Re: [newbie] The Linux virus myth

[Hoyt Bailey]

On Tuesday 27 July 2004 13:31, flesh.99 wrote:
> On Tue, 27 Jul 2004 17:44:43 +0800, frankieh <[EMAIL PROTECTED]> 
wrote:
> > bascule wrote:
> >   > On Monday 26 Jul 2004 8:05 pm, Stephen Kühn wrote:

> I apologize if I cover points already made, I am new to the list, so
> please forgive me if that happens.
>
> I have been arguing these points elsewhere for a long time and
> looking at the problems with creating viruses for Linux. It would be
> easy to destroy a users data with just a little social engineering,
> but the problem with writing something to escalate priveleges and
> actually do harm to the system itself becomes much more complicated
> and would affect a limited number of systems for each iteration of
> the virus. This is due to all the different kernel versions, gcc
> versions, etc. Crackers tend to be the lazy sort and only exploit
> something easy (unless they are after something specific) so writing
> viruses for Linux wouldn't get them the same satisfaction as it does
> for Windows at the very core of things.
>
> When we saw slapper exploit ssl it was easy, because pretty much ever
> version of SSL had the same vulnerabilities. I saw this firsthand
> working for a webhosting provider, we got slammed by slapper as did a
> lot of other companies. But with kernel exploits and the like, we
> usually only saw those when someone targetted the systems. We
> occasionally had script kiddies scan subnets and take gain access to
> a few boxes that way, but it was very rare. Based on the observations
> of how things got cracked and the way the slapper worm did it's work,
> I came to the conclusion that I had been wrong about Linux viruses. I
> originally thought we would see as many as there are for Windows if
> the unwashed masses started using Linux, working at a large hosting
> provider really changed my mind. Of course we will see a growth in
> viruses, but the level of viruses on Windows is directly related to
> the security problems in the OS itself, conversely when Linux becomes
> more prevalent we will see more virus type activity, but it's not
> possible for there to be near as much.
>
> The other problem is simply one of educating new users as they start
> to move away from Windows. If we don't do this we will have people
> running as root all the time just like 'doze users run as
> administrator all the time. We need to come up with a solution for
> software installation, one that windows doesn't have and one that
> Linux is currently lacking. Sure most of us could install anything we
> want into our user space via the shell by simply changing the
> ./configure options, but my mom couldn't. I don't know of any distro
> that does this, but a user space rpm would be a nice solution. The
> main rpm command would be chrooted to the user space, this way in a
> home environmant the users rarely if ever have to login as root
> except to do os updates. Sort of a "Mandrake Home Version" or some
> such, really aimed at protecting the users from themselves. XP Home
> fell flat on it's face with the all or nothing security options, and
> it wouldn't take much to develop this sort of installer for the home
> users.
>
> The other issue is the one that originally drew me to open source,
> and that is choice. With everyone using different e-mail clients it
> becomes harder to get viruses to propogate. In a "home" version the
> defualt install could drop pine, sendmail, et al and not leave a real
> way to propogate via e-mail from a simple script delivered via
> e-mail. I could send something all day long designed to send via
> Thunderbird to a friend using Sylpheed and accomplish nothing, this
> then goes back to the laziness issue. It's just not fun to write
> viruses for Linux, you could rarely damage enough to make the news or
> get any
> recognition.
>
> I have rambled enough now and probably made very little sense. Thanks
> for bearing with me.
>
> flesh99
But you are right, up to a point, how long do you think an OS would last 
that would do as you suggest? I know slick packaging and all would give 
it a few more days.  But I suggest that less than a week would be the 
life span.
-- 
Regards;
Hoyt


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[Carroll Grigsby]

On Tuesday 27 July 2004 03:39 pm, flesh.99 wrote:

>>> it's all above, folks

I'm not sure this is a good idea, guys. "Ease of use" is one of the main 
reasons for all of those rooted PC's out there that keep spamming us. It's 
also the main source of all of those emails to windows help lists that begin, 
"Ever since I installed BlahBlah, my computer (runs slow/keeps going to porn 
pages/won't boot/makes my coffee taste funny)". Even for a simple single 
user/home based PC, the act of having to enter the root password should point 
out the seriousness of that which is to follow. On any networked system, of 
course, user-installed software is a recipe for disaster.

