Options
  • Printer-friendly version


  •  
    Other News
  • SuSE 6.4 am 27.3.2000 (17)
  • Musikindustrie unternimmt Zensurversuch in Deutschland (7)
  • FreeBSD 4.0 erschienen (2)
  • Linux & Co in der Bundesverwaltung (1)
  • Grafikprogramme für Linux (2)
  • Kernel pre-2.4 angekündigt (3)
  • Apache 2.0 Alpha 1 erschienen 
  • FSF veröffentlicht Lizenz für Dokumente 
  • XFree86 4.0 erschienen (2)
  • Slackware wird eigenständige Firma 
  • Loki Games stellt 3D Sound Lib OpenAL vor 
  • Zend Optimizer für PHP verfügbar 
  • Walnut Creek CDROM und BSDI fusionieren 
  • Intel entwickelt Linux Handheld? 


  • HOME   |   FEATURES   |   SUBMIT STORY   |   NEWS-ARENA   |   ABOUT   |   FAQ   |   SEARCH
    INTERFACE: [ ENGLISH | DEUTSCH



    Feature: Viruses on Unix systems






    1999-11-08 12:24:05 CET - Oliver Maruhn
     
    Feature
     


    Many new users of Linux think that their system, in contrast to DOS or Windows, is immune to viruses. Rado shows how Linux and Unix systems in general are vulnerable to viruses, too. In fact the first viruses infected Unix systems.

     

    Viruses on Unix systems

    by Rado <r.dejanovic@vipnet.hr>

     

    Elk Cloner: The program with a personality

    It will get on all your disks
    It will infiltrate your chips
    Yes it's Cloner!

    It will stick to you like glue
    It will modify ram too
    Send in the Cloner!

    Computer viruses are the most famous members of quite a large collection of electronic beasts. While they are in fact just as dangerous as any other malicious software written, they are the ugliest -- they replicate themselves and infect other files, nowadays including even innocent document files. And, they are the easiest to pick up and infect yourself. Ironically, but just like real life viruses, they are most present where the information infrastructure is high, and virtual hygiene is weak. They spread just everywhere, from times to times even there, where people think they have done everything to be 100% virus-safe. In fact, there is no OS that is completely safe from viruses. A virus is completely dependent on hosts replication mechanism. And computer viruses are highly dependent on the features and characteristics of the OS. Any OS, including Linux.

    Yes, just like any other OS, Linux may be infected, too. Like Windows NT or MacOS. Not only PCs with DOS or Windows, or Amiga, can host viral code. But then, why don`t we see more viruses on Linux or Windows NT?

    You might be surprised by the fact that some of the first computer viruses were Unix viruses (probably the first one is Elk Cloner, coded sometime between 1980 and 1982). Some early Unix viruses were written by Fred Cohen on VAX running 4BSD, one year after Elk Cloner appeared. Despite the usual belief, Unices are not protected from viruses automatically. Of course, the logic of the code is much different, so people who are used to think about viruses that run on DOS or Windows (except for NT) usually do not understand or underestimate the danger of Unix viruses.

    Common misconceptions

    The biggest misconception is that more powerful security systems prevent virus spread. Because we are used to DOS and its non-existence of any real memory and data protection, we think about viruses as masters of all computer resources. Yes, they are masters on DOS and "plain" Windows. Without any real memory and data protection a computer virus can grab them with both hands. In contrast to that, Unices and Windows NT have far superior protection systems. This prevents most virus infections, but not all. Such systems practically cease when the user runs everything as root or administrator. An intelligent virus will find it's way to every file on the filesystem; NT ownership or ACL are no serious problem then.

    Another misconception is that Linux is especially protected from infections because programs come as source code, not as binaries. This is really a protection because only small number of people (even administrators) have enough knowledge to find viral code in the sources. Ordinary users have a habit of exchanging binaries, because they do not like messing up with such complicated things as make config; make. The doors of Unix systems are opened wide enough to give viruses access to the system.

    Third misconception is that Unices are safe because the platforms are so different from each other. But today this is not a big deal. Viruses which transport ANSI C code to another machine and compile it to make compatible binaries are still is not spotted (for example there is a FILE virus written completely in C). Remember that this was one of techniques used by Morris' Internet Worm. And having standardized ELF binaries and libraries will not make the job tougher for virus writers.

    Shell scripts

    The whole story began with code that did not spread, but ate memory. It was natural, at least on Unices, to start using resources that are common between platforms. For the beginning: shell scripts. Shells on different Unices are quite similar. So Fred Cohen writes in his book Computers Under Attack: Intruders, Worms and Viruses (published 1990): "In the command language of Unix, evolutionary viruses have been written in under 200 bytes". Perhaps the most ironic proof of his words is the man page virus, a script that uses GNU troff's possibility to manipulate files and execute programs. This is probably the place where Linux and Windows world come closest to each other -- the similarity with macro viruses is tremendous. Man page virus can not spread on other computers, unless you have a habit to exchange formatted man pages with other people. However, this virus is the one that is close to the common understanding of computer virus. Someone could write another virus that will be able to use holes in mail readers. Imagine a Linux clone of the Melissa virus that uses a security hole of Pine (just for example) with to spread to every address it finds in the address book.

    Writing a shell script virus is one of easiest ways to produce an Unix virus. I am sure that someone will complain now that a virus is not really a virus if it is not written in Assembler. But the fact is that the main attribute of a virus is its spreading on the system, not the size or the language it is written in. In USENIX 1989 Volume 2 you can see Tom Duff's and M. Douglas McIlroy's code for shell viruses. Shell viruses are at the same time almost harmless and very vulnerable, because they are open to the eyes of administrators and users. However, most users will probably not understand even this:

    for %%f in (*.bat) do copy %%f + bfv.bat

    There is always someone who will trustfully run any script, no matter where he gets it from. But such people are the food for viruses -- human ignorance is real fuel for any virus; while it is not possible to avoid every virus attack, most of them could be avoided by educating people.

    Worms

    The other way to do harmful things is a technique that has been made widely known by Morris Worm: Using exploits -- if possible in combination with other techniques. His worm used a known sendmail vulnerability to get access to other hosts. In case of miss, the virus tried it with with rexec, fingerd and password guessing. After the successful break in, it compiled the source to make a local binary and executed it. There was even code that should cover the tracks -- but it was buggy. If it was not, administrators had a much tougher job on cleaning the systems than the few days they needed to get things under control.

    Internet Worms are viruses that use known exploits to gain administrator privileges. But such are short-living stars that exist only until the exploit has been fixed, because they loose the media which they need replicate themselves and infect more systems. Exploits are very dependent on the version of the software, even on the architecture, and they hardly spread on different platforms or even on the same platform if other computers do not have the same version of the software.

    Faked libraries

    Of course, you can always play on the user's foolishness. If you fool him into using the LD_PRELOAD environment variable, you can make him execute your own code that will replace the functions of the standard libraries with your routines. LD_PRELOAD is not Linux specific and it is used in case when some application (like an old StarOffice on a newer versions of Red Hat) have to use it's own (or older, or modified) libraries, because those which are installed do not fit it's needs. Quantum (author of the Staog viruses) presented this code on a unix-virus mailing list, to demonstrate the idea:

    extern int __open(char *, int, int);
    
    extern int execv(char *, char *[]);
    
    
    
    int open(char *path, int flags,
    
             int mode){
    
      printf("open: %s\n", path);
    
      return __open(path, flags, mode);
    
    }
    
    
    
    
    
    /* note that this is lame and
    
       discards the envp.. better
    
       ways?! */
    
    int execve(char *path, char *args[],
    
               char *envp[]){
    
      printf("execve: %s\n", path);
    
      return execv(path, args);
    
    }

    This code takes over open and execv and modifies them to print out what they do and then jump to the real functions. The output looks like this:

    >gcc -shared tryld.c -o tryld
    
    >export LD_PRELOAD=./tryld
    
    >bash
    
    open: /home/trent/.bashrc
    
    open: /etc/bashrc
    
    open: /home/trent/.bash_history
    
    open: /home/trent/.bash_history
    
    open: /etc/inputrc

    This is just an example which does not hurt anyone, but demonstrates the principle.

