Re: [opensuse] Who said Linux doesnot get Virus infections
-- Original message -- From: Aaron Kulkis [EMAIL PROTECTED] Hans van der Merwe wrote: On Wed, 2007-08-08 at 07:38 -0400, James Knott wrote: Hans van der Merwe wrote: lware. Ok, tell me, seeing that I know nothing, if I can compromise a Linux users home dir - why cant I send out spam? I have never claimed such a thing is impossible, but it is far more difficult to do with Linux. In order to send out spam, something has to execute that can do that. That means the user has to make something executable and then execute it. That barrier is much lower in Windows. The bottom line, which you apparently refuse to accept, is that it is much more difficult for such problems to occur with Linux. Please note, I'm not saying impossible, just much more difficult. Please also understand that Windows was built as a single user system, without many of the security methods that are standard in Linux Unix and you can add to that some extremely poor software design in MS products, that turn them into a security sieve. This means no matter how careful a user is, Windows will always be far more risky. I think we agree on the subject. Last thing - I dont think most virus/trojan/DOSattack writers do it because its easy to do it in Windows (which it is), but because its got a huge impact on the computer industry (80% odd using flavor of Win) - and in there lies my main argument, that if it is do-able in Linux (irrelevant of afford) it will hit the successful Desktop Linux market. In which case, you're dumber than a box of rocks. Windows malware often requires NO user action to cause damage, where as you have demonstrated your absolute REFUSAL to even understand that the security model of Unix/Linux (going all the way back to the 1970's) REQUIRES that a user do several specific steps to make a malware package run...things that a clueless newbie isn't going to know how to do in the first place--thus protecting him/her from his own ignorance. Now shut up, and get a freaking clue. Sheesh! And thats all he wrote Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To try to make it CIVIL and uncomplicated, I am going to give an example that I give to my Windows friends. The Amish computer virus. It works like this: You have just received the Amish virus. Since we have no electricity or computers, you are on the honor system. Please delete all of your files on your hard drive. Then forward this message to everyone in your address book. We thank thee. That is a simplification. If you have gained access to a persons home directory your a step closer to rooting the box. (depending on the users authority) You may or may not have rights to run programs, etc. If not, then you need to get administrator rights, and you have to take another step. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wed, 2007-09-05 at 01:52 -0400, Aaron Kulkis wrote: Hans van der Merwe wrote: I think we agree on the subject. Last thing - I dont think most virus/trojan/DOSattack writers do it because its easy to do it in Windows (which it is), but because its got a huge impact on the computer industry (80% odd using flavor of Win) - and in there lies my main argument, that if it is do-able in Linux (irrelevant of afford) it will hit the successful Desktop Linux market. In which case, you're dumber than a box of rocks. Windows malware often requires NO user action to cause damage, where as you have demonstrated your absolute REFUSAL to even understand that the security model of Unix/Linux (going all the way back to the 1970's) REQUIRES that a user do several specific steps to make a malware package run...things that a clueless newbie isn't going to know how to do in the first place--thus protecting him/her from his own ignorance. Now shut up, and get a freaking clue. Sheesh! Wow, this thread still going? Seeing that you provide such a compelling and well structured argument to the issue at hand and keeping your personal insecurities to yourself, I feel obligated to respond. If you read the rest of the thread you will learn that other things come to play when talking about the future of the Desktop Linux platform. Newbies, as you pointed out, will not know how to make the email attachment executable, thus people (friends, Dell, who ever) will start writing software to overcome these oh what the hell read the other posts, Im bored. E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Aaron Kulkis wrote: In which case, you're dumber than a box of rocks. Windows malware often requires NO user action to cause damage, where as you have demonstrated your absolute REFUSAL to even understand that the security model of Unix/Linux (going all the way back to the 1970's) REQUIRES that a user do several specific steps to make a malware package run...things that a clueless newbie isn't going to know how to do in the first place--thus protecting him/her from his own ignorance. Now shut up, and get a freaking clue. Sheesh! Aaron, you might want to moderate your language bit - be nice to people, and they'll be nice to you. /Per Jessen, Zürich -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Illtempered Abuse (was Re: [opensuse] Who said Linux doesnot get Virus infections)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aaron Kulkis wrote: Hans van der Merwe wrote: snip In which case, you're dumber than a box of rocks. snip Now shut up, and get a freaking clue. Sheesh! Your contributions today (of which this is the last I have received) are at best deranged... this the first case of net rabies I have come across... a four month absence then back snapping at anyone and everything on old topics... A suggestion.. go back on the medication and consider your blood pressure :-] Something slightly trollish here methinks... you have managed to score a first, the first person I have decided to filter out as an individual - -- == I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup == -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG3mhcasN0sSnLmgIRAsn8AJ4g8KrYSYq8AikJiPWdLEyRxkDyrwCfeiDB s/iR0wRxnHzwDWyllHIdQfg= =8JWm -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: On Wed, 2007-08-08 at 07:38 -0400, James Knott wrote: Hans van der Merwe wrote: lware. Ok, tell me, seeing that I know nothing, if I can compromise a Linux users home dir - why cant I send out spam? I have never claimed such a thing is impossible, but it is far more difficult to do with Linux. In order to send out spam, something has to execute that can do that. That means the user has to make something executable and then execute it. That barrier is much lower in Windows. The bottom line, which you apparently refuse to accept, is that it is much more difficult for such problems to occur with Linux. Please note, I'm not saying impossible, just much more difficult. Please also understand that Windows was built as a single user system, without many of the security methods that are standard in Linux Unix and you can add to that some extremely poor software design in MS products, that turn them into a security sieve. This means no matter how careful a user is, Windows will always be far more risky. I think we agree on the subject. Last thing - I dont think most virus/trojan/DOSattack writers do it because its easy to do it in Windows (which it is), but because its got a huge impact on the computer industry (80% odd using flavor of Win) - and in there lies my main argument, that if it is do-able in Linux (irrelevant of afford) it will hit the successful Desktop Linux market. In which case, you're dumber than a box of rocks. Windows malware often requires NO user action to cause damage, where as you have demonstrated your absolute REFUSAL to even understand that the security model of Unix/Linux (going all the way back to the 1970's) REQUIRES that a user do several specific steps to make a malware package run...things that a clueless newbie isn't going to know how to do in the first place--thus protecting him/her from his own ignorance. Now shut up, and get a freaking clue. Sheesh! And thats all he wrote Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 13:42 -0400, James Knott wrote: A boot sector virus is executed every time the computer is booted. Any OS can be vulnerable to a boot sector virus during booting, because the OS is not running at that time. The only protection is what's provided with the BIOS. On the other hand computers running protected operating systems, such as Linux or OS/2 cannot be infected when running, as they have mechanisms to prevent it. DOS and DOS based versions of Windows (3.1, 95, 98 etc) do not have such protection and can be infected whenever the virus is run. MY PII was thus infected because I multi boot with Win311 for legacy apps. Rewriting the MBR from SuSE8.2 at the time did not cure the problem. It was a harmless variant of a known virus which I defeated with Fprot and hard rebooting. At the time using FProt in the recommended way found the virus in memory and therefore refused to clean the infection. I beat this problem by telling FProt to ignore memory and to do the clean then I immediately rebooted. I did this three times then ran FProt in the usual way and no virus was found. From then on I made Linux the default boot and load data from media therein. To protect the anti virus software I kept it zipped in a location not in the PATH and used a script to break out and run the program in a directory I make up at that time. There is not much you can do with such legacy systems but the exorcise in paranoia is healthy. -- ___ _ _ _ _ _ _ || | | [__ | | | |___ |_|_| ___] | \/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007 15:18, James Knott wrote: Tero Pesonen wrote: On Thursday 09 August 2007, Fergus Wilde wrote: he proprietary video formats issue is one for the lawyers, not Linux people. These formats don't play back because copyright and patent owners or abusers will not allow free access to them and have threatened and bullied, and even prosecuted, people trying simply to view files using open source systems. This distinction is extremely important. Badger your government about it, not those working on Linux multimedia, who have shown time and again that they can easily overcome any technical issues when not threatened by corporations and their legal teams. I do understand this. I'm not blaming people working on opensource multimedia -- they are the people who make it possible for me to view these videos! The problem is, that an average user coming from Windows does not (based on my experience) know anything about the whys and hows relating to video codecs on opensource platforms. If things won't just work out of the box or with the install of a media player, the said things become an issue. Most people have never even heard of video codecs in their life. They just start Windows Mediaplayer or whatever and open the video file, or as is often the case, the video source or file automatically opens the correct player. [snippage, see below] FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. Right enough - I was surprised, when asked to support XP at work, that Media Player can actually cope with only quite a limited subset of formats in a default install. My boss had to pay to download some third party kit before he could even watch a commercial DVD. After that, he still kept encountering things that caused Media Player to offer to go online and download codecs, which it mostly failed to do successfully. So like James, I'm not at all sure Windows folk get the easy ride you mention. And despite my rigorous checking of the hardware of his PC, at least half the time real player knackers XP to the point where it has to be rebooted to get acceptable performance back. Cheers Fergus -- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: 0161 834 7961 Fax: 0161 839 5797 http://www.chethams.org.uk -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wednesday 08 August 2007 20:52, Tero Pesonen wrote: [snip I don't feel comfortable recommending Linux desktop to others. Because when they will need help, I probably won't be able to help. And they should not need help from me with basic issues such as burning disks or having some proprietary video formats play back. Tero The proprietary video formats issue is one for the lawyers, not Linux people. These formats don't play back because copyright and patent owners or abusers will not allow free access to them and have threatened and bullied, and even prosecuted, people trying simply to view files using open source systems. This distinction is extremely important. Badger your government about it, not those working on Linux multimedia, who have shown time and again that they can easily overcome any technical issues when not threatened by corporations and their legal teams. -- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: 0161 834 7961 Fax: 0161 839 5797 http://www.chethams.org.uk -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007, Fergus Wilde wrote: On Wednesday 08 August 2007 20:52, Tero Pesonen wrote: [snip I don't feel comfortable recommending Linux desktop to others. Because when they will need help, I probably won't be able to help. And they should not need help from me with basic issues such as burning disks or having some proprietary video formats play back. Tero The proprietary video formats issue is one for the lawyers, not Linux people. These formats don't play back because copyright and patent owners or abusers will not allow free access to them and have threatened and bullied, and even prosecuted, people trying simply to view files using open source systems. This distinction is extremely important. Badger your government about it, not those working on Linux multimedia, who have shown time and again that they can easily overcome any technical issues when not threatened by corporations and their legal teams. I do understand this. I'm not blaming people working on opensource multimedia -- they are the people who make it possible for me to view these videos! The problem is, that an average user coming from Windows does not (based on my experience) know anything about the whys and hows relating to video codecs on opensource platforms. If things won't just work out of the box or with the install of a media player, the said things become an issue. Most people have never even heard of video codecs in their life. They just start Windows Mediaplayer or whatever and open the video file, or as is often the case, the video source or file automatically opens the correct player. On Linux I've always had to manually find and install the codecs. I don't know if the latest SUSE has changed that, or what is the case on Ubuntu or others popular now. It is no problem at all to me. It could be a problem to many others though. What comes to politics, I enquired those I deemed worth voting for in EU and local elections about their stance on software patents in the EU. Not that it makes much difference, though. Whatever the government's stance on this, it always seems to follow that of Nokia. The industry dictates these things here, I guess. Tero -- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: 0161 834 7961 Fax: 0161 839 5797 http://www.chethams.org.uk -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Tero Pesonen wrote: On Thursday 09 August 2007, Fergus Wilde wrote: he proprietary video formats issue is one for the lawyers, not Linux people. These formats don't play back because copyright and patent owners or abusers will not allow free access to them and have threatened and bullied, and even prosecuted, people trying simply to view files using open source systems. This distinction is extremely important. Badger your government about it, not those working on Linux multimedia, who have shown time and again that they can easily overcome any technical issues when not threatened by corporations and their legal teams. I do understand this. I'm not blaming people working on opensource multimedia -- they are the