-- cmg



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[flesh.99]

<-- SNIP -->
> >
> > 
> Setting up the commands to install RPM's in userspace would not be that
> hard.  Most of the framework is already there.  You can tell RPM to use
> a database in the user's home direstory instead of the system database.
>   The bigest problem is that most RPMs are not relocatable.  They can
> be, but most packagers do not do the extra work invloved.  This is
> understandable, because most RPMs are installed as root, and when
> installed this way, they do not need to be relocatable.  Also, some of
> the programs do not handle being relocated well.  They look for config
> files in specific places, or expect to be located in specific places.
> But it would not be hard to make a large number of the GUI programs user
> installable.  Most look for config files in the user's home directory
> any way.  It is also possible for each user to have their own menues.
> It gets interesting when you install a new system program, as the user's
> own menu may not get updated with the new program.  But this could be
> solved by checking the date of the system menu, and updating the local
> menu, or offering this as an option to the user, when the system menu is
> newer...
> 
> About the only thing that I can think of that would require some change
> is to have the userspace installer check the system RPM database for
> programs and dependencies before checking the user RPM database.  That
> way, the user would not install local software that is already installed
> as system software.  You might also run into problems when upgrading
> system software, where the upgrade breaks user software.  I am not sure
> how to handle that...
> 
> Well, enough rambling
> 
> Mikkel
> --
> 
>Do not meddle in the affairs of dragons,
> for you are crunchy and taste good with Ketchup!
> 
> 
> 
> 
One thing that could be done is make the system RPM database readable
but not writable by the users, this would cut down on redundancy on
deps installed in user space. It would take some writing, but you have
cron that updates the main db off of the users db's nightly to cover
breaking stuff. Their stuff gets added to the main rpm db every night.
The next step would take a little rewriting of rpm, have the db have a
flag for user space or system installs and the root user could then
decide if they wanted to break stuff by upgrading system libs and
such.

The menuing qouldn't be all that hard really, just have the menu
update off of the system menu at each login, pull the system entries
into the user specific menu. You could also build in a refresh
function that does the same thing. This takes care of menuing for the
users as well as some other little issues I have seen in menus at
times.

Now if only I knew C I would be starting work :) It's on my list of
things to learn as I have other projects I want to get involved with,
but this seems to be a decent idea. The concept of a user space
installer is good, the other idea I had that would involve much more
work was to set everything to run in a sandbox, allow the users a kind
of sudo to install software but have it all install into sandboxes to
protect the OS itself, but that requires much more work than it might
be worth.

-- 
This is me with the words on the tip of my tongue
And my eye through the scope
down the barrel of a gun
Remind me not to ever act this way again 
- Taking Back Sunday

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBBqeVfHXjcMfoResRAkEAAKCJYsCJa72nJMEk8tS5IC75SOyIbgCfaH5N
gXAle9QDujbcMcHVOEiS6UY=
=oaCY
-END PGP SIGNATURE-


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[flesh.99]

On Tue, 27 Jul 2004 17:44:43 +0800, frankieh <[EMAIL PROTECTED]> wrote:
> bascule wrote:
>   > On Monday 26 Jul 2004 8:05 pm, Stephen Kühn wrote:
> >
> >>The simple fact of the matter is that a virus cannot run in a secure
> >>environment; you have to have root privileges in order to do so; hence
> >>an attack on a linux box is generally from outside, and not inside -
> >>unless someone was successful at running a rootkit on the machine in
> >>question.
> 
> I can see it now,
> 
> Your accout has been temporairily disabled due to security issues.
> please save this file somewhere, then open a terminal and type
> unzip .zip
> 
> followed by:
> chmod 755 .zip
> 
> then type:
> ../.sh
> 
> when nothing noticable happens, please ignore it and go back to what you
> where doing.
> If you want to see the issues from roots perspective, then please type:
> su - before ./.sh
> 
> (it would be difficult to create a method of GUI usage that would work
> across kde/gnome/icewm/etc and all versions thereof.
> and all mail clients and so on and so on but the command line would
> work everywhere...
> 
> so what would happen? well one of two things, a method like the above,
> or a much bigger virus that has logic to work out what window manager
> and apps are in place that can respond appropraitly to that widow
> manager type and version and the installed apps.
> or something via shell,
> 
> on the upside, clamav is totally GPL, so it won't be long till it's
> installed by default, and that will happen long before linux starts
> needing it.
> 
> --
> rgds
> 
> Frank Hauptle (aka Franki)
> http://htmlfixit.com

