Re: [expert] A Linux Virus on the loose.
James wrote: On Thu, 6 Jun 2002 23:16:08 -0400 Reminds me of a computer controlled security system. 50 cameras 5 monitors switching to 10 a piece, plus a normal monitor, all controlled by one box running an i386 Unix. The security guard was getting bored at night so he wanted to play games. The ones he had wouldn't run on, as he put it, the version of DOS on this box. So he brought in his own DOS disks to install the newest version Alarms go off, the security system is down. and one lone guard is sitting there playing defender on the center monitor. and yes this did happen. James grin that must have been back in the days before they had locks on the front of the case so's you couldn't get to the drives. Idiot proof and all that. Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
Yep LOOONG before. actually the solution was to remove all floppy drives and carry one in our kit for service calls. (The CFO loved it when I showed him how we could save 200 bucks per box + give everyone a portable Floppy at no extra cost.) James On Mon, 10 Jun 2002 07:19:15 -0400 daRcmaTTeR [EMAIL PROTECTED] wrote: James wrote: On Thu, 6 Jun 2002 23:16:08 -0400 Reminds me of a computer controlled security system. 50 cameras 5 monitors switching to 10 a piece, plus a normal monitor, all controlled by one box running an i386 Unix. The security guard was getting bored at night so he wanted to play games. The ones he had wouldn't run on, as he put it, the version of DOS on this box. So he brought in his own DOS disks to install the newest version Alarms go off, the security system is down. and one lone guard is sitting there playing defender on the center monitor. and yes this did happen. James grin that must have been back in the days before they had locks on the front of the case so's you couldn't get to the drives. Idiot proof and all that. Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Thu, 6 Jun 2002 23:16:08 -0400 D. Olson [EMAIL PROTECTED] wrote: On Thursday 06 June 2002 07:54 pm, you wrote: On Mon, 2002-06-03 at 18:22, Praedor Tempus wrote: This might actually be a useful tool for use when you forget your root password...and perhaps the procedure would suggest a fix to prevent it? In case this might happen to you a better idea would be to write the password down on a piece of paper and put that paper in some safe place. IMHO this is a lot better idea than hacking into your system because you locked the car with the keys in... Besides, that's the point of security - so you won't be able to do that. If this was referring to the boot-disk and restore the password that way, then the argument is stupid, because if someone gets physical access to your computer, what is stopping them from just reformatting your computer and putting Windows on it instead? Or forget that, just take the computer and sell it or whatever. Reminds me of a computer controlled security system. 50 cameras 5 monitors switching to 10 a piece, plus a normal monitor, all controlled by one box running an i386 Unix. The security guard was getting bored at night so he wanted to play games. The ones he had wouldn't run on, as he put it, the version of DOS on this box. So he brought in his own DOS disks to install the newest version Alarms go off, the security system is down. and one lone guard is sitting there playing defender on the center monitor. and yes this did happen. James However, if you are referring to something else, ignore that/ :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Mon, 2002-06-03 at 18:22, Praedor Tempus wrote: This might actually be a useful tool for use when you forget your root password...and perhaps the procedure would suggest a fix to prevent it? In case this might happen to you a better idea would be to write the password down on a piece of paper and put that paper in some safe place. IMHO this is a lot better idea than hacking into your system because you locked the car with the keys in... Besides, that's the point of security - so you won't be able to do that. signature.asc Description: This is a digitally signed message part
Re: [expert] A Linux Virus on the loose.
On Thursday 06 June 2002 07:54 pm, you wrote: On Mon, 2002-06-03 at 18:22, Praedor Tempus wrote: This might actually be a useful tool for use when you forget your root password...and perhaps the procedure would suggest a fix to prevent it? In case this might happen to you a better idea would be to write the password down on a piece of paper and put that paper in some safe place. IMHO this is a lot better idea than hacking into your system because you locked the car with the keys in... Besides, that's the point of security - so you won't be able to do that. yea, but do me a favor, tape it under the keyboard. (worked for Kevin Mitnick As I recall) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Thursday 06 June 2002 07:54 pm, you wrote: On Mon, 2002-06-03 at 18:22, Praedor Tempus wrote: This might actually be a useful tool for use when you forget your root password...and perhaps the procedure would suggest a fix to prevent it? In case this might happen to you a better idea would be to write the password down on a piece of paper and put that paper in some safe place. IMHO this is a lot better idea than hacking into your system because you locked the car with the keys in... Besides, that's the point of security - so you won't be able to do that. If this was referring to the boot-disk and restore the password that way, then the argument is stupid, because if someone gets physical access to your computer, what is stopping them from just reformatting your computer and putting Windows on it instead? Or forget that, just take the computer and sell it or whatever. However, if you are referring to something else, ignore that/ :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 10:18 am, [EMAIL PROTECTED] wrote: On Mon, 3 Jun 2002, Praedor Tempus wrote: Well? Pray-tell, how does one go about appending a new user to Passwd with UID 0? Altering Passwd should itself require root priviledges - I cannot even get in to single user mode to do damage without my root passwd. I haven't had to do it for a long time, but I believe this is also true when booting up with a CD and doing rescue. Nonetheless, I would love to know how one could do as you describe. Fill us in please. You don't need root access to be able to mount a filesystem with r/w privs. With a rescue disk the hard drive can be mounted with: mkdir /hd2 mount /dev/hda2 /dev/hd2 At this point you could cd to /hd2/etc then edit the passwd file directly. Yeah, ok, but what about the actual password? I just took a look at my /etc/passwd file and naturally saw nothing. The passwords are stored in my /etc/shadow file, which is encrypted. You may be able to simply append someone to /etc/passwd but what about giving that someone a password? It wouldn't be trivial to create a password to be appended to the shadow file. I believe you'd need to know the random seed, etc, to create the appropriate encrypted version of the desired password for this new UID 0 user. praedor Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Mon, 3 Jun 2002, Praedor Tempus wrote: Yeah, ok, but what about the actual password? I just took a look at my /etc/passwd file and naturally saw nothing. The passwords are stored in my /etc/shadow file, which is encrypted. You may be able to simply append someone to /etc/passwd but what about giving that someone a password? It wouldn't be trivial to create a password to be appended to the shadow file. I believe you'd need to know the random seed, etc, to create the appropriate encrypted version of the desired password for this new UID 0 user. The passwd file (or shadow file for that matter), is encrypted using a standard crypt function. You don't need the original root password to append entries to the shadow file once you have access to the filesystem. In perl you could use the crypt-passwd module. In c there's a crypt function to which you pass the salt and the passwd to encrypt. I.e., the passwd is one that you provide. crypt() will return the hash. You could also create the hash on another machine and cut and paste it if you don't want to go through the trouble. If you don't want to do this, once you have the passwd hash you can even try brute-forcing the password. But this would be unnecessary if all you wanted was root or a login ID. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
