Linux Virus Alert 501
marcjw writes: "I don't see many of these (Linux virus alerts). In fact none in the six months or so since I've switched from MS. Maybe that's why this story from newsbytes caught my eye. At any rate, I'm not sure if this poses much of a threat to the general Linux community but it's always best to be forewarned."
Not via email you dont you wascally wabbit (Score:2)
At least our email programs dont auto execute attachments.
Re:Not via email you dont you wascally wabbit (Score:5, Insightful)
Re:Not via email you dont you wascally wabbit (Score:2)
This cracks me up. (Score:5, Funny)
Ya, I run lots of unknown binaries while logged in as root, it's my favorite activity.
Re:This cracks me up. (Score:2, Funny)
Re:This cracks me up. (Score:5, Informative)
localhost:~$ tar zxf some-random-binary-0.0.1.tar.gz
localhost:~$ cd some-random-binary-0.0.1
localhost:some-random-binary-0.0.1$
This program must be run as root.
localhost:some-random-binary-0.0.1$ su
Password:
localhost:some-random-binary-0.0.1#
Sucka!
Another point.. when was the last time you actually checked the code of something you've compiled? lets say instead of some-random-binary, it's some-random-young-sourceforge-app. Jeez, get off your fucking high horse.
Re:This cracks me up. (Score:4, Interesting)
I did look through airsnort, and the other "grey area" apps that I use for security and curiosity. Games? never get ran as root, every other app? never as root.
Sorry but if you have to run it as root, 90% of the time it is a sign of poor code and will probably suck anyways...
Re:This cracks me up. (Score:3, Informative)
Is that so? I believe you are mistaken - SDL is only a wrapper library which calls out to existing methods of doing graphics (among other things).
One such method is Xlib, and I don't want to run an X server. Another is the Linux kernel framebuffer, and I'm not so interested in taking the performance hit of running in frame buffer mode (why do you think I use a text console in the first place - mostly for speed). A third is aalib, and I don't want to run Doom in ASCII art (slashdot reports about Quake notwithstanding). Which leaves me running SDL applications in ... svgalib mode. Which requries root.
"Xlib is really old.. Gtk+ is the way now."
The two statements are equivalent.
Re:This cracks me up. (Score:2)
The upload scenerio is likely to be more worriesome and unfortuanlty few people will take preventive measures, until this method has been proven to be valid (as in lots get infected from a cracked program).
Matt
Worse than running something as root (Score:5, Insightful)
Re:Worse than running something as root (Score:5, Interesting)
Which brings up an interesting point: write-only code. I've tried to read and understand autoconf-generated Makefiles a few times, and given up with my head spinning. They're a tangled web of M4 macros and such.
Computer-generated code is notoriously hard to read, and install scripts are one instance where reading the code is important.
I only wish there were a way to improve autoconf and other code generating programs without having to have a massive security breakdown happen first to inspire the work.
Re:Worse than running something as root (Score:3, Insightful)
If you trust those 2 programs to not have backdoors (along with all the M4 macros) and to correctly process their input files, the config.in and Makefile.in are a lot easier to read.
It's the same thing with a C source file: you don't read the ELF executable, you read the C file. The source to a lot of configure scripts is config.in, and the source to Makefile is Makefile.in (or Makefile.am, I do not have a lot of experience with it).
Of course, what doesn't help is that a lot of trees use recursive Makefiles, so you have to read all of them and check that they are not modified during the installation. Then, the build system is out of the equation and you can concentrate on the actual program.
make -n is easy to work around (Score:3, Informative)
# with GNU Make.
#
# This runs even with -n, and doesn't print first.
foo:=$(shell
#
# This too runs with -n, but is displayed.
# (I use a semicolon in case slashdot loses tabs.)
install:; +echo this runs too
Re:This cracks me up. (Score:5, Informative)
Have you every thought of
./configure --prefix=/usr/local?
