On Tue, 27 Jul 2004 17:44:43 +0800, frankieh <[EMAIL PROTECTED]> wrote: > bascule wrote: > > On Monday 26 Jul 2004 8:05 pm, Stephen Kühn wrote: > > > >>The simple fact of the matter is that a virus cannot run in a secure > >>environment; you have to have root privileges in order to do so; hence > >>an attack on a linux box is generally from outside, and not inside - > >>unless someone was successful at running a rootkit on the machine in > >>question. > > I can see it now, > > Your accout has been temporairily disabled due to security issues. > please save this file somewhere, then open a terminal and type > unzip xxxx.zip > > followed by: > chmod 755 xxxx.zip > > then type: > ../xxxx.sh > > when nothing noticable happens, please ignore it and go back to what you > where doing. > If you want to see the issues from roots perspective, then please type: > su - before ./xxxx.sh > > (it would be difficult to create a method of GUI usage that would work > across kde/gnome/icewm/etc and all versions thereof. > and all mail clients and so on and so on.... but the command line would > work everywhere... > > so what would happen? well one of two things, a method like the above, > or a much bigger virus that has logic to work out what window manager > and apps are in place that can respond appropraitly to that widow > manager type and version and the installed apps. > or something via shell, > > on the upside, clamav is totally GPL, so it won't be long till it's > installed by default, and that will happen long before linux starts > needing it. > > -- > rgds > > Frank Hauptle (aka Franki) > http://htmlfixit.com
I apologize if I cover points already made, I am new to the list, so please forgive me if that happens. I have been arguing these points elsewhere for a long time and looking at the problems with creating viruses for Linux. It would be easy to destroy a users data with just a little social engineering, but the problem with writing something to escalate priveleges and actually do harm to the system itself becomes much more complicated and would affect a limited number of systems for each iteration of the virus. This is due to all the different kernel versions, gcc versions, etc. Crackers tend to be the lazy sort and only exploit something easy (unless they are after something specific) so writing viruses for Linux wouldn't get them the same satisfaction as it does for Windows at the very core of things. When we saw slapper exploit ssl it was easy, because pretty much ever version of SSL had the same vulnerabilities. I saw this firsthand working for a webhosting provider, we got slammed by slapper as did a lot of other companies. But with kernel exploits and the like, we usually only saw those when someone targetted the systems. We occasionally had script kiddies scan subnets and take gain access to a few boxes that way, but it was very rare. Based on the observations of how things got cracked and the way the slapper worm did it's work, I came to the conclusion that I had been wrong about Linux viruses. I originally thought we would see as many as there are for Windows if the unwashed masses started using Linux, working at a large hosting provider really changed my mind. Of course we will see a growth in viruses, but the level of viruses on Windows is directly related to the security problems in the OS itself, conversely when Linux becomes more prevalent we will see more virus type activity, but it's not possible for there to be near as much. The other problem is simply one of educating new users as they start to move away from Windows. If we don't do this we will have people running as root all the time just like 'doze users run as administrator all the time. We need to come up with a solution for software installation, one that windows doesn't have and one that Linux is currently lacking. Sure most of us could install anything we want into our user space via the shell by simply changing the ./configure options, but my mom couldn't. I don't know of any distro that does this, but a user space rpm would be a nice solution. The main rpm command would be chrooted to the user space, this way in a home environmant the users rarely if ever have to login as root except to do os updates. Sort of a "Mandrake Home Version" or some such, really aimed at protecting the users from themselves. XP Home fell flat on it's face with the all or nothing security options, and it wouldn't take much to develop this sort of installer for the home users. The other issue is the one that originally drew me to open source, and that is choice. With everyone using different e-mail clients it becomes harder to get viruses to propogate. In a "home" version the defualt install could drop pine, sendmail, et al and not leave a real way to propogate via e-mail from a simple script delivered via e-mail. I could send something all day long designed to send via Thunderbird to a friend using Sylpheed and accomplish nothing, this then goes back to the laziness issue. It's just not fun to write viruses for Linux, you could rarely damage enough to make the news or get any recognition. I have rambled enough now and probably made very little sense. Thanks for bearing with me. flesh99
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
