Re: [opensuse] Who said Linux doesnot get Virus infections

2007-09-05 Thread lerninlinux

 -- Original message --
From: Aaron Kulkis [EMAIL PROTECTED]
 Hans van der Merwe wrote:
  On Wed, 2007-08-08 at 07:38 -0400, James Knott wrote:
  Hans van der Merwe wrote:
  lware.
 
  Ok, tell me, seeing that I know nothing, if I can compromise a Linux
  users home dir - why cant I send out spam?
   

  I have never claimed such a thing is impossible, but it is far more
  difficult to do with Linux.  In order to send out spam, something has to
  execute that can do that.  That means the user has to make something
  executable and then execute it.  That barrier is much lower in Windows. 
  The bottom line, which you apparently refuse to accept, is that it is
  much more difficult for such problems to occur with Linux.  Please note,
  I'm not saying impossible, just much more difficult.  Please also
  understand that Windows was built as a single user system, without many
  of the security methods that are standard in Linux  Unix and you can
  add to that some extremely poor software design in MS products, that
  turn them into a security sieve.  This means no matter how careful a
  user is, Windows will always be far more risky.
 
  
  
  I think we agree on the subject.
  
  Last thing - I dont think most virus/trojan/DOSattack writers do it
  because its easy to do it in Windows (which it is), but because its got
  a huge impact on the computer industry (80% odd using flavor of Win)  -
  and in there lies my main argument, that if it is do-able in Linux
  (irrelevant of afford) it will hit the successful Desktop Linux market.
  
 
 In which case, you're dumber than a box of rocks.
 
 Windows malware often requires NO user action to cause damage,
 where as you have demonstrated your absolute REFUSAL to even
 understand that the security model of Unix/Linux (going all the
 way back to the 1970's) REQUIRES that a user do several specific
 steps to make a malware package run...things that a clueless
 newbie isn't going to know how to do in the first place--thus
 protecting him/her from his own ignorance.
 
 Now shut up, and get a freaking clue.
 Sheesh!
 
 
 
  And thats all he wrote
  Hans
  
  
  
  
  E-Mail disclaimer:
  http://www.sunspace.co.za/emaildisclaimer.htm
 
 
 
 -- 
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 



To try to make it CIVIL and uncomplicated, I am going to give an example that I 
give to my Windows friends.

The Amish computer virus.  It works like this:
You have just received the Amish virus.

Since we have no electricity or computers, you are on the honor system.

Please delete all of your files on your hard drive. Then forward this message 
to everyone in your address book.


We thank thee.

That is a simplification.  If you have gained access to a persons home 
directory your a step closer to rooting the box. (depending on the users 
authority) You may or may not have rights to run programs, etc.  If not, then 
you need to get administrator rights, and you have to take another step.
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-09-05 Thread Hans van der Merwe

On Wed, 2007-09-05 at 01:52 -0400, Aaron Kulkis wrote: 
 Hans van der Merwe wrote:
  
  I think we agree on the subject.
  
  Last thing - I dont think most virus/trojan/DOSattack writers do it
  because its easy to do it in Windows (which it is), but because its got
  a huge impact on the computer industry (80% odd using flavor of Win)  -
  and in there lies my main argument, that if it is do-able in Linux
  (irrelevant of afford) it will hit the successful Desktop Linux market.
  
 
 In which case, you're dumber than a box of rocks.
 
 Windows malware often requires NO user action to cause damage,
 where as you have demonstrated your absolute REFUSAL to even
 understand that the security model of Unix/Linux (going all the
 way back to the 1970's) REQUIRES that a user do several specific
 steps to make a malware package run...things that a clueless
 newbie isn't going to know how to do in the first place--thus
 protecting him/her from his own ignorance.
 
 Now shut up, and get a freaking clue.
 Sheesh!
 

Wow, this thread still going?
Seeing that you provide such a compelling and well structured argument
to the issue at hand and keeping your personal insecurities to yourself,
I feel obligated to respond.
If you read the rest of the thread you will learn that other things come
to play when talking about the future of the Desktop Linux platform.
Newbies, as you pointed out, will not know how to make the email
attachment executable, thus people (friends, Dell, who ever) will start
writing software to overcome these oh what the hell read the
other posts, Im bored.





E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-09-05 Thread Per Jessen
Aaron Kulkis wrote:

 In which case, you're dumber than a box of rocks.
 
 Windows malware often requires NO user action to cause damage,
 where as you have demonstrated your absolute REFUSAL to even
 understand that the security model of Unix/Linux (going all the
 way back to the 1970's) REQUIRES that a user do several specific
 steps to make a malware package run...things that a clueless
 newbie isn't going to know how to do in the first place--thus
 protecting him/her from his own ignorance.
 
 Now shut up, and get a freaking clue.
 Sheesh!

Aaron, you might want to moderate your language bit - be nice to people,
and they'll be nice to you. 



/Per Jessen, Zürich

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Illtempered Abuse (was Re: [opensuse] Who said Linux doesnot get Virus infections)

2007-09-05 Thread G T Smith
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Aaron Kulkis wrote:
 Hans van der Merwe wrote:

snip
 
 In which case, you're dumber than a box of rocks.
 
snip

 Now shut up, and get a freaking clue.
 Sheesh!
 
 

Your contributions today (of which this is the last I have received) are
at best deranged... this the first case of net rabies I have come
across... a four month absence then back snapping at anyone and
everything on old topics...

A suggestion.. go back on the medication and consider your blood
pressure :-]

Something slightly trollish here methinks... you have managed to score a
first, the first person I have decided to filter out as an individual

- --
==
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.

Bjarne Stroustrup
==
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFG3mhcasN0sSnLmgIRAsn8AJ4g8KrYSYq8AikJiPWdLEyRxkDyrwCfeiDB
s/iR0wRxnHzwDWyllHIdQfg=
=8JWm
-END PGP SIGNATURE-
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-09-04 Thread Aaron Kulkis

Hans van der Merwe wrote:

On Wed, 2007-08-08 at 07:38 -0400, James Knott wrote:

Hans van der Merwe wrote:

lware.

Ok, tell me, seeing that I know nothing, if I can compromise a Linux
users home dir - why cant I send out spam?
 
  

I have never claimed such a thing is impossible, but it is far more
difficult to do with Linux.  In order to send out spam, something has to
execute that can do that.  That means the user has to make something
executable and then execute it.  That barrier is much lower in Windows. 
The bottom line, which you apparently refuse to accept, is that it is

much more difficult for such problems to occur with Linux.  Please note,
I'm not saying impossible, just much more difficult.  Please also
understand that Windows was built as a single user system, without many
of the security methods that are standard in Linux  Unix and you can
add to that some extremely poor software design in MS products, that
turn them into a security sieve.  This means no matter how careful a
user is, Windows will always be far more risky.




I think we agree on the subject.

Last thing - I dont think most virus/trojan/DOSattack writers do it
because its easy to do it in Windows (which it is), but because its got
a huge impact on the computer industry (80% odd using flavor of Win)  -
and in there lies my main argument, that if it is do-able in Linux
(irrelevant of afford) it will hit the successful Desktop Linux market.



In which case, you're dumber than a box of rocks.

Windows malware often requires NO user action to cause damage,
where as you have demonstrated your absolute REFUSAL to even
understand that the security model of Unix/Linux (going all the
way back to the 1970's) REQUIRES that a user do several specific
steps to make a malware package run...things that a clueless
newbie isn't going to know how to do in the first place--thus
protecting him/her from his own ignorance.

Now shut up, and get a freaking clue.
Sheesh!




And thats all he wrote
Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm




--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-11 Thread Carl Spitzer
On Tue, 2007-08-07 at 13:42 -0400, James Knott wrote:

 A boot sector virus is executed every time the computer is booted.  Any 
 OS can be vulnerable to a boot sector virus during booting, because the 
 OS is not running at that time.  The only protection is what's provided 
 with the BIOS.  On the other hand computers running protected operating 
 systems, such as Linux or OS/2 cannot be infected when running, as they 
 have mechanisms to prevent it.  DOS and DOS based versions of Windows 
 (3.1, 95, 98 etc) do not have such protection and can be infected 
 whenever the virus is run.

MY PII was thus infected because I multi boot with Win311 for legacy
apps.  Rewriting the MBR from SuSE8.2 at the time did not cure the
problem.  It was a harmless variant of a known virus which I defeated
with Fprot and hard rebooting.  At the time using FProt in the
recommended way found the virus in memory and therefore refused to clean
the infection.  I beat this problem by telling FProt to ignore memory
and to do the clean then I immediately rebooted.  I did this three times
then ran FProt in the usual way and no virus was found.  From then on I
made Linux the default boot and load data from media therein.

To protect the anti virus software I kept it zipped in a location not in
the PATH and used a script to break out and run the program in a
directory I make up at that time.  There is not much you can do with
such legacy systems but the exorcise in paranoia is healthy.
-- 
 ___ _ _ _  _ _  _
|| | | [__  | |  |
|___ |_|_| ___] |  \/


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-10 Thread Fergus Wilde
On Thursday 09 August 2007 15:18, James Knott wrote:
 Tero Pesonen wrote:
  On Thursday 09 August 2007, Fergus Wilde wrote:
  he proprietary video formats issue is one for the lawyers, not Linux
  people. These formats don't play back because copyright and patent
  owners or abusers will not allow free access to them and have
  threatened and bullied, and even prosecuted, people trying simply to
  view files using open source systems.
 
  This distinction is extremely important. Badger your government about
  it, not those working on Linux multimedia, who have shown time and
  again that they can easily overcome any technical issues when not
  threatened by corporations and their legal teams.
 
  I do understand this. I'm not blaming people working on opensource
  multimedia -- they are the people who make it possible for me to view
  these videos! The problem is, that an average user coming from Windows
  does not (based on my experience) know anything about the whys and hows
  relating to video codecs on opensource platforms. If things won't just
  work out of the box or with the install of a media player, the said
  things become an issue. Most people have never even heard of video codecs
  in their life. They just start Windows Mediaplayer or whatever and open
  the video file, or as is often the case, the video source or file
  automatically opens the correct player.
 
[snippage, see below]

 FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98.  A
 couple of years ago, she upgraded to XP and found she could no longer
 play video DVDs.  After some checking, we found that she has to buy the
 necessary software, from a web site that's very irritating and difficult
 to navigate through.  She decided against providing her credit card info
 and went without DVD video playback.  Another issue is when you install
 such things, you often get a load of crapware along with it.  So, it is
 not always so easy for Windows users either.

Right enough - I was surprised, when asked to support XP at work, that Media 
Player can actually cope with only quite a limited subset of formats in a 
default install. My boss had to pay to download some third party kit before 
he could even watch a commercial DVD. After that, he still kept encountering 
things that caused Media Player to offer to go online and download codecs, 
which it mostly failed to do successfully. So like James, I'm not at all sure 
Windows folk get the easy ride you mention. And despite my rigorous checking 
of the hardware of his PC, at least half the time real player knackers XP to 
the point where it has to be rebooted to get acceptable performance back.
Cheers
Fergus

-- 
Fergus Wilde
Chetham's Library
Long Millgate
Manchester
M3 1SB

Tel: 0161 834 7961
Fax: 0161 839 5797

http://www.chethams.org.uk
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Fergus Wilde
On Wednesday 08 August 2007 20:52, Tero Pesonen wrote:
[snip
 I don't feel comfortable recommending Linux desktop to others. Because
 when they will need help, I probably won't be able to help. And they
 should not need help from me with basic issues such as burning disks or
 having some proprietary video formats play back.

 Tero

The proprietary video formats issue is one for the lawyers, not Linux people. 
These formats don't play back because copyright and patent owners or abusers 
will not allow free access to them and have threatened and bullied, and even 
prosecuted, people trying simply to view files using open source systems.

This distinction is extremely important. Badger your government about it, not 
those working on Linux multimedia, who have shown time and again that they 
can easily overcome any technical issues when not threatened by corporations 
and their legal teams.


-- 
Fergus Wilde
Chetham's Library
Long Millgate
Manchester
M3 1SB

Tel: 0161 834 7961
Fax: 0161 839 5797

http://www.chethams.org.uk
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Tero Pesonen
On Thursday 09 August 2007, Fergus Wilde wrote:
 On Wednesday 08 August 2007 20:52, Tero Pesonen wrote:
 [snip

  I don't feel comfortable recommending Linux desktop to others.
  Because when they will need help, I probably won't be able to help.
  And they should not need help from me with basic issues such as
  burning disks or having some proprietary video formats play back.
 
  Tero

 The proprietary video formats issue is one for the lawyers, not Linux
 people. These formats don't play back because copyright and patent
 owners or abusers will not allow free access to them and have
 threatened and bullied, and even prosecuted, people trying simply to
 view files using open source systems.

 This distinction is extremely important. Badger your government about
 it, not those working on Linux multimedia, who have shown time and
 again that they can easily overcome any technical issues when not
 threatened by corporations and their legal teams.

I do understand this. I'm not blaming people working on opensource 
multimedia -- they are the people who make it possible for me to view 
these videos! The problem is, that an average user coming from Windows 
does not (based on my experience) know anything about the whys and hows 
relating to video codecs on opensource platforms. If things won't just 
work out of the box or with the install of a media player, the said 
things become an issue. Most people have never even heard of video codecs 
in their life. They just start Windows Mediaplayer or whatever and open 
the video file, or as is often the case, the video source or file 
automatically opens the correct player. 

On Linux I've always had to manually find and install the codecs. I don't 
know if the latest SUSE has changed that, or what is the case on Ubuntu 
or others popular now. It is no problem at all to me. It could be a 
problem to many others though.

What comes to politics, I enquired those I deemed worth voting for in EU 
and local elections about their stance on software patents in the EU. Not 
that it makes much difference, though. Whatever the government's stance 
on this, it always seems to follow that of Nokia. The industry dictates 
these things here, I guess. 

Tero


 --
 Fergus Wilde
 Chetham's Library
 Long Millgate
 Manchester
 M3 1SB

 Tel: 0161 834 7961
 Fax: 0161 839 5797

 http://www.chethams.org.uk


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread James Knott

Tero Pesonen wrote:

On Thursday 09 August 2007, Fergus Wilde wrote:
  

he proprietary video formats issue is one for the lawyers, not Linux
people. These formats don't play back because copyright and patent
owners or abusers will not allow free access to them and have
threatened and bullied, and even prosecuted, people trying simply to
view files using open source systems.

This distinction is extremely important. Badger your government about
it, not those working on Linux multimedia, who have shown time and
again that they can easily overcome any technical issues when not
threatened by corporations and their legal teams.



I do understand this. I'm not blaming people working on opensource 
multimedia -- they are the people who make it possible for me to view 
these videos! The problem is, that an average user coming from Windows 
does not (based on my experience) know anything about the whys and hows 
relating to video codecs on opensource platforms. If things won't just 
work out of the box or with the install of a media player, the said 
things become an issue. Most people have never even heard of video codecs 
in their life. They just start Windows Mediaplayer or whatever and open 
the video file, or as is often the case, the video source or file 
automatically opens the correct player. 

On Linux I've always had to manually find and install the codecs. I don't 
know if the latest SUSE has changed that, or what is the case on Ubuntu 
or others popular now. It is no problem at all to me. It could be a 
problem to many others though.


  
FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98.  A 
couple of years ago, she upgraded to XP and found she could no longer 
play video DVDs.  After some checking, we found that she has to buy the 
necessary software, from a web site that's very irritating and difficult 
to navigate through.  She decided against providing her credit card info 
and went without DVD video playback.  Another issue is when you install 
such things, you often get a load of crapware along with it.  So, it is 
not always so easy for Windows users either.