My
Let's say I run a infected binary in
This isn't rocket science, guys.
Re:This cracks me up. (Score:3, Funny)
Proof that information wants to be free.
Now, if you happened to lose your stuff, that's bad.
Sorry, pet peeve of mine.
Lose: as in to misplace, lost, not win.
Loose: to release, to untighten, relax.
{where is the Angryflower on this particular topic?}
.
Re:This cracks me up. (Score:3, Insightful)
It's not impossible for the trojan to have infected a trusted binary, unless you're sure that root only runs programs that have always been not only writable only by root, but also in directories only writable by root.
It doesn't need to be as extreme as making /bin/ls world writable. For example, who has the right to change things in /usr/local/bin? Some distros make /usr/local/bin writable by a group called "staff", and on any system it's possible that you allow trusted users to put things in /usr/local/bin, or at least to compile programs which you then put into /usr/local/bin. And then that directory is often in root's path.
That would mean that a sufficiently trusted user who ran an infected binary could then allow the infection to spread to root. (People are often rather less careful with non-root accounts.)
Re:This cracks me up. (Score:2)
Running binaries as root (Score:5, Informative)
RPMs or other packages that are downloaded from more or less untrusted locations without encryption signatures might very well run a few evil scripts during the installation process (which, of course, is done as root).
To be really sure, one should always install new programs in a chrooted jail; the software should be installed in a totally new branch of the filesystem tree and the installation process should not be able to read of write to other parts the filesystem.
Re:Running binaries as root (Score:5, Informative)
Never. I want to have full control over and knowledge of where each file is installed.
If the Makefile has been generated with GNU Automake (which is true for maybe 90% of all Makefiles I encounter), there is an easy solution: Install with make install DESTDIR=~/tmp as ordinary user, and if you agree with the file layout under ~/tmp, cp the files to their final location as root.
Re:Running binaries as root (Score:3, Funny)
No longer. You guys have got me so paranoid about running things as root now, I made a new account called "safe" to safely install programs. Although I found I had to make the UID of that account be 0 in order for it to work correctly...
Re:And you're right... (Score:2, Insightful)
This virus would probably get me.. though I usually only get executables in packages made by my distro manufacturer (it's just easier and almost guaranteed to work), I find it annoying to su constantly, so I often just play around on my own box as root. I wouldn't administer a server that way (should someone ever be stupid enough to give me the responsibilities of doing so), but I don't think that's who the virus is targeting.
Re:This cracks me up. (Score:2)
So you never install any software for multiple users huh? What OS do you run? It sure can't be Linux...
Re:This cracks me up. (Score:2)
Re:This cracks me up. (Score:3, Insightful)
True, but...
The issue is, the same people are vulnerable to this on linux, as are vulnerable on Windows -- the people who really don't know better.
It will be difficult to believe the linux community is serious about building an OS 'that grandma can use' until we accept that grandma really might 'fall for' the idea of a virus that needs to trick the victim into running as root.
So long as experts (or at least, knowledgeable users) who are serious about security are the only ones running a given OS, of course their machines will be safe from viruses.
Re:This cracks me up. (Score:2)
Linux viruses needed. (Score:2, Interesting)
Windows Compatibility (Score:3, Funny)
More viri on MS- why? (Score:2, Interesting)
Or is it just that virus writers focus their efforts on MS software? (And if it's the last one, why do malicious coders focus on MS? Is it just to spread FOAD and, indirectly, their favorite OS?)
Re:More viri on MS- why? (Score:3, Informative)
Re:More viri on MS- why? (Score:2)
I really wish MS could embrace that concept--I might be inclined to trust their OSes a little more if they would.
Re:More viri on MS- why? (Score:4, Informative)
95/98 let anyone run just about anything as default. And XP actually does this too... Default accounts are set up as administrator without passwords.
And while you can run everything from an administrator account (got root?) under Linux, the type of person who installs Linux generally knows better than to do so.
