On Fri, 2007-06-15 at 06:32 -0700, UNIX admin wrote: > 1. SPARC (and nowdays AMD and intel) processors support a so-called "no > execution stack" bit, and this bit is set to 1 by default; > what that means is, you can't execute any malicious code that you put on the > stack, the hardware won't allow it
... Which shouldn't be oversold as a barrier. There are tricks (some fairly trivial) to bypass that protection. Also, the separation of priviledge shouldn't be overestimated, either. Small hacks are usually leveraged into something more serious, after all. The best way I've seen it put is: "If someone can run code on your computer without your consent, it isn't your computer anymore". Now, I'm not saying (Open)Solaris needs an antivirus or that TEH HAXXORZ are readying a flood of viruses to unleash once it gets any worthwhile marketshare. As someone said, antivirus products are by nature reactive. They try to protect the user from themselves. The various Unixes have always been proactive about such security. Antivirus programs are the parent chasing the kid around, taking the bottle of Ex-Lax away before he eats it and saying, "Oh no, don't do that." Unix security is a lock on the medicine cabinet, and if the kid tries to get into it anyway it grabs him by the scruff of the neck and sticks him in the Time Out Chair. :) _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