I've been watching how this thread progressed. I've noticed two pieces of FUD that keep appearing. 1. The assumption that a virus writer wouldn't know that he/she needs to be root to do real damage and that he/she won't do just that. Don't give yourself a sense of false security here. All they need to do is have a line appended to Passwd and shadow (yes even MD5 is vulnerable here, all it takes is some math.) and they have a new user that has UID 0 and they don't even need to be root. Remember they are in your box. Harden it all you want to the outside. Your vulnerability is when they are inside. (Oh and we did this recently to a Linux box that the user had forgotten the root password on. For reasons it couldn't be shut down. If we had it would never boot again. Didn't have a spare to mount the disk on. So I used a friends tool to append a new user to passwd and poof root2 was now UID 0. ) 2. That backups cure all ills. True if I have a desktop. That never moves, and I have hard copy backups disassociated from my LAN (Tape CD-Rom etc.) is guaranteed to be free of the virus, and that the virus lives in user land where it can be found. A backup is useful. What if the virus lives in the MBR? MBR's are usually written to during an install, but not wiped and written over. (Don't ask me how I know this is a great place to put a virus just trust me.) What if the virus infected your box 2 months ago and is just now activating? How far back do I go in backups? If it was just the OS I wouldn't care. OS's can be recreated in a reasonable amount of time. DATA is the key. If I just restore from a backup . how much do I lose? When did I get the virus? Do I lose a week a month a year of data? (get Chernobyl the day after the anniversary it will wait a year to activate.) Backups although a great Idea are a false sense of security. Not to mention that since my backup is currently about 12gigs of data. It takes me about 8 hours to restore. (It has to move over a LAN as the tape is on another box and yes 13 of them. Let's see at 150 bucks an hour consulting rate I'm losing 1200 dollars just in time spent restoring. (can't do work till I get the data back.) Then if I'm on the road with my laptop and a virus activates how do I restore? The presentation before the customer is in 3 hours. My box just went sideways because of a virus. (caught it when I connected to the LAN at the last customers office. They run windows and this is a dual affect virus.) I'm in Philly and my backup is in Memphis Move several gigs of data over a hotel phone line? Yeah right The only answer is to realize that Linux is vulnerable. It's just not as popular an OS for script kiddies and the script kiddie tool writer to use. Remember folks the first worm was a Unix worm. The first Virus I know of ran on HoneyWell Main Frames. And it wasn't networked. They didn't read e-mail on it, and all someone did was load a data tape received from our best customer. (actually it took 3 tapes. Loaded weeks apart each one contained, unknown to the customer, a piece of the virus stored in the leftover space in partically used data blocks so that we couldn't see a size change from what was expected. When part 3 came in it looked for 1 and 2 and re-assembled itself.) I apologize a little bit here. Didn't want to shake the tree and start a war. But I do care enough about fscking the blackhats that the occasional wake up call for those of us who respect each other, and their data (which is a lot of why we use Linux/BSD et al), is needed. My wife just got a virus sent to her that had already been through at least 3 other anti-virus programs. (My MailScanner caught it so no harm to me.) We don't need a patch gentlemen we need a plan. James On Sun, 2 Jun 2002 21:45:54 -0400 tarvid [EMAIL PROTECTED] wrote: I once had a conversation with a software engineer from a major anti-virus company and he said Of the 50,000 viruses we scan for only 800 have ever infected anybody in the wild. The story is self serving FUD.. I know - I use the same tactic myself. The first question I ask computer users who persist in making stupid mistakes and assumptions is Do you have the box your computer came in? You know the response to Yes. As for the user who doesn't back up his data, he will someday experience a valuable object lesson. Let's solve the problems with msec and abondon the trolls. Jim Tarvid On Sunday 02 June 2002 09:33 pm, you wrote: I must make the point that whilst Linux does restrict what a virus can do, if I lose my home dir it will take me a lot of time to restore from backup and get back to where I was. Yes, you wont lose the system, but very inconvenient non the less! Mandrake is aiming at the desktop, and the less experianced user so avenues to infect using social engineering (imagine this virus set up like the Anna Korn... virus? Yes its hard to
Re: [expert] A Linux Virus on the loose.
On Sun, 2 Jun 2002 23:38:05 -0700 James [EMAIL PROTECTED] wrote: I've been watching how this thread progressed. I've noticed two pieces of FUD that keep appearing. 1. The assumption that a virus writer wouldn't know that he/she needs to be root to do real damage and that he/she won't do just that. Don't give yourself a sense of false security here. All they need to do is have a line appended to Passwd and shadow (yes even MD5 is vulnerable here, all it takes is some math.) and they have a new user that has UID 0 and they don't even need to be root. Remember they are in your box. Harden it all you want to the outside. Your vulnerability is when they are inside. (Oh and we did this recently to a Linux box that the user had forgotten the root password on. For reasons it couldn't be shut down. If we had it would never boot again. Didn't have a spare to mount the disk on. So I used a friends tool to append a new user to passwd and poof root2 was now UID 0. ) ok ok but to have a line appended to Passwd and shadow don't you need to be root in the first place? 2. That backups cure all ills. True if I have a desktop. That never moves, and I have hard copy backups disassociated from my LAN (Tape CD-Rom etc.) is guaranteed to be free of the virus, and that the virus lives in user land where it can be found. A backup is useful. What if the virus lives in the MBR? MBR's are usually written to during an install, but not wiped and written over. (Don't ask me how I know this is a great place to put a virus just trust me.) What if the virus infected your box 2 months ago and is just now activating? How far back do I go in backups? If it was well, if you are REAL paranoid about MBR you can set a job on bootup to clean it up with simple fdisk/lilo commands... just the OS I wouldn't care. OS's can be recreated in a reasonable amount of time. DATA is the key. If I just restore from a backup . how much do I lose? When did I get the virus? Do I lose a week a month a year of data? (get Chernobyl the day after the anniversary it will wait a year to activate.) Backups although a great Idea are a false sense of security. Not to mention that since my backup is currently about 12gigs of data. It takes me about 8 hours to restore. (It has to move over a LAN as the tape is on another box and yes 13 of them. Let's see at 150 bucks an hour consulting rate I'm losing 1200 dollars just in time spent restoring. (can't do work till I get the data back.) Then if I'm on the road with my laptop and a virus activates how do I restore? The presentation before the customer is in 3 hours. My ...let's just call that a bad day. a REALLY bad day. almost a WINDOWS day. box just went sideways because of a virus. (caught it when I connected to the LAN at the last customers office. They run windows and this is a dual affect virus.) I'm in Philly and my backup is in Memphis Move several gigs of data over a hotel phone line? Yeah right The only answer is to realize that Linux is vulnerable. It's just not as popular an OS for script kiddies and the script kiddie tool writer to use. Remember folks the first worm was a Unix worm. The first Virus I know of ran on HoneyWell Main Frames. And it wasn't networked. They didn't read e-mail on it, and all someone did was load a data tape received from our best customer. (actually it took 3 tapes. Loaded nobody is saying viruses are impossible on Linux/Unix. it's simply harder to do it. not seeing it is being blind. to make a virus/worm that is equally effective in windows as in Linux, it takes 50 times more skill, time, knowledge, luck, and most of all you have to rely on VERY stupid people more than you can think of.. setting permissions is so simple. you don't even have to split it into to root or not to root problem. you can define groups so you can protect data by denying access and still not using the root account to do so.. weeks apart each one contained, unknown to the customer, a piece of the virus stored in the leftover space in partically used data blocks so that we couldn't see a size change from what was expected. When part 3 came in it looked for 1 and 2 and re-assembled itself.) I apologize a little bit here. Didn't want to shake the tree and start a war. But I do care enough about fscking the blackhats that the occasional wake up call for those of us who respect each other, and their data (which is a lot of why we use Linux/BSD et al), is needed. My wife just got a virus sent to her that had already been through at least 3 other anti-virus programs. (My MailScanner caught it so no harm to me.) We don't need a patch gentlemen we need a plan. uhm what do you mean we don't need a patch? it's obvious, on every OS the threat of losing data exists. but then, let's not put all the eggs in the same basket. MHO the Linux is safer for now
Re: [expert] A Linux Virus on the loose.