people who make it possible for me to view these videos! The problem is, that an average user coming from Windows does not (based on my experience) know anything about the whys and hows relating to video codecs on opensource platforms. If things won't just work out of the box or with the install of a media player, the said things become an issue. Most people have never even heard of video codecs in their life. They just start Windows Mediaplayer or whatever and open the video file, or as is often the case, the video source or file automatically opens the correct player. On Linux I've always had to manually find and install the codecs. I don't know if the latest SUSE has changed that, or what is the case on Ubuntu or others popular now. It is no problem at all to me. It could be a problem to many others though. FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007, James Knott wrote: Tero Pesonen wrote: On Thursday 09 August 2007, Fergus Wilde wrote: he proprietary video formats issue is one for the lawyers, not Linux people. These formats don't play back because copyright and patent owners or abusers will not allow free access to them and have threatened and bullied, and even prosecuted, people trying simply to view files using open source systems. This distinction is extremely important. Badger your government about it, not those working on Linux multimedia, who have shown time and again that they can easily overcome any technical issues when not threatened by corporations and their legal teams. I do understand this. I'm not blaming people working on opensource multimedia -- they are the people who make it possible for me to view these videos! The problem is, that an average user coming from Windows does not (based on my experience) know anything about the whys and hows relating to video codecs on opensource platforms. If things won't just work out of the box or with the install of a media player, the said things become an issue. Most people have never even heard of video codecs in their life. They just start Windows Mediaplayer or whatever and open the video file, or as is often the case, the video source or file automatically opens the correct player. On Linux I've always had to manually find and install the codecs. I don't know if the latest SUSE has changed that, or what is the case on Ubuntu or others popular now. It is no problem at all to me. It could be a problem to many others though. FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. Regards, Tero Pesonen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. I've seen this many times before. A few friends bought XP off the shelf... no DVD playback at all. A few bought pre-assembled package deal machines from a local computer store... some included a crippled DVD playback application on a few.. others had complete DVD playback apps. The only option for most was to buy (or illegally download in some cases) some commercial software. So.. this business of things like playing DVD out of the box... simply is a case of people getting systems with a software pack... not some inbuilt capability of Windows. Can't speak for Vista C. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007 16:54, Tero Pesonen wrote: FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. It is? Here's a challenge. Take a new computer with NO OS on it. Install XP and tell me what you can do with it except surf the net with IE, use Outlook express, and play solitaire. Oh, and I hope all the hardware you have works out of the box. It might or not. If it doesn't, you have to go out and find the driver. Sound user friendly? Most things will work, but there are a few oddballs out there that don't. Look at the driver disk sometime for the equipment you buy. Does the average user know what type of network card they have? Not usually. It was working when I bought it, they say. So now you have to find that driver. Oh, but without the network card you can't connect to the net to find it. Been there done that. Thank goodness for a live linux cd. It found the card, and happened to have a driver. Mike -- Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8 4:58pm up 11 days 7:14, 4 users, load average: 2.48, 2.32, 2.23 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Clayton wrote: FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. I've seen this many times before. A few friends bought XP off the shelf... no DVD playback at all. A few bought pre-assembled package deal machines from a local computer store... some included a crippled DVD playback application on a few.. others had complete DVD playback apps. The only option for most was to buy (or illegally download in some cases) some commercial software. So.. this business of things like playing DVD out of the box... simply is a case of people getting systems with a software pack... not some inbuilt capability of Windows. Can't speak for Vista C. My favorite cross-platform player (closed source) is VLC Media player. I've thrown many formats at it and it has never failed to play them. You don't always have to jump through hoops to play multimedia. *You* have to decide if you want to use other than open source software. It works for me. http://www.videolan.org/ As usual, I'm not associated, etc. -- Casey Stamper http://www.stampersite.com/wordpress -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thu, 2007-08-09 at 17:14 +0200, Casey Stamper wrote: My favorite cross-platform player (closed source) is VLC Media player. I've thrown many formats at it and it has never failed to play them. You don't always have to jump through hoops to play multimedia. *You* have to decide if you want to use other than open source software. It works for me. http://www.videolan.org/ As usual, I'm not associated, etc. closed source? -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Kapellgränd 7 P.O. Box 4205 SE-102 65 Stockholm, Sweden Tel: Int +46 8-615 60 20 Fax: Int +46 8-31 42 23 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Roger Oberholtzer wrote: On Thu, 2007-08-09 at 17:14 +0200, Casey Stamper wrote: My favorite cross-platform player (closed source) is VLC Media player. I've thrown many formats at it and it has never failed to play them. You don't always have to jump through hoops to play multimedia. *You* have to decide if you want to use other than open source software. It works for me. http://www.videolan.org/ As usual, I'm not associated, etc. closed source? GPL!!! jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
jdd wrote: Roger Oberholtzer wrote: On Thu, 2007-08-09 at 17:14 +0200, Casey Stamper wrote: My favorite cross-platform player (closed source) is VLC Media player. I've thrown many formats at it and it has never failed to play them. You don't always have to jump through hoops to play multimedia. *You* have to decide if you want to use other than open source software. It works for me. http://www.videolan.org/ As usual, I'm not associated, etc. closed source? GPL!!! jdd I know, I know! I was talking more about using it in Windows. -- Casey Stamper http://www.stampersite.com/wordpress -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007 18:05:05 Casey Stamper wrote: I know, I know! I was talking more about using it in Windows. It's still open source on windows -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Tero Pesonen wrote: On Thursday 09 August 2007, James Knott wrote: ould be a problem to many others though. FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. Most people who use Windows are sheltered from reality, because they don't have to install anything to get the hardware working and as long as they stick with the original OS intall, they don't have a problem. I was recently reading an article, by someone who was trying to install the boxed version of Windows XP on a notebook. One problem, among others, was that the NIC wasn't supported. He'd have to go to a web site to download the drivers. If he hadn't had another computer available, he wouldn't have been able to get the drivers, to enable networking. As for the crapware, that's par for the course for Windows. Dell recently announced they're going to sell systems without it, but according to the same article I mentioned above, when they bought a new Toshiba computer, it was already loaded with with crapware! -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Clayton wrote: FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. I've seen this many times before. A few friends bought XP off the shelf... no DVD playback at all. A few bought pre-assembled package deal machines from a local computer store... some included a crippled DVD playback application on a few.. others had complete DVD playback apps. The only option for most was to buy (or illegally download in some cases) some commercial software. So.. this business of things like playing DVD out of the box... simply is a case of people getting systems with a software pack... not some inbuilt capability of Windows. Can't speak for Vista C. Quite so. Windows built in hardware support is actually very poor. It's only because the computer manufactures install the systems, that the hardware is supported. In this respect, Linux is far better than Windows. I always get a chuckle when some new piece of hardware works fine with Linux, but Windows requires a driver install. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007 10:08, Mike wrote: On Thursday 09 August 2007 16:54, Tero Pesonen wrote: FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. It is? Here's a challenge. Take a new computer with NO OS on it. Install XP and tell me what you can do with it except surf the net with IE, use Outlook express, and play solitaire. Oh, and I hope all the hardware you have works out of the box. It might or not. If it doesn't, you have to go out and find the driver. Sound user friendly? Most things will work, but there are a few oddballs out there that don't. Look at the driver disk sometime for the equipment you buy. Does the average user know what type of network card they have? Not usually. It was working when I bought it, they say. So now you have to find that driver. Oh, but without the network card you can't connect to the net to find it. Been there done that. Thank goodness for a live linux cd. It found the card, and happened to have a driver. Mike I got computer with recovery CD for operating system only. The rest should be on hidden partition that was wiped off. It was interesting experience. Only screen, keyboard, mouse, USB and CD drive worked out of the box. What I did was to install openSUSE and it added memory card reader, sound, network, printer, better graphic and more in software. Than I was able to go to the net and collect missing pieces for out of the box OS. -- Regards, Rajko. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Mike wrote: On Thursday 09 August 2007 16:54, Tero Pesonen wrote: FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. It is? Here's a challenge. Take a new computer with NO OS on it. Install XP and tell me what you can do with it except surf the net with IE, use Outlook express, and play solitaire. Sometimes you can't even do that much. As I mentioned in another note, someone tried installing XP on a notebook and found he had no driver for the NIC. He had to use another computer to download one. Also, a few years ago, I installed XP for someone and it wouldn't recognize their U.S. Robotics modem. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007, James Knott wrote: Tero Pesonen wrote: On Thursday 09 August 2007, James Knott wrote: ould be a problem to many others though. FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. A couple of years ago, she upgraded to XP and found she could no longer play video DVDs. After some checking, we found that she has to buy the necessary software, from a web site that's very irritating and difficult to navigate through. She decided against providing her credit card info and went without DVD video playback. Another issue is when you install such things, you often get a load of crapware along with it. So, it is not always so easy for Windows users either. interesting. This was new to me. Most people who use Windows are sheltered from reality, because they don't have to install anything to get the hardware working and as long as they stick with the original OS intall, they don't have a problem. I was recently reading an article, by someone who was trying to install the boxed version of Windows XP on a notebook. One problem, among others, was that the NIC wasn't supported. He'd have to go to a web site to download the drivers. If he hadn't had another computer available, he wouldn't have been able to get the drivers, to enable networking. As for the crapware, that's par for the course for Windows. Dell recently announced they're going to sell systems without it, but according to the same article I mentioned above, when they bought a new Toshiba computer, it was already loaded with with crapware! Yes, you're right. And the crapware is included because the PC makers lust after every extra penny they can get per unit sold, as the margins for PC's are so low. They don't care if the user wants it or not. I think Google is amongst the bigger companies that have paid to have their software included on new (at least Dell?) PC's and set up as the default. Tero -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
James Knott wrote: someone tried installing XP on a notebook and found he had no driver for the NIC. same for inboard motherboard, you must have the mobo cd. I even had a config with the cd as /dev/hda and the Hd as /dev/hdb, and XP didn't see the cd most of the time. say: * with with a pre-configured computer no OS should have any problem. * With a bare computer brand new, chance is you have the windows drivers thanks to the manufacturer. If you don't have you may never have them (may be only vista or only XP), not sure if Linux can install - will probably do with some hand work * with a not too new computer (say, one year old make, may be new), Linux installs nearly all without problem, Windows may ask for days of work if it can. the main drawback of Linux is new hardware (new printer, new scanner, new special hardawre): most don't work well. jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wed, 2007-08-08 at 11:16 -0400, James Knott wrote: In the over thirty years I've been using computers, I've only once experienced a virus on my own computer. It was at work and I accidentlally left an infected floppy in my drive when I booted the computer. The IBMAV program I was using quickly found and removed it. Other than that one instance, I've never seen an infected OS/2 system, even though I used to do OS/2 and AV software support at IBM Canada. I haven't had any problems with a Linux system. On the other hand, I've seen many Windows computers so badly infected that the only recourse was to wipe the disk clean and reinstall. At one company that I supported, re-imaging was a common practice. Reimaging is used by the local Jr College because infections there are more common than in a red light district. After a bout with a boot sector virus I do not upload files from any media save in Linux. -- ___ _ _ _ _ _ _ || | | [__ | | | |___ |_|_| ___] | \/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007, [EMAIL PROTECTED] wrote: They said it makes no difference, it costs the same with or without Vista. You need to ask more forcefully. I get them without any os all the time. Well they actually come with freedos but even that is simply in the package, not on the hard drive. http://www.dell.com/content/products/features.aspx/optix_n?c=uscs=04l=ens=bsd -- _ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote: Hans van der Merwe wrote: And... desktop users install all kinds of insane apps - when desktop linux is popular - more apps will appear - increasing the risk of installing a malicious one. Any malware capable of causing significant damage i.e. beyond the users files etc., will require root privileges. This requires deliberate action, unlike in Windows, where simply going to the wrong website or openning tainted email is all it takes. No one can make the claim Linux or any other OS is invulnerable, but there's a world of difference between it and Windows, that has nothing to do with the number of users. If popularity were the criteria, please explain why Apache on Linux or Unix or even Apache on Windows makes for a far more secure web site than IIS on Windows. IIRC, Apache on Linux/Unix is at least 75% of the web servers. Again! - deleting a user's files is a big thing, users see this as the PC being broken! Yes, Apache servers are secure, BUT again Im talking about Desktop users not servers (havent really seen independent reports showing IIS is not as secure at the moment, with all the patches etc; I wont run IIS because I believe its wrong not to support standards, and it usually locks you into the MS upgrade and dependency cycle, as my company is in now). Number of users = number of commercial and free apps = higher probability of one being malicious. More users matter. Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 11:31 -0400, James Knott wrote: Hans van der Merwe wrote: On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote: On Tuesday 07 August 2007, Hans van der Merwe wrote: But my main concern is that dumb users usually make up most of the desktop market out there - and preaching to them that Linux will make there virus problem go away is setting them up for a fall. I fail to see how it sets them up for a fall. There has to be a something to fall over before there is a fall. What would YOU SUGGEST we preach to them? Again - the SETUP will involve removing windows and installing a flavour of linux to curb the effects of viruses. The FALL will be when they click yes to something they dont understand (not Linux fault, yes I know) and then having their docs trashed - leaving them exactly where they were with windows. They and the media will not be interested in how it happened, just that it happened. Yes this is not in any way the fault of Linux or Linux programmers or distros etc, BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. Windows malware does much more than simply trash a users documents. If that was all it did, it wouldn't be such a problem. Take a look at all that spam that hits your inbox. Most of that is coming from compromised Windows boxes. That is but one example that goes beyond deleting files. Perhaps you'd should get a better understanding of what malware does and how it's propogated. Shame on you - please do not assume anything that I may or may not know. Im just asking questions. And yes because Im running exclusively Linux boxes at work and home I have not yet been exposed to malware. Ok, tell me, seeing that I know nothing, if I can compromise a Linux users home dir - why cant I send out spam? Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: Again! - deleting a user's files is a big thing, users see this as the PC being broken! if this was true, nobody should use Windows... jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote: Hans van der Merwe wrote: And... desktop users install all kinds of insane apps - when desktop linux is popular - more apps will appear - increasing the risk of installing a malicious one. Any malware capable of causing significant damage i.e. beyond the users files etc., will require root privileges. This requires deliberate action, unlike in Windows, where simply going to the wrong website or openning tainted email is all it takes. No one can make the claim Linux or any other OS is invulnerable, but there's a world of difference between it and Windows, that has nothing to do with the number of users. If popularity were the criteria, please explain why Apache on Linux or Unix or even Apache on Windows makes for a far more secure web site than IIS on Windows. IIRC, Apache on Linux/Unix is at least 75% of the web servers. Again! - deleting a user's files is a big thing, users see this as the PC being broken! Yes, Apache servers are secure, BUT again Im talking about Desktop users not servers (havent really seen independent reports showing IIS is not as secure at the moment, with all the patches etc; I wont run IIS because I believe its wrong not to support standards, and it usually locks you into the MS upgrade and dependency cycle, as my company is in now). Number of users = number of commercial and free apps = higher probability of one being malicious. More users matter. Hans You seem to be a bit thick, so here it is once again. Lost files are the least of your problems with malware. However, there are many things that users neglect to do to protect their data, which have nothing to do with Linux vs Windows. That said, Linux is a far more stable and reliable platform, that is much more resistant to malware and therefor less likely to place the user in the position of losing their data. BTW, if you consider lost files to be the only risk of malware, then I suggest you keep your computer off the internet. You're a hazard to everyone else. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: lware. Ok, tell me, seeing that I know nothing, if I can compromise a Linux users home dir - why cant I send out spam? I have never claimed such a thing is impossible, but it is far more difficult to do with Linux. In order to send out spam, something has to execute that can do that. That means the user has to make something executable and then execute it. That barrier is much lower in Windows. The bottom line, which you apparently refuse to accept, is that it is much more difficult for such problems to occur with Linux. Please note, I'm not saying impossible, just much more difficult. Please also understand that Windows was built as a single user system, without many of the security methods that are standard in Linux Unix and you can add to that some extremely poor software design in MS products, that turn them into a security sieve. This means no matter how careful a user is, Windows will always be far more risky. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 17:38 +0200, jdd wrote: in approx 25 years of computing, I _never_ had data corrupted by a virus, even on windows. Me neither. Of course, I have been using Linux for close to the last then years, but even before that I caught viruses before they did unrepairable damage. This don't mean I never got virus, but I always see it before any damage done. I have seen many computer destructed by visuses, of course, even very recently. I even had to clean executables using debug - before antiviruses were handy... Or write my own antivirus software. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGubCmtTMYHG2NR9URAm63AJsFFBBWtA3CKvugKU80Cni1odJVFACeM3mE XJ++r/7RTJRxYoHFivBhLyM= =cjdC -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 7 Aug 2007, Michael Letourneau wrote:- David Bolt wrote: Snip As more and more file types get linked to more applications I am not so sure that executing something has the same meaning it used to. Say you download a new screen saver, you never really execute that, but your window manager utilizes the data in it. Erm, you can execute a screen saver if you test it. And the window manager will do so when the specified idle time is reached. As an example, I set the screen saver on my 10.2 system to be BSOD and here's me locating the just where the file is, and what type it is: [EMAIL PROTECTED]:~ grep -i saver ~/.kde/share/config/kdesktoprc [ScreenSaver] Saver=bsod.desktop [EMAIL PROTECTED]:~ grep -i exec /opt/kde3/share/applnk/System/ScreenSavers/bsod.desktop Exec=bsod TryExec=xscreensaver Exec=kxsconfig bsod Exec=kxsrun bsod -- -window-id %w Exec=kxsrun bsod -- -root [EMAIL PROTECTED]:~ find /usr/ -mount -name bsod 2/dev/null /usr/lib64/xscreensaver/bsod [EMAIL PROTECTED]:~ file /usr/lib64/xscreensaver/bsod /usr/lib64/xscreensaver/bsod: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), for GNU/Linux 2.6.4, stripped All of which makes for an ideal method of introducing a trojan onto a system[0]. And, just to make sure it works across the widest variety of systems, all that's required is to create a statically linked 32bit binary and it'll run on virtually any x86-32 or x86-64 based system. Of course, there's also those infections that occur without user intervention, but those tend to come in through security holes in server daemons which are unlikely to be running on a normal users desktop system. Yup, I would classify those more as worms or exploits rather than virii. They're under the general viruses tag. For my definitions, worms require no assistance to spread, as they actively search for files/systems to infect. Trojans require human assistance to spread and are designed to pretend to be one thing while actually being something completely different. True viruses also require human assistance to spread, but do so completely unknown to the user. Boot sector viruses, and those wonderful macro viruses, are what I'd call a virus. I wouldn't classify any of the recent Windows viruses a true virus, I'd call them a trojan instead. But most of the popular services have had some issues, ftp, mail, http, ssh... The last Linux worm I saw was one that was spread via infected Apache/PHP systems. It worked by having the exploitable PHP parse a command string and fetch a script from some site, chmod the script, and then call it. That script would then download a couple of ELF executables, one of which turned the server into a zombie controlled via IRC, and configured them to start on boot. Thankfully, it's been a couple of years since I saw that, but I still have the sample I managed to acquire stored in an encrypted archive, along with a large selection of Windows viruses[1][2]. OT Presently, I'm seeing a nice selection of infected systems dumping their you have a greetings card crap. Unfortunately, it appears that the trojan behind this is mutating so rapidly that, more often than not, ClamAV doesn't recognise the trojan file when I scan it. The good part of this is that, due to ClamAV.org only allowing two submissions per day, I use virustotal.com to do a multi-anti-virus scan and have them submit the files to the different vendors. Who'd have thought. A Linux system being used to protect Windows systems. Fun, eh? /OT [0] Of which I'm absolutely certain there either are some right now, or there will be some in the future. I totally agree. Windows is the low hanging fruit. People can get the most bang for the least effort there. They want a zombie network that can spam the world, right now its far easier to develop something for Windows than to do the same for Linux. At the moment, as far as I can tell, this still holds true: URL:http://www.immunitysec.com/downloads/tc0.pdf [0] As shown by the number of .SCR trojans that circulated a few years ago [1] Yes, I said viruses. However, I'm applying the meaning behind the phrase When in Rome, do as the Romans do. [2] Each file is renamed as a .bin file and, every now and again, I'll extract them on a Windows system to check whether the newly-deployed anti-virus system still works as it should. So far, they have all recognised what they've had thrown at them. Regards, David Bolt -- Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a6 32bit -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 14:30 +0200, Per Jessen wrote: Hans van der Merwe wrote: BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. Does anyone actually do that? I can see the above as an additional argument for someone who's about to switch to Linux, but surely it's not the main reason. I don't try to convince windows users to switch to linux - unless they are prepared to get support - but when they ask me why I use linux, one of the reasons I give is that I have never been infected by a virus, and that I don't use an antivirus. It's part of the reliability argument. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGubSxtTMYHG2NR9URAgmYAJ91w/QboU9GBLVARXqjwVX5K/fJbgCfXm2G l9od55qyeVgE7vA4QaePJ/I= =H5Pc -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wed, 2007-08-08 at 07:38 -0400, James Knott wrote: Hans van der Merwe wrote: lware. Ok, tell me, seeing that I know nothing, if I can compromise a Linux users home dir - why cant I send out spam? I have never claimed such a thing is impossible, but it is far more difficult to do with Linux. In order to send out spam, something has to execute that can do that. That means the user has to make something executable and then execute it. That barrier is much lower in Windows. The bottom line, which you apparently refuse to accept, is that it is much more difficult for such problems to occur with Linux. Please note, I'm not saying impossible, just much more difficult. Please also understand that Windows was built as a single user system, without many of the security methods that are standard in Linux Unix and you can add to that some extremely poor software design in MS products, that turn them into a security sieve. This means no matter how careful a user is, Windows will always be far more risky. I think we agree on the subject. Last thing - I dont think most virus/trojan/DOSattack writers do it because its easy to do it in Windows (which it is), but because its got a huge impact on the computer industry (80% odd using flavor of Win) - and in there lies my main argument, that if it is do-able in Linux (irrelevant of afford) it will hit the successful Desktop Linux market. And thats all he wrote Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wed, 2007-08-08 at 07:26 -0400, James Knott wrote: Hans van der Merwe wrote: On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote: Hans van der Merwe wrote: And... desktop users install all kinds of insane apps - when desktop linux is popular - more apps will appear - increasing the risk of installing a malicious one. Any malware capable of causing significant damage i.e. beyond the users files etc., will require root privileges. This requires deliberate action, unlike in Windows, where simply going to the wrong website or openning tainted email is all it takes. No one can make the claim Linux or any other OS is invulnerable, but there's a world of difference between it and Windows, that has nothing to do with the number of users. If popularity were the criteria, please explain why Apache on Linux or Unix or even Apache on Windows makes for a far more secure web site than IIS on Windows. IIRC, Apache on Linux/Unix is at least 75% of the web servers. Again! - deleting a user's files is a big thing, users see this as the PC being broken! Yes, Apache servers are secure, BUT again Im talking about Desktop users not servers (havent really seen independent reports showing IIS is not as secure at the moment, with all the patches etc; I wont run IIS because I believe its wrong not to support standards, and it usually locks you into the MS upgrade and dependency cycle, as my company is in now). Number of users = number of commercial and free apps = higher probability of one being malicious. More users matter. Hans You seem to be a bit thick, so here it is once again. Lost files are the least of your problems with malware. However, there are many things that users neglect to do to protect their data, which have nothing to do with Linux vs Windows. That said, Linux is a far more stable and reliable platform, that is much more resistant to malware and therefor less likely to place the user in the position of losing their data. BTW, if you consider lost files to be the only risk of malware, then I suggest you keep your computer off the internet. You're a hazard to everyone else. Please stop playing the man and concentrate on the game - please. Read your netiquette. E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
