-----Original Message-----
From: Dave Wreski <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, May 06, 1998 11:53 PM
Subject: Re: Antivirus stuff
>The worst thing a 'macro virus', for example, could do is remove your own
>files..
Or any files you have "write" access to.
Which doesn't seem like a problem if you protect ALL system binaries against
writing without being root, but then you have to remember:
1) If you don't get them ALL, you're vulnerable, and it's a pain to get them
ALL.
2) Your dot files are vulnerable, and they could be manipulated to make you
run something when you're root.
Think about this scenario:
Virus runs. You're not root. It adds an alias to your shell settings
files, making "ls" run an infected program that, if you're not root, just
runs the regular "ls" with your chosen parameters.
Then you su to root, and run ls again. Boom, Mr. Virus wakes up and infects
stuff.
Maybe it infects /bin/sh...
Unix viruses take more thought and coding skill than Dos ones, but they're
quite possible. Considering the robust virtual memory and multitasking on
Unix systems, you can make them quite large and complex and still have them
work without arousing suspicion.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