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Tero Pesonen
On Thursday 09 August 2007, James Knott wrote:
 Tero Pesonen wrote:
  On Thursday 09 August 2007, Fergus Wilde wrote:
  he proprietary video formats issue is one for the lawyers, not Linux
  people. These formats don't play back because copyright and patent
  owners or abusers will not allow free access to them and have
  threatened and bullied, and even prosecuted, people trying simply to
  view files using open source systems.
 
  This distinction is extremely important. Badger your government
  about it, not those working on Linux multimedia, who have shown time
  and again that they can easily overcome any technical issues when
  not threatened by corporations and their legal teams.
 
  I do understand this. I'm not blaming people working on opensource
  multimedia -- they are the people who make it possible for me to view
  these videos! The problem is, that an average user coming from
  Windows does not (based on my experience) know anything about the
  whys and hows relating to video codecs on opensource platforms. If
  things won't just work out of the box or with the install of a media
  player, the said things become an issue. Most people have never even
  heard of video codecs in their life. They just start Windows
  Mediaplayer or whatever and open the video file, or as is often the
  case, the video source or file automatically opens the correct
  player.
 
  On Linux I've always had to manually find and install the codecs. I
  don't know if the latest SUSE has changed that, or what is the case
  on Ubuntu or others popular now. It is no problem at all to me. It
  could be a problem to many others though.

 FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. 
 A couple of years ago, she upgraded to XP and found she could no longer
 play video DVDs.  After some checking, we found that she has to buy the
 necessary software, from a web site that's very irritating and
 difficult to navigate through.  She decided against providing her
 credit card info and went without DVD video playback.  Another issue is
 when you install such things, you often get a load of crapware along
 with it.  So, it is not always so easy for Windows users either.

interesting. This was new to me.

Regards,
Tero Pesonen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Clayton
  FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98.
  A couple of years ago, she upgraded to XP and found she could no longer
  play video DVDs.  After some checking, we found that she has to buy the
  necessary software, from a web site that's very irritating and
  difficult to navigate through.  She decided against providing her
  credit card info and went without DVD video playback.  Another issue is
  when you install such things, you often get a load of crapware along
  with it.  So, it is not always so easy for Windows users either.

 interesting. This was new to me.

I've seen this many times before.  A few friends bought XP off the
shelf... no DVD playback at all.  A few bought pre-assembled package
deal machines from a local computer store... some included a crippled
DVD playback application on a few.. others had complete DVD playback
apps.  The only option for most was to buy (or illegally download in
some cases) some commercial software.

So.. this business of things like playing DVD out of the box... simply
is a case of people getting systems with a software pack... not some
inbuilt capability of Windows.  Can't speak for Vista

C.
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Mike
On Thursday 09 August 2007 16:54, Tero Pesonen wrote:

 
  FWIW, a friend has an IBM ThinkPad, that came loaded with Windows
  98. A couple of years ago, she upgraded to XP and found she could
  no longer play video DVDs.  After some checking, we found that she
  has to buy the necessary software, from a web site that's very
  irritating and difficult to navigate through.  She decided against
  providing her credit card info and went without DVD video playback.
   Another issue is when you install such things, you often get a
  load of crapware along with it.  So, it is not always so easy for
  Windows users either.

 interesting. This was new to me.

It is? Here's a challenge. Take a new computer with NO OS on it. Install 
XP and tell me what you can do with it except surf the net with IE, use 
Outlook express, and play solitaire.  

Oh, and I hope all the hardware you have works out of the box. It 
might or not. If it doesn't, you have to go out and find the driver. 
Sound user friendly? Most things will work, but there are a few 
oddballs out there that don't. Look at the driver disk sometime for the 
equipment you buy. Does the average user know what type of network card 
they have? Not usually. It was working when I bought it, they say. So 
now you have to find that driver. Oh, but without the network card you 
can't connect to the net to find it. Been there done that. Thank 
goodness for a live linux cd. It found the card, and happened to have a 
driver. 

Mike


-- 
Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8
  4:58pm  up 11 days  7:14,  4 users,  load average: 2.48, 2.32, 2.23
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Casey Stamper

Clayton wrote:

FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98.
A couple of years ago, she upgraded to XP and found she could no longer
play video DVDs.  After some checking, we found that she has to buy the
necessary software, from a web site that's very irritating and
difficult to navigate through.  She decided against providing her
credit card info and went without DVD video playback.  Another issue is
when you install such things, you often get a load of crapware along
with it.  So, it is not always so easy for Windows users either.

interesting. This was new to me.


I've seen this many times before.  A few friends bought XP off the
shelf... no DVD playback at all.  A few bought pre-assembled package
deal machines from a local computer store... some included a crippled
DVD playback application on a few.. others had complete DVD playback
apps.  The only option for most was to buy (or illegally download in
some cases) some commercial software.

So.. this business of things like playing DVD out of the box... simply
is a case of people getting systems with a software pack... not some
inbuilt capability of Windows.  Can't speak for Vista

C.


My favorite cross-platform player (closed source) is VLC Media player. 
I've thrown many formats at it and it has never failed to play them. You 
don't always have to jump through hoops to play multimedia. *You* have 
to decide if you want to use other than open source software. It works 
for me.

http://www.videolan.org/
As usual, I'm not associated, etc.
--
Casey Stamper
http://www.stampersite.com/wordpress
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Roger Oberholtzer
On Thu, 2007-08-09 at 17:14 +0200, Casey Stamper wrote:

 
 My favorite cross-platform player (closed source) is VLC Media player. 
 I've thrown many formats at it and it has never failed to play them. You 
 don't always have to jump through hoops to play multimedia. *You* have 
 to decide if you want to use other than open source software. It works 
 for me.
 http://www.videolan.org/
 As usual, I'm not associated, etc.

closed source?

-- 
Roger Oberholtzer

OPQ Systems / Ramböll RST

Ramböll Sverige AB
Kapellgränd 7
P.O. Box 4205
SE-102 65 Stockholm, Sweden

Tel: Int +46 8-615 60 20
Fax: Int +46 8-31 42 23

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread jdd

Roger Oberholtzer wrote:

On Thu, 2007-08-09 at 17:14 +0200, Casey Stamper wrote:

My favorite cross-platform player (closed source) is VLC Media player. 
I've thrown many formats at it and it has never failed to play them. You 
don't always have to jump through hoops to play multimedia. *You* have 
to decide if you want to use other than open source software. It works 
for me.

http://www.videolan.org/
As usual, I'm not associated, etc.


closed source?


GPL!!!

jdd

--
http://www.dodin.net
http://gourmandises.orangeblog.fr/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Casey Stamper

jdd wrote:

Roger Oberholtzer wrote:

On Thu, 2007-08-09 at 17:14 +0200, Casey Stamper wrote:

My favorite cross-platform player (closed source) is VLC Media 
player. I've thrown many formats at it and it has never failed to 
play them. You don't always have to jump through hoops to play 
multimedia. *You* have to decide if you want to use other than open 
source software. It works for me.

http://www.videolan.org/
As usual, I'm not associated, etc.


closed source?


GPL!!!

jdd



I know, I know! I was talking more about using it in Windows.
--
Casey Stamper
http://www.stampersite.com/wordpress
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Anders Johansson
On Thursday 09 August 2007 18:05:05 Casey Stamper wrote:
 I know, I know! I was talking more about using it in Windows.

It's still open source on windows
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread James Knott

Tero Pesonen wrote:

On Thursday 09 August 2007, James Knott wrote:
  

ould be a problem to many others though.
  
FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98. 
A couple of years ago, she upgraded to XP and found she could no longer

play video DVDs.  After some checking, we found that she has to buy the
necessary software, from a web site that's very irritating and
difficult to navigate through.  She decided against providing her
credit card info and went without DVD video playback.  Another issue is
when you install such things, you often get a load of crapware along
with it.  So, it is not always so easy for Windows users either.



interesting. This was new to me.
  


Most people who use Windows are sheltered from reality, because they 
don't have to install anything to get the hardware working and as long 
as they stick with the original OS intall, they don't have a problem.  I 
was recently reading an article, by someone who was trying to install 
the boxed version of Windows XP on a notebook.  One problem, among 
others, was that the NIC wasn't supported.  He'd have to go to a web 
site to download the drivers.  If he hadn't had another computer 
available, he wouldn't have been able to get the drivers, to enable 
networking.  As for the crapware, that's par for the course for 
Windows.  Dell recently announced they're going to sell systems without 
it, but according to the same article I mentioned above, when they 
bought a new Toshiba computer, it was already loaded with with crapware!



--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread James Knott

Clayton wrote:

FWIW, a friend has an IBM ThinkPad, that came loaded with Windows 98.
A couple of years ago, she upgraded to XP and found she could no longer
play video DVDs.  After some checking, we found that she has to buy the
necessary software, from a web site that's very irritating and
difficult to navigate through.  She decided against providing her
credit card info and went without DVD video playback.  Another issue is
when you install such things, you often get a load of crapware along
with it.  So, it is not always so easy for Windows users either.
  

interesting. This was new to me.



I've seen this many times before.  A few friends bought XP off the
shelf... no DVD playback at all.  A few bought pre-assembled package
deal machines from a local computer store... some included a crippled
DVD playback application on a few.. others had complete DVD playback
apps.  The only option for most was to buy (or illegally download in
some cases) some commercial software.

So.. this business of things like playing DVD out of the box... simply
is a case of people getting systems with a software pack... not some
inbuilt capability of Windows.  Can't speak for Vista

C.
  
Quite so.  Windows built in hardware support is actually very poor.  
It's only because the computer manufactures install the systems, that 
the hardware is supported.  In this respect, Linux is far better than 
Windows.
I always get a chuckle when some new piece of hardware works fine with 
Linux, but Windows requires a driver install.



--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Rajko M.
On Thursday 09 August 2007 10:08, Mike wrote:
 On Thursday 09 August 2007 16:54, Tero Pesonen wrote:
   FWIW, a friend has an IBM ThinkPad, that came loaded with Windows
   98. A couple of years ago, she upgraded to XP and found she could
   no longer play video DVDs.  After some checking, we found that she
   has to buy the necessary software, from a web site that's very
   irritating and difficult to navigate through.  She decided against
   providing her credit card info and went without DVD video playback.
Another issue is when you install such things, you often get a
   load of crapware along with it.  So, it is not always so easy for
   Windows users either.
 
  interesting. This was new to me.

 It is? Here's a challenge. Take a new computer with NO OS on it. Install
 XP and tell me what you can do with it except surf the net with IE, use
 Outlook express, and play solitaire.

 Oh, and I hope all the hardware you have works out of the box. It
 might or not. If it doesn't, you have to go out and find the driver.
 Sound user friendly? Most things will work, but there are a few
 oddballs out there that don't. Look at the driver disk sometime for the
 equipment you buy. Does the average user know what type of network card
 they have? Not usually. It was working when I bought it, they say. So
 now you have to find that driver. Oh, but without the network card you
 can't connect to the net to find it. Been there done that. Thank
 goodness for a live linux cd. It found the card, and happened to have a
 driver.

 Mike

I got computer with recovery CD for operating system only. The rest should be 
on hidden partition that was wiped off. It was interesting experience. Only  
screen, keyboard, mouse, USB and CD drive worked out of the box. 

What  I did was to install openSUSE and it added memory card reader, sound, 
network, printer, better graphic and more in software. Than I was able to go 
to the net and collect missing pieces for out of the box OS. 

-- 
Regards,
Rajko.
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread James Knott

Mike wrote:

On Thursday 09 August 2007 16:54, Tero Pesonen wrote:

  

FWIW, a friend has an IBM ThinkPad, that came loaded with Windows
98. A couple of years ago, she upgraded to XP and found she could
no longer play video DVDs.  After some checking, we found that she
has to buy the necessary software, from a web site that's very
irritating and difficult to navigate through.  She decided against
providing her credit card info and went without DVD video playback.
 Another issue is when you install such things, you often get a
load of crapware along with it.  So, it is not always so easy for
Windows users either.
  

interesting. This was new to me.



It is? Here's a challenge. Take a new computer with NO OS on it. Install 
XP and tell me what you can do with it except surf the net with IE, use 
Outlook express, and play solitaire.  

  


Sometimes you can't even do that much.  As I mentioned in another note, 
someone tried installing XP on a notebook and found he had no driver for 
the NIC.  He had to use another computer to download one.  Also, a few 
years ago, I installed XP for someone and it wouldn't recognize their 
U.S. Robotics modem.




--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Tero Pesonen
On Thursday 09 August 2007, James Knott wrote:
 Tero Pesonen wrote:
  On Thursday 09 August 2007, James Knott wrote:
  ould be a problem to many others though.
 
  FWIW, a friend has an IBM ThinkPad, that came loaded with Windows
  98. A couple of years ago, she upgraded to XP and found she could no
  longer play video DVDs.  After some checking, we found that she has
  to buy the necessary software, from a web site that's very
  irritating and difficult to navigate through.  She decided against
  providing her credit card info and went without DVD video playback. 
  Another issue is when you install such things, you often get a load
  of crapware along with it.  So, it is not always so easy for Windows
  users either.
 
  interesting. This was new to me.

 Most people who use Windows are sheltered from reality, because they
 don't have to install anything to get the hardware working and as long
 as they stick with the original OS intall, they don't have a problem. 
 I was recently reading an article, by someone who was trying to install
 the boxed version of Windows XP on a notebook.  One problem, among
 others, was that the NIC wasn't supported.  He'd have to go to a web
 site to download the drivers.  If he hadn't had another computer
 available, he wouldn't have been able to get the drivers, to enable
 networking.  As for the crapware, that's par for the course for
 Windows.  Dell recently announced they're going to sell systems without
 it, but according to the same article I mentioned above, when they
 bought a new Toshiba computer, it was already loaded with with
 crapware!

Yes, you're right.

And the crapware is included because the PC makers lust after every extra 
penny they can get per unit sold, as the margins for PC's are so low. 
They don't care if the user wants it or not. I think Google is amongst 
the bigger companies that have paid to have their software included on 
new (at least Dell?) PC's and set up as the default.  

Tero


 --
 Use OpenOffice.org http://www.openoffice.org


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread jdd

James Knott wrote:

someone tried installing XP on a notebook and found he had no driver for 
the NIC.



same for inboard motherboard, you must have the mobo cd. I even had a 
config with the cd as /dev/hda and the Hd as /dev/hdb, and XP didn't 
see the cd most of the time.




say:

* with with a pre-configured computer no OS should have any problem.
* With a bare computer brand new, chance is you have the windows 
drivers thanks to the manufacturer. If you don't have you may never 
have them (may be only vista or only XP), not sure if Linux can 
install - will probably do with some hand work
* with a not too new computer (say, one year old make, may be new), 
Linux installs nearly all without problem, Windows may ask for days of 
work if it can.


the main drawback of Linux is new hardware (new printer, new scanner, 
new special hardawre): most don't work well.


jdd

--
http://www.dodin.net
http://gourmandises.orangeblog.fr/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-09 Thread Carl Spitzer
On Wed, 2007-08-08 at 11:16 -0400, James Knott wrote:

 In the over thirty years I've been using computers, I've only once 
 experienced a virus on my own computer.  It was at work and I 
 accidentlally left an infected floppy in my drive when I booted the 
 computer. The IBMAV program I was using quickly found and removed it.  
 Other than that one instance, I've never seen an infected OS/2 system, 
 even though I used to do OS/2 and AV software support at IBM Canada.  I 
 haven't had any problems with a Linux system.  On the other hand, I've 
 seen many Windows computers so badly infected that the only recourse was 
 to wipe the disk clean and reinstall.  At one company that I supported, 
 re-imaging was a common practice.

