Best of Technical Support

Our experts answer your technical questions.

I would like to know what can be said about viruses in a Linux system which is installed on the same hard disk as Win95. For example, what can happen if a virus infects the MBR sector (where resides LILO) or if I mount an infected MS-DOS formatted diskette?

—Troha Donato

Leaving out the usual statements about Unix systems being immune to standard virus attacks, this is an important point most people should consider, since many people who run Linux on personal computers (as opposed to servers) also run Win95 or some other operating system. You should be safe from a mounted floppy, but be warned that you can get some very odd effects reading such a disk, such as strange directory entries.

There are several scenarios, from boot sector infection to random pot shots some viruses are known to take. Unlike the DOS file systems, which concentrate their layout information into one or two dense tables, Linux spreads these across the disk. Random potshots are much more likely to wipe out vital structures on a Linux disk than they are on a DOS disk (assuming the virus ran from a booted DOS system).

Safety first, as always. When in Unix, don't use the root user account unless you need to. Create a normal user account in which to do your work. When in DOS, scan—scan—scan.

—Chad Robinson, BRT Technologies Senior System Analyst

Chances are that if your system becomes infected with a boot sector virus, LILO will no longer work. The best defense against this situation is to keep an emergency boot floppy handy. I generally create them using the command dd if=/vmlinuz of=/dev/fd0. You will want to write-protect it of course. After booting from floppy, simply re-run LILO. Assuming you have LILO configured to use the system MBR, it will overwrite the virus.

The Linux operating system itself is not very vulnerable to MS-DOS-style viruses. All of the common ones depend on being in a DOS/Windows environment. They do not know how to cope with Linux and do not function.

—Keith Stevenson

Memory Allocation

I have been working with the Linux system for almost two years. My problem is memory allocation. The kernel (2.xx) does not reclaim memory after things such as X sessions are perfomed. I am constantly rebooting the machine (shutdown -r now) in order to gain sufficient memory for multiple operations. Is there an executable that can be run which will free all possible memory that current kernel processes are not using?

If the answer is no, then how can one use Linux as an httpd server that takes a lot of hits per day? The system would almost always be short of memory to be able to quickly service, multiple httpd server and other processes. In short, I am somewhat disappointed in the way Linux handles memory reclamation. Is it that the X Server and applications are simply “poorly written” and do not free memory upon exit?

—George R. Boyko

There are no memory leakages in Linux 2.0; there may be some in the 2.1 kernel series, but those versions are only beta-releases aimed specifically at developers. It's true, on the other hand, that the amount of free memory reported by a running Linux system is always tiny. This is a feature rather than a bug; free memory is just wasted, and Linux tries to avoid any waste by keeping disk buffers and page caches in an otherwise waste-free memory.

It's the kernel which releases any process resources upon exit. You don't want your students to lock memory by not calling free, do you? As a matter of fact, many one-shot programs are “poorly written” and rely on the system to close files and release memory.

—Alessandro Rubini

Memory management is one of the things I really like about Linux. I find it to be much more efficient than a certain popular commercial OS.

I have several Linux systems, all with 64MB of installed RAM. I use xosview to monitor things like CPU activity and memory utilization. These machines function as ftp servers, web servers and multi-user workstations. According to xosview, the memory utilization is consistently above 90% even when the machine is lightly loaded. This isn't a problem. It simply means that there is a lot of stuff cached in memory. The real indicator of whether or not you have enough RAM in your system is swap space utilization. This can be monitored with xosview or with the command vmstat. If you are swapping to disk often, you probably need to add more RAM to the system. If not, then things are probably okay. My 64MB systems almost never swap out to disk, and they have excellent response time despite the fact that 90% or more of their RAM is marked as being “in use”.

—Keith Stevenson