David Bolt wrote: All of which makes for an ideal method of introducing a trojan onto a system[0]. And, just to make sure it works across the widest variety of systems, all that's required is to create a statically linked 32bit binary and it'll run on virtually any x86-32 or x86-64 based system. I suspect another good method would be to make some cute toy and package it for Java Web Start. Many people seem to happily install JWS apps without thinking about potential malware. And the authors frequently don't have sensible certificates. Cheers, Dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 14:31 -0400, Michael Letourneau wrote: Yes true, not typically what is thought of executing though, and not really what my point was. My point was that everyone was talking about having to have the file be executable and executed in order to get infected. That is not true. If you actually have to execute it, thats a trojan, not really a virus. Well, even if you get, say, a usb disk containing a program contaminated by a virus, or an email containing a virus, they are harmless till executed. Till that moment they are just data, bytes. A typical non boot sector virus, non macro virus, is a piece of code added somewhere to a executable file (program). When the program is executed the virus is also loaded (it is part of the program) and may try to infect or copy itself to system memory (independent of the vector program) and other programs too, in order to propagate. For instance, typically it would try to infect programs on removable media, watching the floppy drive for a victim. Now, a user would have to get that infected program in some way (usb disk, email, whatever) and execute it. A typical well made virus will use some method to autoexecute. The infection vector may be a trojan, like a cute screen blanker or Christmas card, but after that it behaves like a virus jumping from one executable to another. This process is more difficult in Linux. First, native linux email clients do not execute attachments by default: they need manual intervention by the user (they would act as a trojan). Some windows clients would execute them without user intervention (thus, acting as a virus). And Linux users don't usually carry executables on their removable media, AFAIK. Then the virus would have a harder time trying to contaminate other executables, except those of the user running the virus. But again, in either of those cases not being root does not necessarily prevent your machine from being infected and/or the possible results thereof. Everyone remembers Melissa, http://www.cert.org/advisories/CA-1999-04.html, if that were designed for a Linux system, not being root would not stop/prevent it at all. Ha! ] Our analysis of this macro virus indicates that human action (in the ] form of a user opening an infected Word document) is required for this ] virus to propagate. Virus or Trojan? Or social engineering? :-p All is not black and white... - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGubxbtTMYHG2NR9URAlFkAKCQfioXqLJJp9pD4fbo/NZ/ihNzPACeLZv3 sDpjPBmCqQHk6K0NOCciE3A= =zFA/ -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Bolt wrote: On Tue, 7 Aug 2007, Michael Letourneau wrote:- David Bolt wrote: Snip As more and more file types get linked to more applications I am not so sure that executing something has the same meaning it used to. Say you download a new screen saver, you never really execute that, but your window manager utilizes the data in it. Erm, you can execute a screen saver if you test it. And the window manager will do so when the specified idle time is reached. As an example, I set the screen saver on my 10.2 system to be BSOD and here's me locating the just where the file is, and what type it is: [EMAIL PROTECTED]:~ grep -i saver ~/.kde/share/config/kdesktoprc [ScreenSaver] Saver=bsod.desktop [EMAIL PROTECTED]:~ grep -i exec /opt/kde3/share/applnk/System/ScreenSavers/bsod.desktop Exec=bsod TryExec=xscreensaver Exec=kxsconfig bsod Exec=kxsrun bsod -- -window-id %w Exec=kxsrun bsod -- -root [EMAIL PROTECTED]:~ find /usr/ -mount -name bsod 2/dev/null /usr/lib64/xscreensaver/bsod [EMAIL PROTECTED]:~ file /usr/lib64/xscreensaver/bsod /usr/lib64/xscreensaver/bsod: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), for GNU/Linux 2.6.4, stripped All of which makes for an ideal method of introducing a trojan onto a system[0]. And, just to make sure it works across the widest variety of systems, all that's required is to create a statically linked 32bit binary and it'll run on virtually any x86-32 or x86-64 based system. Err No... The file itself should usually be read only and only changeable by root, and if you are allowing stuff like this to happen as root more fool you Of course, there's also those infections that occur without user intervention, but those tend to come in through security holes in server daemons which are unlikely to be running on a normal users desktop system. Yup, I would classify those more as worms or exploits rather than virii. They're under the general viruses tag. For my definitions, worms require no assistance to spread, as they actively search for files/systems to infect. Trojans require human assistance to spread and are designed to pretend to be one thing while actually being something completely different. True viruses also require human assistance to spread, but do so completely unknown to the user. Boot sector viruses, and those wonderful macro viruses, are what I'd call a virus. I wouldn't classify any of the recent Windows viruses a true virus, I'd call them a trojan instead. An opinion maybe, but technical nonsense otherwise 1) The classical viruses come in two groups boot sector and binary file infectors, with nominal sub=class functions of droppers a (virus which drops a trojan, virus of a different type etc). Some later DOS viruses spread using all techniques. Boot sector viruses are a vulnerability for systems which use the boot sector to load code that identifies where to load the OS, which covers just about anything. The only time a system is normally vulnerable nowadays is when booting media (the media soes not have to be bootable and boot sector protection in BIOS is usually trivial to circumvent, the only real safety is to only allow booting from trusted boot media when required). The period of time between the machine being started and the OS taking control is a particularly vulnerable moment, but it is now very difficult to infect when the OS is running and in control (but not impossible). File infectors need read access to the file to infect with malicious code. As it is normal practice to keep most system files read only to users the possibility of causing system wide problems is really down to your security practices. When executable file formats were very simple these were relatively easy to write. The key characteristic of a virus is the ability to replicate the original funtionality. Hence boot sector viruses modified boot sectors, and file infectors change files with code to infect other files when run. These viruses do not need human intervention to spread, just various forms of human stupidity. 2) Macro and script viruses are special case of 1 (I was on a CHEST software committee in the early 1990s that identified this as a potential issue then). Basically any programming code can be be infected with code with viral characteristics. Scripts are code. These are considerable easier to produce than executable code base viruses hence their current popularity. 3) Trojans may subvert systems, but do have have the ability to replicate so hence ARE NOT viruses. 4) The first reference to the concept of a computer worm I came across in J.Brunners book Shockwave Rider, worms do not really replicate they propogate the worm itself may disappear but it delivers malware code (usually a trojan of some sort) which it may use to propogate itself elsewhere.The distinction is
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wednesday 08 August 2007 00:34, Hans van der Merwe wrote: On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote: ... Again! - deleting a user's files is a big thing, users see this as the PC being broken! Do these users think of having the contents of the trunk (boot) of their car stolen as their car being broken? ... Hans Randall Schulz -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 15:59 -0400, Michael Letourneau wrote: As more and more file types get linked to more applications I am not so sure that executing something has the same meaning it used to. Say you download a new screen saver, you never really execute that, but your window manager utilizes the data in it. Your window manager runs on X, X No, screen savers are actually executable programs, not data. You normally do not call them directly, but something does. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGudGjtTMYHG2NR9URAie6AJkBQt71FF5FFUWUZPC1QN2jXwbb+QCeOeZz +8TrHFjkSfVlF1aqge98Gx0= =T1Oh -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wed, 8 Aug 2007, G T Smith wrote:- David Bolt wrote: Snip All of which makes for an ideal method of introducing a trojan onto a system[0]. And, just to make sure it works across the widest variety of systems, all that's required is to create a statically linked 32bit binary and it'll run on virtually any x86-32 or x86-64 based system. Err No... The file itself should usually be read only and only changeable by root, Yes, it is: [EMAIL PROTECTED]:~ ls -l /usr/lib64/xscreensaver/bsod -rwxr-xr-x 1 root root 206648 2007-04-27 19:08 /usr/lib64/xscreensaver/bsod and if you are allowing stuff like this to happen as root more fool you I'd say it's more the fool that stupidly installs random software from ghod-knows-where. In this case, I was actually showing that the screen saver _is_ an executable rather than just data used by the X server. It also shows that the use of the screen saver is one of the many available infection vectors. The reason for this is that, for some reason, people like eye-candy and what better way to provide some eye-candy than to create a screen saver. As to what goes on at the same time as the user is getting their eye-candy fix, well that is entirely upto the person writing the trojan. Regards, David Bolt -- Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a6 32bit -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Carlos E. R. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 14:31 -0400, Michael Letourneau wrote: But again, in either of those cases not being root does not necessarily prevent your machine from being infected and/or the possible results thereof. Everyone remembers Melissa, http://www.cert.org/advisories/CA-1999-04.html, if that were designed for a Linux system, not being root would not stop/prevent it at all. Ha! ] Our analysis of this macro virus indicates that human action (in the ] form of a user opening an infected Word document) is required for this ] virus to propagate. Virus or Trojan? Or social engineering? :-p All is not black and white... Very true. And hopefully the world has learned something. Though you can never be sure, my wife almost fell for one of those greeting card things, and she is pretty darn savvy for not following things... But that still re-enforces the point about the Linux Desktop, popularity and virii. If the Linux Desktop did become as popular as it should be (IMHO), you would have un-educated users, who often did not have recent backups, who would follow links, open documents, etc. that they should not. And just because they were not root, would not stop something that was built upon the fundamentals of Melissa from propagating. We cannot be content that because our default security setup is better than Windows, we are thus invulnerable. If we want to see Linux for the common man, then we have to realize the common man will likely bring with them, their lack of knowledge and lack of care. And with them will follow the traps, trojans, and virii that live off them, albeit more advanced and altered than today. Constant vigilance, as they say ;) Michael -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Carlos E. R. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 15:59 -0400, Michael Letourneau wrote: As more and more file types get linked to more applications I am not so sure that executing something has the same meaning it used to. Say you download a new screen saver, you never really execute that, but your window manager utilizes the data in it. Your window manager runs on X, X No, screen savers are actually executable programs, not data. You normally do not call them directly, but something does. My bad. But the idea is still pertinent and though they are executable, how many other desktop artifacts are not? Skins, backgrounds, and window decorations come to mind. Yes its definitely not a straightforward or likely method at all to be manipulated. But I think the other person's point was that if x is not executable, then it cannot do any harm, which I think is a naive assumption, plenty of programs read in data, and if those programs are not properly written that data can be used to trigger events. Not the least of which is any program that has scripting tied into it, whether that be macros or otherwise. - -- Cheers, Carlos E. R. Michael -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Carlos E. R. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 17:38 +0200, jdd wrote: in approx 25 years of computing, I _never_ had data corrupted by a virus, even on windows. Me neither. Of course, I have been using Linux for close to the last then years, but even before that I caught viruses before they did unrepairable damage. This don't mean I never got virus, but I always see it before any damage done. I have seen many computer destructed by visuses, of course, even very recently. I even had to clean executables using debug - before antiviruses were handy... Or write my own antivirus software. In the over thirty years I've been using computers, I've only once experienced a virus on my own computer. It was at work and I accidentlally left an infected floppy in my drive when I booted the computer. The IBMAV program I was using quickly found and removed it. Other than that one instance, I've never seen an infected OS/2 system, even though I used to do OS/2 and AV software support at IBM Canada. I haven't had any problems with a Linux system. On the other hand, I've seen many Windows computers so badly infected that the only recourse was to wipe the disk clean and reinstall. At one company that I supported, re-imaging was a common practice. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Carlos E. R. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2007-08-07 at 14:30 +0200, Per Jessen wrote: Hans van der Merwe wrote: BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. Does anyone actually do that? I can see the above as an additional argument for someone who's about to switch to Linux, but surely it's not the main reason. I don't try to convince windows users to switch to linux - unless they are prepared to get support - but when they ask me why I use linux, one of the reasons I give is that I have never been infected by a virus, and that I don't use an antivirus. Don't forget to mention that many commercial firewalls run Linux or Unix (including BSD), because they are secure. Many people, including me, build a reliable firewall with Linux on an old PC. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wednesday 08 August 2007, Randall R Schulz wrote: On Wednesday 08 August 2007 00:34, Hans van der Merwe wrote: On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote: ... Again! - deleting a user's files is a big thing, users see this as the PC being broken! Do these users think of having the contents of the trunk (boot) of their car stolen as their car being broken? After these users' home folders have been wiped out, they go for the install media and reinstall the OS, as the OS is now broken. Just as they would have done on Windows. They care very little about the Guru somewhere that preaches them how the malware was unable to affect the system files, and how that proves the security glory that is Linux. They tell everyone how a virus destroyed their Linux, just like a virus destroyed their Windows earlier. They tell Linux seems no more secure. It isn't more complicated than that. Regards, Tero Pesonen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