Reimaging is used by the local Jr College because infections there are
more common than in a red light district.  After a bout with a boot
sector virus I do not upload files from any media save in Linux.

-- 
 ___ _ _ _  _ _  _
|| | | [__  | |  |
|___ |_|_| ___] |  \/

 

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread John Andersen
On Tuesday 07 August 2007, [EMAIL PROTECTED] wrote:
  They said it makes no difference,
 it costs the same with or without Vista.

You need to ask more forcefully.  
I get them without any os all the time.  
Well they actually come with freedos but even that is 
simply in the package, not on the hard drive.

http://www.dell.com/content/products/features.aspx/optix_n?c=uscs=04l=ens=bsd

-- 
_
John Andersen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Hans van der Merwe

On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote:
 Hans van der Merwe wrote:
 
  And...  desktop users install all kinds of insane apps - when desktop
  linux is popular - more apps will appear - increasing the risk of
  installing a malicious one.
 

 
 Any malware capable of causing significant damage i.e. beyond the users 
 files etc., will require root privileges.  This requires deliberate 
 action, unlike in Windows, where simply going to the wrong website or 
 openning tainted email is all it takes.  No one can make the claim Linux 
 or any other OS is invulnerable, but there's a world of difference 
 between it and Windows, that has nothing to do with the number of 
 users.  If popularity were the criteria, please explain why Apache on 
 Linux or Unix or even Apache on Windows makes for a far more secure web 
 site than IIS on Windows.  IIRC, Apache on Linux/Unix is at least 75% of 
 the web servers.
 


Again! - deleting a user's files is a big thing, users see this as the
PC being broken!

Yes, Apache servers are secure, BUT again Im talking about Desktop users
not servers (havent really seen independent reports showing IIS is not
as secure at the moment, with all the patches etc; I wont run IIS
because I believe its wrong not to support standards, and it usually
locks you into the MS upgrade and dependency cycle, as my company is in
now).

Number of users = number of commercial and free apps = higher
probability of one being malicious.   More users matter.

Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Hans van der Merwe

On Tue, 2007-08-07 at 11:31 -0400, James Knott wrote:
 Hans van der Merwe wrote:
  On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote:

  On Tuesday 07 August 2007, Hans van der Merwe wrote:
  
  But my main concern is that dumb users usually make up most of the
  desktop market out there - and preaching to them that Linux will make
  there virus problem go away is setting them up for a fall.

  I fail to see how it sets them up for a fall.  
  There has to be a something to fall over before there is a fall.
 
  What would YOU SUGGEST we preach to them?
 
  
 
  Again - the SETUP will involve removing windows and installing a flavour
  of linux to curb the effects of viruses.  The FALL will be when they
  click yes to something they dont understand (not Linux fault, yes I
  know) and then having their docs trashed - leaving them exactly where
  they were with windows.  They and the media will not be interested in
  how it happened, just that it happened.
 
  Yes this is not in any way the fault of Linux or Linux programmers or
  distros etc, BUT telling users to install Linux because it will help for
  viruses is IMHO irresponsible.
 

 
 Windows malware does much more than simply trash a users documents.  If 
 that was all it did, it wouldn't be such a problem.  Take a look at all 
 that spam that hits your inbox.  Most of that is coming from compromised 
 Windows boxes.  That is but one example that goes beyond deleting 
 files.  Perhaps you'd should get a better understanding of what malware 
 does and how it's propogated.
 

Shame on you - please do not assume anything that I may or may not know.
Im just asking questions.
And yes because Im running exclusively Linux boxes at work and home I
have not yet been exposed to malware.

Ok, tell me, seeing that I know nothing, if I can compromise a Linux
users home dir - why cant I send out spam?
 
Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread jdd

Hans van der Merwe wrote:


Again! - deleting a user's files is a big thing, users see this as the
PC being broken!


if this was true, nobody should use Windows...

jdd

--
http://www.dodin.net
http://gourmandises.orangeblog.fr/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread James Knott
Hans van der Merwe wrote:
 On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote:
   
 Hans van der Merwe wrote:
 
 And...  desktop users install all kinds of insane apps - when desktop
 linux is popular - more apps will appear - increasing the risk of
 installing a malicious one.

   
   
 Any malware capable of causing significant damage i.e. beyond the users 
 files etc., will require root privileges.  This requires deliberate 
 action, unlike in Windows, where simply going to the wrong website or 
 openning tainted email is all it takes.  No one can make the claim Linux 
 or any other OS is invulnerable, but there's a world of difference 
 between it and Windows, that has nothing to do with the number of 
 users.  If popularity were the criteria, please explain why Apache on 
 Linux or Unix or even Apache on Windows makes for a far more secure web 
 site than IIS on Windows.  IIRC, Apache on Linux/Unix is at least 75% of 
 the web servers.

 


 Again! - deleting a user's files is a big thing, users see this as the
 PC being broken!

 Yes, Apache servers are secure, BUT again Im talking about Desktop users
 not servers (havent really seen independent reports showing IIS is not
 as secure at the moment, with all the patches etc; I wont run IIS
 because I believe its wrong not to support standards, and it usually
 locks you into the MS upgrade and dependency cycle, as my company is in
 now).

 Number of users = number of commercial and free apps = higher
 probability of one being malicious.   More users matter.

 Hans
   

You seem to be a bit thick, so here it is once again.  Lost files are
the least of your problems with malware.  However, there are many things
that users neglect to do to protect their data, which have nothing to do
with Linux vs Windows.  That said, Linux is a far more stable and
reliable platform, that is much more resistant to malware and therefor
less likely to place the user in the position of losing their data.

BTW, if you consider lost files to be the only risk of malware, then I
suggest you keep your computer off the internet.  You're a hazard to
everyone else.

-- 
Use OpenOffice.org http://www.openoffice.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread James Knott
Hans van der Merwe wrote:
 lware.

 Ok, tell me, seeing that I know nothing, if I can compromise a Linux
 users home dir - why cant I send out spam?
  
   
I have never claimed such a thing is impossible, but it is far more
difficult to do with Linux.  In order to send out spam, something has to
execute that can do that.  That means the user has to make something
executable and then execute it.  That barrier is much lower in Windows. 
The bottom line, which you apparently refuse to accept, is that it is
much more difficult for such problems to occur with Linux.  Please note,
I'm not saying impossible, just much more difficult.  Please also
understand that Windows was built as a single user system, without many
of the security methods that are standard in Linux  Unix and you can
add to that some extremely poor software design in MS products, that
turn them into a security sieve.  This means no matter how careful a
user is, Windows will always be far more risky.



-- 
Use OpenOffice.org http://www.openoffice.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Carlos E. R.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Tuesday 2007-08-07 at 17:38 +0200, jdd wrote:

 in approx 25 years of computing, I _never_ had data corrupted by a virus, even
 on windows.

Me neither.

Of course, I have been using Linux for close to the last then years, but 
even before that I caught viruses before they did unrepairable damage.

 
 This don't mean I never got virus, but I always see it before any damage done.
 I have seen many computer destructed by visuses, of course, even very
 recently.

I even had to clean executables using debug - before antiviruses were 
handy... Or write my own antivirus software.

- -- 
Cheers,
   Carlos E. R.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGubCmtTMYHG2NR9URAm63AJsFFBBWtA3CKvugKU80Cni1odJVFACeM3mE
XJ++r/7RTJRxYoHFivBhLyM=
=cjdC
-END PGP SIGNATURE-

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread David Bolt
On Tue, 7 Aug 2007, Michael Letourneau wrote:-

David Bolt wrote:

Snip

As more and more file types get linked to more applications I am not so
sure that executing something has the same meaning it used to.  Say you
download a new screen saver, you never really execute that, but your
window manager utilizes the data in it.

Erm, you can execute a screen saver if you test it. And the window
manager will do so when the specified idle time is reached.

As an example, I set the screen saver on my 10.2 system to be BSOD and
here's me locating the just where the file is, and what type it is:

[EMAIL PROTECTED]:~ grep -i saver ~/.kde/share/config/kdesktoprc
[ScreenSaver]
Saver=bsod.desktop
[EMAIL PROTECTED]:~ grep -i exec 
/opt/kde3/share/applnk/System/ScreenSavers/bsod.desktop
Exec=bsod
TryExec=xscreensaver
Exec=kxsconfig bsod
Exec=kxsrun bsod -- -window-id %w
Exec=kxsrun bsod -- -root
[EMAIL PROTECTED]:~ find /usr/ -mount -name bsod 2/dev/null
/usr/lib64/xscreensaver/bsod
[EMAIL PROTECTED]:~ file /usr/lib64/xscreensaver/bsod
/usr/lib64/xscreensaver/bsod: ELF 64-bit LSB executable, AMD x86-64, version 1 
(SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared
libs), for GNU/Linux 2.6.4, stripped

All of which makes for an ideal method of introducing a trojan onto a
system[0]. And, just to make sure it works across the widest variety of
systems, all that's required is to create a statically linked 32bit
binary and it'll run on virtually any x86-32 or x86-64 based system.

 Of course, there's also those infections that occur without user
 intervention, but those tend to come in through security holes in server
 daemons which are unlikely to be running on a normal users desktop
 system.


Yup, I would classify those more as worms or exploits rather than virii.

They're under the general viruses tag. For my definitions, worms
require no assistance to spread, as they actively search for
files/systems to infect. Trojans require human assistance to spread and
are designed to pretend to be one thing while actually being something
completely different. True viruses also require human assistance to
spread, but do so completely unknown to the user. Boot sector viruses,
and those wonderful macro viruses, are what I'd call a virus. I wouldn't
classify any of the recent Windows viruses a true virus, I'd call them
a trojan instead.

But most of the popular services have had some issues, ftp, mail, http,
ssh...

The last Linux worm I saw was one that was spread via infected
Apache/PHP systems. It worked by having the exploitable PHP parse a
command string and fetch a script from some site, chmod the script, and
then call it. That script would then download a couple of ELF
executables, one of which turned the server into a zombie controlled via
IRC, and configured them to start on boot. Thankfully, it's been a
couple of years since I saw that, but I still have the sample I managed
to acquire stored in an encrypted archive, along with a large selection
of Windows viruses[1][2].

OT
Presently, I'm seeing a nice selection of infected systems dumping their
you have a greetings card crap. Unfortunately, it appears that the
trojan behind this is mutating so rapidly that, more often than not,
ClamAV doesn't recognise the trojan file when I scan it. The good part
of this is that, due to ClamAV.org only allowing two submissions per
day, I use virustotal.com to do a multi-anti-virus scan and have them
submit the files to the different vendors.

Who'd have thought. A Linux system being used to protect Windows
systems. Fun, eh?
/OT

 [0] Of which I'm absolutely certain there either are some right now, or
 there will be some in the future.


I totally agree.  Windows is the low hanging fruit.  People can get the
most bang for the least effort there.  They want a zombie network that can
spam the world, right now its far easier to develop something for Windows
than to do the same for Linux.

At the moment, as far as I can tell, this still holds true:

URL:http://www.immunitysec.com/downloads/tc0.pdf


[0] As shown by the number of .SCR trojans that circulated a few
years ago

[1] Yes, I said viruses. However, I'm applying the meaning behind the
phrase When in Rome, do as the Romans do.

[2] Each file is renamed as a .bin file and, every now and again, I'll
extract them on a Windows system to check whether the newly-deployed
anti-virus system still works as it should. So far, they have all
recognised what they've had thrown at them.

Regards,
David Bolt

-- 
Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net
RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit
RISC OS 3.6  | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit
TOS 4.02 | SUSE 9.3 32bit  | | openSUSE 10.3a6 32bit
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Carlos E. R.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Tuesday 2007-08-07 at 14:30 +0200, Per Jessen wrote:

 Hans van der Merwe wrote:
 
  BUT telling users to install Linux because it will help
  for viruses is IMHO irresponsible.
 
 Does anyone actually do that?  I can see the above as an additional
 argument for someone who's about to switch to Linux, but surely it's
 not the main reason. 

I don't try to convince windows users to switch to linux - unless they are 
prepared to get support - but when they ask me why I use linux, one of the 
reasons I give is that I have never been infected by a virus, and that I 
don't use an antivirus.

It's part of the reliability argument.

- -- 
Cheers,
   Carlos E. R.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGubSxtTMYHG2NR9URAgmYAJ91w/QboU9GBLVARXqjwVX5K/fJbgCfXm2G
l9od55qyeVgE7vA4QaePJ/I=
=H5Pc
-END PGP SIGNATURE-

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Hans van der Merwe

On Wed, 2007-08-08 at 07:38 -0400, James Knott wrote:
 Hans van der Merwe wrote:
  lware.
 
  Ok, tell me, seeing that I know nothing, if I can compromise a Linux
  users home dir - why cant I send out spam?
   

 I have never claimed such a thing is impossible, but it is far more
 difficult to do with Linux.  In order to send out spam, something has to
 execute that can do that.  That means the user has to make something
 executable and then execute it.  That barrier is much lower in Windows. 
 The bottom line, which you apparently refuse to accept, is that it is
 much more difficult for such problems to occur with Linux.  Please note,
 I'm not saying impossible, just much more difficult.  Please also
 understand that Windows was built as a single user system, without many
 of the security methods that are standard in Linux  Unix and you can
 add to that some extremely poor software design in MS products, that
 turn them into a security sieve.  This means no matter how careful a
 user is, Windows will always be far more risky.
 


I think we agree on the subject.

Last thing - I dont think most virus/trojan/DOSattack writers do it
because its easy to do it in Windows (which it is), but because its got
a huge impact on the computer industry (80% odd using flavor of Win)  -
and in there lies my main argument, that if it is do-able in Linux
(irrelevant of afford) it will hit the successful Desktop Linux market.

And thats all he wrote
Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Hans van der Merwe

On Wed, 2007-08-08 at 07:26 -0400, James Knott wrote:
 Hans van der Merwe wrote:
  On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote:

  Hans van der Merwe wrote:
  
  And...  desktop users install all kinds of insane apps - when desktop
  linux is popular - more apps will appear - increasing the risk of
  installing a malicious one.
 


  Any malware capable of causing significant damage i.e. beyond the users 
  files etc., will require root privileges.  This requires deliberate 
  action, unlike in Windows, where simply going to the wrong website or 
  openning tainted email is all it takes.  No one can make the claim Linux 
  or any other OS is invulnerable, but there's a world of difference 
  between it and Windows, that has nothing to do with the number of 
  users.  If popularity were the criteria, please explain why Apache on 
  Linux or Unix or even Apache on Windows makes for a far more secure web 
  site than IIS on Windows.  IIRC, Apache on Linux/Unix is at least 75% of 
  the web servers.
 
  
 
 
  Again! - deleting a user's files is a big thing, users see this as the
  PC being broken!
 
  Yes, Apache servers are secure, BUT again Im talking about Desktop users
  not servers (havent really seen independent reports showing IIS is not
  as secure at the moment, with all the patches etc; I wont run IIS
  because I believe its wrong not to support standards, and it usually
  locks you into the MS upgrade and dependency cycle, as my company is in
  now).
 
  Number of users = number of commercial and free apps = higher
  probability of one being malicious.   More users matter.
 
  Hans

 
 You seem to be a bit thick, so here it is once again.  Lost files are
 the least of your problems with malware.  However, there are many things
 that users neglect to do to protect their data, which have nothing to do
 with Linux vs Windows.  That said, Linux is a far more stable and
 reliable platform, that is much more resistant to malware and therefor
 less likely to place the user in the position of losing their data.
 
 BTW, if you consider lost files to be the only risk of malware, then I
 suggest you keep your computer off the internet.  You're a hazard to
 everyone else.

Please stop playing the man and concentrate on the game - please.  Read
your netiquette.





E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Dave Howorth
David Bolt wrote:
 All of which makes for an ideal method of introducing a trojan onto a
 system[0]. And, just to make sure it works across the widest variety of
 systems, all that's required is to create a statically linked 32bit
 binary and it'll run on virtually any x86-32 or x86-64 based system.

I suspect another good method would be to make some cute toy and package
it for Java Web Start. Many people seem to happily install JWS apps
without thinking about potential malware. And the authors frequently
don't have sensible certificates.

Cheers, Dave
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Carlos E. R.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Tuesday 2007-08-07 at 14:31 -0400, Michael Letourneau wrote:

 Yes true, not typically what is thought of executing though, and not
 really what my point was.  My point was that everyone was talking about
 having to have the file be executable and executed in order to get
 infected.  That is not true.  If you actually have to execute it, thats a
 trojan, not really a virus.

Well, even if you get, say, a usb disk containing a program contaminated 
by a virus, or an email containing a virus, they are harmless till 
executed. Till that moment they are just data, bytes.


A typical non boot sector virus, non macro virus, is a piece of code added 
somewhere to a executable file (program). When the program is executed the 
virus is also loaded (it is part of the program) and may try to infect or 
copy itself to system memory (independent of the vector program) and 
other programs too, in order to propagate. For instance, typically it 
would try to infect programs on removable media, watching the floppy drive 
for a victim.

Now, a user would have to get that infected program in some way (usb disk, 
email, whatever) and execute it. A typical well made virus will use some 
method to autoexecute. The infection vector may be a trojan, like a cute 
screen blanker or Christmas card, but after that it behaves like a virus 
jumping from one executable to another.


This process is more difficult in Linux. First, native linux email clients 
do not execute attachments by default: they need manual intervention by 
the user (they would act as a trojan). Some windows clients would execute 
them without user intervention (thus, acting as a virus).

And Linux users don't usually carry executables on their removable 
media, AFAIK.

Then the virus would have a harder time trying to contaminate other 
executables, except those of the user running the virus.


 But again, in either of those cases not being root does not necessarily
 prevent your machine from being infected and/or the possible results
 thereof.  Everyone remembers Melissa,
 http://www.cert.org/advisories/CA-1999-04.html, if that were designed for
 a Linux system, not being root would not stop/prevent it at all.

Ha!

] Our analysis of this macro virus indicates that human action (in the 
] form of a user opening an infected Word document) is required for this 
] virus to propagate. 

Virus or Trojan?  Or social engineering? :-p

All is not black and white...

- -- 
Cheers,
   Carlos E. R.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGubxbtTMYHG2NR9URAlFkAKCQfioXqLJJp9pD4fbo/NZ/ihNzPACeLZv3
sDpjPBmCqQHk6K0NOCciE3A=
=zFA/
-END PGP SIGNATURE-

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread G T Smith
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Bolt wrote:
 On Tue, 7 Aug 2007, Michael Letourneau wrote:-
 
 David Bolt wrote:
 
 Snip
 
 As more and more file types get linked to more applications I am not so
 sure that executing something has the same meaning it used to.  Say you
 download a new screen saver, you never really execute that, but your
 window manager utilizes the data in it.
 
 Erm, you can execute a screen saver if you test it. And the window
 manager will do so when the specified idle time is reached.
 
 As an example, I set the screen saver on my 10.2 system to be BSOD and
 here's me locating the just where the file is, and what type it is:
 
 [EMAIL PROTECTED]:~ grep -i saver ~/.kde/share/config/kdesktoprc
 [ScreenSaver]
 Saver=bsod.desktop
 [EMAIL PROTECTED]:~ grep -i exec 
 /opt/kde3/share/applnk/System/ScreenSavers/bsod.desktop
 Exec=bsod
 TryExec=xscreensaver
 Exec=kxsconfig bsod
 Exec=kxsrun bsod -- -window-id %w
 Exec=kxsrun bsod -- -root
 [EMAIL PROTECTED]:~ find /usr/ -mount -name bsod 2/dev/null
 /usr/lib64/xscreensaver/bsod
 [EMAIL PROTECTED]:~ file /usr/lib64/xscreensaver/bsod
 /usr/lib64/xscreensaver/bsod: ELF 64-bit LSB executable, AMD x86-64, version 
 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared
 libs), for GNU/Linux 2.6.4, stripped
 
 All of which makes for an ideal method of introducing a trojan onto a
 system[0]. And, just to make sure it works across the widest variety of
 systems, all that's required is to create a statically linked 32bit
 binary and it'll run on virtually any x86-32 or x86-64 based system.
 

Err No... The file itself should usually be read only and only
changeable by root, and if you are allowing stuff like this to happen as
root more fool you


 Of course, there's also those infections that occur without user
 intervention, but those tend to come in through security holes in server
 daemons which are unlikely to be running on a normal users desktop
 system.


 Yup, I would classify those more as worms or exploits rather than virii.
 
 They're under the general viruses tag. For my definitions, worms
 require no assistance to spread, as they actively search for
 files/systems to infect. Trojans require human assistance to spread and
 are designed to pretend to be one thing while actually being something
 completely different. True viruses also require human assistance to
 spread, but do so completely unknown to the user. Boot sector viruses,
 and those wonderful macro viruses, are what I'd call a virus. I wouldn't
 classify any of the recent Windows viruses a true virus, I'd call them
 a trojan instead.
 

An opinion maybe, but technical nonsense otherwise

1) The classical viruses come in two groups boot sector and binary file
infectors, with nominal sub=class functions of droppers a (virus which
drops a trojan, virus of a different type etc). Some later DOS viruses
spread using all techniques.

Boot sector viruses are a vulnerability for systems which use the boot
sector to load code that identifies where to load the OS, which covers
just about anything. The only time a system is normally vulnerable
nowadays is when booting media (the media soes not have to be bootable
and boot sector protection in BIOS is usually trivial to circumvent, the
only real safety is to only allow booting from trusted boot media when
required). The period of time between the machine being started and the
OS taking control is a particularly vulnerable moment, but it is now
very difficult to infect when the OS is running and in control (but not
impossible).

File infectors need read access to the file to infect with malicious
code. As it is normal practice to keep most system files read only to
users the possibility of causing system wide problems is really down to
your security practices.

When executable file formats were very simple these were relatively easy
to write.

The key characteristic of a virus is the ability to replicate the
original funtionality. Hence boot sector viruses modified boot sectors,
and file infectors change files with code to infect other files when run.

These viruses do not need human intervention to spread, just various
forms of human stupidity.

2) Macro and script viruses are special case of 1 (I was on a CHEST
software committee in the early 1990s that identified this as a
potential issue then). Basically any programming code can be be infected
with code with viral characteristics. Scripts are code. These are
considerable easier to produce than executable code base viruses hence
their current popularity.

3) Trojans may subvert systems, but do have have the ability to
replicate so hence ARE NOT viruses.

4) The first reference to the concept of a computer worm I came across
in J.Brunners book Shockwave Rider, worms do not really replicate they
propogate the worm itself may disappear but it delivers malware code
(usually a trojan of some sort) which it may use to propogate itself
elsewhere.The distinction is 

Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Randall R Schulz
On Wednesday 08 August 2007 00:34, Hans van der Merwe wrote:
 On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote:
  ...

 Again! - deleting a user's files is a big thing, users see this as
 the PC being broken!

Do these users think of having the contents of the trunk (boot) of their 
car stolen as their car being broken?


 ...

 Hans


Randall Schulz
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Carlos E. R.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Tuesday 2007-08-07 at 15:59 -0400, Michael Letourneau wrote:

 As more and more file types get linked to more applications I am not so
 sure that executing something has the same meaning it used to.  Say you
 download a new screen saver, you never really execute that, but your
 window manager utilizes the data in it.  Your window manager runs on X, X

No, screen savers are actually executable programs, not data. You normally 
do not call them directly, but something does.

- -- 
Cheers,
   Carlos E. R.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGudGjtTMYHG2NR9URAie6AJkBQt71FF5FFUWUZPC1QN2jXwbb+QCeOeZz
+8TrHFjkSfVlF1aqge98Gx0=
=T1Oh
-END PGP SIGNATURE-

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread David Bolt
On Wed, 8 Aug 2007, G T Smith wrote:-

David Bolt wrote:

Snip

 All of which makes for an ideal method of introducing a trojan onto a
 system[0]. And, just to make sure it works across the widest variety of
 systems, all that's required is to create a statically linked 32bit
 binary and it'll run on virtually any x86-32 or x86-64 based system.


Err No... The file itself should usually be read only and only
changeable by root,

Yes, it is:

[EMAIL PROTECTED]:~ ls -l /usr/lib64/xscreensaver/bsod
-rwxr-xr-x 1 root root 206648 2007-04-27 19:08 /usr/lib64/xscreensaver/bsod

and if you are allowing stuff like this to happen as
root more fool you

I'd say it's more the fool that stupidly installs random software from
ghod-knows-where.

In this case, I was actually showing that the screen saver _is_ an
executable rather than just data used by the X server. It also shows
that the use of the screen saver is one of the many available infection
vectors. The reason for this is that, for some reason, people like
eye-candy and what better way to provide some eye-candy than to create a
screen saver. As to what goes on at the same time as the user is getting
their eye-candy fix, well that is entirely upto the person writing the
trojan.


Regards,
David Bolt

-- 
Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net
RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit
RISC OS 3.6  | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit
TOS 4.02 | SUSE 9.3 32bit  | | openSUSE 10.3a6 32bit
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Michael Letourneau
Carlos E. R. wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 The Tuesday 2007-08-07 at 14:31 -0400, Michael Letourneau wrote:

 But again, in either of those cases not being root does not necessarily
 prevent your machine from being infected and/or the possible results
 thereof.  Everyone remembers Melissa,
 http://www.cert.org/advisories/CA-1999-04.html, if that were designed
 for
 a Linux system, not being root would not stop/prevent it at all.

 Ha!

 ] Our analysis of this macro virus indicates that human action (in the
 ] form of a user opening an infected Word document) is required for this
 ] virus to propagate.

 Virus or Trojan?  Or social engineering? :-p

 All is not black and white...


Very true.  And hopefully the world has learned something.  Though you can
never be sure, my wife almost fell for one of those greeting card things,
and she is pretty darn savvy for not following things...  But that still
re-enforces the point about the Linux Desktop, popularity and virii.

If the Linux Desktop did become as popular as it should be (IMHO), you
would have un-educated users, who often did not have recent backups, who
would follow links, open documents, etc. that they should not.  And just
because they were not root, would not stop something that was built upon
the fundamentals of Melissa from propagating.

We cannot be content that because our default security setup is better
than Windows, we are thus invulnerable.

If we want to see Linux for the common man, then we have to realize the
common man will likely bring with them, their lack of knowledge and lack
of care.  And with them will follow the traps, trojans, and virii that
live off them, albeit more advanced and altered than today.

Constant vigilance, as they say ;)

Michael

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Michael Letourneau
Carlos E. R. wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 The Tuesday 2007-08-07 at 15:59 -0400, Michael Letourneau wrote:

 As more and more file types get linked to more applications I am not so
 sure that executing something has the same meaning it used to.  Say
 you
 download a new screen saver, you never really execute that, but your
 window manager utilizes the data in it.  Your window manager runs on X,
 X

 No, screen savers are actually executable programs, not data. You normally
 do not call them directly, but something does.


My bad.  But the idea is still pertinent and though they are executable,
how many other desktop artifacts are not?  Skins, backgrounds, and window
decorations come to mind.  Yes its definitely not a straightforward or
likely method at all to be manipulated.

But I think the other person's point was that if x is not executable,
then it cannot do any harm, which I think is a naive assumption, plenty of
programs read in data, and if those programs are not properly written that
data can be used to trigger events.  Not the least of which is any program
that has scripting tied into it, whether that be macros or otherwise.

 - --
 Cheers,
Carlos E. R.


Michael

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread James Knott

Carlos E. R. wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Tuesday 2007-08-07 at 17:38 +0200, jdd wrote:

  

in approx 25 years of computing, I _never_ had data corrupted by a virus, even
on windows.



Me neither.

Of course, I have been using Linux for close to the last then years, but 
even before that I caught viruses before they did unrepairable damage.


  

This don't mean I never got virus, but I always see it before any damage done.
I have seen many computer destructed by visuses, of course, even very
recently.



I even had to clean executables using debug - before antiviruses were 
handy... Or write my own antivirus software.


  
In the over thirty years I've been using computers, I've only once 
experienced a virus on my own computer.  It was at work and I 
accidentlally left an infected floppy in my drive when I booted the 
computer. The IBMAV program I was using quickly found and removed it.  
Other than that one instance, I've never seen an infected OS/2 system, 
even though I used to do OS/2 and AV software support at IBM Canada.  I 
haven't had any problems with a Linux system.  On the other hand, I've 
seen many Windows computers so badly infected that the only recourse was 
to wipe the disk clean and reinstall.  At one company that I supported, 
re-imaging was a common practice.






--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread James Knott

Carlos E. R. wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Tuesday 2007-08-07 at 14:30 +0200, Per Jessen wrote:

  

Hans van der Merwe wrote:



BUT telling users to install Linux because it will help
for viruses is IMHO irresponsible.
  

Does anyone actually do that?  I can see the above as an additional
argument for someone who's about to switch to Linux, but surely it's
not the main reason. 



I don't try to convince windows users to switch to linux - unless they are 
prepared to get support - but when they ask me why I use linux, one of the 
reasons I give is that I have never been infected by a virus, and that I 
don't use an antivirus.


  


Don't forget to mention that many commercial firewalls run Linux or Unix 
(including BSD), because they are secure.  Many people, including me, 
build a reliable firewall with Linux on an old PC.




--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Tero Pesonen
On Wednesday 08 August 2007, Randall R Schulz wrote:
 On Wednesday 08 August 2007 00:34, Hans van der Merwe wrote:
  On Tue, 2007-08-07 at 11:27 -0400, James Knott wrote:
   ...
 
  Again! - deleting a user's files is a big thing, users see this as
  the PC being broken!

 Do these users think of having the contents of the trunk (boot) of
 their car stolen as their car being broken?

After these users' home folders have been wiped out, they go for the 
install media and reinstall the OS, as the OS is now broken.  Just as 
they would have done on Windows.

They care very little about the Guru somewhere that preaches them how the 
malware was unable to affect the system files, and how that proves the 
security glory that is Linux. They tell everyone how a 
virus destroyed their Linux, just like a virus destroyed their 
Windows earlier. They tell Linux seems no more secure.

It isn't more complicated than that. 

Regards,
Tero Pesonen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Patrick Shanahan
* Tero Pesonen [EMAIL PROTECTED] [08-08-07 12:04]:
 They care very little about the Guru somewhere that preaches them how
 the malware was unable to affect the system files, and how that proves
 the security glory that is Linux. They tell everyone how a virus
 destroyed their Linux, just like a virus destroyed their Windows
 earlier. They tell Linux seems no more secure.
 