    Kernel infectors

    At least, there are so called "kernel infectors", viruses which are able to infect kernel images, where they can get control of virtually every aspect of the system. Such viruses are still existing more in theory than praxis, but this does not mean that we will not see one of them some day.

    Platform compatible viruses

    The difference between architectures is not a big trouble for virus writers if the viral code can be written in ANSI C. All they need on the other side is a C compiler and a virus-compatible system. Such virus can be easily spread around, using user's .rhosts or similar technique. If there is no exploits in such code (probably not because the virus is multi-platform capable, thus it can not expect exploit to be everywhere), the amount of infectable platforms is wide and does not have to be tied just to one flavor of Unix.

    And of course, there are viruses written in Assembler. The most famous, but not the first Linux virus is Bliss, first reported in February 1997. Bliss infect ELF binaries, but does not do any harm. It can be even self-destructing if you run the infected binary with --bliss-disinfect-files-please as argument. If you wish to search for Bliss on your files, look for this pattern:

    E8ABD8FFFFC200003634 65643134373130363532

    The first spotted Linux virus is Staog, half a year older than Bliss. It is written completely in Assembler and tries three exploits to gain privileges on /dev/kmem, to be able to infect everything that moves. Its pattern is:

    215B31C966B9FF0131C0 884309884314B00FCD80

    While we are at ELF binaries: Viruses which infect those files are the closest to the "standard" definition of computer virus -- they are written in Assembler and they infect executables like a typical virus under DOS. ELF code can be infected by adding code in padding space after the text segment, and the search on the directory tree for nice files with ET_EXEC and ET_DYN flags can be (more or less, depend on the presence and experience of the administrator) hidden by forking.

    No, it is not so easy. A virus can infect just the files that are owned by the user who ran the viral code, and if he is not root (and the virus does not use exploits to gain root privileges), only this user's data are jeopardized. But once a virus get administrator privileges everything is possible.

    Are we safe?

    The real problem is yet to come. In the near future we are safe. But day after that, problems may arise. Linux is becoming more and more popular, and becomes a challenge for virus makers. More users mean more potential virus makers, and if we count in the fact that ordinary users knowledge of Unix is declining (thank you, Redmond), we could be in trouble. There already are some anti-virus programs for Linux that do not just check DOS partition for DOS/Windows viruses. There's little known about them, even among the administrators and people we used to call professionals. It is quite interesting, this silence that covers the Unix viruses. Aafter the Worm appeared we could find many debates and articles, even books -- and then nothing. After the boom between 1989 and 1990, with sporadic themes up to 1996 and after that it looks like everyone has forgotten about Unix viruses. The popularization of Linux might start new wave of discussions about the issue, and let's hope there will be real anti-virus software, before we are really in trouble.

    A little sarcasm at the very end: Even if there will be some shiny new and powerful anti-virus software for Linux, someone will surely invent some sort of Outlook/Exchange combination for Linux to help Melissa clones spread on Linux platform. Luckily, this wo not be everyone's problem.

    Unix anti-viruses

    There already is some Unix anti-virus software. Most of it checks for DOS/Windows viruses on mounted space, which is not too helpful in homogeneous Unix environment. But there are some useful tools that check mail and/or ftp and http traffic to find and destroy malicious code, and some do even check for Linux viruses. Whis tool should choose? If you have mixed Unix/Windows environment, you will find programs that can detect and destroy Windows viruses quite useful. If you have a homogeneous Unix environment, you can get advantage of Unix anti-virus software and other tools that help you to keep track of your files and possible modifications on them. Tripwire is a quite usable software that does not detect viruses but will warn you if your files suddenly become different. And of course, checking the log files can help a lot. A third solution is anti-virus software that checks incoming mail and files for all kind of viruses. Try it, you will like it. The market for Unix anti-virus software is not as huge as it is for Windows viruses (lucky us), but there are already products that you can get today. Here are some products I found on the web, but those have not been tested by myself. So I can not say anything about them. You will have to try them yourself and decide which one of them is right for your purposes. Some of them clean Linux viruses, some of them do not:

    http://aachalon.de/AMaViS/
    http://www.avp.ru/
    ftp://ftp.hbedv.com /antivir/english/release/avlglibc.tgz
    http://www.Europe.Datafellows.com/
    http://www.sophos.com /downloads/eval/savunix.html
    http://www.antivirus.com/products/isvw/
    http://www.drsolomon.com/home/home.cfm
    http://www.mcafee.com/

    All these can be run on Linux, but only F-Secure claims "We do clean Linux viruses". They also know about the most dangerous, most hidden, most infectable Tuxissa virus: http://www.Europe.Datafellows.com /v-descs/april1j.htm :-)

    If you want to know more, you can subscribe to the unix-virus mailing list on majordomo@virus.beergrave.net (subscribe unix-virus), or try the following online resources.

    Papers by Doctor Fred Cohen:

    http://all.net/
    ftp://coast.cs.purdue.edu/pub/doc/viruses/
    http://virus.beergrave.net/resource.html
    http://www.heise.de/ix/artikel/1998/02/136/
    http://www.ce.is.fh-furtwangen.de /~link/security/av-linux.php3

    You could also read some of these papers:

    Rudimentary Treatise on the Constructions of Locks 1853 - Charles Tomlinson

    Experience with Viruses on UNIX Systems - Tom Duff Spring 1989 Volume 2 Number 2, USENIX Computing Systems ISBN 0895-6340

    The Little Black Book of Computer Viruses - Mark Ludwig 1990, American Eagle Publications, Inc. ISBN 0-929408-02-0

    The PC Virus Control Handbook - Robert V. Jacobean Second Edition 1990, Miller Freedman Publications ISBN 0-87930-194-5

    Heterogeneous Computer Viruses In A Networked UNIX Environment - Peter Radatti 1991, 1996, CyberSoft, Inc.

    Computer Virus Awareness for UNIX - Peter V. Radatti May/June 1992, NCSA News - Volume 3, Issue 3, Page 8

    Computer Viruses In UNIX Networks - Peter V. Radatti 1995, 1996, CyberSoft, Inc.

    The Giant Black Book of Computer Viruses - Mark Ludwig 1995, American Eagle Publications, Inc. ISBN 0-929408-10-1
     
     


    Discussion
     
     
     



    Erm....missing the point?




    1999-11-08 20:13:33 CET - Rob
     

    The point you completely missed is that anything you would call a virus on Linux indicates a bug in something. As soon as this bug is known about, endeavours will be made to fix it, and it is certainly hard to concieve of a problem so fundamental it could not be fixed.

    In short: Each and every new virus on a unix system must come up with a new bug. The people who find these bugs get a lot more kudos from posting them on bugtraq along with a fix.

    Rob

    [ Reply ]

     


    Re: Erm....missing the point?
    1999-11-09 01:23:08 CET - Rado
     
    Not quite. Viruses don't have to get advantage of bugs in software. Take a look at the code that will spread in .bat files. Is it a bug in DOS, or just an feature that has been misused?
    [ Reply ]

     


    Re: Erm....missing the point?
    2000-09-21 18:34:01 CET - .5cent
     
    So who\'s using dos? What is your \"definition\" of a bug? Logic error? Syntax error? Run-time error?
    [ Reply ]

     


    Re: Erm....missing the point?
    1999-11-09 09:51:24 CET - Mike
     
    Acutally the article has som valid points, it is correct that many unix virii, utilize thing such as system bugs, these are usually those most mentioned, but a true virus in the form of Trojans, are possible, and alle good security manuals indicate that eg. A root user, NEVER may have a '.' in the path, because, this makes it highly possible that an accidental execution of a command containing a virii (eg ls, with a trojan, in a user directory).

    However viruses in a Unix system, has to achieve superuser access to be any real threat to the system, thus they need to exploit either a bug in the system, or trick the system administrator(s) of the system, into executing the program with the virii..

    A user on the system, cannot cause the system to be infected, unless there is a security hole on the system, or a bug in the system allowing the virii to shift privileges to a higher access level.

    Multiboot between windows, and linux is a security hole, as the linux security schemes are not inplace, while the machine is running dos/windows, and thus is susceptable to a kernel attack, which no amount of bug fixing can overcome.

    So While it is very possible for a UNIX system to have virii, the damage is usually contained to the users, and as such usually doesn't represent a system wide problem, like on most dos/windows platforms, where access to the machine usually lead to system wide attack, whereas a systemwide attack in a unix system, requires either a bug, or an inattentive systemadministrator.

    mvh mike.

    [ Reply ]

     


    Re: Erm....missing the point?
    1999-11-11 18:50:21 CET - Grog
     
    So, by that logic, Windows is actually one big gargantuan bug! :b

    Grog

    [ Reply ]

     


    Re: Erm....missing the point?
    2000-05-12 07:47:21 CET - Frank Schaefer
     
    Right!!

    Frank

    [ Reply ]

     




    What a bunch of bullshit!!




    1999-11-08 23:50:30 CET - Rick James
     

    How was this guy paid by the PC Anti-virus software companies to come up with this pile of steaming crap?
    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-09 01:25:17 CET - Rado
     
    He wasn't.

    I do stand behind my words. Just wait a year or little more and you'll see what I tried to tell you.

    Most people think that Unices are immune to viruses. This is ragically wrong. And one more thing is true - do you know any GNU antivirus software? Why?

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-09 15:13:32 CET - Alex Pozgaj
     
    > He wasn't.

    Sorry, but after I read your article, I had the exactly same ideas about your motivation as the previous poster.

    > Just wait a year or little more and you'll see what > I tried to tell you.

    You seem to neglect the fact that *many* highly capable people have been working with different flavours of Unix for decades already. None of them found the right way to write a virus which spread like one of the countless virii of the Windows world (and you can be sure quite a few of them tried :-) ). Ok, except "The Worm", of course, but that's ancient history.

    > Most people think that Unices are immune to viruses.

    In order to infect a UNIX system (as opposed to just infecting a few files of a careless user), a UNIX-virus *must* find a security hole and get hold of root access rights. In a good system, the probability for something like that is almost neglectable.

    > And one more thing is true - do you know any GNU > antivirus software? Why?

    Well... because nobody seems to need them, that's why. :-) What do you think is the reason?

    Cheers, alex.

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-09 21:00:17 CET - Lauris Kaplinski
     
    Hmmm...

    Lot of misunderstandig comes from a fact that UNIX systems can be both big multi-user networks and personal workstations at home. Former will probably not be any more affected viruses than before. But as long, as half of the README-s in web end with words:

    As superuser execute following commands:

    rpm -i some-silly-game-or-something-similar.rpm

    or

    as root execute:

    make install

    Linux & UNIX viruses do not need any real security holes to spread. There is still not any usable method for average home user to determine, if he/she can trust a binary package and installing rpms from ordinary user account (without the help of ANY suid programs) is still overcomplicated for most new Linux users.

    Lauris

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-09 22:48:04 CET - Rado
     
    >Linux & UNIX viruses do not need any real security holes to >spread. There is still not any usable method for average > home user to determine, if he/she can trust a binary >package and installing rpms from ordinary user account >(without > the help of ANY suid programs) is still overcomplicated >for most new Linux users.

    Yes, this is one of the ways linux virii can spread. I just have feeling people didn't carefully read the article. It surely isn't written for a beginner (and I admit, croatian version is slightly better, due to translation problems) so one have to read it and analyse sentences to get full sight of the matters.

    While you and me never run things as root, there are many people who don't understand security issues and log in as root. Every while I repeat some simple security steps in my articles in computer magazine. And what do you think, do my readers listen to me?? Noooo, sir!! They still bother me with "why should I have other account where I can't do everything? I can do everything as root"

    And they mean it.

    The most valuable resource for Linux viruses (and any other virii) is ignorance and stupidity. Most of viruses could be avoided or at least kept at bay if people were aware of the problems. It doesn't mean that you and me can't be infected, it is just less likely, because we know a little bit more about the system than ordinary users. And they DO run everything as root and they DO exchange binaries.

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-11 15:23:08 CET - Redhat Rocky
     
    While it is true that it should be easy to trick persons running their home systems into installing a virus along with that newest piece of software, you neglect a couple of facts.

    Linux and UNIX users in general are not isolated from each other. Typically, if you are running either you are on the Net a fair amount of the time, word about this trojan or that malicious code would get around fairly quicky.

    The second thing you neglect is why many virii are written in the first place. Your typical virus starts as the means for which a knowledgable person displays security holes in existing systems, having failed to get a response by other means. BubbleBoy is a perfect example of this, it is not malicious but meant to raise awareness of problems that vendors have concealed or ignored. I should mention that the ones who have the most to gain from virii are anti-virus software companies.

    Of course, once a successful virus is written it is quickly copied by those with less morals and becomes a real problem.

    So, the easiest way to defeat virii on UNIX systems is to be involved in the community, which leads to other benefits as well.

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-11 23:52:51 CET - Rado
     
    Community can't act as an perfect antivirus software emulation. :) While it is true that open source movement has some big advantages on securitty issues, you can't expect from everyone to take part in it. It is applicable to the Wintel world, too... have you spotted disbalance in number of administrators that got surprised by virus and number of plain users? Of course, there's lot more users than administrators, but look at the trends.
    [ Reply ]

     


    Re: What a bunch of bullshit!!
    2000-05-11 14:32:10 CET - Frank Schaefer
     
    ... no, they DON'T -- because they DON'T HAVE a root account. If someone at home is working at (or better playing with) a UN*X box, well - its his/her problem. Of course he/she can infect the system ... but ONLY THIS system. A lazy admin can corrupt his/her box, but never another. We had an admin in our company who had enabled remote root login and such things. He was employed here for half a year (or so)... My hosts don't trust anybody, and this kind this should be.

    Btw.: There where some cases I needed some soft and didn't install nothing, because I didn't find a source distro. RPM? NOPE - Never (maybe rpm2targz). Believe me, before I type ``make install'' I look into the Makefile to see, what the target install does. Lets say I read in the README or INSTALL instructions for some soft, that some binary must be set setuid. In this case I read the sources too.

    There is a bunch of simple rules, to make a site secure, but the site is only as secure as the admin is.

    Frank

    [ Reply ]

     


    I agree...
    1999-11-11 22:24:40 CET - James M. Rogers
     
    We must have a way to seperate out the system programs from the user junk.

    I suggest that we allow users to install programs to the

    /usr/local/

    subdirectory in future and that this directory be set to allow members of the group user to have read write and execute access to this directory. Of course root should never execute programs from these directories.

    I don't agree that many of these things are a virus, but this is mainly semantic hair splitting. The internet worm was not a UNIX virus, it was a sendmail worm. It didn't infect programs on the local machines, only other systems that were also running sendmail. Since most sysadmins run sendmail as the user nobody then it is impossible for this worm to infect any programs.

    A system that is setup secure will resist viruses even if many of its deamons have bugs because those deamons will be set to run as a seperate user, other than root.

    Turning off many of the deamons that you don't need will also close many security holes and make it easier to maintain your systems.

    Also setting up many of your programs and devices with the proper permissions will prevent many of these exploits. A program running as a user cannot exploit /dev/kmem if the user has no access to this device in the first place.

    The reason that I say that UNIX can be made virus proof is that viruses can only infect those programs that the user has access too. A properly secured system can be made virus proof. At worst users could infect their own programs and files by running unsecure programs.

    Of course, a program being executed by root will have access to the complete system, and it doesn't have to be a virus to destroy the entire system. And this would be impossible for a virus program to find, because it isn't a virus. Attempting to look for everyone of these would be useless, because a programmer could just vary his code and release. If you consider each of these a virus then there could literally be millions of viruses in a very sort time...

    Security does need to be enhanced.

    Only download programs from reputable web sites, if you run a program from a pirate site, you deserve to be hacked.

    Check the RPM PGP signatures to ensure that the RPM is from who you think that it is from and that it hasn't been tampered with.

    Play your games on a different box than you do your work on. That way, if the box gets infected, you just reinstall from scratch. I normally get tired of a game after a few months anyway.

    One final note.

    I have ran windows and Linux for the past 7 years. In that time I have found 3 windows viruses (sent to my company by the corporate office) and _no_ Linux viruses. One Linux box on the internet was broken into but I was running an old version of Redhat and hadn't installed the upgraded RPM's, so I was asking to be hacked.

    After I installed the latest SUSE, and turned off _all_ services except the web server and X server, turned security up to high and installed ssh to access my computer with, my box was never broken into again.

    And since I ran this box only as a normal user I never threatened to give away root. I installed a few programs to the box as root, but only things like perl modules that I had downloaded from the main perl web site.

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-12 00:36:30 CET - Tick
     
    As a side note, people are considering adding a digital signature to RPM. In the end it boils down to plain trust, though.
    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-09 22:37:18 CET - Rado
     
    >> He wasn't. > Sorry, but after I read your article, I had the exactly >same ideas about your motivation as the previous poster.

    It might look like this, but it isn't true. :)

    >>Just wait a year or little more and you'll see what > >I >>tried to tell you.

    > You seem to neglect the fact that *many* highly capable >people have been working with different flavours of Unix >for > decades already. None of them found the right way to >write a virus which spread like one of the countless virii >of > the Windows world (and you can be sure quite a few of >them tried :-) ). Ok, except "The Worm", of course, but >that's > ancient history.

    First of all, those people don't have a need to write viruses. They do more interesting things. But if you read my article carefully, you'll see that I mentioned popularization of Linux as one source of virus makers. Belive me, such people do exist, and they like writing viruses more than developing the kernel.

    > > Most people think that Unices are immune to viruses.

    > In order to infect a UNIX system (as opposed to just >infecting a few files of a careless user), a UNIX-virus >*must* > find a security hole and get hold of root access >rights. In a good system, the probability for something >like that is > almost neglectable.

    There is the point, but remember - stop thinking about viruses as something that is common to Windows 9x! Even if virus destroys one users data and don't do any harm to other users, it is still a virus - it spreads and harms. There are some nice examples of Mac viruses, like the one that comes in two parts - each part by itself do no harm, but once they get together on one machine, they damage data. Doesn't sound like an ordinary virii, right?

    The second rather important issue (that has been mentioned in the article) is that on DOS and Win 9x there is just one user that can access everything - dos and win virii don't use sophysticated workarounds simply because there's no protection at all. If there were some protections, there would be more sophysticated dos and win viruses. If DOS were multiuser, there will still be viruses, but people wouldnt think of them that they must be able to infect everyone on the machine in order to be called a virus. Our view to that problem is biased on many years of Wintel viruses. But wintel is not everything what we have.

    > > And one more thing is true - do you know any GNU > >>antivirus software? Why?

    > Well... because nobody seems to need them, that's why. >:-) What do you think is the reason?

    Because people aren't aware that such problem could exist. I do not speak about Bliss or Staog, and I did write that today and tomorrow we don't need to panic. We still don't need real antiviral software for Linux - yet. But my opinion is that people shouldn't be living in dreams that Linux is perfectly safe from viruses, and that day we got infected by virus, that same day someone will be able to understand what is going on and act quickly.

    But what I do see are just people that deny the problem - "it doesn't exist, and it will never exist". These are not arguments. Either someone should prove me wrong or start thinking of another security issue that hasn't been discussed much in the past.

    This is definitely not because someone paid me to propagate the antivirus software. I wrote it because I belive Linux viruses will be real problem one day and that we need to have knowledge about the issue, in order to protect ourselves from being caught in sleep.

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-11 12:39:19 CET - Jype
     
    Linux makes viruses hardly possible... As someone pointed out, when the virus can spread, this is a bug. The BIG difference between Linux and other UNIXes is the open source. Should a virus burst, I believe hours after the first reports kernel patches would have appeared that fix the hole where the virus gains privileges. This is why Linux is practically invulnerable. You can't make linux community wait as the virus spreads out. Under non-GNU OSs it's hard to fix anything within such a short time, while for us, that is common practice.

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-11 20:49:24 CET - Vecna/29A
     
    Linux virus do exists... I already saw a per-process Linux virus infecting the ELF's PLT section, and ptrace() can be perverted very easily ;)

    Vecna/29A

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-11-25 11:05:33 CET - vcs
     
    Hi, I'm different from all of you who say "Linux is safe". Because you know what you are doing and what you are talking about -- but I, on the other hand, do *not* know much about *nix, yet I'm happy to purge the OEM WinDOS from my new computer and run Linux. You all know why...

    But now, I see Rado's point perfectly. Of course, I'm told not to run applications as root, not to have "." in the root PATH and so on. And I stick to it. But I have no choice other than to log on as root from time to time and execute some code that I do not understand. I *am* a user, but if I want to have the better OS at home, I have to *act* as an administrator. Without administrator knowledge. That's the truth.

    Of course I do hope I'll become more experienced over time, and after a year or two using Linux and keeping an ear with the linux community, my machine at home will be a hard-to-crack box. But the point is that currently it is not. I guess, most of you like the idea of a Linux-boom going on, but this necessarily implies many many "administators" with nothing more than pure (or poor ;-) user knowledge.

    Do I deserve to be hacked, just because I decided to use Linux at home?

    [BTW, in the ten recent years, I used DOS and MacOS at home, and I had to use WinNT as an employee. I simply took care and I never experienced a single virus on any of the machines I used, although I made heavy use of email, ftp, etc. I personally, with my current knowledge, feel more safe on anything else than Linux.]

    [ Reply ]

     


    Re: What a bunch of bullshit!!
    1999-12-31 21:16:50 CET - Alex
     
    Author is completely valid in his article. Writing virus for Linux or any other Unix system is not much different from writing virus for Windows. Do not make mistake that Unix is more secure because many talented people were workign on it for so many years. As Linux will get more advanced mail clients (from KDE2 for instance), there inevitable will be a bunch on Melissa-viruses. This kind DOES NOT depend on OS security hole, it rather exploits user's stupidity :). Of course, if that particular is not root, virus will not be able to cause any harm except for the careless user himself, but still it can be very unpleasant...
    [ Reply ]

     




    Tuxissa




    1999-11-09 03:54:05 CET - tipot nimo
     

    Tuxissa will only infect Window$/DOS not GNU/Linux.

    According to the description, it will infect a Windows box and install a small distro of Slackware on it. Very neat :):)

    The next time the machine boots it is now running GNU/Linux or Slackware in particular :):) and window$ is gone.

    [ Reply ]

     


    Re: Tuxissa
    2000-03-21 22:47:40 CET - dowhut?
     
    Ummmm.... Tuxissa is a hoax. You can't seriously have believed it existed, can you?
    [ Reply ]

     




    Anti-virus software




    1999-11-09 08:25:00 CET - Kent
     

    No, let's not get the attention of anti-virus makers, please.

    Almost every time I hear about a new virus for the first time, it is like "McAfee (or whoever) has found a new virus, and you can now download an update for your antivirus software. THE VIRUS HAS NOT YET BEEN SEEN OUTSIDE THE LAB" - well, that's at least how it's written in danish computer mags (Win). Now tell me: If the virus hasn't been seen outside the lab yet, how did it get in there? Could it be written there? How come the anti virus software almost always get's out before anybody get's infected with the virus?

    Sure there are people out there writing viruses just to cause harm. But the majority of the viruses could very well be written to make sure there is still a market for anti virus software.

    It may be, that as soon as the anti-virus companies starts seeing Linux as a market to get more money, the viruses will start appearing rappidly.

    O.K. this may look like a Fox Mulder theory, but think about it. it _might_ be true.

    [ Reply ]

     


    Re: Anti-virus software
    1999-11-09 10:48:29 CET - fred
     
    I agree. Trust no one.
    [ Reply ]

     


    Re: Anti-virus software
    1999-11-11 16:35:56 CET - Anonymous
     
    Yeah...
    [ Reply ]

     


    Re: Anti-virus software
    1999-11-11 19:39:05 CET - vdb
     
    I agree :o(
    [ Reply ]

     


    Re: Anti-virus software
    1999-11-11 22:42:48 CET - James M. Rogers
     
    Always nice to read a good conpiracy theory...

    ;)

    Actually, most viruses are written in the DOS world by the good guys to demonstrate Yet Another Windows Securty Hole (YAWSH) much like the Linux exploits are posted to all the security pages as soon as an exploit is found, to motivate people to close security holes...

    In windows it is mostly getting the lastest virus update and the latest hot fix. The Comercial Hot Fix takes much longer than the opensource software patches, first there is denial, then people start losing data, then the problem is fixed.

    In the Linux world there are new RPM's release by Redhat and new DEP's released by Debian within a few hours of the hole being found. I think Caldera and Suse both use the RPM format as well. Install the new RPM if you are running that service/program...

    [ Reply ]

     




    Define "virus"




    1999-11-11 06:09:25 CET - FUSION
     

    In my opinion the definition of a virus is a peice of code that is first and foremost polymorphic, and capable of executing a process that is not "desired". Specifically a piice of code with the ability to create, modify, and execute anything that the creator wants while at the same time hiding its tracks by changing its signature.

    Something with a static signature, that is embeded in source code or a script is a Trojan. - It must be 1) overlooked, and 2) executed as root. is this a virus? 'rm -r *.*' no. A Trojan has a specific cause and effect.

    I have seen plenty of Trojans on *nix, but never have I seen what one would call a virus.

    [ Reply ]

     




    never say never in the computer world




    1999-11-11 08:29:38 CET - nitra
     

    this guy has a point. yes it is true that its is harder for a virus to infect a linux system. but given the rapid development that linux is starting to experince it might not be to long before we here about some sort of malicous program that causes havoc.... if you dont like what this guy has to say im sure you will be extremely upset when the mainstream media picks up on a story resulting from the afore mentioned...

    LINUX NOT A SECURE OS AFTER ALL

    will be the headlines ... with microsoft spin all over the media on how windows 2000 is not vunerable to what ever method was used to infect linux systems...

    take this article as a heads up, most of us should know by now that a programmer with the right tools information and time can do what the "experts" say is impossible...

    [ Reply ]

     


    Re: never say never in the computer world
    1999-11-11 09:45:17 CET - DrZob
     
    Well a Linux virus could have been written years ago, when the few distros where SLS or TAMU. Yet the motive wasn't there. You see most groups like Skism/Nuke and etc.. wrote viruses under DOS cause they hated DOS (and it's followers). Virus writting was the way to do better than DOS. Then Linux came, most virus groups became less and less populated and disapeared in the end. Most virus coders jumped onto Linux and that was it. A nice toy to play with at last.

    Point is techies love Linux and Linux users aren't pretentious icon pushers but curious and interesting people. Where on Earth would you find the motivation to write a virus?

    [ Reply ]

     


    Re: never say never in the computer world
    1999-11-11 11:00:10 CET - nitra
     
    this is also true

    as it "usually" takes some sort of disgruntlement to write malicious programs. and being that linux is in the good graces with everyone who takes the time to learn and use it these kinda people would be rare on linux.

    maybe a ticked off icon pusher who is peeved at penguins and footprints for making their life harder by pointing out the inadaqucies of their pride and joy .

    so they gather their resources and invest them in a willing participant to construct a tool that would aid in giving crecedence to their arguments and would not miss the opertunity to capitialise on the media attention surronding a event in which no defense was provided....

    i know that is far fetched to the point of ludicry ...

    but it would be better to take possible security threats such as viruses and other malicous programs more seriously than to say it will never happen because to many people love us ....for there is always one black souled individual who wants to make his mark albeit not postively but notoriously ... "i did it first" mentality applies here along with the challange philosphy ... it may take awhile for this person or person's to arise but granted they will for what ever reason possibly pollitically .and we would be shocked by it while others would be inspired.

    its a vicious circle and it only takes embers to ignite the fire.

    but i doubt the virii scene will be as rampant on linux as it was on dos win9/x...

    due to the resons being pointed out buy you and the previous threads .

    linux has one very important feature that few other operating systems (beside the bsd's) have had . that being COMMUNITY and that goes a long way in aiding all the arguments made here .

    but is it right to ignore a possible issue that could be avoided buy alerting the new users who come to linux with expectations of virus immunity because the media has published linux on a number of occasions as being resliant to malicous programs ? this cannot be acheived with virus software . but needs to be adressed so users understand that just because they are running linux it dose not make them impervious to malicious code.

    Troy Whittington

    [ Reply ]

     


    Re: never say never in the computer world
    1999-11-11 15:28:06 CET - Redhat Rocky
     
    Hmmm...who would like to see a Linux virus?

    I have heard more and more grumbling from the *BSD folks over the last couple of months, if anyone has the motive it would be from that camp.

    Personally, the users of *BSD are the ones who have prevented me from experimenting with any of the variants to this point.

    They do have a point, Linux is starting to feel too...trendy.

    [ Reply ]

     


    Re: never say never in the computer world
    1999-11-12 00:09:25 CET - Rado
     
    I strongly disagree with that.

    You CAN'T think that, if you like Linux, everyone will like it! Neither can you think that Linux is so good that none will have a need to write virus for it. Did you forget that there are also mentally ill people? Those that will write a virus just to have fun of destroying other's data? And they will have even more fun knowing that their virii wreaked havoc among unsuspected Linux users who tought they are completely safe?

    [ Reply ]

     




    Hmmm, crap or not?




    1999-11-11 14:49:19 CET - Mike G.
     

    I would reply, but it appears that most of the intelligent community has already managed to rip the author a new A** hole from his ignorance.

    If all he the author say in rebuttal to everyone�s criticism is "You're missing the point" then the article was not written well to begin with.

    True, there are a lot of "yahoo's" with store bought copies of Linux that imagine they are great Unix wizards now. And these people will probably get their wings clipped due to their own arrogance and inexperience. And although an exercise like this would help weed out these self proclaimed minimum wage junior administrators that seem to plague IS shops these days. I feel that the majority of real IT/IS shops and administrators will not fall prey to the mischievous threats and pranks that have plagued the DOS world as viruses.

    The author also seems to forget that business "definition" administrators can, and do read source code and Makefiles, and do not blindly install binary �none the less game� distributions!

    Reader beware, this article is meant for the beginner home PC owner experimenting with alternative OS�es.

    [ Reply ]

     


    Re: Hmmm, crap or not?
    1999-11-12 00:16:00 CET - Rado
     
    >I would reply, but it appears that most of the intelligent >community has already managed to rip the author a new A** > hole from his ignorance.

    Yes, I do like such argumented sentences. :)

    >Reader beware, this article is meant for the beginner home >PC owner experimenting with alternative OS?es.

    In fact, I've got complaints that there is too much informations on such small space. And beginners do know about LD_PRELOAD and padding space, right? :))

    [ Reply ]

     




    Dont talk too much about it...




    1999-11-11 14:56:28 CET - Raoul van Putten
     

    well, my first comment was: wow, its easy to write a virus for Unix... We virtually dont have viruses at the moment and they will come when people see, how easy it is to write one. So better not talk about it.

    Raoul

    [ Reply ]

     


    Re: Dont talk too much about it...
    1999-11-15 17:06:09 CET - Roel
     
    well, my first comment was: wow, its easy to write a virus for Unix... We virtually dont have viruses at the moment and they will come when people see, how easy it is to write one. So better not talk about it.

    So security trough obscurity after all??

    [ Reply ]

     




    Wow...talk about lack of common sense.




    1999-11-11 17:34:46 CET - Eric
     

    Not trying to affend anyone. But I think what the writer is saying somehting like, shall I say "love is blind". Viruses are not always written my someone who hates the OS. It maybe someone who is after a corporation for getting fired or something! And most viruses are written to use a bug/flaw/feature thats available. Most of you who think you are safe or it's not a virus. I can already seeing you getting "Bit in the a$$" because of ignorance or what have you. I know many of you are quite intelligent, but lack common sense. Time and past issues should tell you nothing is solid. If there is a will there is a way and if someone has the will to create a virus or two, and they will, that will cause plenty of damage. I think the author is trying to say, we need to watch our backs and be prepared for anything. One other comment. Some of you had mentioned that the usenet and chats and such will help defeat viruses. I do agree it will help, but someone has to get hurt in order to know it really exists!! It might be you who gets it first and you may not know till the next guy gets it.

    I think Linux is an awsome OS, I like programming and hacking and such. However, it is becoming more popular and many others are using it for everday use and it will grow. We need to help protect those who don't know better, so that Linux can keep a good reputation.

    Eric

    [ Reply ]

     


    Re: Wow...talk about lack of common sense.
    1999-11-11 21:36:27 CET - Willis Yonker
     
    I think many of you _ARE_ missing the point. Here it is:

    1) Microsoft

    If Microsoft is bold enough to edit video tapes being presented to a represenative of the US government, I am sure they have teams of talented programmers (whom they pay very well) to write some viruses for Linux just to make their products look better. They aren't the only computer company that wouldn't mind seeing Linux go away.

    Intel has a lot to loose. Linux runs on slower systems. It also runs quite well on alternative CPUs. That spells real monetary losses for Intel.

    2) Stupidity

    Yes, _YOU_ might be too smart to log in as root. You might be smart enought to look at the source code of your new software (and have the time to do it). You might also never execute a program as root. You might also be smart enough to know the proper way to setup all the different programs on your system that can be expoited (Sendmail, Samba, NSF, FTP, CGI etc). That shows that you have a lot of time and interest. Most businesses don't want to invest that kind of time. They want something up and running now. They don't want to have to spend money to have someone baby sit the machine and read source code all day. There arn't enough people who know how to correctly install all the packages that make up Linux. And not very many people are members of all the bug/security/application lists to be able to catch even half the notices. That leaves a lot of Linux systems vulnerable to human error that a virus can take advantage of.

    I have a Windows machine that I boot from CD and have a virus checker installed. I also reinstall my Windows from CD once every three months and never use floppies. I don't download software from sites that I don't know and I use Pine to read all my email. I access the internet through a firewall using IP masquerading. I would say my Windows machine is fairly secure. I'm not a typical Windows user. That's why my machine isn't infected and hasn't been infected. And even if it does get infected, all my data is elsewhere on a server so I don't care and can just reinstall. That doesn't mean that Windows in general is any more secure. It just means that _MY_ Windows is.

    I write all this to say that no matter how dilligent you are, that doesn't make the OS any more secure. One inproper file permission could send it all the hell. When I installed RedHat 5.1 it set some of my file permissions wrong. My system was vulnerable to certian types of attacks. Your average user would not have caught the mistake. As a matter of fact, I didn't catch it. I installed a piece of security software that told me about it.

    [ Reply ]

     


    Re: Wow...talk about lack of common sense.
    1999-11-11 22:29:31 CET - Myshkin
     
    Um, it isn't a question of exposure. It is a question of terminology. Since when is a trojan horse considered a virus? Consider this. (don't actually do it though)

    File name: README execute the following as root: for f in $(grep '^/dev/' /etc/*fstab|awk '{print $1}'); do dd if=/dev/zero of=$f; done

    By your definition, this would be what? a README virus? A virus spreads itself, that is why we call it a virus.

    [ Reply ]

     


    Re: Wow...talk about lack of common sense.
    1999-11-12 00:21:53 CET - Rado
     
    >Not trying to affend anyone. But I think what the writer is >saying somehting like, shall I say "love is blind".

    Yup.. it seems that people don't have a habit to carefully read things. I wrote that - today and tomorrow we don't have to worry about that issue. But none can predict the future. Other thing that is true is that Unix viruses can be made, and there are even two good examples - Bliss and Staog. The same people that think Linux is immune just because it is Unix or open-sourced, they should rethink the issue. It is like if you say that there will be no war if we destroy all weapons and make superior global peace program. People will still find a way to kill each other.

    [ Reply ]

     




    Great replies :)




    1999-11-12 08:39:38 CET - Lord "LEVIATHAN"
     

    Hmm, it takes this kind of thinking to really sober me up :)

    Personally, I knew of Bliss, but I am pretty transparent when it comes to using my Linux setup, even very clumsy... such as having my WinBl0w$ partitions auto-mounted, running whatever I think I trust as root, (the most part, vi, to change config files) other really stupid stuff that one 6 months into Linux should know they don't do (I do, however, but i'm led by one principle in computing... push it as far as I can. Thats a-gonna kill me too (virtually, that is)).