It's because of the limited access that most accounts have that makes viruses difficult to write under Linux.
As to why malicious coders concentrate on MS, it's because it's easy. The coders at MS keep making the same mistakes over and over again. Look at the UPNP exploits.
Re:More viri on MS- why? (Score:2, Interesting)
But it doesn't work very well in partice. Example, Microsoft Filght sim 2002, when run from a normal user account, tells you you need to run it from an admin account. You see, rather then each user having their own config/save files, there's global config/save files which all users must be able to write to. The same applies to lots of other windows programs too.
Many users will just give themselves admin privledges (or login as admin) and be done with it. So the problem will still exist for a while.
Re:More viri on MS- why? (Score:3, Insightful)
95/98 let anyone run just about anything as default. And XP actually does this too... Default accounts are set up as administrator without passwords.
Let me add some items to your list...
- Linux installers are usually very good at teaching newbies the dangers of the root account. They will also make it real easy and natural to setup secured user accounts.
- The community is very good at reminding each other not to run as root, be it in weblogs, readmes, changelog, etc. In fact, they even go on running jokes about it. At the end of the day, it makes a wonderful job at passing the word to new users.
- Since there is already a critical mass of carefull users on linux, programs that use more permissions that they need to can expect to receive flews of angry emails. Under w2k/xp, where most home users run in administrator, those that do not are less likely to complain. The end result is, windows software too often crashes and bugs up unless run as root.
- Under Linux, it is real easy to become root the time of one punctual action (su, sudo, fakeroot), then relinquish the extra permissions. Under w2k, you have to create a shortcut to the executable, right click, check 'run as a different user', click ok, double click, click on the password field, enter the root password. A real pain in the ass. And again, alot of programs that would run otherwise correctly as administrator won't work with this method. In which case you have to save all your work, log out, log in as admin, run that program, log out, log back in, restart all the program you were using. Blah! Easily a ten minutes process.
- Under windows, it is always trivialy easy to runs programs. So much so, that I'm extra careful whenever I'm reading mail under windows, and slow down my perusal to be sure not to stumble and accidentaly run a virus. Under linux, running untrusted program is a two step process: first give it the permission to run (chmod +x virus.exe), then run it (./virus.exe) .
- Finaly, viruses need to pull their infection/clean up ration over the 1.0 bar in order to survive and outbreak. Linux, with it's smaller installed base and it's biodiversity of distributions, makes it hard for a virus to find its next vunerable target. With that in mind, we can expect somewhat more Linux viruses the day it takes over Windows as everyone's operating system.
Re:More viri on MS- why? (Score:2)
Re:More viri on MS- why? (Score:3, Insightful)
The main reaseons are thus:
1) Microsoft attemps to grab marketshare by adding any 'feature' that appeals to the masses, rather than adding security that appeals to a few smart people.
2) Microsoft's security model has had only a few years of evolution, the UNIX/Linux/BSD model has had almost twenty years of networked connected time to get it right.
3) Microsoft is gready. Raher than give you a patch to fix the secutity problems of your old Microsoft software - they would rather force you to pay for their newer version.
4) Microsoft programmers are inept. Microsoft attracts greedy and underqualified programmers with the lure of stock options. Good programmers either work for themselves or for a company that puts pride in their work. Good programmers seldom do it for the money - witness the wonderfull security of the shoestring-budget OpenBSD versus the 1.2 billion USD Windows XP that had to be pathced within a month of it's consumer release.
In short - Microsoft's bad security is actually good for their bottom line, it forces you to pay money for their 'upgrades.'
Re:More viri on MS- why? (Score:2)
Microsoft lures greedy good programmers with the stock options carrot-and-stick too. It is well known that among Microsoft's tactics for ruining competitors during the nineties was simply hiring their best programmers away. Their shitty software is usually a result of shitty management decisions, not necessarily their engineers.