 It isn't more complicated than that. 

Kind of like using 2nd Graders to research in nuclear fission/fusion.

-- 
Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711
http://wahoo.no-ip.org Photo Album:  http://wahoo.no-ip.org/gallery2
Registered Linux User #207535@ http://counter.li.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Randall R Schulz
On Wednesday 08 August 2007 09:00, Tero Pesonen wrote:
 On Wednesday 08 August 2007, Randall R Schulz wrote:
  On Wednesday 08 August 2007 00:34, Hans van der Merwe wrote:
   ...

 It isn't more complicated than that.

Yup. Simple, easy and wrong.


 Regards,
 Tero Pesonen


Randall Schulz

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Tero Pesonen
On Wednesday 08 August 2007, Patrick Shanahan wrote:
 * Tero Pesonen [EMAIL PROTECTED] [08-08-07 12:04]:
  They care very little about the Guru somewhere that preaches them how
  the malware was unable to affect the system files, and how that
  proves the security glory that is Linux. They tell everyone how a
  virus destroyed their Linux, just like a virus destroyed their
  Windows earlier. They tell Linux seems no more secure.
 
  It isn't more complicated than that.

 Kind of like using 2nd Graders to research in nuclear fission/fusion.

You mean that the people who would begin using Linux, should it ever grow 
popular on desktop, would not behave like that? Have you ever spoken to a 
non-geek in your life? Have you watched a non-geek use a computer? 

Seriously, check your attitude. There's a world out there. And that world 
is not populated by Linux professionals. And no, these people are not 2nd 
graders. They are.. err.. computer users? 

Anyway, Linux desktop is too difficult for them. So fear not, they're not 
coming. So no need to experiment/research on them.

Tero Pesonen

 --
 Patrick Shanahan Plainfield, Indiana, USAHOG #
 US1244711 http://wahoo.no-ip.org Photo Album: 
 http://wahoo.no-ip.org/gallery2 Registered Linux User #207535  
  @ http://counter.li.org


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Mike
On Wednesday 08 August 2007 19:03, Tero Pesonen wrote:
 On Wednesday 08 August 2007, Patrick Shanahan wrote:
 
  Kind of like using 2nd Graders to research in nuclear
  fission/fusion.

 You mean that the people who would begin using Linux, should it ever
 grow popular on desktop, would not behave like that? Have you ever
 spoken to a non-geek in your life? Have you watched a non-geek use a
 computer?

Yep, sure have. Took a disk over to a friends house because he was 
complaining about getting all the malware. Installed linux, showed him 
where everything was and he was a happy camper. It does everything he 
needs the computer for. His wife even likes it better than windows. 

It's even more fun to take my laptop to work, and show off a bit. I've 
got an entire building of non-geeks. They are amazed at how nice it 
looks. So far I've gotten about 5 or 6 to switch at home.

 Seriously, check your attitude. There's a world out there. And that
 world is not populated by Linux professionals. And no, these people
 are not 2nd graders. They are.. err.. computer users?

No, it isn't. And by working in a school, I know what the second graders 
are capable of. Nuclear fission? Naa. Screwing up a computer? Yep.. 
Been there done that.

 Anyway, Linux desktop is too difficult for them. So fear not, they're
 not coming. So no need to experiment/research on them.

Not at all. If someone asks, I'll be glad to show them how it works. I'm 
not going to force it on anyone. It's not difficult at all. If it was 
my wife wouldn't be sitting down right now working with it..

Mike

-- 
Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8
  9:20pm  up 10 days 11:36,  4 users,  load average: 2.15, 2.30, 2.26
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Tero Pesonen
On Wednesday 08 August 2007, Mike wrote:
 On Wednesday 08 August 2007 19:03, Tero Pesonen wrote:
  On Wednesday 08 August 2007, Patrick Shanahan wrote:
   Kind of like using 2nd Graders to research in nuclear
   fission/fusion.
 
  You mean that the people who would begin using Linux, should it ever
  grow popular on desktop, would not behave like that? Have you ever
  spoken to a non-geek in your life? Have you watched a non-geek use a
  computer?

 Yep, sure have. Took a disk over to a friends house because he was
 complaining about getting all the malware. Installed linux, showed him
 where everything was and he was a happy camper. It does everything he
 needs the computer for. His wife even likes it better than windows.

 It's even more fun to take my laptop to work, and show off a bit. I've
 got an entire building of non-geeks. They are amazed at how nice it
 looks. So far I've gotten about 5 or 6 to switch at home.

Sounds great. 

  Seriously, check your attitude. There's a world out there. And that
  world is not populated by Linux professionals. And no, these people
  are not 2nd graders. They are.. err.. computer users?

 No, it isn't. And by working in a school, I know what the second
 graders are capable of. Nuclear fission? Naa. Screwing up a computer?
 Yep.. Been there done that.

  Anyway, Linux desktop is too difficult for them. So fear not, they're
  not coming. So no need to experiment/research on them.

 Not at all. If someone asks, I'll be glad to show them how it works.

I'd be too. But when the person asks me why they need to run alsaconf as 
root after each reboot to get sound, I tell them I have no idea, as I 
need to do it myself too. Or why they need to run k3b as root to burn 
something. When they ask why this or that peripheral does not work, or 
how to have it work, I say I do not know. Linux desktop, to me, is 
already almost too difficult to administer. I'm happy to have my own PC 
running more or less trouble-free. I cannot provide help to others; I 
lack the expertise.

Last week my system crashed pretty hard. It happened while I was viewing a 
Youtube video. OK, things happen. Only when I hard-rebooted, Grub would 
not load any more. I had to use SUSE install CD to initialise system 
check and have all partitions checked and then Grub rewritten to the 
disk. All was fine again after that, and luckily nothing had been caused 
to the file systems.

I just don't know what my mother would have done in that situation. I'm 
sure she would not have known anything about boot loaders, or that a 
flash player, Firefox and SUSE always seem to have issues working 
together. I had issues with flash videos on my old SUSE 9.3 too, and 
remember seeing Flash take the whole system down there as well.

I don't feel comfortable recommending Linux desktop to others. Because 
when they will need help, I probably won't be able to help. And they 
should not need help from me with basic issues such as burning disks or 
having some proprietary video formats play back. 

Tero

 I'm not going to force it on anyone. It's not difficult at all. If it
 was my wife wouldn't be sitting down right now working with it..

 Mike

 --
 Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8
   9:20pm  up 10 days 11:36,  4 users,  load average: 2.15, 2.30, 2.26


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Patrick Shanahan
* Tero Pesonen [EMAIL PROTECTED] [08-08-07 13:05]:
 Seriously, check your attitude. There's a world out there. And that
 world is not populated by Linux professionals. And no, these people
 are not 2nd graders. They are.. err.. computer users? 

You *missed* it, but that ok,  :^)

live in your *own* world.
-- 
Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711
http://wahoo.no-ip.org Photo Album:  http://wahoo.no-ip.org/gallery2
Registered Linux User #207535@ http://counter.li.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread James Knott

Tero Pesonen wrote:

On Wednesday 08 August 2007, Mike wrote:
  

On Wednesday 08 August 2007 19:03, Tero Pesonen wrote:


On Wednesday 08 August 2007, Patrick Shanahan wrote:
  

Kind of like using 2nd Graders to research in nuclear
fission/fusion.


You mean that the people who would begin using Linux, should it ever
grow popular on desktop, would not behave like that? Have you ever
spoken to a non-geek in your life? Have you watched a non-geek use a
computer?
  

Yep, sure have. Took a disk over to a friends house because he was
complaining about getting all the malware. Installed linux, showed him
where everything was and he was a happy camper. It does everything he
needs the computer for. His wife even likes it better than windows.

It's even more fun to take my laptop to work, and show off a bit. I've
got an entire building of non-geeks. They are amazed at how nice it
looks. So far I've gotten about 5 or 6 to switch at home.



Sounds great. 

  

Seriously, check your attitude. There's a world out there. And that
world is not populated by Linux professionals. And no, these people
are not 2nd graders. They are.. err.. computer users?
  

No, it isn't. And by working in a school, I know what the second
graders are capable of. Nuclear fission? Naa. Screwing up a computer?
Yep.. Been there done that.



Anyway, Linux desktop is too difficult for them. So fear not, they're
not coming. So no need to experiment/research on them.
  

Not at all. If someone asks, I'll be glad to show them how it works.



I'd be too. But when the person asks me why they need to run alsaconf as 
root after each reboot to get sound, I tell them I have no idea, as I 
need to do it myself too. Or why they need to run k3b as root to burn 
something. When they ask why this or that peripheral does not work, or 
how to have it work, I say I do not know. Linux desktop, to me, is 
already almost too difficult to administer. I'm happy to have my own PC 
running more or less trouble-free. I cannot provide help to others; I 
lack the expertise.
  


I dont think I've ever had to do either as root, certainly not k3b.

--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread J Sloan

James Knott wrote:

Tero Pesonen wrote:


I'd be too. But when the person asks me why they need to run alsaconf 
as root after each reboot to get sound, I tell them I have no idea, 
as I need to do it myself too. Or why they need to run k3b as root to 
burn something. When they ask why this or that peripheral does not 
work, or how to have it work, I say I do not know. Linux desktop, to 
me, is already almost too difficult to administer. I'm happy to have 
my own PC running more or less trouble-free. I cannot provide help to 
others; I lack the expertise.
  


I dont think I've ever had to do either as root, certainly not k3b.

Yes, very bizarre symptoms, I've never seen that, and I have suse 10.2 
installed on 8 computers including a couple of laptops. His computer 
needs some service, there's something wrong.


If he were a windoze user, that problem would not magically cure itself, 
he'd have to take it to someone knowledgable and (hopefully) honest, and 
get it fixed.


Joe
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Patrick Shanahan
* J Sloan [EMAIL PROTECTED] [08-08-07 16:21]:
 Yes, very bizarre symptoms, I've never seen that, and I have suse 10.2
 installed on 8 computers including a couple of laptops. His computer 
 needs some service, there's something wrong.

Well, he *said* that he couldn't handle system administration!

 If he were a windoze user, that problem would not magically cure itself, 
 he'd have to take it to someone knowledgable and (hopefully) honest, and 
 get it fixed.

It won't for linux either.  He'll have to *ask* for help, but I
haven't seen any requests   :^)

-- 
Patrick Shanahan Plainfield, Indiana, USAHOG # US1244711
http://wahoo.no-ip.org Photo Album:  http://wahoo.no-ip.org/gallery2
Registered Linux User #207535@ http://counter.li.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Tero Pesonen
On Thursday 09 August 2007, Patrick Shanahan wrote:
 * J Sloan [EMAIL PROTECTED] [08-08-07 16:21]:
  Yes, very bizarre symptoms, I've never seen that, and I have suse
  10.2 installed on 8 computers including a couple of laptops. His
  computer needs some service, there's something wrong.

 Well, he *said* that he couldn't handle system administration!


Indeed. I'm mainly on Linux because I need accessible desktop, and the 
only desktop that can provide me a pleasant computing experience is KDE, 
and perhaps Gnome, too, if I fiddled with that long enough.

Sure, there are also a number of issues still present on KDE, related to 
usability for poor-sighted people. But at least one can file bug reports. 
The same applies to OpenOffice.org, which has some serious issues in 
handling highcontrast modes. Luckily, the bug reports are being handled 
and the developers seem to take these issues seriously.

Unfortunaly, there's very little I can do myself, as I'm no developer. I 
try to help by checking bug reports and trying to verify some etc. And 
since OOo is not the most intuitive pieces of software around for a 
newbie, I've helped others to learn use it. I'm not an expert on it, but 
I can get things done on it with comfort. 

What comes to K3B, updating the software seems to have cured all non-root 
access ills. I use it very rarely, so I did not notice this till today. 
What comes to alsaconf, I no longer have a sound system hooked up to my 
PC, so can't test whether it might have also cured itself with alsa 
update. If I listened music on my PC or needed to play back multimedia,  
I'd pay more attention to it and have it fixed. I listen my music on a 
dedicated setup now, so have not bothered with the issue. 

Others had faced the very same alsaconf issue, too, but I don't know what 
their situation is nowadays or what flavour of *NIX they even run.

  If he were a windoze user, that problem would not magically cure
  itself, he'd have to take it to someone knowledgable and (hopefully)
  honest, and get it fixed.

 It won't for linux either.  He'll have to *ask* for help, but I
 haven't seen any requests   :^)

Yes, but there are no pending help requests now. I've tried my best to 
help others, as I've said, but have found my own knowledge very limited. 
That's why I try to follow this list. I'm of better use troubleshooting 
Windows XP, altough I've not used it since 2002 or thereabout. And I've 
tried troubleshootin OS X over phone although I've never even used it. 
Surprisingly, that issue got fixed.

I must say that SuSE 8.2 Professional was the most trouble-free 
environment I've run.

Tero

 --
 Patrick Shanahan Plainfield, Indiana, USAHOG #
 US1244711 http://wahoo.no-ip.org Photo Album: 
 http://wahoo.no-ip.org/gallery2 Registered Linux User #207535  
  @ http://counter.li.org


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-08 Thread Carlos E. R.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Wednesday 2007-08-08 at 10:53 -0400, Michael Letourneau wrote:

  No, screen savers are actually executable programs, not data. You normally
  do not call them directly, but something does.
 
 My bad.  But the idea is still pertinent and though they are executable,
 how many other desktop artifacts are not?  Skins, backgrounds, and window
 decorations come to mind.  Yes its definitely not a straightforward or
 likely method at all to be manipulated.

It would be a problem if the program using those files has a hole, like a 
memory overflow. And those problems are detected now and then. The Gimp 
had one plugged this week, for instance. Not a virus, though, and not the 
user's fault.


 But I think the other person's point was that if x is not executable,
 then it cannot do any harm, which I think is a naive assumption, 

It shouldn't cause any problem.

 plenty of
 programs read in data, and if those programs are not properly written that
 data can be used to trigger events.  Not the least of which is any program
 that has scripting tied into it, whether that be macros or otherwise.

Yes, that might happen.

- -- 
Cheers,
   Carlos E. R.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGulLotTMYHG2NR9URAgq8AJ9zFYWAXDWgvuGfaC2dac2Fveto7ACghKJ1
ORyRRaFcjAP4VUQV0AnVNHY=
=Xdji
-END PGP SIGNATURE-

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Registration Account
As you know clamAV provides NO realtime virus detection
and from time to time we all need to execute a clamscan
- Well I just performed a clamscan and found 4 folder
which a year or so stored and catagorised emails and
all 4 folders were infected with
Phishing.Heuristics.emal.spoofedDomain virus's. As
almost all emails are held in mbox format I would
suggest everyone to run a scan periodically. Remember
clamAV provides NO repeat NO real time protection, even
if you copy them to a MS Windows or NSF drive or open
an infected file or execute an infected .bin file

Scott


smime.p7s
Description: S/MIME Cryptographic Signature


Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Per Jessen
Registration Account wrote:

 As you know clamAV provides NO realtime virus detection
 and from time to time we all need to execute a clamscan
 - Well I just performed a clamscan and found 4 folder
 which a year or so stored and catagorised emails and
 all 4 folders were infected with
 Phishing.Heuristics.emal.spoofedDomain virus's. 

Scott, they're just phishing emails, they're not really infected nor
infectious.  They pose no threat whatsoever.



/Per Jessen, Zürich

-- 
http://www.spamchek.com/ - your spam is our business.