I apologize if I cover points already made, I am new to the list, so
please forgive me if that happens.

I have been arguing these points elsewhere for a long time and looking
at the problems with creating viruses for Linux. It would be easy to
destroy a users data with just a little social engineering, but the
problem with writing something to escalate priveleges and actually do
harm to the system itself becomes much more complicated and would
affect a limited number of systems for each iteration of the virus.
This is due to all the different kernel versions, gcc versions, etc.
Crackers tend to be the lazy sort and only exploit something easy
(unless they are after something specific) so writing viruses for
Linux wouldn't get them the same satisfaction as it does for Windows
at the very core of things.

When we saw slapper exploit ssl it was easy, because pretty much ever
version of SSL had the same vulnerabilities. I saw this firsthand
working for a webhosting provider, we got slammed by slapper as did a
lot of other companies. But with kernel exploits and the like, we
usually only saw those when someone targetted the systems. We
occasionally had script kiddies scan subnets and take gain access to a
few boxes that way, but it was very rare. Based on the observations of
how things got cracked and the way the slapper worm did it's work, I
came to the conclusion that I had been wrong about Linux viruses. I
originally thought we would see as many as there are for Windows if
the unwashed masses started using Linux, working at a large hosting
provider really changed my mind. Of course we will see a growth in
viruses, but the level of viruses on Windows is directly related to
the security problems in the OS itself, conversely when Linux becomes
more prevalent we will see more virus type activity, but it's not
possible for there to be near as much.

The other problem is simply one of educating new users as they start
to move away from Windows. If we don't do this we will have people
running as root all the time just like 'doze users run as
administrator all the time. We need to come up with a solution for
software installation, one that windows doesn't have and one that
Linux is currently lacking. Sure most of us could install anything we
want into our user space via the shell by simply changing the
./configure options, but my mom couldn't. I don't know of any distro
that does this, but a user space rpm would be a nice solution. The
main rpm command would be chrooted to the user space, this way in a
home environmant the users rarely if ever have to login as root except
to do os updates. Sort of a "Mandrake Home Version" or some such,
really aimed at protecting the users from themselves. XP Home fell
flat on it's face with the all or nothing security options, and it
wouldn't take much to develop this sort of installer for the home
users.

The other issue is the one that originally drew me to open source, and
that is choice. With everyone using different e-mail clients it
becomes harder to get viruses to propogate. In a "home" version the
defualt install could drop pine, sendmail, et al and not leave a real
way to propogate via e-mail from a simple script delivered via e-mail.
I could send something all day long designed to send via Thunderbird
to a friend using Sylpheed and accomplish nothing, this then 

Re: [newbie] The Linux virus myth

[frankieh]

bascule wrote:
 > On Monday 26 Jul 2004 8:05 pm, Stephen Kühn wrote:

The simple fact of the matter is that a virus cannot run in a secure
environment; you have to have root privileges in order to do so; hence
an attack on a linux box is generally from outside, and not inside -
unless someone was successful at running a rootkit on the machine in
question.
I can see it now,
Your accout has been temporairily disabled due to security issues.
please save this file somewhere, then open a terminal and type
unzip .zip
followed by:
chmod 755 .zip
then type:
./.sh
when nothing noticable happens, please ignore it and go back to what you 
where doing.
If you want to see the issues from roots perspective, then please type: 
su - before ./.sh

(it would be difficult to create a method of GUI usage that would work 
across kde/gnome/icewm/etc and all versions thereof.
and all mail clients and so on and so on but the command line would 
work everywhere...

so what would happen? well one of two things, a method like the above, 
or a much bigger virus that has logic to work out what window manager 
and apps are in place that can respond appropraitly to that widow 
manager type and version and the installed apps.
or something via shell,

on the upside, clamav is totally GPL, so it won't be long till it's 
installed by default, and that will happen long before linux starts 
needing it.