Re:More viri on MS- why? (Score:2, Informative)
Naturally, the average user skill and level of vigilence by Linux developers helps too. But I think the basic design plays a big part in the lack of viruses.
Re:More viri on MS- why? (Score:2)
Because there is a market for Anti-Virus software for windows! If there were virii for linux boxen then the anti-virus software would be likely opensource [or GPL]. No market.
Just think, a design flaw of windows makes the anti-virus people $70 a sale. If microsoft was going to bundle anything, it should be an anti-virus utility.
XP got onto the right track with copying linux's multiple user accounts - hopefully they will start to restrict the users more.
Re:More viri on MS- why? (Score:2, Informative)
Section "InputDevice"
Identifier "Mouse1"
Driver "mouse"
Option "Protocol" "PS/2"
Option "Device" "/dev/mouse"
Option "Emulate3Buttons"
Option "Emulate3Timeout" "100"
EndSection
Section "InputDevice"
Identifier "Mouse2"
Driver "mouse"
Option "Protocol" "IMPS/2"
Option "Device" "/dev/input/mice"
Option "SendCoreEvents"
Option "ZAxisMapping" "4 5"
EndSection
It's not a virus, it's stupid. (Score:4, Funny)
cat
There. It's a virus.
Re:It's not a virus, it's stupid. (Score:3, Funny)
MS Plot? (Score:2, Funny)
MS Coder #1: "Dude! We made the front page on Slashdot! Bill is gonna hump our legs for this!"
MS Coder #2: "Cool! When we finish RST.c we might even make CNN!"
It could happen...
Knunov
Remember the MIcrosoft Mantra of the old days? (Score:2)
Pretty crazy stuff (Score:2, Interesting)
Um, he further states that it would be "trivial" to add such a feature. Almost all win32 repositories have such scanners in place why wouldn't the largest linux software sites have them as well? Have we become too trusting of the "many eyes" theory?
Re:Pretty crazy stuff (Score:4, Informative)
It is only "crazy" to not scan for viruses from the mindset that viruses are out there. It isn't crazy to take a road trip in a car that doesn't have a spare innertube if the car uses tubeless tires.
It is also important to note that this article is not about a virus. It is about a trojan. There isn't really any way to do an automated check for unknown trojans on any platform, since the scanner can't know what the program is supposed to do in to first place to figure out if it is doing something else as well.
The question with Linux binaries is are they what they claim to be. That question is generally answered with an MD5 sum from a trusted source. This renders the case of unknown trojans moot.
-Peter
Re:Pretty crazy stuff (Score:3, Funny)
I now know not to trust Sourceforge anymore. If I don't have the time to audit the code I won't download it.
Re:Pretty crazy stuff (Score:2, Insightful)
This is a trust issue and the entrusting of power into people that may or may not be up to or care for the task. RPMs are as easy to install as a setup.exe for people as long as there is not a slew of dependencies (which has been lessened with the advent of "smart" installers). It is that ease of use which is dangerous without precaution as we have seen with microsoft products. Implementing safety measures beyond those that we as accomplished users have grown accustomed to is a rising concern and still needs to be addressed.
Not much of a threat (?) (Score:2, Informative)
What services use this EGP protocol?
I'm assuming that if my box doesn't run anything that uses this, then it's not vulnerable to exploitation.
Re:Not much of a threat (?) (Score:2, Informative)
Loved this part... (Score:5, Funny)
Unlike some Windows-based viruses that travel like wildfire using vulnerabilities in Microsoft's Outlook e-mail program, the new RST variant is unlikely to spread widely, according to Russell.
One short sentence to compare and contrast the MS Virus Deployment System with Linux. I also like the part where he says that most Linuxers are more "sophisticated" (must be why our mascot wears a tux).
Re:Loved this part... (Score:2)
cat
parse out every email address
for each user
mail -s "Hey look at this!" ++ $virus
Re:Loved this part... (Score:2)
My previous message is about viruses spreading via email to other users. As for getting a virus on in the first place, use one of those remote holes that pop up from time to time.
heh (Score:4, Funny)
Heh, couldn't they just write "An operating system"?
Re:heh (Score:2)
Re:heh (Score:2)
Heck, we should just be glad that there's a news organization that can even conceive of an alternative to Windows.
Re:heh (Score:3, Funny)
Yeah I noticed that too, wtf?.
The movie star was seen drinking Jolt Cola (an alternative to Pepsi-Cola's Pepsi).
So what do I have to do to get it? (Score:2, Interesting)
DOS 7 virus alert! (Score:5, Funny)
The worst part is, it's already infected 100% of all DOS 7 systems.
(Is is just be, or does it seem silly to give any time to a "virus" that requires you to run a binary while rooted?)
The "root" issue (Score:3, Informative)
A lot of smart alecs here are making light of this, but let's face it, the smart thing is to give time to any virus at all. Tell me you've never, ever, left yourself in as root by mistake. OK, now tell me no-one else has. 'Nuff said.
Re:The "root" issue (Score:2)
But sure-- a little blurb on
Re:The "root" issue (Score:3, Funny)
or you just use 'su' more often..
Re:DOS 7 virus alert! (Score:3, Funny)
On the "silver lining" side, I get to further test out these new slashdot personalized mod features. Sweet!
Re:DOS 7 virus alert! (Score:3, Informative)
Use checkinstall [asic-linux.com.mx]. Run it instead of make install and it'll create a rpm | tgz | deb package to install (and uninstall, if need be) with your packaging system.
They're Trying So Hard... (Score:4, Insightful)
Has anyone actually seen this virus in the wild? I can't imagine it'd actually propigate...
Re:They're Trying So Hard... (Score:3, Insightful)
Yes, very simple.
"Check out this cool theme! Just run install.sh." Then the installer then says "you must be root to install this theme, please enter password:". Now before you even know you are rooted it's scanning your address book for other victims.
What? You say you're not that stupid? Fine. While you're laughing at everyone else getting slammed by such as transparent trick, remember that the people maintaining the site where you grab your "trusted" binaries from might be one of them.
The only really secure solution is extreme paranoia.
Re:They're Trying So Hard... (Score:2, Insightful)
Alternatively, for the Ultra-Paranoid, you can simply run OpenBSD where most everything you need is included in the base install, and all "approved" 3rd party apps (ports/packages collection) have at least had source code closely examined by people with minds for code far better than yourself.
Re:They're Trying So Hard... (Score:3, Funny)
I can think of other ways... (Score:2)
> damage is if it gets into a package on a major
> distro's ftp and goes unnoticed.
How about if it,
- infects source code (not too hard...)
- installs itself in system headers so that all new programs compiled would include it (#define main
- infects kernel modules, or the kernel itself
- exploits common vulnerabilities to infect new hosts or to gain root on the local host (I would venture a guess that *most* people who don't have users are not safe against all local root exploits)
I could imagine a really good virus making its way around, especially right around the time a new remote root exploit is announced... I don't think a linux virus is that far-fetched, especially as more unsophisticated users begin using linux, and as our platforms grow more homogeneous...
Success of an OS means... (Score:3, Funny)
What about... (Score:2, Redundant)
make
su -
make install
I'm sure everyone doesnt audit every line of code
before doing this...
-b
Re:What about... err... KDE? (Score:2, Insightful)
You'd read all of the source that KDE or Gnome requires for compilation and installation?
Not likely.
Is this REALLY a problem? (Score:4, Insightful)
Programs that exploit security holes are far and wide. Yet, they are typically released as source code, usually attached to messages in security mailing lists. We can take a quick glance over this source before compiling it and running it. And besides, if it IS your typical exploit code, nobody needs to run it as root. To do so would defeat the purpose of having an exploit in the first place.
I do like the statement, however, that linux users are less likely to open unknown attachments. Says quite a lot about our community right there.
-Restil
Re:Is this REALLY a problem? (Score:2)
Damn, I'm impressed. I could probably kick out a binary to do the same but it would take me more than a minute just to write the ELF header, not to mention the object code source. Of course if you meant write a program I'd be suprised if it took someone a full minute to do this. I know what you meant just f'ing with you a little.
I wont be running it!! (Score:4, Funny)
Umm (Score:2, Informative)
Things that make you go hmmmmm (Score:5, Interesting)
Re:Things that make you go hmmmmm (Score:3, Informative)
I've got no way to tell that the person who sent me my copy isn't the author, but I've also got no reason to suspect he is.
In any case, this is why I can't speak to whether the virus is "in the wild". But, it exists, and it works, so I passed the info along.
I'm not a hacker ! (Score:2, Funny)
About time... (Score:2, Funny)
Once again proving.. (Score:4, Redundant)
hey, Linux is making progress (Score:2)
I am now officially an optimist. (Score:2)
My glass is half full.
Re:I am now officially an optimist. (Score:2)
Lest we dismiss this too lightly... (Score:5, Insightful)
And waddaya know, UNIX application programmers are _still_ using the occasional gets(3) call in setuid root programs, more than a decade later, despite the fact that we all know that it doesn't check for buffer overflow and that a buffer overflow _can_ be used (read: _has_ been used in the past) to make a program execute code of the worm writer's choice and bring a significant part of the internet grinding to a halt.
Unix Worms - what have they done lately? (Score:3, Insightful)
The Morris worm is a nice spectre to pull out of the Unix closet and remind everyone that Unix is not infallable. Just look at all the damage done in the early internet days! Spooky.
However, this is history - ancient by Interent standards. Since then, there have been other Unix-based worms to hit the net at large. I can name three more recent examples off-hand. Sadmind [cert.org] spread amoung Solaris hosts to deface IIS sites. The ramen [sans.org] worm attacked Linux (specifically RedHat) hosts. And there were reports [cnet.com] of ramen code being modified and sent on its way. And then there was another Linux worm called li0n [sans.org].
In each case the worm hit the wild, was discovered and reported, had a brief life as appropriate counter measures were taken, then faded out. Missing was the media frenzy one would expect with something as damaging as the Morris worm. That came later on a different platform with a different worm: Code Red.
Once again - Unix is not infalliable. But various generations have been in the trenches dealing with infosec issues for years. Recent incidents have began to show off its experience, versitility, and resiliance. It is small wonder the Unix crowd tends to look at virus issues with almost a disinterest compared to their Windows counterparts who are burned either more often or more severely by such a threat.
Looney Tunes (Score:2, Funny)
Bug's Bunny
Daffy Duck
or
Elmer FUD
Technical versus social reasons (Score:3, Insightful)
It is worth thinking about the possible dangers of these particular waters getting muddied - as Linux gains more users, there will be more people around with less sophistication about these matters and there could be more people deliberately offering dangerous code for download.
So there are some reasons for concern but they are based on faults in the potential users, not in the OS.
Roger Whittaker
SuSE Linux Ltd London
Viruses and the internet. (Score:4, Interesting)
The good thing is that apparently there was not a single case where this virus infected anyones computer except for the anonymous person who reported it to Qualys. This new virus is at least three times more dangerous because three different groups have seen it.
The most difficulty part with this type of virus is getting people to run it as root. The easiest way would be to install the virus through a Makefile which are often run as root. This is one reason I think the standard tar.gz install should be:
#-----
zcat foo.tar.gz | tar -xv
if source
cd foo/
make
fi
cd
su
cp foo
ln -s
#-----
Makefiles are too complex for most people to read but a script that installed things my way would only be 5 lines executed as root and thus easy to audit.