Raider wrote: On Sun, 2002-06-02 at 21:42, J. Craig Woods wrote: Sevatio, I couldn't agree with you more. This is the Great Secret that Micro$oft, Symantec, and many other big software companies, work so hard to keep secret. Just consider what they stand to lose, in revenue, if more people understood how Linux protects them against so many of the everyday exploits that MicroThrash is prone to. I read this over and over again. People saying - move to Linux, move to Linux. But have you ever thought that many of the Linux users run as root because they are too lazy to enter the root password when needed and complain about not having (now they have) an autologin option? Think a minute about all those guys who pretend to be admins and still run Apache 1.3.12 or whatever came with their old distribution even if the upgrade is painless and it takes less clicks than a Windoze install. If you don't believe me check the guys who run Win2k.. and see how many give the admin rights to their regular account... and this is not because of some weird setting, it is for installing and running apps... apps like virii and trojans. Now, sit tight, and think a minute about how much more vulnerable and how much more damage can a Linux box do compared with a Windoze Home Edition. I've seen over the time all the ports opened. And the firwall still requires some strong voodoo, at least this is how the majority thinks. With telnet and ftp active, with an exploit, and all the building tools installed a Linux in the hands of a script kiddy can really create some problems, far bigger than that mail overflow provoked by scripts like Melissa. Also keep in mind that while Windoze doesn't give you all the networking tools, while Windoze doesn't give you any development tool besides windoze scripting host (in case you can consider that a development tool), while Windoze has a typical install, Linux has install all. And with the nowadays hard drives, every moron can click on install all, because... after all... nobody teaches them what they need and what they have to have. Everybody says install that and that and that, than find whichever you like and eventually uninstall the others. That's about all I had to say. Raider Well, if we were to build it idiot proof, someone would build a better idiot. The linux virus is a danger to those who download binaries from dubious sites. and to all who run as root. Even with our poison red screen and autologin to a non-priveleged user, there are yahoos who will run as root. But then bliss, which came with its own disinfection kit, could also be loaded into a binary for those who never check. And think of the binaries NO ONE has the source to--these are potential security holes as well, from video drivers to linmodems of the PCTel flavor. But actually, I would rather take over an XP box than a linux one if I wanted to do some attacking. With a stolen VB and a little elbow grease and their full rawsockets stack, I could indetectably cook with uranium, and never worry that the user might detect the inadvertant fork bomb or a sudden sluggishness in his computer, and I wouldn't have to rootkit anything. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Sunday 02 June 2002 03:12 pm, you wrote: But there is the majority of real dumb ppl. I remember a case where a lady in USA won a liability case against a manufacturer of microwave ovens because the manual of the oven did not state explicitely that you must not put your cat in the oven for drying after a rainy day. She sucked millions of $$ from the manufacturer just because he did not be aware of dumb folks like her. I blame that on the damn lawyers who will take any case as long as there is money or notoriety AND the court systemany case that stupid that came before a judge should be dismissed and rejected out of hand (and all costs passed on to the idiot and their blood-sucking lawyer who brought the case). Sorry if there are any lawyers in the crowd - I just think there is way too much useless litigation in this country... ;-( -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Mon, 3 Jun 2002, darklord wrote: On Sunday 02 June 2002 03:12 pm, you wrote: But there is the majority of real dumb ppl. I remember a case where a lady in USA won a liability case against a manufacturer of microwave ovens because the manual of the oven did not state explicitely that you must not put your cat in the oven for drying after a rainy day. She sucked millions of $$ from the manufacturer just because he did not be aware of dumb folks like her. I blame that on the damn lawyers who will take any case as long as there is money or notoriety AND the court systemany case that stupid that came before a judge should be dismissed and rejected out of hand (and all costs passed on to the idiot and their blood-sucking lawyer who brought the case). Sorry if there are any lawyers in the crowd - I just think there is way too much useless litigation in this country... ;-( darklord, O whole-heartedly agree with you. there is WAY too much litigation in this country. I'd say as much as up to half is wasteful and useless garbage that should be thrown out never to be heard from again who's sole purpose is to suck cash from someone or some thing because they're just too damn lazy to earn a living like the rest of humanity. sorry...it's a bad Monday morning for sysadmins... :( -- Mark a.k.a. daRcmaTTeR -- If your wife told you NOT to do it there's probably a real good reason! - REGISTERED LINUX USER #186492 Penguinized since 1997 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 01:38 am, James wrote: I've been watching how this thread progressed. I've noticed two pieces of FUD that keep appearing. 1. The assumption that a virus writer wouldn't know that he/she needs to be root to do real damage and that he/she won't do just that. Don't give yourself a sense of false security here. All they need to do is have a line appended to Passwd and shadow (yes even MD5 is vulnerable here, all it takes is some math.) and they have a new user that has UID 0 and they don't even need to be root. Remember they are in your box. Harden it all you want to the outside. Your vulnerability is when they are inside. (Oh and we did this recently to a Linux box that the user [...] Well? Pray-tell, how does one go about appending a new user to Passwd with UID 0? Altering Passwd should itself require root priviledges - I cannot even get in to single user mode to do damage without my root passwd. I haven't had to do it for a long time, but I believe this is also true when booting up with a CD and doing rescue. Nonetheless, I would love to know how one could do as you describe. Fill us in please. praedor Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] A Linux Virus on the loose.
