John Wilson wrote:
<------------- snip ------------>
Now, Linux, in common with almost all POSIX compliant software also has an administrators account and you can, if you want to, set up as insecure a system as any old Windows box. Responsible Linux distributions will insist that you have at least one regular user as well as root and will boot you in as that.John,
Now it's possible for a virus to be written for Linux and it's been done. But, unlike the Windows situation, there is absolutely nothing that can be done in user space that overlaps with or conflicts with the root/system space. In short, a virus cannot propagate itself. Oh, it can mess up the user's home in short order but not the machine itself. Spyware can find out everything it wants about you but nothing at all about the root or any other user on the box.
Nasties do exist for Linux but they are much further and fewer between than the almost daily attacks on Windows. And they are, in general, far easier to defend against.
Also, it often takes less than 24 hours for a package to be fixed after a vulnerability is found, often before it's exploited, and the fix sent out. Compare that to the rather cavalier attitude of Micosoft to such things.
ttfn
John
I think you did a great job of summing it up. But one thing I have never seen talked about as a way to get a virus into a Linux system is to include it in an RPM. Lets face it, how many people actualy check the scripts that are run when an rpm is installed? Do you check that it is signed properly? (I know urpmi will check, but I also remember problem with package signitures talked about on the lists...) Remember, almost all RPMs are installed by root, so any scripts an RPM runs are also run by root. And all that is needed is to hack an update mirror site to infect a large number of machines...
Mikkel --
Do not meddle in the affairs of dragons, for you are crunchy and taste good with Ketchup!
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