* Tero Pesonen [EMAIL PROTECTED] [08-08-07 12:04]: They care very little about the Guru somewhere that preaches them how the malware was unable to affect the system files, and how that proves the security glory that is Linux. They tell everyone how a virus destroyed their Linux, just like a virus destroyed their Windows earlier. They tell Linux seems no more secure. It isn't more complicated than that. Kind of like using 2nd Graders to research in nuclear fission/fusion. -- Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535@ http://counter.li.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wednesday 08 August 2007 09:00, Tero Pesonen wrote: On Wednesday 08 August 2007, Randall R Schulz wrote: On Wednesday 08 August 2007 00:34, Hans van der Merwe wrote: ... It isn't more complicated than that. Yup. Simple, easy and wrong. Regards, Tero Pesonen Randall Schulz -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wednesday 08 August 2007, Patrick Shanahan wrote: * Tero Pesonen [EMAIL PROTECTED] [08-08-07 12:04]: They care very little about the Guru somewhere that preaches them how the malware was unable to affect the system files, and how that proves the security glory that is Linux. They tell everyone how a virus destroyed their Linux, just like a virus destroyed their Windows earlier. They tell Linux seems no more secure. It isn't more complicated than that. Kind of like using 2nd Graders to research in nuclear fission/fusion. You mean that the people who would begin using Linux, should it ever grow popular on desktop, would not behave like that? Have you ever spoken to a non-geek in your life? Have you watched a non-geek use a computer? Seriously, check your attitude. There's a world out there. And that world is not populated by Linux professionals. And no, these people are not 2nd graders. They are.. err.. computer users? Anyway, Linux desktop is too difficult for them. So fear not, they're not coming. So no need to experiment/research on them. Tero Pesonen -- Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wednesday 08 August 2007 19:03, Tero Pesonen wrote: On Wednesday 08 August 2007, Patrick Shanahan wrote: Kind of like using 2nd Graders to research in nuclear fission/fusion. You mean that the people who would begin using Linux, should it ever grow popular on desktop, would not behave like that? Have you ever spoken to a non-geek in your life? Have you watched a non-geek use a computer? Yep, sure have. Took a disk over to a friends house because he was complaining about getting all the malware. Installed linux, showed him where everything was and he was a happy camper. It does everything he needs the computer for. His wife even likes it better than windows. It's even more fun to take my laptop to work, and show off a bit. I've got an entire building of non-geeks. They are amazed at how nice it looks. So far I've gotten about 5 or 6 to switch at home. Seriously, check your attitude. There's a world out there. And that world is not populated by Linux professionals. And no, these people are not 2nd graders. They are.. err.. computer users? No, it isn't. And by working in a school, I know what the second graders are capable of. Nuclear fission? Naa. Screwing up a computer? Yep.. Been there done that. Anyway, Linux desktop is too difficult for them. So fear not, they're not coming. So no need to experiment/research on them. Not at all. If someone asks, I'll be glad to show them how it works. I'm not going to force it on anyone. It's not difficult at all. If it was my wife wouldn't be sitting down right now working with it.. Mike -- Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8 9:20pm up 10 days 11:36, 4 users, load average: 2.15, 2.30, 2.26 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Wednesday 08 August 2007, Mike wrote: On Wednesday 08 August 2007 19:03, Tero Pesonen wrote: On Wednesday 08 August 2007, Patrick Shanahan wrote: Kind of like using 2nd Graders to research in nuclear fission/fusion. You mean that the people who would begin using Linux, should it ever grow popular on desktop, would not behave like that? Have you ever spoken to a non-geek in your life? Have you watched a non-geek use a computer? Yep, sure have. Took a disk over to a friends house because he was complaining about getting all the malware. Installed linux, showed him where everything was and he was a happy camper. It does everything he needs the computer for. His wife even likes it better than windows. It's even more fun to take my laptop to work, and show off a bit. I've got an entire building of non-geeks. They are amazed at how nice it looks. So far I've gotten about 5 or 6 to switch at home. Sounds great. Seriously, check your attitude. There's a world out there. And that world is not populated by Linux professionals. And no, these people are not 2nd graders. They are.. err.. computer users? No, it isn't. And by working in a school, I know what the second graders are capable of. Nuclear fission? Naa. Screwing up a computer? Yep.. Been there done that. Anyway, Linux desktop is too difficult for them. So fear not, they're not coming. So no need to experiment/research on them. Not at all. If someone asks, I'll be glad to show them how it works. I'd be too. But when the person asks me why they need to run alsaconf as root after each reboot to get sound, I tell them I have no idea, as I need to do it myself too. Or why they need to run k3b as root to burn something. When they ask why this or that peripheral does not work, or how to have it work, I say I do not know. Linux desktop, to me, is already almost too difficult to administer. I'm happy to have my own PC running more or less trouble-free. I cannot provide help to others; I lack the expertise. Last week my system crashed pretty hard. It happened while I was viewing a Youtube video. OK, things happen. Only when I hard-rebooted, Grub would not load any more. I had to use SUSE install CD to initialise system check and have all partitions checked and then Grub rewritten to the disk. All was fine again after that, and luckily nothing had been caused to the file systems. I just don't know what my mother would have done in that situation. I'm sure she would not have known anything about boot loaders, or that a flash player, Firefox and SUSE always seem to have issues working together. I had issues with flash videos on my old SUSE 9.3 too, and remember seeing Flash take the whole system down there as well. I don't feel comfortable recommending Linux desktop to others. Because when they will need help, I probably won't be able to help. And they should not need help from me with basic issues such as burning disks or having some proprietary video formats play back. Tero I'm not going to force it on anyone. It's not difficult at all. If it was my wife wouldn't be sitting down right now working with it.. Mike -- Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8 9:20pm up 10 days 11:36, 4 users, load average: 2.15, 2.30, 2.26 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
* Tero Pesonen [EMAIL PROTECTED] [08-08-07 13:05]: Seriously, check your attitude. There's a world out there. And that world is not populated by Linux professionals. And no, these people are not 2nd graders. They are.. err.. computer users? You *missed* it, but that ok, :^) live in your *own* world. -- Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535@ http://counter.li.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Tero Pesonen wrote: On Wednesday 08 August 2007, Mike wrote: On Wednesday 08 August 2007 19:03, Tero Pesonen wrote: On Wednesday 08 August 2007, Patrick Shanahan wrote: Kind of like using 2nd Graders to research in nuclear fission/fusion. You mean that the people who would begin using Linux, should it ever grow popular on desktop, would not behave like that? Have you ever spoken to a non-geek in your life? Have you watched a non-geek use a computer? Yep, sure have. Took a disk over to a friends house because he was complaining about getting all the malware. Installed linux, showed him where everything was and he was a happy camper. It does everything he needs the computer for. His wife even likes it better than windows. It's even more fun to take my laptop to work, and show off a bit. I've got an entire building of non-geeks. They are amazed at how nice it looks. So far I've gotten about 5 or 6 to switch at home. Sounds great. Seriously, check your attitude. There's a world out there. And that world is not populated by Linux professionals. And no, these people are not 2nd graders. They are.. err.. computer users? No, it isn't. And by working in a school, I know what the second graders are capable of. Nuclear fission? Naa. Screwing up a computer? Yep.. Been there done that. Anyway, Linux desktop is too difficult for them. So fear not, they're not coming. So no need to experiment/research on them. Not at all. If someone asks, I'll be glad to show them how it works. I'd be too. But when the person asks me why they need to run alsaconf as root after each reboot to get sound, I tell them I have no idea, as I need to do it myself too. Or why they need to run k3b as root to burn something. When they ask why this or that peripheral does not work, or how to have it work, I say I do not know. Linux desktop, to me, is already almost too difficult to administer. I'm happy to have my own PC running more or less trouble-free. I cannot provide help to others; I lack the expertise. I dont think I've ever had to do either as root, certainly not k3b. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
James Knott wrote: Tero Pesonen wrote: I'd be too. But when the person asks me why they need to run alsaconf as root after each reboot to get sound, I tell them I have no idea, as I need to do it myself too. Or why they need to run k3b as root to burn something. When they ask why this or that peripheral does not work, or how to have it work, I say I do not know. Linux desktop, to me, is already almost too difficult to administer. I'm happy to have my own PC running more or less trouble-free. I cannot provide help to others; I lack the expertise. I dont think I've ever had to do either as root, certainly not k3b. Yes, very bizarre symptoms, I've never seen that, and I have suse 10.2 installed on 8 computers including a couple of laptops. His computer needs some service, there's something wrong. If he were a windoze user, that problem would not magically cure itself, he'd have to take it to someone knowledgable and (hopefully) honest, and get it fixed. Joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
* J Sloan [EMAIL PROTECTED] [08-08-07 16:21]: Yes, very bizarre symptoms, I've never seen that, and I have suse 10.2 installed on 8 computers including a couple of laptops. His computer needs some service, there's something wrong. Well, he *said* that he couldn't handle system administration! If he were a windoze user, that problem would not magically cure itself, he'd have to take it to someone knowledgable and (hopefully) honest, and get it fixed. It won't for linux either. He'll have to *ask* for help, but I haven't seen any requests :^) -- Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535@ http://counter.li.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Thursday 09 August 2007, Patrick Shanahan wrote: * J Sloan [EMAIL PROTECTED] [08-08-07 16:21]: Yes, very bizarre symptoms, I've never seen that, and I have suse 10.2 installed on 8 computers including a couple of laptops. His computer needs some service, there's something wrong. Well, he *said* that he couldn't handle system administration! Indeed. I'm mainly on Linux because I need accessible desktop, and the only desktop that can provide me a pleasant computing experience is KDE, and perhaps Gnome, too, if I fiddled with that long enough. Sure, there are also a number of issues still present on KDE, related to usability for poor-sighted people. But at least one can file bug reports. The same applies to OpenOffice.org, which has some serious issues in handling highcontrast modes. Luckily, the bug reports are being handled and the developers seem to take these issues seriously. Unfortunaly, there's very little I can do myself, as I'm no developer. I try to help by checking bug reports and trying to verify some etc. And since OOo is not the most intuitive pieces of software around for a newbie, I've helped others to learn use it. I'm not an expert on it, but I can get things done on it with comfort. What comes to K3B, updating the software seems to have cured all non-root access ills. I use it very rarely, so I did not notice this till today. What comes to alsaconf, I no longer have a sound system hooked up to my PC, so can't test whether it might have also cured itself with alsa update. If I listened music on my PC or needed to play back multimedia, I'd pay more attention to it and have it fixed. I listen my music on a dedicated setup now, so have not bothered with the issue. Others had faced the very same alsaconf issue, too, but I don't know what their situation is nowadays or what flavour of *NIX they even run. If he were a windoze user, that problem would not magically cure itself, he'd have to take it to someone knowledgable and (hopefully) honest, and get it fixed. It won't for linux either. He'll have to *ask* for help, but I haven't seen any requests :^) Yes, but there are no pending help requests now. I've tried my best to help others, as I've said, but have found my own knowledge very limited. That's why I try to follow this list. I'm of better use troubleshooting Windows XP, altough I've not used it since 2002 or thereabout. And I've tried troubleshootin OS X over phone although I've never even used it. Surprisingly, that issue got fixed. I must say that SuSE 8.2 Professional was the most trouble-free environment I've run. Tero -- Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Wednesday 2007-08-08 at 10:53 -0400, Michael Letourneau wrote: No, screen savers are actually executable programs, not data. You normally do not call them directly, but something does. My bad. But the idea is still pertinent and though they are executable, how many other desktop artifacts are not? Skins, backgrounds, and window decorations come to mind. Yes its definitely not a straightforward or likely method at all to be manipulated. It would be a problem if the program using those files has a hole, like a memory overflow. And those problems are detected now and then. The Gimp had one plugged this week, for instance. Not a virus, though, and not the user's fault. But I think the other person's point was that if x is not executable, then it cannot do any harm, which I think is a naive assumption, It shouldn't cause any problem. plenty of programs read in data, and if those programs are not properly written that data can be used to trigger events. Not the least of which is any program that has scripting tied into it, whether that be macros or otherwise. Yes, that might happen. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGulLotTMYHG2NR9URAgq8AJ9zFYWAXDWgvuGfaC2dac2Fveto7ACghKJ1 ORyRRaFcjAP4VUQV0AnVNHY= =Xdji -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] Who said Linux doesnot get Virus infections
As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file Scott smime.p7s Description: S/MIME Cryptographic Signature
Re: [opensuse] Who said Linux doesnot get Virus infections