.On Monday 03 June 2002 01:38 am, James wrote: I've been watching how this thread progressed. I've noticed two pieces of FUD that keep appearing. 1. The assumption that a virus writer wouldn't know that he/she needs to be root to do real damage and that he/she won't do just that. Don't give yourself a sense of false security here. All they need to do is have a line appended to Passwd and shadow (yes even MD5 is vulnerable here, all it takes is some math.) and they have a new user that has UID 0 and they don't even need to be root. Remember they are in your box. Harden it all you want to the outside. Your vulnerability is when they are inside. (Oh and we did this recently to a Linux box that the user [...] Well? Pray-tell, how does one go about appending a new user to Passwd with UID 0? Altering Passwd should itself require root priviledges - I cannot even get in to single user mode to do damage without my root passwd. I haven't had to do it for a long time, but I believe this is also true when booting up with a CD and doing rescue. Nonetheless, I would love to know how one could do as you describe. Fill us in please. Just to put my .02 in on that. I'm not sure that a trick like that is something that should be broadcast on a public list. JMHO. Ric Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
Why not? If there is a security bug hidden somewhere it better be made public quickly, so somebody is going to fix it and somebody else is going to validate the fix. And, in the meantime, you will be aware of it and might decide to take some action. I don't think anybody wants a microsoft-style security model! regards, raffaele [EMAIL PROTECTED] wrote: Just to put my .02 in on that. I'm not sure that a trick like that is something that should be broadcast on a public list. JMHO. Ric Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
And this leads to the simple conclusion that if one has physical access to a computer, then security is largely out the window. Any clown could come in and bootup with a rescue disk (addressing the linux aspect) and do whatever to your drives. If they had the time, they could also bring in a set of linux distro disks and reinstall linux their way. The only way to prevent this is to turn off the booting from CD in bios and password protecting bios, but then, with physical access it is trivial to kill the bios password (just crack the case and remove the mobo battery for a minute - bios settings are back to default and accessible without a password). Thus, I see no harm at all in hearing the means one would use to create a UID 0 person, append them to passwd and create an appropriately formatted/encrypted shadow password for them in /etc/shadow. praedor On Monday 03 June 2002 10:24 am, David Relson wrote: At 11:00 AM 6/3/02, praedor wrote: Well? Pray-tell, how does one go about appending a new user to Passwd with UID 0? Altering Passwd should itself require root priviledges - I cannot even get in to single user mode to do damage without my root passwd. I haven't had to do it for a long time, but I believe this is also true when booting up with a CD and doing rescue. Correct about UID 0... The rescue CD I use gives me root privileges. It wouldn't be useful without them. At the very least I need to mount partitions so I can rescue my system. mount requires root privileges. Nonetheless, I would love to know how one could do as you describe. Fill us in please. I, too, am curious. David Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 10:29 am, D. Olson wrote: On Monday 03 June 2002 11:13 am, you wrote: Just to put my .02 in on that. I'm not sure that a trick like that is something that should be broadcast on a public list. Why not? Isn't that how things get fixed? For instance, if there is a big exploit in Mandrake's patchwork kernel, and no one tells anyone about it, then how will it get fixed? Seems to me all this hoopla over linux.Simile is just that, hoopla. When I saw the reports last Fri, first thing I did was Google 'linux elf virus'. I got back many links including http://www.viruslist.com/eng/viruslistfind.asp?findWhere=011findTxt=linux which shows (as I sort'a already knew) that there's been a dozen or more Linux viruses over the years 'on the loose'. How many have actually ever done any damage? ... or even been successful at infecting any systems? I concluded this latest report was nothin but hype. As Civileme said (my paraphase), don't run as root, and be aware that the closed source binary only apps and drivers you might use on a Linux system should be your greater concern. They do taint your kernel, Mandrake patched or not. -- Tom BrinkmanCorpus Christi, Texas Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 11:13 am, you wrote: Just to put my .02 in on that. I'm not sure that a trick like that is something that should be broadcast on a public list. Why not? Isn't that how things get fixed? For instance, if there is a big exploit in Mandrake's patchwork kernel, and no one tells anyone about it, then how will it get fixed? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 11:39 am, you wrote: And this leads to the simple conclusion that if one has physical access to a computer, then security is largely out the window. Any clown could come in and bootup with a rescue disk (addressing the linux aspect) and do whatever to your drives. If they had the time, they could also bring in a set of linux distro disks and reinstall linux their way. The only way to prevent this is to turn off the booting from CD in bios and password protecting bios, but then, with physical access it is trivial to kill the bios password (just crack the case and remove the mobo battery for a minute - bios settings are back to default and accessible without a password). Thus, I see no harm at all in hearing the means one would use to create a UID 0 person, append them to passwd and create an appropriately formatted/encrypted shadow password for them in /etc/shadow. praedor Hehehehe, I've got mine disabled in BIOS, and my case is hardware locked. Of course, if someone has access to my system, then they've already gotten into my home, and I'm sure - would not hesitate to use a hacksaw to cut their way into my case...but really - why? ;-) Wait! Its my MPEG of Tommy and Heather Locklear during their honeymoon, I'll just bet ;- -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
darklord wrote: On Monday 03 June 2002 11:39 am, you wrote: And this leads to the simple conclusion that if one has physical access to a computer, then security is largely out the window. Any clown could come in and bootup with a rescue disk (addressing the linux aspect) and do whatever to your drives. If they had the time, they could also bring in a set of linux distro disks and reinstall linux their way. The only way to prevent this is to turn off the booting from CD in bios and password protecting bios, but then, with physical access it is trivial to kill the bios password (just crack the case and remove the mobo battery for a minute - bios settings are back to default and accessible without a password). Unless your mobo flashroms the password; came across this and had to get tech support to explain that first you must remove the battery, THEN you must pull a jumper, then you must short out some pins on the BIOS chip where it is soldered to the boardlittle paranoid maybe? Thus, I see no harm at all in hearing the means one would use to create a UID 0 person, append them to passwd and create an appropriately formatted/encrypted shadow password for them in /etc/shadow. praedor Hehehehe, I've got mine disabled in BIOS, and my case is hardware locked. Of course, if someone has access to my system, then they've already gotten into Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
darklord wrote: Wait! Its my MPEG of Tommy and Heather Locklear during their honeymoon, I'll just bet ;- Oh shit! You should have kept this quiet. I know for sure now you will soon be fighting off attacks from all over the world. Just the thought of that mpeg has me firing up the old DSNIFF. Lookout, here I come. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] A Linux Virus on the loose.