(Normal
On a completely unrelated topic, this virus can't spread very well. Linux users download packages from central repositories but they don't share ordinary binaries amongst themselves. The virus only infects elf excecutable files where in Windows it could infect emails and
These days, the only dangerous way to spread a virus is through an internet worm. Linux is vulnerable to worms because almost everyone uses the same kernel, webserver, dns, and email server. If we could diversify these things, it would make Linux less vulnerable to worms.
I know people are going to say that Linux is already more secure than Microsoft. That's true but it's because Microsoft does not care about security or threats to the internet. A truly malicious virus could cost billions of dollars in lost hardware and take out the American phone system for weeks.
Re:Viruses and the internet. (Score:3, Insightful)
Linux, and the Unix world in general, is so hard to write virii for *because* of the sheer heterogeny of it all. Sure, we've developed tools over the years to deal with such things (autoconf), but the fact remains that you're never really sure just what you're going to get when faced with a given machine that has "#" for its administrator prompt... in point of fact, we already *have* diversified.
And then there's the fact that most of the folks that own those hash prompts are, in fact, paranoid bastards who won't, in fact, install a random package from a random source without at least some recommendation, much less save out an ELF file, go "su", and run the darn thing.... or if he does happen to be Joe Sixpack, he's at least been shown by his guru buddy how to run whatever updater thingy the distro comes with, so he's at least got a good chance of having all the latest patches... unlike That Other OS, wherein the fix came in months before Code Red hit, and there were still a couple of million machines unpatched...
Of course, a large number of those machines were left unpatched because the "sysadm" didn't want to reboot the machine just to patch the darn thing... it still chaps my hide that patching a *service* (Universal Plug'n'Play comes to mind) requires a fscking *reboot*....
So, no, heterogeny (and good software update practices) are, in fact, already alive and well in the world of Tux and Chuck... and so are a few million pairs of eyeballs keeping watch over their systems by night just to see what they throw at us next.
Re:Viruses and the internet. (Score:3, Interesting)
One thing I forgot to mention, is that Linux users are far more apt to run some sort of firewall, or at least NAT, than Joe Windows.... as well as all sorts of other tricks to mitigate damage, like chroot jails, not running your daemons as root, etc.
Point being, there is a cultural resistance to virii - inherent in how we were taught to use it as much as in its technical features - amongst users of originally-multi-user operating systems that simply does not exist amongst folks who grew up masters of their domain by default. If that sounds elitist, well... let's put it this way. In the history of Unix-like operating systems, which have long had access to the Internet and the Arpanet before it, and to which college kids have had access for what, 20 years now? there have been four, count'em, F-O-U-R worms. Countless exploits, sure, but only four big memorable self-(or semi-self-)propogating beasties, only one of which (the first one, Morris') got loose and caused major damage. (Now, remember, these were the days of mostly-proprietary OS's, too, so I'm not even beating the Open Source drum here...) How many Windows or Mac beasties have there been floating around in the same twenty-year time frame? Like the stars.
If you're running around on the Big Bad Internet in God mode all the time, you're plainly and simply DOING IT WRONG. (Credit where credit is due, Win2k and OS X fix this little problem...) Running as an unprivileged user solves a whole lot of problems by default. (Not letting untrusted data run as a script (Outlook, Word, IE) will get 99% of the rest of it, IMHO...)
Security is a state of mind, a state of constant relaxed alertness, taking the time to notice where harm might lurk, and taking steps to avoid trouble altogether. You could run OpenBSD or Trustix or CDC NOS with A-level security, but if you're not keeping up with the bulletins, somebody's going to find a problem with your system eventually, and you're gonna get 0wn3d. Run what you want to... but keep up with the damn patches, and stay away from problem programs, or else... and if work or circumstance decree that you MUST run an OS in god mode to do your work, for pity's sake, BE CAREFUL. But hopefully you can get OS-X or Win2k (XP Pro? I know Home acts like 98...) or if Ghu smiles on you, something with a hash prompt... hey, Diablo II runs on Linux now, so what're you waiting for? :)
Elitism holding linux back (Score:3, Insightful)
more info (Score:3, Interesting)
http://www.securityfocus.com/archive/75/247481
I agree this virus isn't a huge threat. I do believe some people here are underestimating it a little. You do not have to be root when running the infected file... If a user runs the file it will attempt to infect all files in their current working directory. Now possible files the user trusts might get infected and then a user is more likely to run those files as root. Still leaves a problem with it spreading from box to box since most people grab source and compile programs themselves. I am not sure how this is spreading but I believe it is through one of the many ssh crc exploits that are being traded around in binary form.
