Re: Antivirus stuff

Thu, 7 May 1998 12:50:03 -0400 

Hi Shawn,

> >The worst thing a 'macro virus', for example, could do is remove your own
> >files..
> 
> Or any files you have "write" access to.
> 
> Which doesn't seem like a problem if you protect ALL system binaries against
> writing without being root, but then you have to remember:
> 
> 1) If you don't get them ALL, you're vulnerable, and it's a pain to get them
> ALL.
> 
> 2) Your dot files are vulnerable, and they could be manipulated to make you
> run something when you're root.
> 
> Think about this scenario:
> 
> Virus runs.  You're not root.  It adds an alias to your shell settings
> files, making "ls" run an infected program that, if you're not root, just
> runs the regular "ls" with your chosen parameters.
> 
> Then you su to root, and run ls again.  Boom, Mr. Virus wakes up and infects
> stuff.
> 

ehmm... do you still use the "su" command without the
trailing minus?
(like in "su -")... then find the man page for su! 

> Maybe it infects /bin/sh...
> 
> Unix viruses take more thought and coding skill than Dos ones, but they're
> quite possible.  Considering the robust virtual memory and multitasking on
> Unix systems, you can make them quite large and complex and still have them
> work without arousing suspicion.
> 

well, with un*x we've better defenses than poor dos!

hope this helps 

ciao fede

> --
>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>          To unsubscribe: mail [EMAIL PROTECTED] with
>                        "unsubscribe" as the Subject.

-- 

Semper Voster

--------------------------------------------
|                                          |
| [EMAIL PROTECTED]                           |
|                                          |
| Via W. Tobagi, 21                        |
| 20143 Milano - Italy                     |
|                                          |
| Phone: +39/2/89.12.65.76                 |
|                                          |
| Member of the Linux Community :-)        |
| Microsoft's just a rebooting Infinity... |
|                                          |
--------------------------------------------



-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to