On Mon, 2 Feb 2004, at 1:45pm, [EMAIL PROTECTED] wrote: >>> This is going to happen; it is only a question of when. > > Although I (think I) get Ben's general point it seems to me that there > haven't yet been enough VPLs ported to Linux to facilitate the > creation/spread of any truly virulent malware.
Well, it depends on how you define "truly virulent". MyDoom is not a virus; it is a simple worm. It does not exploit any exposures in particular software (such as Microsoft Outlook); it depends entirely on the user (1) saving the attached ZIP file, (2) extracting said ZIP file, and (3) running the extracted executable. Even on a very "open" system, this would still require several mouse clicks. Point being: The security flaws being attacked by MyDoom are in humans, not in software. Blaming a "Virus Propagation Language" is really not accurate. > Isn't it true that most of the malware that's plaguing the Net either > relies heavily on all the mis-features (like automatic blind execution of > content) added to the various Microsoft applications in the name of > "convenience" ... Actually, no. While there certainly is malware in the wild that does target specific exposures like that, a good deal does not. MyDoom depends entirely on user stupidity. Blaster attacked a buffer overflow (FOSS is hardly immune to those). Ditto Slammer. There really isn't anything inherently worse or better about Microsoft vs FOSS in these. While I believe FOSS *does* have advantages over Microsoft in the security area, none of the recent major malware has attacked anything where those advantages mattered. Your typical malware of late does one or more of the following: (1) Exploits user stupidity, such as a social engineering attack to get the user to run the malware ("Trojan horse" distribution). (2) Exploits coding errors (like buffer overflows -- not design flaws like Outlook) to inject new program code into a system. (3) Exploits poor security defenses (such as no firewall, weak or empty passwords, etc.). (4) Exploits unnecessary privileges held by users (e.g., users who do everything with "Administrator" or "root" rights). All of those are equally possible under Linux. Your average Linux system, today, is less vulnerable to these attacks, but that is because your average Linux system operator is smart enough to defend against them. > ... or else they exploit vulnerabilites on a scale that's only possible as > a result of the Microsoft monoculture? As I said, I'm pretty sure that Unix shell script would be pretty portable. Do a global-replace of Microsoft Windows with any recent Linux or BSD distribution, and I'm fairly sure the MyDoom-for-Linux worm would work just as well as the MyDoom-for-Windows worm did. > I think there's still too much variablity in the non-Microsoft parts of > the world to make feasible the construction of malware. That makes a difference for attacking things like buffer overflow attacks (although the Lion worm, which attacked a specific release of Red Hat Linux, didn't have much trouble finding vulnerable machines). However, for anything that relies on "Trojan horse" distribution (which includes classic "worm" and "virus" malware), using a script language like Perl, Python, or even the Unix shell, should be fairly portable. > ... we don't yet have sufficient infrastructure for any virulent examples. I think the biggest thing going for Linux right now is that the average Linux system tends to be a lot better managed then the average Microsoft system. Linux doesn't have the hordes of clueless that Microsoft does. That means a Linux system is more likely to be behind a firewall, kept current with updates, used with an unprivileged accounts for "user" tasks, and so on. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss