERABILITY. In the case of the Chuck Norris worm it was also reported that it exploited D-Link routers that contain vulnerabilities other than a default password.
Asking the user to fix this problem will not solve it, Grandma still will not change the password. Manufacturers will continue to ship them with default passwords, that's the real problem. Remember when Linux used to come with everything enabled by default? We've largely fixed that problem, but if Linux us installed on an embedded system its a different story.
So, doesn't matter what operating system or platform, it should be as close to "Secure by default" as possible.
Linux is inherently insecure
Just because you love linux is not a reason to say it isn't inherently insecure. All OSes are. It is the target size that defines who gets attacked the most often. Most people still use Windows, so as an attacker who am I going to target? Doesn't take a genius.