Registration Account wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. Scott, they're just phishing emails, they're not really infected nor infectious. They pose no threat whatsoever. /Per Jessen, Zürich -- http://www.spamchek.com/ - your spam is our business. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On 8/7/07, Registration Account [EMAIL PROTECTED] wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file But... that isn't a Linux virus is it? That is an email with stuff in it that is only triggered when you respond to the contents... (click on link, provide personal information in a reply etc) ie.. it is a social engineering virus, not a Linux virus. C -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 10:40 +0200, Clayton wrote: On 8/7/07, Registration Account [EMAIL PROTECTED] wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file But... that isn't a Linux virus is it? That is an email with stuff in it that is only triggered when you respond to the contents... (click on link, provide personal information in a reply etc) ie.. it is a social engineering virus, not a Linux virus. C On this subject. If/When Linux makes it big-time on the desktop do you think it will also be bogged down with virus attacks as MS is now. Why is it assumed that Linux is less prone to virus attacks? I know to install stuff in the system, root is necessary, but installing and running dangerous stuff in the user home directories is easy; you just need a cunning app to fool the user in executing malicious code. (given, doing this in Win is easier, but not impossible in any flavour Linux) Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: Why is it assumed that Linux is less prone to virus attacks? Primarily due to a better and much more ingrained security system. Do you normally run as root on your Linux desktop? Well, that what's a Windows user normally does on his Windows ditto. I know to install stuff in the system, root is necessary, but installing and running dangerous stuff in the user home directories is easy; you just need a cunning app to fool the user in executing malicious code. Which does what? Chances are it will only affect that one user, unless it's some sort of DOS attack. /Per Jessen, Zürich -- http://www.spamchek.com/ - your spam is our business. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007, Hans van der Merwe wrote: If/When Linux makes it big-time on the desktop do you think it will also be bogged down with virus attacks as MS is now. No. The reason windows is attacked is because its EASY, not JUST because its popular. Believing otherwise is swallowing Microsoft FUD hook line and sinker. Why is it assumed that Linux is less prone to virus attacks? Because it is. With windows, simply sending you a file can infect you. With linux, sending you a file and having you click on it all day long STILL does not make it executable. I know to install stuff in the system, root is necessary, but installing and running dangerous stuff in the user home directories is easy; you just need a cunning app to fool the user in executing malicious code. Social engineering is always a risk, but with Linux you can even prevent against that to a far greater degree than with windows. Egress filtering does a lot. But the real protection is that users who are too dumb to realized WHY they are being asked to set something executable when all they thought they were doing was getting a eCard from a classmate or a bored girl are also too dumb to figure out how to set it executable. (given, doing this in Win is easier, but not impossible in any flavour Linux) I submit that for all practical purposes it is impossible. Or at the very least impractical. Evidence: We have been fighting windows viruses and worms tooth and nail for Over 10 Years. Wouldn't you thing that would have been time enough for some clever virus writer to try and take over that very LARGE segment of internet web servers that run on various 'nix machines, and which serve as firewalls to vast data warehouses? Further advances in SE linux make it even less likely in the future. Bill would like you to believe its JUST because his OS is popular. -- _ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 11:08 +0200, Per Jessen wrote: Hans van der Merwe wrote: Why is it assumed that Linux is less prone to virus attacks? Primarily due to a better and much more ingrained security system. Do you normally run as root on your Linux desktop? Well, that what's a Windows user normally does on his Windows ditto. I know to install stuff in the system, root is necessary, but installing and running dangerous stuff in the user home directories is easy; you just need a cunning app to fool the user in executing malicious code. Which does what? Chances are it will only affect that one user, unless it's some sort of DOS attack. Well, that what I started with - a desktop environment - in desktop environments there are basically only one user - so messing with his/her docs/mail etc is just as bad as wiping the /lib dir? With servers its diff, I agree. E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Registration Account wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file Scott Oh Boy! This kind of thing (a mail worm NOT a virus to be pedantic) usually only showed up in spam mail (which should be picked up by your spam filter) and is only potentially dangerous if you actually open and run the relevant scripts. As most of these expect windows to be at the receiving end they almost certainly will not work if anyone is daft enough to open them and would be only dangerous if they did work if accessed as root. (If you get caught in this particular situation dont look for sympathy from this direction). Windows based on access scanners should usually pick this up so those really at threat should be covered anyway. Scanning really offers protection against the things that are known, and is a waste of space for identifying the things that we dont. On access server side scanning can seriously impact overall mail server performance with possibly few identifiable benefits (spam filtering on the other hand is a different story). Apparently you can use CLamAV with procmail (which would would give you on access scanning which you cliam it does not do). (see http://wiki.clamav.net/Main/ClamAndProcmail). Managed client side tools should be much more effective. Good security practice is probably as effective as a good scanning software. There are security threats in the Linux world but viruses are not and are unlikely to be significant issue. In other word DONT PANIC (and remember the towel) :-) . - -- == I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup == -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGuDs3asN0sSnLmgIRAk1WAKDnlQE65ydff5kY+ZzlwaD78vFKmACgkbiH HmsZUDgceeHV6DXOgaeeAOI= =0Lqo -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 01:15 -0800, John Andersen wrote: On Tuesday 07 August 2007, Hans van der Merwe wrote: If/When Linux makes it big-time on the desktop do you think it will also be bogged down with virus attacks as MS is now. No. The reason windows is attacked is because its EASY, not JUST because its popular. Believing otherwise is swallowing Microsoft FUD hook line and sinker. Why is it assumed that Linux is less prone to virus attacks? Because it is. With windows, simply sending you a file can infect you. With linux, sending you a file and having you click on it all day long STILL does not make it executable. I know to install stuff in the system, root is necessary, but installing and running dangerous stuff in the user home directories is easy; you just need a cunning app to fool the user in executing malicious code. Social engineering is always a risk, but with Linux you can even prevent against that to a far greater degree than with windows. Egress filtering does a lot. But the real protection is that users who are too dumb to realized WHY they are being asked to set something executable when all they thought they were doing was getting a eCard from a classmate or a bored girl are also too dumb to figure out how to set it executable. (given, doing this in Win is easier, but not impossible in any flavour Linux) I submit that for all practical purposes it is impossible. Or at the very least impractical. Evidence: We have been fighting windows viruses and worms tooth and nail for Over 10 Years. Wouldn't you thing that would have been time enough for some clever virus writer to try and take over that very LARGE segment of internet web servers that run on various 'nix machines, and which serve as firewalls to vast data warehouses? Further advances in SE linux make it even less likely in the future. Bill would like you to believe its JUST because his OS is popular. Again, Im only talking about Desktop Linux, not servers - web users dont have logons, email and web-browsing on arb webservers - so it remains dumb user proof. But my main concern is that dumb users usually make up most of the desktop market out there - and preaching to them that Linux will make there virus problem go away is setting them up for a fall. Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 11:30 +0200, Hans van der Merwe wrote: On Tue, 2007-08-07 at 01:15 -0800, John Andersen wrote: On Tuesday 07 August 2007, Hans van der Merwe wrote: If/When Linux makes it big-time on the desktop do you think it will also be bogged down with virus attacks as MS is now. No. The reason windows is attacked is because its EASY, not JUST because its popular. Believing otherwise is swallowing Microsoft FUD hook line and sinker. Why is it assumed that Linux is less prone to virus attacks? Because it is. With windows, simply sending you a file can infect you. With linux, sending you a file and having you click on it all day long STILL does not make it executable. I know to install stuff in the system, root is necessary, but installing and running dangerous stuff in the user home directories is easy; you just need a cunning app to fool the user in executing malicious code. Social engineering is always a risk, but with Linux you can even prevent against that to a far greater degree than with windows. Egress filtering does a lot. But the real protection is that users who are too dumb to realized WHY they are being asked to set something executable when all they thought they were doing was getting a eCard from a classmate or a bored girl are also too dumb to figure out how to set it executable. (given, doing this in Win is easier, but not impossible in any flavour Linux) I submit that for all practical purposes it is impossible. Or at the very least impractical. Evidence: We have been fighting windows viruses and worms tooth and nail for Over 10 Years. Wouldn't you thing that would have been time enough for some clever virus writer to try and take over that very LARGE segment of internet web servers that run on various 'nix machines, and which serve as firewalls to vast data warehouses? Further advances in SE linux make it even less likely in the future. Bill would like you to believe its JUST because his OS is popular. Again, Im only talking about Desktop Linux, not servers - web users dont have logons, email and web-browsing on arb webservers - so it remains dumb user proof. But my main concern is that dumb users usually make up most of the desktop market out there - and preaching to them that Linux will make there virus problem go away is setting them up for a fall. Hans Sorry, their virus problem and for replying to my own mail. And... desktop users install all kinds of insane apps - when desktop linux is popular - more apps will appear - increasing the risk of installing a malicious one. Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007, Hans van der Merwe wrote: But my main concern is that dumb users usually make up most of the desktop market out there - and preaching to them that Linux will make there virus problem go away is setting them up for a fall. I fail to see how it sets them up for a fall. There has to be a something to fall over before there is a fall. What would YOU SUGGEST we preach to them? -- _ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote: On Tuesday 07 August 2007, Hans van der Merwe wrote: But my main concern is that dumb users usually make up most of the desktop market out there - and preaching to them that Linux will make there virus problem go away is setting them up for a fall. I fail to see how it sets them up for a fall. There has to be a something to fall over before there is a fall. What would YOU SUGGEST we preach to them? Again - the SETUP will involve removing windows and installing a flavour of linux to curb the effects of viruses. The FALL will be when they click yes to something they dont understand (not Linux fault, yes I know) and then having their docs trashed - leaving them exactly where they were with windows. They and the media will not be interested in how it happened, just that it happened. Yes this is not in any way the fault of Linux or Linux programmers or distros etc, BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007 09:28, Registration Account wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file Scott How is the presence of a phishing email a virus infection in Linux? -- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: 0161 834 7961 Fax: 0161 839 5797 http://www.chethams.org.uk -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On 08/07/2007 05:49 PM, Hans van der Merwe wrote: Again - the SETUP will involve removing windows and installing a flavour of linux to curb the effects of viruses. And it does help, not in the future but in the present. The FALL will be when they click yes to something they dont understand (not Linux fault, yes I know) and then having their docs trashed - leaving them exactly where they were with windows. And if they have learned nothing else than not to click on everything next time, then at least they have learned that. BUT, anything that would wipe out their docs would only wipe out their docs. Getting running again would be a short exercise not a reinstall. Anyone that inept is still in much better shape with Linux than Windows. They and the media will not be interested in how it happened, just that it happened. If they do not care how it happened, then they would be beyond any reasonable arguments because they would definitely be fringe, not mainstream. Yes this is not in any way the fault of Linux or Linux programmers or distros etc, BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. I respect your right to your opinion, but I know my daughters laptop works much more reliably in Linux than in Windows in her college setting, with friends using her computer. It is her opinion Linux DOES much more than help, it works when her dual boot Windows gets stuffed with viruses, worms, etc. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: Why is it assumed that Linux is less prone to virus attacks? * Windows is stuck by it's history. Original windows (3.11, 95 or 98) had no idea of what security mind. So many application programmers used to store they user data in the application folder (for example). And they are used to, so they still do. so it's nearly impossible to run windows XP in safe mode (it can do) without conflicting with dozen of softwares. result: even a cautious user is obliged to run XP with root permissions. * proprietary software, specially shareware rely on external repositories to spread they application. Proprietary paid software are hacked and spread by e-mule or similar. This makes content ack very difficult. You stole a programm, you can't ask the owner if there is a virus inside... Open source programms/apps are mostly spread via owner repository or official mirrors, anybody complaining can have an aswer in a minute (if a virus is suspected, the community have a very fast response curve), so any virus will be detected, the origin found and cured in a matter of hours. The only significant attacks against Linux are made from the computer keyboard (and against that, no cure). * oh... the worst virus: a mail with my friend, this 'vmlinuz' file in your /boot folder is an extremely dangerous virus, immediatly - copy this info to all yours friends, - go root and remove this file from your disk, and any file that looks similar. if you follow such instructions, you deserv the problems you get :-() jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Registration Account wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file Scott If an email contains a virus, Linux is quite capable of passing it on with that message. How many of those viruses infected the Linux box? Just sitting in a mail box doesn't count as infected. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 18:24 +0800, Joe Morris (NTM) wrote: On 08/07/2007 05:49 PM, Hans van der Merwe wrote: Again - the SETUP will involve removing windows and installing a flavour of linux to curb the effects of viruses. And it does help, not in the future but in the present. The FALL will be when they click yes to something they dont understand (not Linux fault, yes I know) and then having their docs trashed - leaving them exactly where they were with windows. And if they have learned nothing else than not to click on everything next time, then at least they have learned that. BUT, anything that would wipe out their docs would only wipe out their docs. Getting running again would be a short exercise not a reinstall. Anyone that inept is still in much better shape with Linux than Windows. They and the media will not be interested in how it happened, just that it happened. If they do not care how it happened, then they would be beyond any reasonable arguments because they would definitely be fringe, not mainstream. Well, just read a bit about the Firefox Password Manager bug that is hurting the move to Firefox, Im sure. Wired, CNet, CNN, BBC, etc really dont care that this is not a bug in the traditional sense of the word, but well... a feature gone bad in the ever changing webserver world. To them its a juicy story about the great freedom Firefox being just as vulnerable/bad as IE or Safari. Fringe media is leading the non-tech world, its a reality, something to plan for and deal with. Yes this is not in any way the fault of Linux or Linux programmers or distros etc, BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. I respect your right to your opinion, but I know my daughters laptop works much more reliably in Linux than in Windows in her college setting, with friends using her computer. It is her opinion Linux DOES much more than help, it works when her dual boot Windows gets stuffed with viruses, worms, etc. I guess (and again my opinion) that most (yes, not all) Linux users at the moment are not the average Joe computer user that will click on anything that is put up on the screen. And users that dont know Linux using Linux is more cautious not to mess-up the computer. This will change as average Linux users increase. I'm just preaching caution - just as I don't tell people to use Linux because its free, money wise or as in freedom, most of them are skeptical about free stuff, and the other really not care about tech freedom (wrongly so, but that is a diff fight). I believe that the free, freedom etc is to the Dells, HPs and IBMs, not the user - the user, in an ideal world, should not even know what a OS is (as MS have already done with 80% of the users out there). Dell etc should care if some of their revenue go to MS - they are starting to, they should make the difference. A user revolt will not happen. Well, my ZA 2c worth, which is not much in $ terms. Thanks for the discussion. Hans ps. I have no Windows machines at home - Im also seen as the company Linux fanboy/troublemaker - so this is mainly a bit of devils advocation going on. E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: On Tue, 2007-08-07 at 10:40 +0200, Clayton wrote: On 8/7/07, Registration Account [EMAIL PROTECTED] wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file But... that isn't a Linux virus is it? That is an email with stuff in it that is only triggered when you respond to the contents... (click on link, provide personal information in a reply etc) ie.. it is a social engineering virus, not a Linux virus. C On this subject. If/When Linux makes it big-time on the desktop do you think it will also be bogged down with virus attacks as MS is now. Why is it assumed that Linux is less prone to virus attacks? I know to install stuff in the system, root is necessary, but installing and running dangerous stuff in the user home directories is easy; you just need a cunning app to fool the user in executing malicious code. (given, doing this in Win is easier, but not impossible in any flavour Linux) In order for it to run, someone has to make it executable first. If that is not done, a virus is incapable of doing anything. Then even if it manages to run, it can only affect whatever the user has permissions for and nothing else. Further, there were many bad design decisions in MS software, that leave it wide open for abuse. A famous example of this is how IE is built into the kernel. The sole reason for this is because in the Netscape vs MS trial, MS said IE couldn't be removed as it was part of the OS. Next version of Windows, it was mixed in with the OS, when it previously had been just an app. This means that any malware that affects IE has the run of the system. At a time when good software engineering dictated modularizing, MS was going the other way. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: Well, that what I started with - a desktop environment - in desktop environments there are basically only one user - so messing with his/her docs/mail etc is just as bad as wiping the /lib dir? Not at all. If a user manages to screw up his/her home-directory, you just restore it from the last backup. If you get an intruder on your system as such, you might even have to re-install. /Per Jessen, Zürich -- http://www.spamchek.com/ - your spam is our business. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. Does anyone actually do that? I can see the above as an additional argument for someone who's about to switch to Linux, but surely it's not the main reason. /Per Jessen, Zürich -- http://www.spamchek.com/ - your spam is our business. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007, Per Jessen wrote: Hans van der Merwe wrote: Well, that what I started with - a desktop environment - in desktop environments there are basically only one user - so messing with his/her docs/mail etc is just as bad as wiping the /lib dir? Not at all. If a user manages to screw up his/her home-directory, you just restore it from the last backup. If you get an intruder on your system as such, you might even have to re-install. If Linux were to gain real desktop acceptance, could one expect macro viruses to become fashionable again? Is there any difference between OOo and MS Office regarding this? Tero Pesonen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote: What would YOU SUGGEST we preach to them? Hans, we preach Braaivleis, Boerewors, Biltong Chevrolet; i.e. don't worry, be happy ... :-) Al -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 11:42 +, Hans van der Merwe wrote: I'm just preaching caution - just as I don't tell people to use Linux because its free, money wise or as in freedom, most of them are skeptical about free stuff, and the other really not care about tech freedom (wrongly so, but that is a diff fight). I believe that the free, freedom etc is to the Dells, HPs and IBMs, Last week I got quotes for Dell Notebooks. I wanted them without OS or Linux on them. I requested them to quote with Vista (some now alternatively with XP) and without OS. They said it makes no difference, it costs the same with or without Vista. So the user is locked in by the vendor to Vista, penalising the other OS users. not the user - the user, in an ideal world, should not even know what a OS is (as MS have already done with 80% of the users out there). Dell etc should care if some of their revenue go to MS - they are starting to, they should make the difference. A user revolt will not happen. because they are forced to buy M$ (don't think the OS costs are not calculated into the price - they do not give away anything), and if not, get penalised. :-) Al -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, August 7, 2007 1:28 am, Registration Account wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file Heh. Run! Hide! Cover your childrens' eyes! Seriously, I just had this discussion a few days ago with my parental unit. She was all freaked out about some phishing emails she got and thought for sure she was infected. (My son had launched AMOR and had dropped her wireless mouse receiver behind the desk. As a result, her mouse movements were jerky and there was this smiling face on the screen. She was sure that was due to the viruses she'd obtained.) Keep in mind - unless you're stupid enough to run as root all the time, the worst that can happen is someone may get into your local files or fire off an email. I remember purposely trying to open an virus under KNode to see what would happen... http://www.perfectreign.com/stuff/osama.jpg ...you are fine. -- k www.perfectreign.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 2007-08-07 at 07:27 -0700, Kai Ponte wrote: On Tue, August 7, 2007 1:28 am, Registration Account wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file Heh. Run! Hide! Cover your childrens' eyes! Seriously, I just had this discussion a few days ago with my parental unit. She was all freaked out about some phishing emails she got and thought for sure she was infected. (My son had launched AMOR and had dropped her wireless mouse receiver behind the desk. As a result, her mouse movements were jerky and there was this smiling face on the screen. She was sure that was due to the viruses she'd obtained.) Keep in mind - unless you're stupid enough to run as root all the time, the worst that can happen is someone may get into your local files or fire off an email. Why is this not an issue with anyone? Deleting a normal users data is a big thing. They consider the PC broken if their files disappear. Hans E-Mail disclaimer: http://www.sunspace.co.za/emaildisclaimer.htm -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007 16:50, Hans van der Merwe wrote: She was all freaked out about some phishing emails she got and thought for sure she was infected. (My son had launched AMOR and had dropped her wireless mouse receiver behind the desk. As a result, her mouse movements were jerky and there was this smiling face on the screen. She was sure that was due to the viruses she'd obtained.) Keep in mind - unless you're stupid enough to run as root all the time, the worst that can happen is someone may get into your local files or fire off an email. Why is this not an issue with anyone? Deleting a normal users data is a big thing. They consider the PC broken if their files disappear. Because my personal files are all backed up. And I don't know how else it can be explained. It basically takes 3 actions for the virus to work. One it has to get on the system. Two - someone has to make it executable. three - then you have to execute it. It's that simple. If you do all three of those things, you deserve whatever you get. I mean the you in the figurative sense not personal. I doubt a noob would know how to make the file executable. They'll click on it and when nothing happens it's deleted And if you fall for a phishing email, that started this thread, then you are in the same boat as the guy that made the virus file executable. Mike -- Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8 5:04pm up 9 days 7:21, 4 users, load average: 2.23, 2.19, 2.18 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007, Kai Ponte wrote: On Tue, August 7, 2007 1:28 am, Registration Account wrote: As you know clamAV provides NO realtime virus detection and from time to time we all need to execute a clamscan - Well I just performed a clamscan and found 4 folder which a year or so stored and catagorised emails and all 4 folders were infected with Phishing.Heuristics.emal.spoofedDomain virus's. As almost all emails are held in mbox format I would suggest everyone to run a scan periodically. Remember clamAV provides NO repeat NO real time protection, even if you copy them to a MS Windows or NSF drive or open an infected file or execute an infected .bin file Heh. Run! Hide! Cover your childrens' eyes! Seriously, I just had this discussion a few days ago with my parental unit. She was all freaked out about some phishing emails she got and thought for sure she was infected. (My son had launched AMOR and had dropped her wireless mouse receiver behind the desk. As a result, her mouse movements were jerky and there was this smiling face on the screen. She was sure that was due to the viruses she'd obtained.) Keep in mind - unless you're stupid enough to run as root all the time, the worst that can happen is someone may get into your local files or fire off an email. and thus install a keylogger or similar application. Once you realise there's a logger process running on your system, you also realise you don't know which of your local or remote backus can be trusted any more, in case they were accessed while your system was compromised. You may need to bring some off-site backups from physical media, which, for many people, are not at all up to date now that FTP based backup solutions with large quatas are so readily available. ...you are fine. Not necessarily. I believe there were macro viruses for MS Excell that tried to go unnoticed as long as possible, corrupting very small amounts of data in Excell sheets every now and then. The result was that months' or even a full year's worth of files and backups could go getting corrupted before it was noticed. Could this happen on OOo? I don't know. Anyway, backups are of little use if the data in them cannot be trusted, even if they were not altered in any way. All you need is to know that they could have been corrupted at will. Also, I'd call firing off god knows what kinds of email from my IP or from my account very undesirable. Regards, Tero Pesonen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: Again, Im only talking about Desktop Linux, not servers - web users dont have logons, email and web-browsing on arb webservers - so it remains dumb user proof. But my main concern is that dumb users usually make up most of the desktop market out there - and preaching to them that Linux will make there virus problem go away is setting them up for a fall. Bottom line, you're ignoring all the technical differences that make Windows a wide open target, in comparison to Linux or Unix. No amount of dumb users will overcome that fact. Then, good practices will go further to reduce that risk and also it is virtually impossible for a virus to get started, without some very deliberate action on the part of the user. Also, some distros make it plain to users that running as root is a dumb thing. In Windows, many apps require admin rights, just to function. So if you're running such an app, any malware you get, will have access to the entire system. On the other hand, with Linux, if you need root privileges, you are specifically asked for them or denied. This means that it's extremely difficult for malware to do significant damage. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: And... desktop users install all kinds of insane apps - when desktop linux is popular - more apps will appear - increasing the risk of installing a malicious one. Any malware capable of causing significant damage i.e. beyond the users files etc., will require root privileges. This requires deliberate action, unlike in Windows, where simply going to the wrong website or openning tainted email is all it takes. No one can make the claim Linux or any other OS is invulnerable, but there's a world of difference between it and Windows, that has nothing to do with the number of users. If popularity were the criteria, please explain why Apache on Linux or Unix or even Apache on Windows makes for a far more secure web site than IIS on Windows. IIRC, Apache on Linux/Unix is at least 75% of the web servers. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote: On Tuesday 07 August 2007, Hans van der Merwe wrote: But my main concern is that dumb users usually make up most of the desktop market out there - and preaching to them that Linux will make there virus problem go away is setting them up for a fall. I fail to see how it sets them up for a fall. There has to be a something to fall over before there is a fall. What would YOU SUGGEST we preach to them? Again - the SETUP will involve removing windows and installing a flavour of linux to curb the effects of viruses. The FALL will be when they click yes to something they dont understand (not Linux fault, yes I know) and then having their docs trashed - leaving them exactly where they were with windows. They and the media will not be interested in how it happened, just that it happened. Yes this is not in any way the fault of Linux or Linux programmers or distros etc, BUT telling users to install Linux because it will help for viruses is IMHO irresponsible. Windows malware does much more than simply trash a users documents. If that was all it did, it wouldn't be such a problem. Take a look at all that spam that hits your inbox. Most of that is coming from compromised Windows boxes. That is but one example that goes beyond deleting files. Perhaps you'd should get a better understanding of what malware does and how it's propogated. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Tero Pesonen wrote: Not necessarily. I believe there were macro viruses for MS Excell in approx 25 years of computing, I _never_ had data corrupted by a virus, even on windows. This don't mean I never got virus, but I always see it before any damage done. I have seen many computer destructed by visuses, of course, even very recently. it's only a matter of caution. A true virus needs to be executed to replicate. I never use an app of unknow origin, if not doublechecked by a good anti-virus. I _never_ open a word or exel file from unknown origin, in case of doubt I run an anti-virus on them before opening (and got many viruses like this). Now I open word docs with openoffice, I don't think there is (yet) a virus able to run like this. of course autorun is always unset. I usually open docs with wordpad in place of word (in fact I stopped using ms word many years ago, with word 97). last rerally problematic virus I had was on a floppy... and no data damaged. jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tuesday 07 August 2007, jdd wrote: Tero Pesonen wrote: Not necessarily. I believe there were macro viruses for MS Excell in approx 25 years of computing, I _never_ had data corrupted by a virus, even on windows. Sure, but you're not an average user either. Regards, Tero Pesonen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Tero Pesonen wrote: On Tuesday 07 August 2007, jdd wrote: Tero Pesonen wrote: Not necessarily. I believe there were macro viruses for MS Excell in approx 25 years of computing, I _never_ had data corrupted by a virus, even on windows. Sure, but you're not an average user either. may be, I just wanted to quote that minimal cautions makes the job done (I'm not paranoid) jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Hans van der Merwe wrote: Why is this not an issue with anyone? Deleting a normal users data is a big thing. They consider the PC broken if their files disappear. That's a minor issue, compared to some of the other things malware can do. Stuff such as stealing passwords and other personal info, spam generators, corrupting the entire computer etc. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
James Knott wrote: Bottom line, you're ignoring all the technical differences that make Windows a wide open target, in comparison to Linux or Unix. No amount of dumb users will overcome that fact. Then, good practices will go further to reduce that risk and also it is virtually impossible for a virus to get started, without some very deliberate action on the part of the user. Also, some distros make it plain to users that running as root is a dumb thing. In Windows, many apps require admin rights, just to function. So if you're running such an app, any malware you get, will have access to the entire system. On the other hand, with Linux, if you need root privileges, you are specifically asked for them or denied. This means that it's extremely difficult for malware to do significant damage. Okay I know not everyone likes the use of wikipedia as a reference, but from their computer virus entry (http://en.wikipedia.org/wiki/Computer_virus) this is what they state: A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The original may modify the copies or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium such as a floppy disk, CD, USB drive or by the Internet. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with computer worms and Trojan horses. I think people are confusing virus with Trojan. From my old PC support days, most of the virii that were in the wild were tied to Office documents, or existed on boot sectors of floppies and hard drives. Nothing to execute there. I think it would be pretty easy for a virus to exist on linux systems. There is no requirement that it destroy the system, no requirement that it has root privileges, nor any requirement that it affects more than one person. All it takes is OpenOffice to have a hole that can be utilized, or Thunderbird, or Kmail or any application that most desktop linux users would use. That would allow the user to be infected, and to attempt to affect others. Sounds like a virus to me. But yes it would be restricted to the privileges that that user has. But nothing stops a linux desktop user from launching a bunch of process' that would make it as much of a zombie machine as a desktop windows box. A Trojan, requires user intervention to execute or launch. And again, thats restricted to the privileges that user has. But there is no reason this cannot exist on a Linux desktop. Again, what are the windows zombie machines really doing, does not being root on a linux desktop really prevent you from doing many of those things? A worm, moves of its own volition, no requirement that it be a user launching a program or anything. There is no reason to say that Linux is not vulnerable to these at all. (And yes I know no one was saying that Linux was, just mentioning the difference between this and a virus). Michael -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
Michael Letourneau wrote: I think people are confusing virus with Trojan. From my old PC support days, most of the virii that were in the wild were tied to Office documents, or existed on boot sectors of floppies and hard drives. Nothing to execute there. I think it would be pretty easy for a virus to exist on linux systems. There is no requirement that it destroy the system, no requirement that it has root privileges, nor any requirement that it affects more than one person. All it takes is OpenOffice to have a hole that can be utilized, or Thunderbird, or Kmail or any application that most desktop linux users would use. That would allow the user to be infected, and to attempt to affect others. Sounds like a virus to me. But yes it would be restricted to the privileges that that user has. But nothing stops a linux desktop user from launching a bunch of process' that would make it as much of a zombie machine as a desktop windows box. A boot sector virus is executed every time the computer is booted. Any OS can be vulnerable to a boot sector virus during booting, because the OS is not running at that time. The only protection is what's provided with the BIOS. On the other hand computers running protected operating systems, such as Linux or OS/2 cannot be infected when running, as they have mechanisms to prevent it. DOS and DOS based versions of Windows (3.1, 95, 98 etc) do not have such protection and can be infected whenever the virus is run. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
James Knott wrote: A boot sector virus is executed every time the computer is booted. Any OS can be vulnerable to a boot sector virus during booting my old thunderbyte anti-vir software replaced the boot sector by it's own and kept an md5sum of it, preventing such attack. I hope moderns systems have something similar... jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
James Knott wrote: Michael Letourneau wrote: I think people are confusing virus with Trojan. From my old PC support days, most of the virii that were in the wild were tied to Office documents, or existed on boot sectors of floppies and hard drives. Nothing to execute there. I think it would be pretty easy for a virus to exist on linux systems. There is no requirement that it destroy the system, no requirement that it has root privileges, nor any requirement that it affects more than one person. All it takes is OpenOffice to have a hole that can be utilized, or Thunderbird, or Kmail or any application that most desktop linux users would use. That would allow the user to be infected, and to attempt to affect others. Sounds like a virus to me. But yes it would be restricted to the privileges that that user has. But nothing stops a linux desktop user from launching a bunch of process' that would make it as much of a zombie machine as a desktop windows box. A boot sector virus is executed every time the computer is booted. Any OS can be vulnerable to a boot sector virus during booting, because the OS is not running at that time. The only protection is what's provided with the BIOS. On the other hand computers running protected operating systems, such as Linux or OS/2 cannot be infected when running, as they have mechanisms to prevent it. DOS and DOS based versions of Windows (3.1, 95, 98 etc) do not have such protection and can be infected whenever the virus is run. Yes true, not typically what is thought of executing though, and not really what my point was. My point was that everyone was talking about having to have the file be executable and executed in order to get infected. That is not true. If you actually have to execute it, thats a trojan, not really a virus. But again, in either of those cases not being root does not necessarily prevent your machine from being infected and/or the possible results thereof. Everyone remembers Melissa, http://www.cert.org/advisories/CA-1999-04.html, if that were designed for a Linux system, not being root would not stop/prevent it at all. Michael -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
jdd wrote: James Knott wrote: A boot sector virus is executed every time the computer is booted. Any OS can be vulnerable to a boot sector virus during booting my old thunderbyte anti-vir software replaced the boot sector by it's own and kept an md5sum of it, preventing such attack. I hope moderns systems have something similar... Many systems will prevent writing to the MBR, if so configured. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
But again, in either of those cases not being root does not necessarily prevent your machine from being infected and/or the possible results thereof. Everyone remembers Melissa, http://www.cert.org/advisories/CA-1999-04.html, if that were designed for a Linux system, not being root would not stop/prevent it at all. OK, but that required that you have macros set to autoexecute - if I remember right, that was the default setting for Office. In Linux.. most people use OpenOffice.org which is set by default to not auto execute macros. You have to explicitly click the Enable Macros button.. and only then will any embedded macros run. This does not account for buffer overflow exploits etc...I seem to remember one recently (in the past year) that would give you root access to a remote machine... scary except that you had to be root already to get into the state where the exploit could be triggered.. giving you root access to something you were already logged into as root... so not much of an exploit. C. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
On Tue, 7 Aug 2007, Clayton wrote:- snip This does not account for buffer overflow exploits etc...I seem to remember one recently (in the past year) that would give you root access to a remote machine... scary except that you had to be root already to get into the state where the exploit could be triggered.. giving you root access to something you were already logged into as root... so not much of an exploit. If you can get a normal user to execute something that is able to use a local root exploit, that users system could be very easily compromised. All it would need is for whatever used the root exploit install a root-kit, downloading whatever is needed as required, and the system can end up in a similar state as a virus-infected Windows system. However, all this is based upon the premise that you have a user[0] so idiotic that they'd specifically save an attachment, make it executable, actually open this executable file, and that the exploit it wishes to exploit is actually present on that system. Any of these don't occur, there will be no infection. Of course, there's also those infections that occur without user intervention, but those tend to come in through security holes in server daemons which are unlikely to be running on a normal users desktop system. [0] Of which I'm absolutely certain there either are some right now, or there will be some in the future. Regards, David Bolt -- Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a6 32bit -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Who said Linux doesnot get Virus infections
David Bolt wrote: On Tue, 7 Aug 2007, Clayton wrote:- snip This does not account for buffer overflow exploits etc...I seem to remember one recently (in the past year) that would give you root access to a remote machine... scary except that you had to be root already to get into the state where the exploit could be triggered.. giving you root access to something you were already logged into as root... so not much of an exploit. If you can get a normal user to execute something that is able to use a local root exploit, that users system could be very easily compromised. All it would need is for whatever used the root exploit install a root-kit, downloading whatever is needed as required, and the system can end up in a similar state as a virus-infected Windows system. However, all this is based upon the premise that you have a user[0] so idiotic that they'd specifically save an attachment, make it executable, actually open this executable file, and that the exploit it wishes to exploit is actually present on that system. Any of these don't occur, there will be no infection. As more and more file types get linked to more applications I am not so sure that executing something has the same meaning it used to. Say you download a new screen saver, you never really execute that, but your window manager utilizes the data in it. Your window manager runs on X, X runs as root... Yeah its a huge round-about way, but really can anyone say something similar with X or something else, is absolutely impossible? Of course, there's also those infections that occur without user intervention, but those tend to come in through security holes in server daemons which are unlikely to be running on a normal users desktop system. Yup, I would classify those more as worms or exploits rather than virii. But most of the popular services have had some issues, ftp, mail, http, ssh... [0] Of which I'm absolutely certain there either are some right now, or there will be some in the future. I totally agree. Windows is the low hanging fruit. People can get the most bang for the least effort there. They want a zombie network that can spam the world, right now its far easier to develop something for Windows than to do the same for Linux. Regards, David Bolt Michael -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
