virus cross platform

is it correct to say that a virus written for Windows, won't work on a Linux box because the code couldn't excecute in Linux because the file structure and OS code is different?
I thought a virus written in something like Java could run on both Windows and Linux because Java isn't platform specific. So say you want a computer that has a smaller chance of getting infected. If you run Linux without Flash Player, Java, or any other cross platform app. ( by the way, aside from java and flash player, what over cross platform apps are there? )
Since most viruses are written to target Windows, your chance or getting infected are pretty low. I am keeping in mind that there are Linux viruses, I get that just because I'm running Linux I am NOT immune to viruses. I'm just going on the likelyhood.
Also, wouldn't a virus written for Windows not work on Linux because, wouldn't most viruses look for things like C:\windows\system32, or something like that? Or maybe try to put entries into the registry.
LVL 1
JeffBeallAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StampelCommented:
It is true for standalone virus running in a pure .exe format written in a common language like C / C++ ...
A java program is not standalone as it would need the Java.exe of your computer to run.
But your assumption is true, a virus written in java could possibly be run under windows / linux the same.
It is also very true that a computer without java/flash ... has less chance to get infected.
And also very true that running Linux you get less chance to get infected because most target windows.
You would only be targeted a lot if you host website with Linux since they try to hack you to get in (often by SQL injection) and they trry to steal Credit Cards #

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
Let me turn around your approach: why would it matter - would the answer, whatever it may look like, change your behavior?

It's that simple: we use computers because we need some functionality that some programs offer. As soon as those programs interact with untrusted code, you might get infected. No matter what OS, no matter what program.

So to be less likely infected, abused, whatever, use as little untrusted code and documents as possible. Is that possible? Let's see: any website is untrusted code. Any mail attachment someone sends you is, any MP3 you downloaded from somewhere is... it is anything you didn't code yourself.
Now does that mean we are in constant immediate danger? Would it help to use Linux here? "of course not" - answers both questions. Immediate danger is only given for those who act foolish, install anything, open any attachment, never patch their programs, run as root/administrator all the time. And while Linux surely has less attacks to fear simply because the attackers know much, much more users are on windows, you will gain no certainty that now you can act careless - I think that is agreeable.

A very interesting approach that is still neglected is code approval by whitelisting. Windows in enterprise edition  (7 ultimate edition) has applocker which offers to whitelist applications that you trust. Those will run, the rest won't, no matter where it comes from or how its start is triggered, it won't run.
A "light" version of that approach is featured in the pro editions of xp/vista/7/8.x, too. It's called "software restriction policies". Google both, they are very, very helpful in securing windows. You have to invest time, though.
JeffBeallAuthor Commented:
McKnife - my computer behavior is...
For banking I have a Fedora linux box, no flash, java, firewall enabled. I use it exclusively to bank and pay bills. I do nothing else on it.
for emails, and just goofing off on the internet, I use my windows machine ( now running win10 beta ).
I have a laptop running Bodhi linux, and sometimes use Thunderbird for emails - Bodhi is a beautiful GUI, so I wanted to mess around with it.
So I posed this question to see if my reasoning was sound. I thought with how I have my setup, the target I present would be minimized.
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

McKnifeCommented:
"The target you present" - hmm. You are not seen as target. There's a constant flow of malicious code coming through all "openings" and no one can avoid visiting some sooner or later.
So like you practice it, isolating high risk things like online banking into an exclusive environment is the best you could do.
"Goofing around" again can quickly evolute to anything from a harmless adware to a "free" botnet membership. So if you are interested in that applocker approach: of course your win10 evaluation has it - if you picked the enterprise version.
StampelCommented:
As soon as you arre using internet you are a bloody target of tons of malware/viruses you dont even suspect.
Im not paranoïd but i see the log of thousands of penetration test on each server or each IP placed on the net.
So everyone should feel concerned as Jeff is and yes Jeff on its fedora used only for payment purpose is more than 99% safer than people using their own computer to surf and pay on the same computer for sure.
McKnifeCommented:
Target means, someone aims at especially you - and that's not the case.
"Possible target" (amongst billion others) is some wording that comes a lot closer.
StampelCommented:
Dont play on words :) possible target, potential target well ... a target still :)
The thing is answering his question .. he is safer than many will never be.
JeffBeallAuthor Commented:
true goofing around could be a problem, but that's why I'm using beta. I fully expect to wipe and reload later. Besides I goof off, but within reason. I still use caution when it seems suspicious.
Well, I didn't expect a war of words, I'm more interested in if the concept I'm using seems solid.
I bet it's interesting to see those penetration test! I've also been experimenting with IPcop for my home network firewall. I'm kind of disappointed that by default it allows anything out bound. The inbound is pretty good. I just can't figure out how to change the out bound though. However, that is a question for a different post.
McKnifeCommented:
We have both told you, that your concept is about the best you can do.
JeffBeallAuthor Commented:
thank you for your thoughts.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.