thats why we have our servers under 3meters of concrete and behind multiple access-control systems ... unless mcguyver comes along and uses his swiss pocketknife to disengage all entrance barriers ;-)) even on enterprise they still have those bad aliens compromizing their systems sometimes ... my point: there is no such thing as computer security that is really secure. only chance: don't use a computer ... udo Am Mon, 2002-06-03 um 23.58 schrieb M@rtin Ign@cio L@nge: Restoring Bios to defaults its only a matter of opening the Case and in the mother change a jumper from 1-2 to 2-3... give power to the computer for 5 seconds and then restoring again to 1-2 the jumper. That's it, in the mos complicated scenario the thing you have to do is get together pole + with pole - with a wire. And that's it too. Martin Ignacio Lange Justifica tus limitaciones y ciertamente las tendras Knowledge is Power Mails: 1) [EMAIL PROTECTED] 2) [EMAIL PROTECTED] 3) [EMAIL PROTECTED] 4) [EMAIL PROTECTED] Icq #: 17492486 Tel: 4746-3426 Cel: 154-994-5526 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ken Hawkins Sent: Lunes, 03 de Junio de 2002 06:08 p.m. To: [EMAIL PROTECTED] Subject: Re: [expert] A Linux Virus on the loose. darklord wrote: On Monday 03 June 2002 11:39 am, you wrote: And this leads to the simple conclusion that if one has physical access to a computer, then security is largely out the window. Any clown could come in and bootup with a rescue disk (addressing the linux aspect) and do whatever to your drives. If they had the time, they could also bring in a set of linux distro disks and reinstall linux their way. The only way to prevent this is to turn off the booting from CD in bios and password protecting bios, but then, with physical access it is trivial to kill the bios password (just crack the case and remove the mobo battery for a minute - bios settings are back to default and accessible without a password). Unless your mobo flashroms the password; came across this and had to get tech support to explain that first you must remove the battery, THEN you must pull a jumper, then you must short out some pins on the BIOS chip where it is soldered to the boardlittle paranoid maybe? Thus, I see no harm at all in hearing the means one would use to create a UID 0 person, append them to passwd and create an appropriately formatted/encrypted shadow password for them in /etc/shadow. praedor Hehehehe, I've got mine disabled in BIOS, and my case is hardware locked. Of course, if someone has access to my system, then they've already gotten into Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 10:13 am, Tibbetts, Ric wrote: .On Monday 03 June 2002 01:38 am, James wrote: I've been watching how this thread progressed. I've noticed two pieces of FUD that keep appearing. 1. The assumption that a virus writer wouldn't know that he/she needs to be root to do real damage and that he/she won't do just that. Don't give yourself a sense of false security here. All they need to do is have a line appended to Passwd and shadow (yes even MD5 is vulnerable here, all it takes is some math.) and they have a new user that has UID 0 and they don't even need to be root. Remember they are in your box. Harden it all you want to the outside. Your vulnerability is when they are inside. (Oh and we did this recently to a Linux box that the user [...] Well? Pray-tell, how does one go about appending a new user to Passwd with UID 0? Altering Passwd should itself require root priviledges - I cannot even get in to single user mode to do damage without my root passwd. I haven't had to do it for a long time, but I believe this is also true when booting up with a CD and doing rescue. Nonetheless, I would love to know how one could do as you describe. Fill us in please. Just to put my .02 in on that. I'm not sure that a trick like that is something that should be broadcast on a public list. Whyever not? Such tricks are openly available on the public internet. In any case, such a trick would be good to know (for defensive purposes as well as nefarious). As indicated, it would appear to require access from the inside, as he indicates, meaning that the doer already has physical or even user access to the system. I gather from this that a standard Black Hat on the net would therefore first have to hack into your system from the internet and THEN create such an account...but they do that anyway usually - it is what a rootkit is for. This might actually be a useful tool for use when you forget your root password...and perhaps the procedure would suggest a fix to prevent it? praedor Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
DONT USE A COMPUTER?!! SACRILIGE! We must track down and burn this heretic before other listen to him and come to their senses!!! Thousands of SysAdmins with no real-life skills left to wander the streets? Imagine the mayhem! K Udo Rader wrote: thats why we have our servers under 3meters of concrete and behind multiple access-control systems ... unless mcguyver comes along and uses his swiss pocketknife to disengage all entrance barriers ;-)) even on enterprise they still have those bad aliens compromizing their systems sometimes ... my point: there is no such thing as computer security that is really secure. only chance: don't use a computer ... udo Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 11:39 am, you wrote: The only way to prevent this is to turn off the booting from CD in bios and Of course this wouldn't prevent them from booting from a floppy diskette. password protecting bios, but then, with physical access it is trivial to kill the bios password (just crack the case and remove the mobo battery for a minute - bios settings are back to default and accessible without a password). Or you can use the reset cmos jumper, depending on the mobo. Some of them label it. Or, you can do what I do and use some form of physical security. Myself, I use PerfectSecure(tm) Security System Revision 1.0. It does the trick. At least I haven't had anyone screw with it yet. It's quite effective, actually. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 12:04 pm, you wrote: hype. As Civileme said (my paraphase), don't run as root, and be aware that the closed source binary only apps and drivers you might use on a Linux system should be your greater concern. They do taint your kernel, Mandrake patched or not. What? You're not supposed to run as root? ;) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