--
rgds
Frank Hauptle (aka Franki)
http://htmlfixit.com


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[Aron Smith]

bascule wrote:
stephen,
i'd agree that a truly secure environment would prevent unknown programs from 
running, but a virus doesn't necessarily need root privs.
if i can write a shell script that runs as a user, that can wipe my user 
files, send mail with attachments, create a dotfile and a user cron job to 
run it, then so can a virus writer,
all that is required is that i be tricked into downloading the file/saving the 
attachment, making it executable and then running it, of course that involves 
a lot of social engineering compared to simply relying on a broken email 
client to do all that for you, but, let me say that again, but, in a world 
where every one switches to linux from windows there will be an awful lot of 
users on whom such social engineering will work.
you and i, and probably most everyone on this list at this moment in time are, 
almost by definition, the kind of people who like to know more than just how 
to click a mouse button, folk who like to learn about our machines, in doing 
so we will inevitably pick up skills of net hygiene, if not by deliberate 
learning then by a form of osmosis, surrounded by a culture of people who 
truly 'know better'.
one day that previous paragraph may no longer be true.
that is why a lot of old hands in the linux/bsd/unix world will seem to be 
anal about things like md5sums, pgp sigs on mails etc. not because they all 
move in a harsh 'cracker eat hacker' world (though some do), but because they 
can see the future, or at least one possible iteration of it, and getting 
those habits down now, before they become necessary, can't hurt any :)

bascule
On Monday 26 Jul 2004 8:05 pm, Stephen Kühn wrote:
The simple fact of the matter is that a virus cannot run in a secure
environment; you have to have root privileges in order to do so; hence
an attack on a linux box is generally from outside, and not inside -
unless someone was successful at running a rootkit on the machine in
question.



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com






i found this on Linux viruses
http://www.snake-basket.de/e/Linux-Wurm.txt



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[bascule]

stephen,
i'd agree that a truly secure environment would prevent unknown programs from 
running, but a virus doesn't necessarily need root privs.
if i can write a shell script that runs as a user, that can wipe my user 
files, send mail with attachments, create a dotfile and a user cron job to 
run it, then so can a virus writer,
all that is required is that i be tricked into downloading the file/saving the 
attachment, making it executable and then running it, of course that involves 
a lot of social engineering compared to simply relying on a broken email 
client to do all that for you, but, let me say that again, but, in a world 
where every one switches to linux from windows there will be an awful lot of 
users on whom such social engineering will work.
you and i, and probably most everyone on this list at this moment in time are, 
almost by definition, the kind of people who like to know more than just how 
to click a mouse button, folk who like to learn about our machines, in doing 
so we will inevitably pick up skills of net hygiene, if not by deliberate 
learning then by a form of osmosis, surrounded by a culture of people who 
truly 'know better'.
one day that previous paragraph may no longer be true.
that is why a lot of old hands in the linux/bsd/unix world will seem to be 
anal about things like md5sums, pgp sigs on mails etc. not because they all 
move in a harsh 'cracker eat hacker' world (though some do), but because they 
can see the future, or at least one possible iteration of it, and getting 
those habits down now, before they become necessary, can't hurt any :)

bascule

On Monday 26 Jul 2004 8:05 pm, Stephen KÃhn wrote:
> The simple fact of the matter is that a virus cannot run in a secure
> environment; you have to have root privileges in order to do so; hence
> an attack on a linux box is generally from outside, and not inside -
> unless someone was successful at running a rootkit on the machine in
> question.

