What is the Ubuntu "built in virus protection"?
"Built-in virus protection" is a simplification of the security features of Ubuntu.
Ubuntu requires applications to be run as super-user to cause any damage. It also includes AppArmor to supplement that.
There is also the safe and secure repository model which gives you access to thousands of applications through the Software Center which are tested by package maintainers.
Since it is free software more people have access to the source code and according to Linus's law: "Given enough eyeballs, all bugs are shallow", which means that
Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.
The security exploits are quickly patched up and delivered to you through the Update Manager.
My 2 cents are that it is possible to get a virus for Ubuntu, but:
- The way most Linux distributions are built make it very hard for virus/trojans/backdoors to take advantage of vulnerabilities in binary packages. Ubuntu changes every six months (and updates --sometimes annoying-- land at least every week). It makes it very difficult for a virus author to track all these changes. In contrast, windows takes several years to change. That gives some time to the virus author to try to be as destructive/invasive as it can.
- AFAIK, there is a substantial difficulty to "leak" binary code or suspicious source code to Ubuntu's Official or Debian's official packaging systems.
- There might be 3 ways to infect a Linux box:
- You 've been running Linux for years without updating any of your internet-facing services/apps.
- You installed a virus/trojan by yourself.
- You downloaded the virus in source code, compiled it and ran it with administrator privileges ;)
I have had discussions with some people who claim that the Linux population makes it a less favorable target for viruses.
There are a number of things about Linux and other Unix based platforms that make them not pleasant environments for viruses.
- Access to logs and log scanners make it simple to watch for thing indicating a problem.
- Limited privileges for most users make it difficult to get a strong toehold on a system. Well managed systems make it extremely difficult to gain root access.
- Ease of restricting access to services like cron which can be used to relaunch services.
- A lot of tools have been scanned for race conditions which make it possible to change configuration files. (I was discouraged to see Linux security bug counts being considered equal to Windows when many of the bugs were of the type "race condition may allow high scores to be changed".)
- Ease in providing read-only access to resources used by services. (Failure to do so is one vector enabling code injection into sites.
- Ease of running and comparing checksums on files.
- Heavy use of human readable configuration files.
- Use of executable bit to enable file execution.
- Ability to flag partitions to prevent automatic execution on the partion. Additional mount options exist to increase security.
In whole and in part these factors, make introducing viruses more difficult, easier to detect, and easier to disable.