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Clayton
On 8/7/07, Registration Account [EMAIL PROTECTED] wrote:
 As you know clamAV provides NO realtime virus detection
 and from time to time we all need to execute a clamscan
 - Well I just performed a clamscan and found 4 folder
 which a year or so stored and catagorised emails and
 all 4 folders were infected with
 Phishing.Heuristics.emal.spoofedDomain virus's. As
 almost all emails are held in mbox format I would
 suggest everyone to run a scan periodically. Remember
 clamAV provides NO repeat NO real time protection, even
 if you copy them to a MS Windows or NSF drive or open
 an infected file or execute an infected .bin file

But... that isn't a Linux virus is it?  That is an email with stuff in
it that is only triggered when you respond to the contents... (click
on link, provide personal information in a reply etc)  ie.. it is a
social engineering virus, not a Linux virus.


C
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Hans van der Merwe

On Tue, 2007-08-07 at 10:40 +0200, Clayton wrote:
 On 8/7/07, Registration Account [EMAIL PROTECTED] wrote:
  As you know clamAV provides NO realtime virus detection
  and from time to time we all need to execute a clamscan
  - Well I just performed a clamscan and found 4 folder
  which a year or so stored and catagorised emails and
  all 4 folders were infected with
  Phishing.Heuristics.emal.spoofedDomain virus's. As
  almost all emails are held in mbox format I would
  suggest everyone to run a scan periodically. Remember
  clamAV provides NO repeat NO real time protection, even
  if you copy them to a MS Windows or NSF drive or open
  an infected file or execute an infected .bin file
 
 But... that isn't a Linux virus is it?  That is an email with stuff in
 it that is only triggered when you respond to the contents... (click
 on link, provide personal information in a reply etc)  ie.. it is a
 social engineering virus, not a Linux virus.
 
 
 C

On this subject.

If/When Linux makes it big-time on the desktop do you think it will also
be bogged down with virus attacks as MS is now.

Why is it assumed that Linux is less prone to virus attacks?  I know to
install stuff in the system, root is necessary, but installing and
running dangerous stuff in the user home directories is easy; you just
need a cunning app to fool the user in executing malicious code.
(given, doing this in Win is easier, but not impossible in any flavour
Linux)

Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Per Jessen
Hans van der Merwe wrote:

 Why is it assumed that Linux is less prone to virus attacks?  

Primarily due to a better and much more ingrained security system.  Do
you normally run as root on your Linux desktop?  Well, that what's a
Windows user normally does on his Windows ditto.

 I know to install stuff in the system, root is necessary, but
 installing and running dangerous stuff in the user home directories is
 easy; you just need a cunning app to fool the user in executing
 malicious code. 

Which does what?  Chances are it will only affect that one user, unless
it's some sort of DOS attack. 



/Per Jessen, Zürich

-- 
http://www.spamchek.com/ - your spam is our business.

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread John Andersen
On Tuesday 07 August 2007, Hans van der Merwe wrote:
 If/When Linux makes it big-time on the desktop do you think it will also
 be bogged down with virus attacks as MS is now.

No. 
The reason windows is attacked is because its EASY, not JUST because its
popular.  Believing otherwise is swallowing Microsoft FUD hook line and 
sinker.


 Why is it assumed that Linux is less prone to virus attacks?  

Because it is.  With windows, simply sending you a file can infect
you.  With linux, sending you a file and having you click on it all
day long STILL does not make it executable.


 I know to 
 install stuff in the system, root is necessary, but installing and
 running dangerous stuff in the user home directories is easy; you just
 need a cunning app to fool the user in executing malicious code.

Social engineering is always a risk, but with Linux you can even prevent
against that to a far greater degree than with windows.  Egress filtering
does a lot.  But the real protection is that users who are too dumb to 
realized WHY they are being asked to set something executable when all they 
thought they were doing was getting a eCard from a classmate or a bored girl
are also too dumb to figure out how to set it executable.


 (given, doing this in Win is easier, but not impossible in any flavour
 Linux)

I submit that for all practical purposes it is impossible.  Or at the 
very least impractical.

Evidence:  We have been fighting windows viruses and worms tooth
and nail for Over 10 Years.  Wouldn't you thing that would have
been time enough for some clever virus writer to try and take over
that very LARGE segment of internet web servers that run on
various 'nix machines, and which serve as firewalls to vast 
data warehouses?

Further advances in SE linux make it even less likely in the future.

Bill would like you to believe its JUST because his OS is popular.

-- 
_
John Andersen
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Hans van der Merwe

On Tue, 2007-08-07 at 11:08 +0200, Per Jessen wrote:
 Hans van der Merwe wrote:
 
  Why is it assumed that Linux is less prone to virus attacks?  
 
 Primarily due to a better and much more ingrained security system.  Do
 you normally run as root on your Linux desktop?  Well, that what's a
 Windows user normally does on his Windows ditto.
 
  I know to install stuff in the system, root is necessary, but
  installing and running dangerous stuff in the user home directories is
  easy; you just need a cunning app to fool the user in executing
  malicious code. 
 
 Which does what?  Chances are it will only affect that one user, unless
 it's some sort of DOS attack. 

Well, that what I started with - a desktop environment - in desktop
environments there are basically only one user - so messing with his/her
docs/mail etc is just as bad as wiping the /lib dir?
With servers its diff, I agree.




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread G T Smith
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Registration Account wrote:
 As you know clamAV provides NO realtime virus detection
 and from time to time we all need to execute a clamscan
 - Well I just performed a clamscan and found 4 folder
 which a year or so stored and catagorised emails and
 all 4 folders were infected with
 Phishing.Heuristics.emal.spoofedDomain virus's. As
 almost all emails are held in mbox format I would
 suggest everyone to run a scan periodically. Remember
 clamAV provides NO repeat NO real time protection, even
 if you copy them to a MS Windows or NSF drive or open
 an infected file or execute an infected .bin file
 
 Scott

Oh Boy!

This kind of thing (a mail worm NOT a virus to be pedantic) usually only
showed up in spam mail (which should be picked up by your spam filter)
and is only potentially dangerous if you actually open and run the
relevant scripts. As most of these expect windows to be at the receiving
end they almost certainly will not work if anyone is daft enough to open
them and would be only dangerous if they did work if accessed as root.
(If you get caught in this particular situation dont look for sympathy
from this direction).

Windows based on access scanners should usually pick this up so those
really at threat should be covered anyway.

Scanning really offers protection against the things that are known, and
is a waste of space for identifying the things that we dont. On access
server side scanning can seriously impact overall mail server
performance with possibly few identifiable benefits (spam filtering on
the other hand is a different story). Apparently you can use CLamAV with
procmail (which would would give you on access scanning which you cliam
it does not do). (see http://wiki.clamav.net/Main/ClamAndProcmail).

Managed client side tools should be much more effective. Good security
practice is probably as effective as a good scanning software.

There are security threats in the Linux world but viruses are not and
are unlikely to be significant issue.

In other word DONT PANIC (and remember the towel) :-) .


- --
==
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.

Bjarne Stroustrup
==
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGuDs3asN0sSnLmgIRAk1WAKDnlQE65ydff5kY+ZzlwaD78vFKmACgkbiH
HmsZUDgceeHV6DXOgaeeAOI=
=0Lqo
-END PGP SIGNATURE-
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Hans van der Merwe

On Tue, 2007-08-07 at 01:15 -0800, John Andersen wrote:
 On Tuesday 07 August 2007, Hans van der Merwe wrote:
  If/When Linux makes it big-time on the desktop do you think it will also
  be bogged down with virus attacks as MS is now.
 
 No. 
 The reason windows is attacked is because its EASY, not JUST because its
 popular.  Believing otherwise is swallowing Microsoft FUD hook line and 
 sinker.
 
 
  Why is it assumed that Linux is less prone to virus attacks?  
 
 Because it is.  With windows, simply sending you a file can infect
 you.  With linux, sending you a file and having you click on it all
 day long STILL does not make it executable.
 
 
  I know to 
  install stuff in the system, root is necessary, but installing and
  running dangerous stuff in the user home directories is easy; you just
  need a cunning app to fool the user in executing malicious code.
 
 Social engineering is always a risk, but with Linux you can even prevent
 against that to a far greater degree than with windows.  Egress filtering
 does a lot.  But the real protection is that users who are too dumb to 
 realized WHY they are being asked to set something executable when all they 
 thought they were doing was getting a eCard from a classmate or a bored girl
 are also too dumb to figure out how to set it executable.
 
 
  (given, doing this in Win is easier, but not impossible in any flavour
  Linux)
 
 I submit that for all practical purposes it is impossible.  Or at the 
 very least impractical.
 
 Evidence:  We have been fighting windows viruses and worms tooth
 and nail for Over 10 Years.  Wouldn't you thing that would have
 been time enough for some clever virus writer to try and take over
 that very LARGE segment of internet web servers that run on
 various 'nix machines, and which serve as firewalls to vast 
 data warehouses?

 Further advances in SE linux make it even less likely in the future.
 
 Bill would like you to believe its JUST because his OS is popular.
 

Again, Im only talking about Desktop Linux, not servers - web users dont
have logons, email and web-browsing on arb webservers - so it remains
dumb user proof.

But my main concern is that dumb users usually make up most of the
desktop market out there - and preaching to them that Linux will make
there virus problem go away is setting them up for a fall.

 Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Hans van der Merwe

On Tue, 2007-08-07 at 11:30 +0200, Hans van der Merwe wrote:
 On Tue, 2007-08-07 at 01:15 -0800, John Andersen wrote:
  On Tuesday 07 August 2007, Hans van der Merwe wrote:
   If/When Linux makes it big-time on the desktop do you think it will also
   be bogged down with virus attacks as MS is now.
  
  No. 
  The reason windows is attacked is because its EASY, not JUST because its
  popular.  Believing otherwise is swallowing Microsoft FUD hook line and 
  sinker.
  
  
   Why is it assumed that Linux is less prone to virus attacks?  
  
  Because it is.  With windows, simply sending you a file can infect
  you.  With linux, sending you a file and having you click on it all
  day long STILL does not make it executable.
  
  
   I know to 
   install stuff in the system, root is necessary, but installing and
   running dangerous stuff in the user home directories is easy; you just
   need a cunning app to fool the user in executing malicious code.
  
  Social engineering is always a risk, but with Linux you can even prevent
  against that to a far greater degree than with windows.  Egress filtering
  does a lot.  But the real protection is that users who are too dumb to 
  realized WHY they are being asked to set something executable when all they 
  thought they were doing was getting a eCard from a classmate or a bored girl
  are also too dumb to figure out how to set it executable.
  
  
   (given, doing this in Win is easier, but not impossible in any flavour
   Linux)
  
  I submit that for all practical purposes it is impossible.  Or at the 
  very least impractical.
  
  Evidence:  We have been fighting windows viruses and worms tooth
  and nail for Over 10 Years.  Wouldn't you thing that would have
  been time enough for some clever virus writer to try and take over
  that very LARGE segment of internet web servers that run on
  various 'nix machines, and which serve as firewalls to vast 
  data warehouses?
 
  Further advances in SE linux make it even less likely in the future.
  
  Bill would like you to believe its JUST because his OS is popular.
  
 
 Again, Im only talking about Desktop Linux, not servers - web users dont
 have logons, email and web-browsing on arb webservers - so it remains
 dumb user proof.
 
 But my main concern is that dumb users usually make up most of the
 desktop market out there - and preaching to them that Linux will make
 there virus problem go away is setting them up for a fall.
 
  Hans

Sorry, their virus problem and for replying to my own mail.

And...  desktop users install all kinds of insane apps - when desktop
linux is popular - more apps will appear - increasing the risk of
installing a malicious one.

Hans



E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread John Andersen
On Tuesday 07 August 2007, Hans van der Merwe wrote:
 But my main concern is that dumb users usually make up most of the
 desktop market out there - and preaching to them that Linux will make
 there virus problem go away is setting them up for a fall.

I fail to see how it sets them up for a fall.  
There has to be a something to fall over before there is a fall.

What would YOU SUGGEST we preach to them?


-- 
_
John Andersen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Hans van der Merwe

On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote:
 On Tuesday 07 August 2007, Hans van der Merwe wrote:
  But my main concern is that dumb users usually make up most of the
  desktop market out there - and preaching to them that Linux will make
  there virus problem go away is setting them up for a fall.
 
 I fail to see how it sets them up for a fall.  
 There has to be a something to fall over before there is a fall.
 
 What would YOU SUGGEST we preach to them?
 

Again - the SETUP will involve removing windows and installing a flavour
of linux to curb the effects of viruses.  The FALL will be when they
click yes to something they dont understand (not Linux fault, yes I
know) and then having their docs trashed - leaving them exactly where
they were with windows.  They and the media will not be interested in
how it happened, just that it happened.

Yes this is not in any way the fault of Linux or Linux programmers or
distros etc, BUT telling users to install Linux because it will help for
viruses is IMHO irresponsible.

Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Fergus Wilde
On Tuesday 07 August 2007 09:28, Registration Account wrote:
 As you know clamAV provides NO realtime virus detection
 and from time to time we all need to execute a clamscan
 - Well I just performed a clamscan and found 4 folder
 which a year or so stored and catagorised emails and
 all 4 folders were infected with
 Phishing.Heuristics.emal.spoofedDomain virus's. As
 almost all emails are held in mbox format I would
 suggest everyone to run a scan periodically. Remember
 clamAV provides NO repeat NO real time protection, even
 if you copy them to a MS Windows or NSF drive or open
 an infected file or execute an infected .bin file

 Scott

How is the presence of a phishing email a virus infection in Linux? 

-- 
Fergus Wilde
Chetham's Library
Long Millgate
Manchester
M3 1SB

Tel: 0161 834 7961
Fax: 0161 839 5797

http://www.chethams.org.uk
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Joe Morris (NTM)
On 08/07/2007 05:49 PM, Hans van der Merwe wrote:
 Again - the SETUP will involve removing windows and installing a flavour
 of linux to curb the effects of viruses.  
And it does help, not in the future but in the present.
 The FALL will be when they
 click yes to something they dont understand (not Linux fault, yes I
 know) and then having their docs trashed - leaving them exactly where
 they were with windows.  
And if they have learned nothing else than not to click on everything
next time, then at least they have learned that.  BUT, anything that
would wipe out their docs would only wipe out their docs.  Getting
running again would be a short exercise not a reinstall.  Anyone that
inept is still in much better shape with Linux than Windows.
 They and the media will not be interested in
 how it happened, just that it happened.
   
If they do not care how it happened, then they would be beyond any
reasonable arguments because they would definitely be fringe, not
mainstream.
 Yes this is not in any way the fault of Linux or Linux programmers or
 distros etc, BUT telling users to install Linux because it will help for
 viruses is IMHO irresponsible.
   
I respect your right to your opinion, but I know my daughters laptop
works much more reliably in Linux than in Windows in her college
setting, with friends using her computer.  It is her opinion Linux DOES
much more than help, it works when her dual boot Windows gets stuffed
with viruses, worms, etc.

-- 
Joe Morris
Registered Linux user 231871 running openSUSE 10.2 x86_64





-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread jdd

Hans van der Merwe wrote:


Why is it assumed that Linux is less prone to virus attacks?


* Windows is stuck by it's history. Original windows (3.11, 95 or 98) 
had no idea of what security mind. So many application programmers 
used to store they user data in the application folder (for example).


And they are used to, so they still do.

so it's nearly impossible to run windows XP in safe mode (it can do) 
without conflicting with dozen of softwares. result: even a cautious 
user is obliged to run XP with root permissions.