civileme wrote: Well, if we were to build it idiot proof, someone would build a better idiot. The linux virus is a danger to those who download binaries from dubious sites. and to all who run as root. Even with our poison red screen and autologin to a non-priveleged user, there are yahoos who will run as root. But then bliss, which came with its own disinfection kit, could also be loaded into a binary for those who never check. And think of the binaries NO ONE has the source to--these are potential security holes as well, from video drivers to linmodems of the PCTel flavor. But actually, I would rather take over an XP box than a linux one if I wanted to do some attacking. With a stolen VB and a little elbow grease and their full rawsockets stack, I could indetectably cook with uranium, and never worry that the user might detect the inadvertant fork bomb or a sudden sluggishness in his computer, and I wouldn't have to rootkit anything. Civileme has the PCtel already evolved to *lin*modem state? hehe I doubt etharp will agree with that... I have a friend which is a C++ programmer and he complains a lot about the red-root screen.. guess with which user he logs in always... I have ran into dozens of questions that after a bit of guesswork translate as why isnt the current dir in my PATH? Let's face it, NO SYSTEM is safe if there is a dumb operator sitting in front of it. It is the most relevant part of the equation. While today it is easy to make Viruses (most of them aren't technically viruses), a real virus-programmer can make virus or worms that can infect ANY conceivable system. A real cracker can get into an *NIX system (even some script-kiddies do it sometimes, which means we have a lot of lazy sysadmins out there). And yes, we have vulnerabilities, even with the venerable zlib. (Never mind telling me how difficult is to actually exploit zlibs vulns, that is not the point). That said, we should make it clear that simply stating that there is a new Linux virus is not hype. People make few viruses for Linux not because it's difficult; but simply because they are inefficient. If Linux becomes a mainstream desktop system, the percentage of dumb users will increase. Then we will see a plethora of viruses for Linux. Now writing in big red Linux Virus! Linux users will experience levels of infection never seen before! *IS* hype. Civ: I don't care WHAT files it can infect, it can infect them only in the write-access space of the user Hmmm, well I suppose you would be vulnerable if you ran as root, but the Standards say that ELF's go in /bin /usr /opt and /usr/local -- Last I looked the standard permissions was that root had write access there and no one else. Some programs like Netscape 6 have their preferred installation dir at ~/bin... there are not only dumb users, but dumb software makers as well. Wasn't there someone looking for a reason NOT to use Netscape? :^) Wooky -- -- shinjiteiru shinjirareru, korekara aruku kono michi wo! kimi ga iru yo, boku ga iru yo sore ijou nani mo iranai. umareta imi ,sagasu yori mo ima ikiteru koto kanjite, kotae yori mo, daiji na mono hitotsu hitotsu mitsuketeiku... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Monday 03 June 2002 06:07 pm, you wrote: thats why we have our servers under 3meters of concrete and behind multiple access-control systems ... unless mcguyver comes along and uses his swiss pocketknife to disengage all entrance barriers ;-)) even on enterprise they still have those bad aliens compromizing their systems sometimes ... LOL! That was good! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 02 June 2002 7:41 am, James wrote: Take it as you will apparently Symantic is reporting a virus that effects both windows and Linux. http://www.symantec.com/avcenter/venc/data/linux.simile.html Information on this page. Any Ideas on how to prevent/check for this thing now while it's not dangerous would be helpful to us all. It's ironic that Symantec is reporting this but offering no solution as its AV package has no Linux version :) F-Prot for Linux will probably do the trick - I used the DOS and Windows versions and they were first-rate. http://www.f-prot.com/f-prot/products/fplin.html (It costs businesses $300 per server per annum but is free for personal use!) Alastair - -- Alastair Scott (London, United Kingdom) http://www.unmetered.org.uk/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8+dguCv59vFiSU4YRAiPhAKCUeIdKXH/IQxcM3R5OUr/2yj1hKgCeML/q az2A0Ss0aCb0OHvZvmL5K3Y= =PEjn -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
i find it odd that the only info out there is either symantec's own woefully inadequate description - is it two versions of the same thing (ouch!), how does running a PE infect an elf? and vice versa, how does it arrive in the first place - every other mention of this is a link back to the symantec paragraph, if it wasn't for the location of this snippet i'd be thinking 'hoax', also, symantec reported as of may31 that no customer had reported this to them, so how do they know it's out there, maybe this is a lab experiment that can't exist outside of the lab due to real world conditions, i have a feeling that there is egg somewhere, but will it be on my face? :-) bascule On Sunday 02 Jun 2002 7:41 am, you wrote: All, Take it as you will apparently Symantic is reporting a virus that effects both windows and Linux. http://www.symantec.com/avcenter/venc/data/linux.simile.html Information on this page. Any Ideas on how to prevent/check for this thing now while it's not dangerous would be helpful to us all. James -- Ninety percent of true love is acute, ear-burning embarrassment. (Wyrd Sisters) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
Symantec's staff is sniffing glue. Or... they're suffering from overexposure to Microsoft products. Or... they're assuming that linux users are as naive as the average Microsoft drone and can therefore be milked of some money. If Microsoft built houses, they would not have windows and doors. Instead, they would suggest that the homeowner hire a security guard from Symantec Security Service to walk around the house as you try to live your life. The worst part is listening to mainstream news talk about the hopelessness of protecting against viruses and internet-borne attacks while not mentioning a word about how Linux can make this a mute point. Sevatio Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
Sevatio wrote: Symantec's staff is sniffing glue. Or... they're suffering from overexposure to Microsoft products. Or... they're assuming that linux users are as naive as the average Microsoft drone and can therefore be milked of some money. If Microsoft built houses, they would not have windows and doors. Instead, they would suggest that the homeowner hire a security guard from Symantec Security Service to walk around the house as you try to live your life. The worst part is listening to mainstream news talk about the hopelessness of protecting against viruses and internet-borne attacks while not mentioning a word about how Linux can make this a mute point. Sevatio Sevatio, I couldn't agree with you more. This is the Great Secret that Micro$oft, Symantec, and many other big software companies, work so hard to keep secret. Just consider what they stand to lose, in revenue, if more people understood how Linux protects them against so many of the everyday exploits that MicroThrash is prone to. Long live the penquin, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
d00d...if slashdot is reporting it, it _MUST_ be tru. http://slashdot.org/article.pl?sid=02/06/02/1749237mode=flattid=99 - Original Message - From: Alastair Scott [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 02, 2002 3:32 AM Subject: Re: [expert] A Linux Virus on the loose. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 02 June 2002 7:41 am, James wrote: Take it as you will apparently Symantic is reporting a virus that effects both windows and Linux. http://www.symantec.com/avcenter/venc/data/linux.simile.html Information on this page. Any Ideas on how to prevent/check for this thing now while it's not dangerous would be helpful to us all. It's ironic that Symantec is reporting this but offering no solution as its AV package has no Linux version :) F-Prot for Linux will probably do the trick - I used the DOS and Windows versions and they were first-rate. http://www.f-prot.com/f-prot/products/fplin.html (It costs businesses $300 per server per annum but is free for personal use!) Alastair - -- Alastair Scott (London, United Kingdom) http://www.unmetered.org.uk/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8+dguCv59vFiSU4YRAiPhAKCUeIdKXH/IQxcM3R5OUr/2yj1hKgCeML/q az2A0Ss0aCb0OHvZvmL5K3Y= =PEjn -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Sun, Jun 02, 2002 at 13:42 -0500, J. Craig Woods wrote: Sevatio wrote: The worst part is listening to mainstream news talk about the hopelessness of protecting against viruses and internet-borne attacks while not mentioning a word about how Linux can make this a mute point. Sevatio Sevatio, I couldn't agree with you more. This is the Great Secret that Micro$oft, Symantec, and many other big software companies, work so hard to keep secret. Just consider what they stand to lose, in revenue, if more people understood how Linux protects them against so many of the everyday exploits that MicroThrash is prone to. Long live the penquin, drjung It's not THAT easy. Sure there are a lot of ppl who would change their home and office OS if they (or their bosses) knew more about the alternative to M$. But there is the majority of real dumb ppl. I remember a case where a lady in USA won a liability case against a manufacturer of microwave ovens because the manual of the oven did not state explicitely that you must not put your cat in the oven for drying after a rainy day. She sucked millions of $$ from the manufacturer just because he did not be aware of dumb folks like her. Same with a lot of virus damages. Everybody who can read or just listen to the radio or tv should know that he MUST not open unwanted mails with attachments. Alas, they do and complain about the bad boys. In Germany we have a big issue right now about so-called 'hidden Dialers'. When you surf to special sites (mostly porn sites) it can happen, that the site offers free access. You just have to DL a 'special software' to access the site. In reality this software is a dialer which changes your DialUpNetwork phone numbers to a so-called 0190-number. THose numbers charge up to 3,60 EURO per minute and some even charge several hundreds of EURO per dial! The fees are debited with your phone bill by German Telekom. This is widely known in Germany by now. But what do ppl do? They keep on downloading 'Free Access' dialers and if charged they run to the police and complain for fraud! Those ppl will not be cured by another OS. wobo -- Registered Linux User 228909 Powered By Mandrake Linux sum(8.1+0.1) - Microsoft, Windows, Bugs, Lacking Features, IRQ Conflicts, System Crashes, Non-Functional Multitasking and The Blue Screen of Death (BSOD) are registered trademarks of Microsoft Corp., Redmond, Washington, USA. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
Waitaminnit!!! I remember something like this as a proof-of-concept type of thing from last year. A google search returned this: http://www.wired.com/news/technology/0,1282,42672,00.html Logic7 http://www.geocities.com/labwerx - Original Message - From: Wolfgang Bornath [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 02, 2002 3:12 PM Subject: Re: [expert] A Linux Virus on the loose. On Sun, Jun 02, 2002 at 13:42 -0500, J. Craig Woods wrote: Sevatio wrote: The worst part is listening to mainstream news talk about the hopelessness of protecting against viruses and internet-borne attacks while not mentioning a word about how Linux can make this a mute point. Sevatio Sevatio, I couldn't agree with you more. This is the Great Secret that Micro$oft, Symantec, and many other big software companies, work so hard to keep secret. Just consider what they stand to lose, in revenue, if more people understood how Linux protects them against so many of the everyday exploits that MicroThrash is prone to. Long live the penquin, drjung It's not THAT easy. Sure there are a lot of ppl who would change their home and office OS if they (or their bosses) knew more about the alternative to M$. But there is the majority of real dumb ppl. I remember a case where a lady in USA won a liability case against a manufacturer of microwave ovens because the manual of the oven did not state explicitely that you must not put your cat in the oven for drying after a rainy day. She sucked millions of $$ from the manufacturer just because he did not be aware of dumb folks like her. Same with a lot of virus damages. Everybody who can read or just listen to the radio or tv should know that he MUST not open unwanted mails with attachments. Alas, they do and complain about the bad boys. In Germany we have a big issue right now about so-called 'hidden Dialers'. When you surf to special sites (mostly porn sites) it can happen, that the site offers free access. You just have to DL a 'special software' to access the site. In reality this software is a dialer which changes your DialUpNetwork phone numbers to a so-called 0190-number. THose numbers charge up to 3,60 EURO per minute and some even charge several hundreds of EURO per dial! The fees are debited with your phone bill by German Telekom. This is widely known in Germany by now. But what do ppl do? They keep on downloading 'Free Access' dialers and if charged they run to the police and complain for fraud! Those ppl will not be cured by another OS. wobo -- Registered Linux User 228909 Powered By Mandrake Linux sum(8.1+0.1) - Microsoft, Windows, Bugs, Lacking Features, IRQ Conflicts, System Crashes, Non-Functional Multitasking and The Blue Screen of Death (BSOD) are registered trademarks of Microsoft Corp., Redmond, Washington, USA. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
On Sun, 2002-06-02 at 21:42, J. Craig Woods wrote: Sevatio, I couldn't agree with you more. This is the Great Secret that Micro$oft, Symantec, and many other big software companies, work so hard to keep secret. Just consider what they stand to lose, in revenue, if more people understood how Linux protects them against so many of the everyday exploits that MicroThrash is prone to. I read this over and over again. People saying - move to Linux, move to Linux. But have you ever thought that many of the Linux users run as root because they are too lazy to enter the root password when needed and complain about not having (now they have) an autologin option? Think a minute about all those guys who pretend to be admins and still run Apache 1.3.12 or whatever came with their old distribution even if the upgrade is painless and it takes less clicks than a Windoze install. If you don't believe me check the guys who run Win2k.. and see how many give the admin rights to their regular account... and this is not because of some weird setting, it is for installing and running apps... apps like virii and trojans. Now, sit tight, and think a minute about how much more vulnerable and how much more damage can a Linux box do compared with a Windoze Home Edition. I've seen over the time all the ports opened. And the firwall still requires some strong voodoo, at least this is how the majority thinks. With telnet and ftp active, with an exploit, and all the building tools installed a Linux in the hands of a script kiddy can really create some problems, far bigger than that mail overflow provoked by scripts like Melissa. Also keep in mind that while Windoze doesn't give you all the networking tools, while Windoze doesn't give you any development tool besides windoze scripting host (in case you can consider that a development tool), while Windoze has a typical install, Linux has install all. And with the nowadays hard drives, every moron can click on install all, because... after all... nobody teaches them what they need and what they have to have. Everybody says install that and that and that, than find whichever you like and eventually uninstall the others. That's about all I had to say. Raider signature.asc Description: This is a digitally signed message part
Re: [expert] A Linux Virus on the loose.