I have the commented asm dump I made but I have no where to post it till my site goes back up
lockdown
Re:Really... (Score:2, Interesting)
A programmer could certainly wreak a lot more havoc by planting their seeds in big web servers, domain name servers, mail servers, etc., rather than just messing up a bunch of average peoples' desktops.
Re:Not a Troll (Score:2, Informative)
But it's not a hole. It's the "beauty of unix security". You can do what you want as root, and pay the consequencecs, or run as non-privilidged luser, and only screw up your own files. What **I'm** waiting for, is the *nix virus that binds to non-privilidged ports, infects normal lusers(by looking for permissive permissions in pathed directories)
Re:OpenBSD.. (Score:5, Funny)
.. runs your FreeBSD binaries (if you can't get source)..
.. remember most "Linux" code is just generic UNIX C..
.. Be safe, run OpenBSD.
Whereas, I'm working on porting this virus to NetBSD, and putting it in the pkgsrc collection, so it can be enjoyed on a VAX, an Amiga, hey, you name it! You too can feel "cool" when your alpha gets infected. Who says the only people who get viruses are those running intel boxen with windows!
And for the netBSD/toaster port, I guess I'll just have to make it burn the toast on one side, and leave the other side raw.
Re:Protection? (Score:5, Informative)
and so on. Symantec/Norton also has a Linux/UNIX binary which is certainly bundled with the network-wide thing, I don't know if it's available separately. The trouble with all of these things is that although they are Linux applications, they detect Windows virii - they use the same signature files as the versions on other platforms do. This means they're very good for running on file/e-mail servers to protect the poor Windows machines behind them (which is what they're intended for) but they probably won't stop the subject of this post, for example. Basically, yes, they exist and work well but make sure you know what you're hoping for them to do...
Re:Protection? (Score:2, Insightful)
Re:Protection? (Score:3, Insightful)
Personally, I consider anti-virus software viruses themselves. They often cause more problems and interfere with your system much more than any 'virus' Just look at what they do...constantly run, constantly run every file access against a big-assed hash table, possibly causing problems with legitimate software. No thanks.
Re:The nature of a virus. (Score:2)
Virii generall spread by either
a) staying in memory and infecting files by some mechanism
b) doing an infection/action run each time an infected file (or subsystem) is invoked.
Most 'viruses' today do not infect other files at all; they infect systems, making them worms. They are software in and of their own right, running on the host system like a parasite.
That list is lame (OT) (Score:2)
That list is lame. I thought it would be a list of words and phrases that are improper and just plain dumb that we hear all the time. Instead, I guess people just nominate words that they are sick of hearing. For example:
Surgical Strike: Personally, I think this is a fine phrase that evokes a visual image. It means you are not being careless.
Friendly Fire: Again...the meaning is obvious. It means that the there is an attack but they are not attacking you! What other phrase would substitute so concisely?
Brainstorming: Okay...I'd like to see phrase go away. Its used to decieve...I can't think of an honest use of it. A word that I love but should never be used in a publication is "brainfart".
Killer App: The meaning to this is very concise and is almost necessary when talking about the history of computing. Of course, it is abused a lot but that doesn't mean it doesn't have a solid useful meaning.
So basically...a lot of the words I agree with should be banished (bleh, solutions