stephen, i'd agree that a truly secure environment would prevent unknown programs from running, but a virus doesn't necessarily need root privs. if i can write a shell script that runs as a user, that can wipe my user files, send mail with attachments, create a dotfile and a user cron job to run it, then so can a virus writer, all that is required is that i be tricked into downloading the file/saving the attachment, making it executable and then running it, of course that involves a lot of social engineering compared to simply relying on a broken email client to do all that for you, but, let me say that again, but, in a world where every one switches to linux from windows there will be an awful lot of users on whom such social engineering will work. you and i, and probably most everyone on this list at this moment in time are, almost by definition, the kind of people who like to know more than just how to click a mouse button, folk who like to learn about our machines, in doing so we will inevitably pick up skills of net hygiene, if not by deliberate learning then by a form of osmosis, surrounded by a culture of people who truly 'know better'. one day that previous paragraph may no longer be true. that is why a lot of old hands in the linux/bsd/unix world will seem to be anal about things like md5sums, pgp sigs on mails etc. not because they all move in a harsh 'cracker eat hacker' world (though some do), but because they can see the future, or at least one possible iteration of it, and getting those habits down now, before they become necessary, can't hurt any :)
bascule On Monday 26 Jul 2004 8:05 pm, Stephen KÃhn wrote: > The simple fact of the matter is that a virus cannot run in a secure > environment; you have to have root privileges in order to do so; hence > an attack on a linux box is generally from outside, and not inside - > unless someone was successful at running a rootkit on the machine in > question. -- - "What're quantum mechanics?" - "I don't know. People who repair quantums, I suppose." (Eric)
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