The difference is that Linux restricts access by default, Windows grants it. It is true, that some (many) people login as root for convenience, and they could also install everything (although Mandrake at least questions starting some services automatically, if you do select them all). But, even so, it is still much more difficult to inflict a virus on Linux than on Windows. It is a user's responsibility to install security updates and many distributions make it relatively easy and painless. Again, as contrasted with Windows, when Microsoft actually admits a security problem (usually after someone else has gone public with it), their patches create more vulnerabilities. Hardly a good example. In short, you are correct, you can install Linux and circumvent all the security so you have a wide open system. The key, though is that you have to take action to do so. The Microsoft alternative does it for you! Joe On 03 Jun 2002 01:56:49 +0300 Raider [EMAIL PROTECTED] wrote: I read this over and over again. People saying - move to Linux, move to Linux. But have you ever thought that many of the Linux users run as root because they are too lazy to enter the root password when needed and complain about not having (now they have) an autologin option? Think a minute about all those guys who pretend to be admins and still run Apache 1.3.12 or whatever came with their old distribution even if the upgrade is painless and it takes less clicks than a Windoze install. If you don't believe me check the guys who run Win2k.. and see how many give the admin rights to their regular account... and this is not because of some weird setting, it is for installing and running apps... apps like virii and trojans. Now, sit tight, and think a minute about how much more vulnerable and how much more damage can a Linux box do compared with a Windoze Home Edition. I've seen over the time all the ports opened. And the firwall still requires some strong voodoo, at least this is how the majority thinks. With telnet and ftp active, with an exploit, and all the building tools installed a Linux in the hands of a script kiddy can really create some problems, far bigger than that mail overflow provoked by scripts like Melissa. Also keep in mind that while Windoze doesn't give you all the networking tools, while Windoze doesn't give you any development tool besides windoze scripting host (in case you can consider that a development tool), while Windoze has a typical install, Linux has install all. And with the nowadays hard drives, every moron can click on install all, because... after all... nobody teaches them what they need and what they have to have. Everybody says install that and that and that, than find whichever you like and eventually uninstall the others. That's about all I had to say. Raider Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
I must make the point that whilst Linux does restrict what a virus can do, if I lose my home dir it will take me a lot of time to restore from backup and get back to where I was. Yes, you wont lose the system, but very inconvenient non the less! Mandrake is aiming at the desktop, and the less experianced user so avenues to infect using social engineering (imagine this virus set up like the Anna Korn... virus? Yes its hard to execute stuff unintentionally under Linux, but with a combination of inexperiance and misconfiguration, I am sure more than one person will mangage it ... And people VERY often will execute cute files sent to them by relatives under windows - what is to stop them doing the same under Linux. My fear is that this is a baby step down this path ... BillK On Mon, 2002-06-03 at 08:58, Joseph Braddock wrote: The difference is that Linux restricts access by default, Windows grants it. It is true, that some (many) people login as root for convenience, and they could also install everything (although Mandrake at least questions starting some services automatically, if you do select them all). But, even so, it is still much more difficult to inflict a virus on Linux than on Windows. It is a user's responsibility to install security updates and many distributions make it relatively easy and painless. Again, as contrasted with Windows, when Microsoft actually admits a security problem (usually after someone else has gone public with it), their patches create more vulnerabilities. Hardly a good example. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
bascule wrote: i find it odd that the only info out there is either symantec's own woefully inadequate description - is it two versions of the same thing (ouch!), how does running a PE infect an elf? and vice versa, how does it arrive in the first place - every other mention of this is a link back to the symantec paragraph, if it wasn't for the location of this snippet i'd be thinking 'hoax', also, symantec reported as of may31 that no customer had reported this to them, so how do they know it's out there, maybe this is a lab experiment that can't exist outside of the lab due to real world conditions, i have a feeling that there is egg somewhere, but will it be on my face? :-) bascule On Sunday 02 Jun 2002 7:41 am, you wrote: All, Take it as you will apparently Symantic is reporting a virus that effects both windows and Linux. http://www.symantec.com/avcenter/venc/data/linux.simile.html Information on this page. Any Ideas on how to prevent/check for this thing now while it's not dangerous would be helpful to us all. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com I don't care WHAT files it can infect, it can infect them only in the write-access space of the user Hmmm, well I suppose you would be vulnerable if you ran as root, but the Standards say that ELF's go in /bin /usr /opt and /usr/local -- Last I looked the standard permissions was that root had write access there and no one else. Sounds like a wonderful update of bliss, and just as interesting an academic curiosity. Now if someone wrote a virus that waited quietly as a masquerading process in memory until someone did a make and intruded its source into the pipeline, and kept it small enough to probably escape notice, I'd be impressed. It is possible to write millions of viruses for linux. Getting ONE of them to propagate in a properly-run system is an entirely different matter. Symantec should not feel too bad, though; Lycoris might be vulnerable for real, and MacAfee once claimed to have discovered Bliss. So an A for marketing dept effort is in order, and a D- for tech. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A Linux Virus on the loose.
What, exactly, does Lycoris have to do with viruses? Had you said Lindows, I would almost certainly understand, since last I checked, you ran as root by default, and if you didn't, then you couldn't run wine properly. On Sunday 02 June 2002 11:15 pm, you wrote: bascule wrote: i find it odd that the only info out there is either symantec's own woefully inadequate description - is it two versions of the same thing (ouch!), how does running a PE infect an elf? and vice versa, how does it arrive in the first place - every other mention of this is a link back to the symantec paragraph, if it wasn't for the location of this snippet i'd be thinking 'hoax', also, symantec reported as of may31 that no customer had reported this to them, so how do they know it's out there, maybe this is a lab experiment that can't exist outside of the lab due to real world conditions, i have a feeling that there is egg somewhere, but will it be on my face? :-) bascule On Sunday 02 Jun 2002 7:41 am, you wrote: All, Take it as you will apparently Symantic is reporting a virus that effects both windows and Linux. http://www.symantec.com/avcenter/venc/data/linux.simile.html Information on this page. Any Ideas on how to prevent/check for this thing now while it's not dangerous would be helpful to us all. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com I don't care WHAT files it can infect, it can infect them only in the write-access space of the user Hmmm, well I suppose you would be vulnerable if you ran as root, but the Standards say that ELF's go in /bin /usr /opt and /usr/local -- Last I looked the standard permissions was that root had write access there and no one else. Sounds like a wonderful update of bliss, and just as interesting an academic curiosity. Now if someone wrote a virus that waited quietly as a masquerading process in memory until someone did a make and intruded its source into the pipeline, and kept it small enough to probably escape notice, I'd be impressed. It is possible to write millions of viruses for linux. Getting ONE of them to propagate in a properly-run system is an entirely different matter. Symantec should not feel too bad, though; Lycoris might be vulnerable for real, and MacAfee once claimed to have discovered Bliss. So an A for marketing dept effort is in order, and a D- for tech. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com