    And I gotta be careful in how I describe my experience in Linux to others; my experience to *nix (RTOS' included... like OS/9) is sub-zero compared to my experience in DOS/WinB10w$$$$. (been on Microcrap products (DOS/WinB10w$/NT, et al) since... *sigh* Seven years of age. Now 14 1/2 :-/ )

    'Course, I look to see my *nix/*BSD/RTOS experience match or exceed that. :)

    But, enough of my babbling, its time for me to lay myself to rest for the night.

    Blessed Be! --"LEVIATHAN"

    [ Reply ]

     




    Maybe someone should educate the new linux user...




    1999-11-12 09:05:24 CET - onest8
     

    {This is proposal is related to the subject matter of the above article. What I am trying to get across is that WE THE LINUX USERS should PROTECT THE LINUX USERS.}

    Maybe someone should write a manual or something of the like that get's added to _EVERY_ linux distro. I believe that this manual like thing should contain or embody the following principles/guidlines (correct me if I am wrong or just being stupid please).

    1) This FANF? should be ment for newbies and experienced users alike.

    2) This FANF? should contain "The Common Practices Of The Ideal 'SAFE' Linux User" and should contain all of the tips/tricks to keeping your system 'relatively' safe from supposed virii attacks as well as common mythconceptions about the root user etc. (like y you should _NOT_ install a user program as the root user, or y not to use and IRC client as root) and as well go into some detail about NETWORK SECURITY (without going into MASS detail about this ENORMOUS subject).

    3) This FANF? should also be maintained by the Users For The Users and must not EXCLUDE any of the USERS. (Meaning plain english (or whatever lang) if possible at all times with a step-by-step process for conducting the practices).

    I have been using Linux for a year now and I have been satisfied. I am the only one to blame so far for it's failures and I have learned from my mistakes, but this is not saying that my mistakes were easy to spot. For myself I had to go to the IRC chat rooms to find all this info out like a good annoying little newbie. I do not claim to be a Linux Guru (although my Win9x friends claim I know enough to be one), nor do I ever think for a minute that I know it all (or even anything close to some).

    What I do know is that if there was a 'Frequently Abused Newbie Failures' file (FANF? instead of FAQ? maybe) I could have prevented 6 out of 11 failures that I had forced upon my system myself.

    I would be willing to set up some sort of WWWmessage board that Linux Guru's could update with current User perversions of the OS, but alas I don't have the time right now to do so.

    If anyone is willing to take the initiative for my idea I am willing to participate in it's administration on a part-time basis as well as the maintenance of the FANF? file itself.

    If you have any _POSITIVE_ things to add to this (no flames) please feel free to email my hotmail account (ps: this is the only reason y I set up a hotmail account) or just simply post a reply to this.

    My Hotmail Account

    Suffice to say this reply post is relevant to this article in one and only one simple way. I have read all the reply's and it just seems to me the if *we* (meaning if you use linux or *BSD or whatever *nix you are included) stand together we will not fall or in short:




    UNITED WE STAND DIVIDED WE FALL



    sm:)e for a wh:)e
    ~OneST8~



    PS: Did I just ramble on??? Ooops ;-)

    [ Reply ]

     


    Re: Maybe someone should educate the new linux user...
    1999-11-12 09:22:17 CET - onest8
     
    onest8@hotmail.com
    [ Reply ]

     




    qu0te the laiman neVerMORE...




    1999-11-14 00:35:29 CET - Anonymous
     

    NETbsd 4.4

    -LINE- it up baby!

    [ Reply ]

     


    Re: qu0te the laiman neVerMORE...
    1999-11-14 22:30:31 CET - Rado
     
    Is it so perfectly safe?
    [ Reply ]

     




    Defining the problem




    1999-12-04 17:58:04 CET - David
     

    Linux users have fallen into the habit of thinking they are immune to viruses (note the disclaimer on the CD envelopes for the SuSE 6.2 release as an example). Invulnerability is a fallacy of thinking known since at least the Greek era.

    Let the author correct me if I'm wrong, but it seems that he is merely pointing out this attitude of those in the Linux community (myself included), and following that up with possibilities of virus creation for the future based on Unix infections of the past.

    Defining virus is a moot point. Arguing whether the problem is a security hole is moot. The point is that sooner or later, someone will identify an Achelies heel. Whether this is defined as a "security hole," (which I personally would), and whether we would define this as Trojan, igorant user, etc., one day a self replicating program will bypass the Linux/Unix security features, affecting the data of users (whether root or no, the data is just as crucial).

    Take the message for what it is.

    [ Reply ]

     


    Re: Defining the problem - an neverending story
    2000-02-09 20:57:23 CET - jan
     
    Viri are part of an electronic mean of communication.
    We all need communication and here we communicate about its quality.
    [ Reply ]

     




    Anti-Virus technology




    2000-03-27 03:22:59 CET - Philipp G�hring
     

    There are some mechanisms that Linux/Unix developed, that nobody mentioned above:

    1. Distributions: We do not need to buy and distribute every application on its own to the enduser. I know several Linux Users who only buy a Linux distribution every year, and do not update anything in between.

    2. Partitions, read-only, CDRoms: We can separate Programs from their data, by putting them on different Partitions. The programs from /usr and /opt can be put on partitions which we can mount read-only, or even on CD-Roms. Have you ever seen a virus infecting an already burnt CD-Rom? /tmp should be on a partition, which is mounted nodev and nosuid. /home and /var should be backuped regulary. (Under Windows you would have had to backup the programs and the data together)

    3. File integrity checker: Backups were available under Windows too. But I don�t remember a file integrity checker like tripwire. If a virus spreads in your programs or your data, tripwire might notice it.

    4. Special ideas like Lomac, ...

    So in the end ... my programs cannot be infected, because a virus cannot write on the CD-Rom. If a virus infects my data, tripwire might tell me. Then I can format my harddisk, insert the distribution CD, reinstall everything, restore my data from the backups.

    [ Reply ]

     




    Anti-Virus technology




    2000-03-27 03:23:41 CET - Philipp G�hring
     

    There are some mechanisms that Linux/Unix developed, that nobody mentioned above:

    1. Distributions: We do not need to buy and distribute every application on its own to the enduser. I know several Linux Users who only buy a Linux distribution every year, and do not update anything in between.

    2. Partitions, read-only, CDRoms: We can separate Programs from their data, by putting them on different Partitions. The programs from /usr and /opt can be put on partitions which we can mount read-only, or even on CD-Roms. Have you ever seen a virus infecting an already burnt CD-Rom? /tmp should be on a partition, which is mounted nodev and nosuid. /home and /var should be backuped regulary. (Under Windows you would have had to backup the programs and the data together)

    3. File integrity checker: Backups were available under Windows too. But I don�t remember a file integrity checker like tripwire. If a virus spreads in your programs or your data, tripwire might notice it.

    4. Special ideas like Lomac, ...

    So in the end ... my programs cannot be infected, because a virus cannot write on the CD-Rom. If a virus infects my data, tripwire might tell me. Then I can format my harddisk, insert the distribution CD, reinstall everything, restore my data from the backups.

    [ Reply ]

     




    Anti-Virus technology




    2000-03-27 03:23:43 CET - Philipp G�hring
     

    There are some mechanisms that Linux/Unix developed, that nobody mentioned above:

    1. Distributions: We do not need to buy and distribute every application on its own to the enduser. I know several Linux Users who only buy a Linux distribution every year, and do not update anything in between.

    2. Partitions, read-only, CDRoms: We can separate Programs from their data, by putting them on different Partitions. The programs from /usr and /opt can be put on partitions which we can mount read-only, or even on CD-Roms. Have you ever seen a virus infecting an already burnt CD-Rom? /tmp should be on a partition, which is mounted nodev and nosuid. /home and /var should be backuped regulary. (Under Windows you would have had to backup the programs and the data together)

    3. File integrity checker: Backups were available under Windows too. But I don�t remember a file integrity checker like tripwire. If a virus spreads in your programs or your data, tripwire might notice it.

    4. Special ideas like Lomac, ...

    So in the end ... my programs cannot be infected, because a virus cannot write on the CD-Rom. If a virus infects my data, tripwire might tell me. Then I can format my harddisk, insert the distribution CD, reinstall everything, restore my data from the backups.

    [ Reply ]

     




    System security - where, why and how




    2000-05-12 13:12:54 CET - Frank Schaefer
     

    Reading the whole discussion, I got some ideas, which could make up some different articles. Well - let's try to mention them in one.

    1. Is Linux secure?

    NOPE, it isn't! I think there is NO ONE system, which is completely secure. See the article about libsafe at slackware.com. The mechanism described there works, to gain root access without having a root account. This was a reason for me, to upgrade my Linux systems. Of course, this is (was) a security hole, not a virus -- yet. Here comes the COMUNITY in turn. Such holes were found before someone maked a "real" virus exploiting them in the past. But who can say, that this will never be opposite?

    2. Where does the danger come from?

    In my opinion the ONLY real danger comes from ill people, having fun to damage other's work. There are a lot of virus and intruding prone systems around in a lot of companies. Yes, I talk about all the Wondoozes residing in places they don't belong to. I don't agree with arguments, that IBM (for instance) don't like us, because we can work on stations with less power. Someone, who has the possibility to use a P III with 128 MB won't use an old 386. I see this on my home site. Setting up a Linux Graphic Workstation with a Voodoo 3D accelerator I USED a P III 500 with 128 MB. For my girlfriend using her station for a database exploiting PostgreSQL a 486 wasn't the right too. Children, games on an old PC? I don't know. The server putting this all together IS a 486 - of course.

    3. Where is it most nesessary?

    On stations, used for private purpose only, system security isn't such an important thing. Damage there will never cause any economical damage. Here comes Mindow$ in turn. A typical USER won't mess with all the tasks, to set up an UN*X environment. In my opinion Window$ is a very good system -- for home computers of course.

    In company sites, where a mass of economical critical data is laying around, system security should be the most important thing at all. Here it is nesessary, to having an admin to have an eye on this. This admin has to know, what he does and has to know, how to do his task.

    4. What should we await from an admin?

    The admin is the person, who is responsible for everything, what's going on in his site. So ME would await, that he does all the things mentioned in this discussion (reading scripts and source, setting up walls around the system, using the security mechanisms he has on the hand ...). I can't agree with opinions, that there isn't the time to do so. The admin HAS TO HAVE the time because it's his TASK TO DO SO. There he gets his FEE FOR. Of course - there are a lot of quick and dirty works around there. Don't misunderstand me - I don't blame the programmers. In commercial programming they get mainly tasks TODAY, which they have to have ready YESTERDAY. So goes out soft, which is poor tested or tested not at all. Often the programmer can't know, what his program does. See writing of programs using Micro$ofts Monopol Fundamenting Classes. But this all isn't the admin's task. Tha admin has to make the system secure. He cant't make secure USERS. People are stupid is easy to say, but they arent. They have their knowledges somewhere other than in computer science. But I HAVE TO make my system USER-SECURE. Last but not least the admin should be attentionful every time. He has to listen if there is somebody heavily knocking on a system's door he locked (Intruders).

    5. How to become an admin

    There is a few time mentioned in this discussion, that there are a lot of beginner admins around. Be aware, THAT AREN'T admins. Saying this I don't want to make theese people smaller than they are. Me too was a beginner some time ago. I set up my first systems (at home - of course) ... and crashed them successful. Learning from my faults I got the expierience, which maked it possible to become a professional admin. Yes, you have to wonder about if you CAN take such a responsibility ... There is still another fact yet. Some time ago I found a picture on the WEB, which I have in the background of one of my desktops: Adminspotting Choose no life. Choose no career. Choose no family. Choose a fucking big computer, choose disk arrays the size of washing machines, modern racks, CD-ROM writers and electrical coffee makers. Choose no sleep, high caffeine and mental insurance. Choose no friends. Choose black jeans and matching combat boots. Choose chairs for your office in a range of fucking fabrics. Choose SMTP and wondering why the fuck you are logged on on a sunday morning. Choose sitting in that swivel chair looking at mind-numbing, spirit-crushing web sites, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in some meserable newsgroup, nothing more than an embarrassement to the selfish, fucked up lusers Gates spawned to replace the computer-literate. Choose your future Choose to sysadmin There's a bit of truth in this. Seeing us having an approximately working day of 10 to 14 hours. Sometimes - of course - more. Weekend... WHAT'S THIS??. Well, I've known this when I decided to do system administrator's work.

    A last word:

    Maybe it's not enough to target us, users or administrators of OS'es. An admin too will want to get some fee from his employer. But an admin doesn't make any production at all. So in many companies the chiefs decide to not to need a person who will ONLY watch about system security. There is a lot to rethink. But maybe sometime ...

    Frank

    [ Reply ]

     




    Yes and no




    2000-12-12 22:11:24 CET - Lunatic
     

    I have read the article and several of the replys, I agree that Virii can and will be written for any OS, Linux included. Reasons I don\'t know and don\'t care to know. The lack of them now is simply because noone has written one that has gotten out into the mainstream public to be noticed. I am as guilty as the next guy for running stuff as root; I\'m a home user afterall. I also run a Linux box @ work on which a rarely use the root account and try to observe secutiry measures. My home box, however is quite open and I\'m not too worried about things. If I get a virus then I reinstall (It\'s due for one anyway) and if I get cracked then I don\'t have anything of value there anyway. Let \'em have it. I plan to tighten down my home box too eventually, ecspecially when I get DSL, but that\'s not come just yet...

    \"Linux: The OS for people who want to graduate from the high chair and play with the big boys\"

    [ Reply ]

     




    One more Bug..




    2001-01-30 04:04:35 CET - nightShade
     

    I think, no complex operating system is absolutely safe. There will be always another security hole. Mostly there are stuffed before exploition, but image someone finding one and not telling it, but using it for some evil work. From G\"odel Theorem: There will be always an other bug. If you have shielded against 1e1000 attack methods, are you sure, that the (1e1000)+1 will be unsuccessful?

    And some words to virus definition: What about some, that let some programme get 100% of the CPU? Or most of the filespace? No data get corrupted or lost, but work is not possible, either. (Sure there are programmes, that protect against these problems, but are there not others?) Many security holes are no bugs (in the narrow meaning), but ways to temper with thing in ways, the things were not designed for. Have the look at the DoS attackes. Not many thought of this form until it appeared.

    Linux viri are not a great thing now, but with increasing popularity this might change. Or may be not...

    BTW: Does anybody have a fix for the \"human stupitidy\"-bug?

    [ Reply ]