-- 
- "What're quantum mechanics?"
- "I don't know. People who repair quantums, I suppose."
(Eric)



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[Stephen Kühn]

On Mon, 2004-07-26 at 12:43, John Wilson wrote:

> Of course you could be missing the point that Microsoft keeps making that 
> Linux itself is a virus. :-)
> 
> ttfn
> 
> John

Microsoft Windows (tm) has been the virus since the advent of Winodws95
(tm); it killed OS/2 and BeOS systems between late-1994 and 1996.


stephen kuhn - proprietor
__
illawarra computer services :: a kuhn media australia venture
http://kma.0catch.com  :: mobile 0410.728.389
Serving Sydney, The Illawarra, South Coast and Rural NSW
__
  * This message was composed on a 100% Microsoft free computer *
  We expressly refuse to utilise Microsoft DRM encoded documents
__
  Mandrake GNU/Linux 10.0 OE/Kernel 2.6.3-7/ No Viruses here. 

bureaucrat, n: A politician who has tenure.



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[Stephen Kühn]

On Mon, 2004-07-26 at 09:42, Marc wrote:
>   At one time someone here on the newbie list gave a link to a article that 
> did a nice simple job of explaining why it is next to impossible for a 
> succussfull linux virus to be created. I have been searching the archives and 
> have been unable to find it again.
> Can anyone here point me to it?
> 
> Thanks
> Marc

The simple fact of the matter is that a virus cannot run in a secure
environment; you have to have root privileges in order to do so; hence
an attack on a linux box is generally from outside, and not inside -
unless someone was successful at running a rootkit on the machine in
question.
 

stephen kuhn - proprietor
__
illawarra computer services :: a kuhn media australia venture
http://kma.0catch.com  :: mobile 0410.728.389
Serving Sydney, The Illawarra, South Coast and Rural NSW
__
  * This message was composed on a 100% Microsoft free computer *
  We expressly refuse to utilise Microsoft DRM encoded documents
__
  Mandrake GNU/Linux 10.0 OE/Kernel 2.6.3-7/ No Viruses here. 

Stone circles were common enough everywhere in the mountains. Druids
built them as weather computers, and since it was always cheaper to
build a new 33-Megalith circle than to upgrade an old slow one, there
were generally plenty of ancient ones around (Lords and Ladies)



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[donmeliton]

On Mon, 2004-07-26 at 04:43, John Wilson wrote:

> Of course you could be missing the point that Microsoft keeps making that 
> Linux itself is a virus. :-)

And so it is! I've been infected! Aaargh! ;)

GermÃn.




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[John Wilson]

On July 25, 2004 06:24 pm, SME Server Admin wrote:
> On Monday 26 Jul 2004 00:42, Marc wrote:
> >   At one time someone here on the newbie list gave a link to a article
> > that did a nice simple job of explaining why it is next to impossible for
> > a succussfull linux virus to be created. I have been searching the
> > archives and have been unable to find it again.
> > Can anyone here point me to it?
> >
> > Thanks
> > Marc
>
> A quick session on Google revealed the following:
>
> 
>
> 251&start=60>
>
> 
>
> 
>
> Cheers
>
> Elwyn

Of course you could be missing the point that Microsoft keeps making that 
Linux itself is a virus. :-)

ttfn

John
-- 
***
Composed on a 100% Microsoft Free Computer
Guaranteed Virus Free
Mandrake Linux 10.0 OE
Registered Linux User 362316
***


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

Re: [newbie] The Linux virus myth

[SME Server Admin]

On Monday 26 Jul 2004 00:42, Marc wrote:
>   At one time someone here on the newbie list gave a link to a article that
> did a nice simple job of explaining why it is next to impossible for a
> succussfull linux virus to be created. I have been searching the archives
> and have been unable to find it again.
> Can anyone here point me to it?
>
> Thanks
> Marc

A quick session on Google revealed the following:









Cheers

Elwyn


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com

[newbie] The Linux virus myth

[Marc]

  At one time someone here on the newbie list gave a link to a article that 
did a nice simple job of explaining why it is next to impossible for a 
succussfull linux virus to be created. I have been searching the archives and 
have been unable to find it again.
Can anyone here point me to it?

Thanks
Marc
-- 
Composed on a 100% Microsoft
and Windows free computer
using Mandrake Linux 10.0


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com