-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 31 Aug 2004 16:50:09 +0200, Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> wrote: > --nextPart1758276.ghG6qVoQ34 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > Content-Disposition: inline > > On Tuesday 31 August 2004 13.30, Volker Tanger wrote: > > [spyware/adware/trojans/...:] > >> Yes and no. When surfing as normal user *ware programs cannot install >> themselves as system services or overwrite programs simply as you/they >> do not have the (file) permissions to do so. > > Technically, for most purposes, malware installing itself into an > unprivileged user account and automatically starting itself through > ~/.bashrc or whatever is entirely possible, especially since most malware > these days seems to be used only as a base for DDOS attacks (including > sending spam), so no special privileges are necessary here. (And KDE and > Gnome are currently catching up nicely in the number of little useful (?) > daemons that are started on a desktop machine.) >
There is no click the attachement and install the malware without your knowing it, in Linux. Could someone write a trojan that would do this? yes, is Linux vulnerable to "click the nudie pic and install the malware"? no, not in any way as bad as MS-Windows. IIRC, there was one bug in the libjpeg package a while back, which might allow this, but none of the broad vulnerabilities caused by bad design decisions in MS-Windows (free clue to MS, stop equating open, with execute. ) > Windows currently having >90% of the desktop market protects Linux and > other systems currently: malware could not propagate fast enough. > Also, most email clients don't offer to execute arbitrary email > attachments. OTOH, I wouldn't trust the Javascript implementations in > the Linux browsers any more than I trust the Javascript implementation > of IE. Except that the js implementation in Mozilla and the rest of the OSS browsers, is open, and subject to review. IE's isn't. > > Another thing that protects Linux systems: heterogenity. Binary > exploits usually only work properly when a program is compiled and > linked with specific compiler and library versions -- with different > versions, all you= > yes, one of the flaws of the MS way, is the monoculture it engenders. > get is a crash (which does no real harm in most cases). I think there > are far more different Linux versions out there than there are Windows > versions, so I *think* that even with Linux becoming a more attractive > target, you'll never get a single malware spreading with a speed > comparable to what's happening in Windows today. > Agreed, Linux isn't invulnerable, simply a lot less vulnerable in design, and even less vulnerable in practice. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBNMYyd90bcYOAWPYRAkcAAKCFSjteu8jzIQ8p6WBEyjj9rLrGFwCcDeif 2tgU+C13PsqjSmD/oQM5PWg= =z/NY -----END PGP SIGNATURE----- -- Jim Richardson http://www.eskimo.com/~warlock If you think you can tell me what to think, I think I will tell you where to go -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]