* proprietary software, specially shareware rely on external 
repositories to spread they application. Proprietary paid software are 
hacked and spread by e-mule or similar.


This makes content ack very difficult. You stole a programm, you can't 
ask the owner if there is a virus inside...


Open source programms/apps are mostly spread via owner repository or 
official mirrors, anybody complaining can have an aswer in a minute 
(if a virus is suspected, the community have a very fast response 
curve), so any virus will be detected, the origin found and cured in a 
matter of hours.


The only significant attacks against Linux are made from the computer 
keyboard (and against that, no cure).


* oh... the worst virus: a mail with my friend, this 'vmlinuz' file 
in your /boot folder is an extremely dangerous virus, immediatly

- copy this info to all yours friends,
- go root and remove this file from your disk, and any file that looks 
similar.


if you follow such instructions, you deserv the problems you get :-()

jdd

--
http://www.dodin.net
http://gourmandises.orangeblog.fr/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott
Registration Account wrote:
 As you know clamAV provides NO realtime virus detection
 and from time to time we all need to execute a clamscan
 - Well I just performed a clamscan and found 4 folder
 which a year or so stored and catagorised emails and
 all 4 folders were infected with
 Phishing.Heuristics.emal.spoofedDomain virus's. As
 almost all emails are held in mbox format I would
 suggest everyone to run a scan periodically. Remember
 clamAV provides NO repeat NO real time protection, even
 if you copy them to a MS Windows or NSF drive or open
 an infected file or execute an infected .bin file

 Scott
   
If an email contains a virus, Linux is quite capable of passing it on
with that message.  How many of those viruses infected the Linux box? 
Just sitting in a mail box doesn't count as infected.

-- 
Use OpenOffice.org http://www.openoffice.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Hans van der Merwe

On Tue, 2007-08-07 at 18:24 +0800, Joe Morris (NTM) wrote:
 On 08/07/2007 05:49 PM, Hans van der Merwe wrote:
  Again - the SETUP will involve removing windows and installing a flavour
  of linux to curb the effects of viruses.  
 And it does help, not in the future but in the present.
  The FALL will be when they
  click yes to something they dont understand (not Linux fault, yes I
  know) and then having their docs trashed - leaving them exactly where
  they were with windows.  
 And if they have learned nothing else than not to click on everything
 next time, then at least they have learned that.  BUT, anything that
 would wipe out their docs would only wipe out their docs.  Getting
 running again would be a short exercise not a reinstall.  Anyone that
 inept is still in much better shape with Linux than Windows.
  They and the media will not be interested in
  how it happened, just that it happened.

 If they do not care how it happened, then they would be beyond any
 reasonable arguments because they would definitely be fringe, not
 mainstream.

Well, just read a bit about the Firefox Password Manager bug that is
hurting the move to Firefox, Im sure.  Wired, CNet, CNN, BBC, etc really
dont care that this is not a bug in the traditional sense of the word,
but well... a feature gone bad in the ever changing webserver world.  To
them its a juicy story about the great freedom Firefox being just as
vulnerable/bad as IE or Safari. 
 
Fringe media is leading the non-tech world, its a reality, something to
plan for and deal with. 



  Yes this is not in any way the fault of Linux or Linux programmers or
  distros etc, BUT telling users to install Linux because it will help for
  viruses is IMHO irresponsible.

 I respect your right to your opinion, but I know my daughters laptop
 works much more reliably in Linux than in Windows in her college
 setting, with friends using her computer.  It is her opinion Linux DOES
 much more than help, it works when her dual boot Windows gets stuffed
 with viruses, worms, etc.
 

I guess (and again my opinion) that most (yes, not all) Linux users at
the moment are not the average Joe computer user that will click on
anything that is put up on the screen.  And users that dont know Linux
using Linux is more cautious not to mess-up the computer.   This will
change as average Linux users increase. 

I'm just preaching caution - just as I don't tell people to use Linux
because its free, money wise or as in freedom, most of them are
skeptical about free stuff, and the other really not care about tech
freedom (wrongly so, but that is a diff fight).

I believe that the free, freedom etc is to the Dells, HPs and IBMs, not
the user - the user, in an ideal world, should not even know what a OS
is (as MS have already done with 80% of the users out there).  Dell etc
should care if some of their revenue go to MS - they are starting to,
they should make the difference.  A user revolt will not happen.

Well, my ZA 2c worth, which is not much in $ terms.
Thanks for the discussion.
Hans
ps.  I have no Windows machines at home - Im also seen as the company
Linux fanboy/troublemaker - so this is mainly a bit of devils advocation
going on.




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott
Hans van der Merwe wrote:
 On Tue, 2007-08-07 at 10:40 +0200, Clayton wrote:
   
 On 8/7/07, Registration Account [EMAIL PROTECTED] wrote:
 
 As you know clamAV provides NO realtime virus detection
 and from time to time we all need to execute a clamscan
 - Well I just performed a clamscan and found 4 folder
 which a year or so stored and catagorised emails and
 all 4 folders were infected with
 Phishing.Heuristics.emal.spoofedDomain virus's. As
 almost all emails are held in mbox format I would
 suggest everyone to run a scan periodically. Remember
 clamAV provides NO repeat NO real time protection, even
 if you copy them to a MS Windows or NSF drive or open
 an infected file or execute an infected .bin file
   
 But... that isn't a Linux virus is it?  That is an email with stuff in
 it that is only triggered when you respond to the contents... (click
 on link, provide personal information in a reply etc)  ie.. it is a
 social engineering virus, not a Linux virus.


 C
 

 On this subject.

 If/When Linux makes it big-time on the desktop do you think it will also
 be bogged down with virus attacks as MS is now.

 Why is it assumed that Linux is less prone to virus attacks?  I know to
 install stuff in the system, root is necessary, but installing and
 running dangerous stuff in the user home directories is easy; you just
 need a cunning app to fool the user in executing malicious code.
 (given, doing this in Win is easier, but not impossible in any flavour
 Linux)

   

In order for it to run, someone has to make it executable first.  If
that is not done, a virus is incapable of doing anything.  Then even if
it manages to run, it can only affect whatever the user has permissions
for and nothing else.  Further, there were many bad design decisions in
MS software, that leave it wide open for abuse.  A famous example of
this is how IE is built into the kernel.  The sole reason for this is
because in the Netscape vs MS trial, MS said IE couldn't be removed as
it was part of the OS.  Next version of Windows, it was mixed in with
the OS, when it previously had been just an app.  This means that any
malware that affects IE has the run of the system.  At a time when good
software engineering dictated modularizing, MS was going the other way.

-- 
Use OpenOffice.org http://www.openoffice.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Per Jessen
Hans van der Merwe wrote:

 Well, that what I started with - a desktop environment - in desktop
 environments there are basically only one user - so messing with
 his/her docs/mail etc is just as bad as wiping the /lib dir?

Not at all.  If a user manages to screw up his/her home-directory, you
just restore it from the last backup.  If you get an intruder on your
system as such, you might even have to re-install.



/Per Jessen, Zürich

-- 
http://www.spamchek.com/ - your spam is our business.

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Per Jessen
Hans van der Merwe wrote:

 BUT telling users to install Linux because it will help
 for viruses is IMHO irresponsible.

Does anyone actually do that?  I can see the above as an additional
argument for someone who's about to switch to Linux, but surely it's
not the main reason. 



/Per Jessen, Zürich

-- 
http://www.spamchek.com/ - your spam is our business.

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Tero Pesonen
On Tuesday 07 August 2007, Per Jessen wrote:
 Hans van der Merwe wrote:
  Well, that what I started with - a desktop environment - in desktop
  environments there are basically only one user - so messing with
  his/her docs/mail etc is just as bad as wiping the /lib dir?

 Not at all.  If a user manages to screw up his/her home-directory, you
 just restore it from the last backup.  If you get an intruder on your
 system as such, you might even have to re-install.


If Linux were to gain real desktop acceptance, could one expect macro 
viruses to become fashionable again? Is there any difference between OOo 
and MS Office regarding this?

Tero Pesonen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread [EMAIL PROTECTED]
On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote:

 
 What would YOU SUGGEST we preach to them?
 
 

Hans, we preach Braaivleis, Boerewors, Biltong  Chevrolet; i.e. don't
worry, be happy ...

:-)
Al

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread [EMAIL PROTECTED]
On Tue, 2007-08-07 at 11:42 +, Hans van der Merwe wrote:
 I'm just preaching caution - just as I don't tell people to use
 Linux
 because its free, money wise or as in freedom, most of them are
 skeptical about free stuff, and the other really not care about tech
 freedom (wrongly so, but that is a diff fight).
 
 I believe that the free, freedom etc is to the Dells, HPs and IBMs,

Last week I got quotes for Dell Notebooks. I wanted them without OS or
Linux on them. I requested them to quote with Vista (some now
alternatively with XP) and without OS. They said it makes no difference,
it costs the same with or without Vista. So the user is locked in by the
vendor to Vista, penalising the other OS users.

  not
 the user - the user, in an ideal world, should not even know what a OS
 is (as MS have already done with 80% of the users out there).  Dell
 etc should care if some of their revenue go to MS - they are starting
 to, they should make the difference.  A user revolt will not happen. 

because they are forced to buy M$ (don't think the OS costs are not
calculated into the price - they do not give away anything), and if not,
get penalised.

:-)
Al

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Kai Ponte
On Tue, August 7, 2007 1:28 am, Registration Account wrote:
 As you know clamAV provides NO realtime virus detection
 and from time to time we all need to execute a clamscan
 - Well I just performed a clamscan and found 4 folder
 which a year or so stored and catagorised emails and
 all 4 folders were infected with
 Phishing.Heuristics.emal.spoofedDomain virus's. As
 almost all emails are held in mbox format I would
 suggest everyone to run a scan periodically. Remember
 clamAV provides NO repeat NO real time protection, even
 if you copy them to a MS Windows or NSF drive or open
 an infected file or execute an infected .bin file

Heh.

Run!

Hide!

Cover your childrens' eyes!

Seriously, I just had this discussion a few days ago with my parental
unit.

She was all freaked out about some phishing emails she got and thought
for sure she was infected. (My son had launched AMOR and had dropped
her wireless mouse receiver behind the desk. As a result, her mouse
movements were jerky and there was this smiling face on the screen.
She was sure that was due to the viruses she'd obtained.)

Keep in mind - unless you're stupid enough to run as root all the
time, the worst that can happen is someone may get into your local
files or fire off an email.

I remember purposely trying to open an virus under KNode to see what
would happen...

http://www.perfectreign.com/stuff/osama.jpg

...you are fine.

-- 
k
www.perfectreign.com


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Hans van der Merwe

On Tue, 2007-08-07 at 07:27 -0700, Kai Ponte wrote:
 On Tue, August 7, 2007 1:28 am, Registration Account wrote:
  As you know clamAV provides NO realtime virus detection
  and from time to time we all need to execute a clamscan
  - Well I just performed a clamscan and found 4 folder
  which a year or so stored and catagorised emails and
  all 4 folders were infected with
  Phishing.Heuristics.emal.spoofedDomain virus's. As
  almost all emails are held in mbox format I would
  suggest everyone to run a scan periodically. Remember
  clamAV provides NO repeat NO real time protection, even
  if you copy them to a MS Windows or NSF drive or open
  an infected file or execute an infected .bin file
 
 Heh.
 
 Run!
 
 Hide!
 
 Cover your childrens' eyes!
 
 Seriously, I just had this discussion a few days ago with my parental
 unit.
 
 She was all freaked out about some phishing emails she got and thought
 for sure she was infected. (My son had launched AMOR and had dropped
 her wireless mouse receiver behind the desk. As a result, her mouse
 movements were jerky and there was this smiling face on the screen.
 She was sure that was due to the viruses she'd obtained.)
 
 Keep in mind - unless you're stupid enough to run as root all the
 time, the worst that can happen is someone may get into your local
 files or fire off an email.


Why is this not an issue with anyone?  Deleting a normal users data is a
big thing.  They consider the PC broken if their files disappear.

Hans




E-Mail disclaimer:
http://www.sunspace.co.za/emaildisclaimer.htm
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Mike
On Tuesday 07 August 2007 16:50, Hans van der Merwe wrote:

 
  She was all freaked out about some phishing emails she got and
  thought for sure she was infected. (My son had launched AMOR and
  had dropped her wireless mouse receiver behind the desk. As a
  result, her mouse movements were jerky and there was this smiling
  face on the screen. She was sure that was due to the viruses
  she'd obtained.)
 
  Keep in mind - unless you're stupid enough to run as root all the
  time, the worst that can happen is someone may get into your local
  files or fire off an email.

 Why is this not an issue with anyone?  Deleting a normal users data
 is a big thing.  They consider the PC broken if their files
 disappear.

Because my personal files are all backed up. And I don't know how else 
it can be explained. It basically takes 3 actions for the virus to 
work. One it has to get on the system. Two - someone has to make it 
executable. three - then you have to execute it. It's that simple. If 
you do all three of those things, you deserve whatever you get. I mean 
the you in the figurative sense not personal. I doubt a noob would know 
how to make the file executable. They'll click on it and when nothing 
happens it's deleted  

And if you fall for a phishing email, that started this thread, then you 
are in the same boat as the guy that made the virus file executable.

Mike

-- 
Powered by SuSE 10.0 Kernel 2.6.13 X86_64 KDE 3.4 Kmail 1.8
  5:04pm  up 9 days  7:21,  4 users,  load average: 2.23, 2.19, 2.18
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Tero Pesonen
On Tuesday 07 August 2007, Kai Ponte wrote:
 On Tue, August 7, 2007 1:28 am, Registration Account wrote:
  As you know clamAV provides NO realtime virus detection
  and from time to time we all need to execute a clamscan
  - Well I just performed a clamscan and found 4 folder
  which a year or so stored and catagorised emails and
  all 4 folders were infected with
  Phishing.Heuristics.emal.spoofedDomain virus's. As
  almost all emails are held in mbox format I would
  suggest everyone to run a scan periodically. Remember
  clamAV provides NO repeat NO real time protection, even
  if you copy them to a MS Windows or NSF drive or open
  an infected file or execute an infected .bin file

 Heh.

 Run!

 Hide!

 Cover your childrens' eyes!

 Seriously, I just had this discussion a few days ago with my parental
 unit.

 She was all freaked out about some phishing emails she got and thought
 for sure she was infected. (My son had launched AMOR and had dropped
 her wireless mouse receiver behind the desk. As a result, her mouse
 movements were jerky and there was this smiling face on the screen.
 She was sure that was due to the viruses she'd obtained.)

 Keep in mind - unless you're stupid enough to run as root all the
 time, the worst that can happen is someone may get into your local
 files or fire off an email.

and thus install a keylogger or similar application. Once you realise 
there's a logger process running on your system, you also realise you 
don't know which of your local or remote backus can be trusted any more, 
in case they were accessed while your system was compromised. You may 
need to bring some off-site backups from physical media, which, for many 
people, are not at all up to date now that FTP based backup solutions 
with large quatas are so readily available.

 ...you are fine.

Not necessarily. I believe there were macro viruses for MS Excell that 
tried to go unnoticed as long as possible, corrupting very small amounts 
of data in Excell sheets every now and then. The result was that months' 
or even a full year's worth of files and backups could go getting 
corrupted before it was noticed. Could this happen on OOo? I don't know.

Anyway, backups are of little use if the data in them cannot be trusted, 
even if they were not altered in any way. All you need is to know that 
they could have been corrupted at will. Also, I'd call firing off god 
knows what kinds of email from my IP or from my account very undesirable.

