I've been watching how this thread progressed. I've noticed two pieces of FUD that keep appearing.
1. The assumption that a virus writer wouldn't know that he/she needs to be root to do real damage and that he/she won't do just that. Don't give yourself a sense of false security here. All they need to do is have a line appended to Passwd and shadow (yes even MD5 is vulnerable here, all it takes is some math.) and they have a new user that has UID 0 and they don't even need to be root. Remember they are in your box. Harden it all you want to the outside. Your vulnerability is when they are inside. (Oh and we did this recently to a Linux box that the user had forgotten the root password on. For reasons it couldn't be shut down. If we had it would never boot again. Didn't have a spare to mount the disk on. So I used a friends tool to append a new user to passwd and poof root2 was now UID 0. ) 2. That backups cure all ills. True if I have a desktop. That never moves, and I have hard copy backups disassociated from my LAN (Tape CD-Rom etc.) is guaranteed to be free of the virus, and that the virus lives in user land where it can be found. A backup is useful. What if the virus lives in the MBR? MBR's are usually written to during an install, but not wiped and written over. (Don't ask me how I know this is a great place to put a virus .... just trust me.) What if the virus infected your box 2 months ago and is just now activating? How far back do I go in backups? If it was just the OS I wouldn't care. OS's can be recreated in a reasonable amount of time. DATA is the key. If I just restore from a backup ..... how much do I lose? When did I get the virus? Do I lose a week a month a year of data? (get Chernobyl the day after the anniversary it will wait a year to activate.) Backups although a great Idea are a false sense of security. Not to mention that since my backup is currently about 12gigs of data. It takes me about 8 hours to restore. (It has to move over a LAN as the tape is on another box and yes.... 13 of them. Let's see at 150 bucks an hour consulting rate I'm losing 1200 dollars just in time spent restoring. (can't do work till I get the data back.) Then if I'm on the road with my laptop and a virus activates.... how do I restore? The presentation before the customer is in 3 hours. My box just went sideways because of a virus. (caught it when I connected to the LAN at the last customers office. They run windows and this is a dual affect virus.) I'm in Philly and my backup is in Memphis.... Move several gigs of data over a hotel phone line? Yeah right.... The only answer is to realize that Linux is vulnerable. It's just not as popular an OS for script kiddies and the script kiddie tool writer to use. Remember folks the first worm was a Unix worm. The first Virus I know of ran on HoneyWell Main Frames. And it wasn't networked. They didn't read e-mail on it, and all someone did was load a data tape received from our best customer. (actually it took 3 tapes. Loaded weeks apart each one contained, unknown to the customer, a piece of the virus stored in the leftover space in partically used data blocks so that we couldn't see a size change from what was expected. When part 3 came in it looked for 1 and 2 and re-assembled itself.) I apologize a little bit here. Didn't want to shake the tree and start a war. But I do care enough about fscking the "blackhats" that the occasional wake up call for those of us who respect each other, and their data (which is a lot of why we use Linux/BSD et al), is needed. My wife just got a virus sent to her that had already been through at least 3 other anti-virus programs. (My MailScanner caught it so no harm to me.) We don't need a patch gentlemen we need a plan. James On Sun, 2 Jun 2002 21:45:54 -0400 tarvid <[EMAIL PROTECTED]> wrote: > I once had a conversation with a software engineer from a major > anti-virus company and he said "Of the 50,000 viruses we scan for only > 800 have ever infected anybody in the wild". > > The story is self serving FUD.. I know - I use the same tactic myself. > > The first question I ask computer users who persist in making stupid > mistakes and assumptions is "Do you have the box your computer came > in?" > > You know the response to "Yes". > > As for the user who doesn't back up his data, he will someday > experience a valuable object lesson. > > Let's solve the problems with msec and abondon the trolls. > > Jim Tarvid > > On Sunday 02 June 2002 09:33 pm, you wrote: > > I must make the point that whilst Linux does restrict what a virus > > can do, if I lose my home dir it will take me a lot of time to > > restore from backup and get back to where I was. Yes, you wont lose > > the system, but very inconvenient non the less! > > > > Mandrake is aiming at the desktop, and the less experianced user so > > avenues to infect using social engineering (imagine this virus set > > up like the Anna Korn... virus? Yes its hard to execute stuff > > unintentionally under Linux, but with a combination of inexperiance > > and misconfiguration, I am sure more than one person will mangage it > > ... > > > > And people VERY often will execute cute files sent to them by > > relatives under windows - what is to stop them doing the same under > > Linux. My fear is that this is a baby step down this path ... > > > > BillK > > > > On Mon, 2002-06-03 at 08:58, Joseph Braddock wrote: > > > The difference is that Linux restricts access by default, Windows > > > grants it. It is true, that some (many) people login as root for > > > convenience, and they could also install everything (although > > > Mandrake at least questions starting some services automatically, > > > if you do select them all). But, even so, it is still much more > > > difficult to inflict a virus on Linux than on Windows. It is a > > > user's responsibility to install security updates and many > > > distributions make it relatively easy and painless. Again, as > > > contrasted with Windows, when Microsoft actually admits a security > > > problem (usually after someone else has gone public with it), > > > their patches create more vulnerabilities. Hardly a good example. > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com