Regards,
Tero Pesonen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott

Hans van der Merwe wrote:

Again, Im only talking about Desktop Linux, not servers - web users dont
have logons, email and web-browsing on arb webservers - so it remains
dumb user proof.

But my main concern is that dumb users usually make up most of the
desktop market out there - and preaching to them that Linux will make
there virus problem go away is setting them up for a fall.


  
Bottom line, you're ignoring all the technical differences that make 
Windows a wide open target, in comparison to Linux or Unix.  No amount 
of dumb users will overcome that fact.  Then, good practices will go 
further to reduce that risk and also it is virtually impossible for a 
virus to get started, without some very deliberate action on the part of 
the user.  Also, some distros make it plain to users that running as 
root is a dumb thing.  In Windows, many apps require admin rights, just 
to function.  So if you're running such an app, any malware you get, 
will have access to the entire system.  On the other hand, with Linux, 
if you need root privileges, you are specifically asked for them or 
denied.  This means that it's extremely difficult for malware to do 
significant damage.




--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott

Hans van der Merwe wrote:


And...  desktop users install all kinds of insane apps - when desktop
linux is popular - more apps will appear - increasing the risk of
installing a malicious one.

  


Any malware capable of causing significant damage i.e. beyond the users 
files etc., will require root privileges.  This requires deliberate 
action, unlike in Windows, where simply going to the wrong website or 
openning tainted email is all it takes.  No one can make the claim Linux 
or any other OS is invulnerable, but there's a world of difference 
between it and Windows, that has nothing to do with the number of 
users.  If popularity were the criteria, please explain why Apache on 
Linux or Unix or even Apache on Windows makes for a far more secure web 
site than IIS on Windows.  IIRC, Apache on Linux/Unix is at least 75% of 
the web servers.




--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott

Hans van der Merwe wrote:

On Tue, 2007-08-07 at 01:35 -0800, John Andersen wrote:
  

On Tuesday 07 August 2007, Hans van der Merwe wrote:


But my main concern is that dumb users usually make up most of the
desktop market out there - and preaching to them that Linux will make
there virus problem go away is setting them up for a fall.
  
I fail to see how it sets them up for a fall.  
There has to be a something to fall over before there is a fall.


What would YOU SUGGEST we preach to them?




Again - the SETUP will involve removing windows and installing a flavour
of linux to curb the effects of viruses.  The FALL will be when they
click yes to something they dont understand (not Linux fault, yes I
know) and then having their docs trashed - leaving them exactly where
they were with windows.  They and the media will not be interested in
how it happened, just that it happened.

Yes this is not in any way the fault of Linux or Linux programmers or
distros etc, BUT telling users to install Linux because it will help for
viruses is IMHO irresponsible.

  


Windows malware does much more than simply trash a users documents.  If 
that was all it did, it wouldn't be such a problem.  Take a look at all 
that spam that hits your inbox.  Most of that is coming from compromised 
Windows boxes.  That is but one example that goes beyond deleting 
files.  Perhaps you'd should get a better understanding of what malware 
does and how it's propogated.



--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread jdd

Tero Pesonen wrote:


Not necessarily. I believe there were macro viruses for MS Excell



in approx 25 years of computing, I _never_ had data corrupted by a 
virus, even on windows.


This don't mean I never got virus, but I always see it before any 
damage done. I have seen many computer destructed by visuses, of 
course, even very recently.


it's only a matter of caution. A true virus needs to be executed to 
replicate. I never use an app of unknow origin, if not doublechecked 
by a good anti-virus. I _never_ open a word or exel file from unknown 
origin, in case of doubt I run an anti-virus on them before opening 
(and got many viruses like this).


Now I open word docs with openoffice, I don't think there is (yet) a 
virus able to run like this. of course autorun is always unset.


I usually open docs with wordpad in place of word (in fact I stopped 
using ms word many years ago, with word 97).


last rerally problematic virus I had was on a floppy... and no data 
damaged.


jdd


--
http://www.dodin.net
http://gourmandises.orangeblog.fr/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Tero Pesonen
On Tuesday 07 August 2007, jdd wrote:
 Tero Pesonen wrote:
  Not necessarily. I believe there were macro viruses for MS Excell

 in approx 25 years of computing, I _never_ had data corrupted by a
 virus, even on windows.

Sure, but you're not an average user either. 

Regards,
Tero Pesonen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread jdd

Tero Pesonen wrote:

On Tuesday 07 August 2007, jdd wrote:

Tero Pesonen wrote:

Not necessarily. I believe there were macro viruses for MS Excell

in approx 25 years of computing, I _never_ had data corrupted by a
virus, even on windows.


Sure, but you're not an average user either. 


may be, I just wanted to quote that minimal cautions makes the job 
done (I'm not paranoid)


jdd

--
http://www.dodin.net
http://gourmandises.orangeblog.fr/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott

Hans van der Merwe wrote:


Why is this not an issue with anyone?  Deleting a normal users data is a
big thing.  They consider the PC broken if their files disappear.
  


That's a minor issue, compared to some of the other things malware can 
do.  Stuff such as stealing passwords and other personal info, spam 
generators, corrupting the entire computer etc.



--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Michael Letourneau
James Knott wrote:
 Bottom line, you're ignoring all the technical differences that make
 Windows a wide open target, in comparison to Linux or Unix.  No amount
 of dumb users will overcome that fact.  Then, good practices will go
 further to reduce that risk and also it is virtually impossible for a
 virus to get started, without some very deliberate action on the part of
 the user.  Also, some distros make it plain to users that running as
 root is a dumb thing.  In Windows, many apps require admin rights, just
 to function.  So if you're running such an app, any malware you get,
 will have access to the entire system.  On the other hand, with Linux,
 if you need root privileges, you are specifically asked for them or
 denied.  This means that it's extremely difficult for malware to do
 significant damage.



Okay I know not everyone likes the use of wikipedia as a reference, but
from their computer virus entry
(http://en.wikipedia.org/wiki/Computer_virus) this is what they state:

A computer virus is a computer program that can copy itself and infect a
computer without permission or knowledge of the user. The original may
modify the copies or the copies may modify themselves, as occurs in a
metamorphic virus. A virus can only spread from one computer to another
when its host is taken to the uninfected computer, for instance by a user
sending it over a network or carrying it on a removable medium such as a
floppy disk, CD, USB drive or by the Internet. Additionally, viruses can
spread to other computers by infecting files on a network file system or a
file system that is accessed by another computer. Viruses are sometimes
confused with computer worms and Trojan horses.

I think people are confusing virus with Trojan.  From my old PC support
days, most of the virii that were in the wild were tied to Office
documents, or existed on boot sectors of floppies and hard drives. 
Nothing to execute there.  I think it would be pretty easy for a virus
to exist on linux systems.  There is no requirement that it destroy the
system, no requirement that it has root privileges, nor any requirement
that it affects more than one person.  All it takes is OpenOffice to have
a hole that can be utilized, or Thunderbird, or Kmail or any application
that most desktop linux users would use.  That would allow the user to be
infected, and to attempt to affect others.  Sounds like a virus to me. 
But yes it would be restricted to the privileges that that user has.  But
nothing stops a linux desktop user from launching a bunch of process' that
would make it as much of a zombie machine as a desktop windows box.

A Trojan, requires user intervention to execute or launch.  And again,
thats restricted to the privileges that user has.  But there is no reason
this cannot exist on a Linux desktop.  Again, what are the windows zombie
machines really doing, does not being root on a linux desktop really
prevent you from doing many of those things?

A worm, moves of its own volition, no requirement that it be a user
launching a program or anything.  There is no reason to say that Linux is
not vulnerable to these at all.  (And yes I know no one was saying that
Linux was, just mentioning the difference between this and a virus).

Michael



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott

Michael Letourneau wrote:

I think people are confusing virus with Trojan.  From my old PC support
days, most of the virii that were in the wild were tied to Office
documents, or existed on boot sectors of floppies and hard drives. 
Nothing to execute there.  I think it would be pretty easy for a virus

to exist on linux systems.  There is no requirement that it destroy the
system, no requirement that it has root privileges, nor any requirement
that it affects more than one person.  All it takes is OpenOffice to have
a hole that can be utilized, or Thunderbird, or Kmail or any application
that most desktop linux users would use.  That would allow the user to be
infected, and to attempt to affect others.  Sounds like a virus to me. 
But yes it would be restricted to the privileges that that user has.  But

nothing stops a linux desktop user from launching a bunch of process' that
would make it as much of a zombie machine as a desktop windows box.


  
A boot sector virus is executed every time the computer is booted.  Any 
OS can be vulnerable to a boot sector virus during booting, because the 
OS is not running at that time.  The only protection is what's provided 
with the BIOS.  On the other hand computers running protected operating 
systems, such as Linux or OS/2 cannot be infected when running, as they 
have mechanisms to prevent it.  DOS and DOS based versions of Windows 
(3.1, 95, 98 etc) do not have such protection and can be infected 
whenever the virus is run.



--
Use OpenOffice.org
http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread jdd

James Knott wrote:

A boot sector virus is executed every time the computer is booted.  Any 
OS can be vulnerable to a boot sector virus during booting



my old thunderbyte anti-vir software replaced the boot sector by it's 
own and kept an md5sum of it, preventing such attack. I hope moderns 
systems have something similar...


jdd

--
http://www.dodin.net
http://gourmandises.orangeblog.fr/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Michael Letourneau
James Knott wrote:
 Michael Letourneau wrote:
 I think people are confusing virus with Trojan.  From my old PC support
 days, most of the virii that were in the wild were tied to Office
 documents, or existed on boot sectors of floppies and hard drives.
 Nothing to execute there.  I think it would be pretty easy for a virus
 to exist on linux systems.  There is no requirement that it destroy the
 system, no requirement that it has root privileges, nor any requirement
 that it affects more than one person.  All it takes is OpenOffice to
 have
 a hole that can be utilized, or Thunderbird, or Kmail or any application
 that most desktop linux users would use.  That would allow the user to
 be
 infected, and to attempt to affect others.  Sounds like a virus to me.
 But yes it would be restricted to the privileges that that user has.
 But
 nothing stops a linux desktop user from launching a bunch of process'
 that
 would make it as much of a zombie machine as a desktop windows box.



 A boot sector virus is executed every time the computer is booted.  Any
 OS can be vulnerable to a boot sector virus during booting, because the
 OS is not running at that time.  The only protection is what's provided
 with the BIOS.  On the other hand computers running protected operating
 systems, such as Linux or OS/2 cannot be infected when running, as they
 have mechanisms to prevent it.  DOS and DOS based versions of Windows
 (3.1, 95, 98 etc) do not have such protection and can be infected
 whenever the virus is run.


Yes true, not typically what is thought of executing though, and not
really what my point was.  My point was that everyone was talking about
having to have the file be executable and executed in order to get
infected.  That is not true.  If you actually have to execute it, thats a
trojan, not really a virus.

But again, in either of those cases not being root does not necessarily
prevent your machine from being infected and/or the possible results
thereof.  Everyone remembers Melissa,
http://www.cert.org/advisories/CA-1999-04.html, if that were designed for
a Linux system, not being root would not stop/prevent it at all.

Michael

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread James Knott

jdd wrote:

James Knott wrote:

A boot sector virus is executed every time the computer is booted.  
Any OS can be vulnerable to a boot sector virus during booting



my old thunderbyte anti-vir software replaced the boot sector by it's 
own and kept an md5sum of it, preventing such attack. I hope moderns 
systems have something similar...




Many systems will prevent writing to the MBR, if so configured.


--
Use OpenOffice.org http://www.openoffice.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Clayton
 But again, in either of those cases not being root does not necessarily
 prevent your machine from being infected and/or the possible results
 thereof.  Everyone remembers Melissa,
 http://www.cert.org/advisories/CA-1999-04.html, if that were designed for
 a Linux system, not being root would not stop/prevent it at all.

OK, but that required that you have macros set to autoexecute - if I
remember right, that was the default setting for Office.  In Linux..
most people use OpenOffice.org which is set by default to not auto
execute macros.  You have to explicitly click the Enable Macros
button.. and only then will any embedded macros run.

This does not account for buffer overflow exploits etc...I seem to
remember one recently (in the past year) that would give you root
access to a remote machine... scary except that you had to be root
already to get into the state where the exploit could be triggered..
giving you root access to something you were already logged into as
root... so not much of an exploit.


C.
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread David Bolt
On Tue, 7 Aug 2007, Clayton wrote:-

snip

This does not account for buffer overflow exploits etc...I seem to
remember one recently (in the past year) that would give you root
access to a remote machine... scary except that you had to be root
already to get into the state where the exploit could be triggered..
giving you root access to something you were already logged into as
root... so not much of an exploit.

If you can get a normal user to execute something that is able to use a
local root exploit, that users system could be very easily compromised.
All it would need is for whatever used the root exploit install a
root-kit, downloading whatever is needed as required, and the system can
end up in a similar state as a virus-infected Windows system.

However, all this is based upon the premise that you have a user[0] so
idiotic that they'd specifically save an attachment, make it executable,
actually open this executable file, and that the exploit it wishes to
exploit is actually present on that system. Any of these don't occur,
there will be no infection.

Of course, there's also those infections that occur without user
intervention, but those tend to come in through security holes in server
daemons which are unlikely to be running on a normal users desktop
system.


[0] Of which I'm absolutely certain there either are some right now, or
there will be some in the future.

Regards,
David Bolt

-- 
Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net
RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit
RISC OS 3.6  | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit
TOS 4.02 | SUSE 9.3 32bit  | | openSUSE 10.3a6 32bit
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [opensuse] Who said Linux doesnot get Virus infections

2007-08-07 Thread Michael Letourneau
David Bolt wrote:
 On Tue, 7 Aug 2007, Clayton wrote:-

 snip

This does not account for buffer overflow exploits etc...I seem to
remember one recently (in the past year) that would give you root
access to a remote machine... scary except that you had to be root
already to get into the state where the exploit could be triggered..
giving you root access to something you were already logged into as
root... so not much of an exploit.

 If you can get a normal user to execute something that is able to use a
 local root exploit, that users system could be very easily compromised.
 All it would need is for whatever used the root exploit install a
 root-kit, downloading whatever is needed as required, and the system can
 end up in a similar state as a virus-infected Windows system.

 However, all this is based upon the premise that you have a user[0] so
 idiotic that they'd specifically save an attachment, make it executable,
 actually open this executable file, and that the exploit it wishes to
 exploit is actually present on that system. Any of these don't occur,
 there will be no infection.


As more and more file types get linked to more applications I am not so
sure that executing something has the same meaning it used to.  Say you
download a new screen saver, you never really execute that, but your
window manager utilizes the data in it.  Your window manager runs on X, X
runs as root...  Yeah its a huge round-about way, but really can anyone
say something similar with X or something else, is absolutely impossible?

 Of course, there's also those infections that occur without user
 intervention, but those tend to come in through security holes in server
 daemons which are unlikely to be running on a normal users desktop
 system.


Yup, I would classify those more as worms or exploits rather than virii. 
But most of the popular services have had some issues, ftp, mail, http,
ssh...

 [0] Of which I'm absolutely certain there either are some right now, or
 there will be some in the future.


I totally agree.  Windows is the low hanging fruit.  People can get the
most bang for the least effort there.  They want a zombie network that can
spam the world, right now its far easier to develop something for Windows
than to do the same for Linux.

 Regards,
 David Bolt


Michael


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  1   2   >