Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Virus Alert

Posted by timothy on from the poisoned-herring-or-red-herring dept.

marcjw writes: "I don't see many of these (Linux virus alerts). In fact none in the six months or so since I've switched from MS. Maybe that's why this story from newsbytes caught my eye. At any rate, I'm not sure if this poses much of a threat to the general Linux community but it's always best to be forewarned."

7 of 501 comments (clear)

  1. Re:More viri on MS- why? by NecroPuppy · · Score: 4, Informative

    Part of it's because of the relative lack of security on a Windows box; only NT and XP had/have an administrator level where regular users aren't allowed to do things.

    95/98 let anyone run just about anything as default. And XP actually does this too... Default accounts are set up as administrator without passwords.

    And while you can run everything from an administrator account (got root?) under Linux, the type of person who installs Linux generally knows better than to do so.

    It's because of the limited access that most accounts have that makes viruses difficult to write under Linux.

    As to why malicious coders concentrate on MS, it's because it's easy. The coders at MS keep making the same mistakes over and over again. Look at the UPNP exploits.

    --
    I like you, Stuart. You're not like everyone else, here, at Slashdot.
  2. Re:This cracks me up. by Anonymous Coward · · Score: 5, Informative

    hmmm.. social engineering anyone?

    localhost:~$ tar zxf some-random-binary-0.0.1.tar.gz
    localhost:~$ cd some-random-binary-0.0.1
    localhost:some-random-binary-0.0.1$ ./runme

    This program must be run as root.

    localhost:some-random-binary-0.0.1$ su
    Password:
    localhost:some-random-binary-0.0.1# ./runme

    Sucka!
    Another point.. when was the last time you actually checked the code of something you've compiled? lets say instead of some-random-binary, it's some-random-young-sourceforge-app. Jeez, get off your fucking high horse.

  3. Re:Pretty crazy stuff by pete-classic · · Score: 4, Informative

    Well, the primary reason would be the lack of any viruses to scan for.

    It is only "crazy" to not scan for viruses from the mindset that viruses are out there. It isn't crazy to take a road trip in a car that doesn't have a spare innertube if the car uses tubeless tires.

    It is also important to note that this article is not about a virus. It is about a trojan. There isn't really any way to do an automated check for unknown trojans on any platform, since the scanner can't know what the program is supposed to do in to first place to figure out if it is doing something else as well.

    The question with Linux binaries is are they what they claim to be. That question is generally answered with an MD5 sum from a trusted source. This renders the case of unknown trojans moot.

    -Peter

  4. Re:Protection? by sjehay · · Score: 5, Informative
    Yes - well, sort of. There are plenty of anti-virus programs out there, such as:

    and so on. Symantec/Norton also has a Linux/UNIX binary which is certainly bundled with the network-wide thing, I don't know if it's available separately. The trouble with all of these things is that although they are Linux applications, they detect Windows virii - they use the same signature files as the versions on other platforms do. This means they're very good for running on file/e-mail servers to protect the poor Windows machines behind them (which is what they're intended for) but they probably won't stop the subject of this post, for example. Basically, yes, they exist and work well but make sure you know what you're hoping for them to do...

  5. Running binaries as root by adadun · · Score: 5, Informative
    Ya, I run lots of unknown binaries while logged in as root, it's my favorite activity.
    I realize of course that you are joking, but I do believe that a lot of users run a lot of untrusted stuff as root. How many times have you run "make install" as root? I certainly have done it a few times for software packages that I downloaded from untrusted sources and without having read through the entire Makefile first. Who knows what kind of programs that I might unwillingly have run as root?

    RPMs or other packages that are downloaded from more or less untrusted locations without encryption signatures might very well run a few evil scripts during the installation process (which, of course, is done as root).

    To be really sure, one should always install new programs in a chrooted jail; the software should be installed in a totally new branch of the filesystem tree and the installation process should not be able to read of write to other parts the filesystem.
    1. Re:Running binaries as root by BlueWonder · · Score: 5, Informative

      How many times have you run "make install" as root?

      Never. I want to have full control over and knowledge of where each file is installed.

      If the Makefile has been generated with GNU Automake (which is true for maybe 90% of all Makefiles I encounter), there is an easy solution: Install with make install DESTDIR=~/tmp as ordinary user, and if you agree with the file layout under ~/tmp, cp the files to their final location as root.

  6. Re:This cracks me up. by ljaguar · · Score: 5, Informative

    OK, I'm really sick and tired of those people who say "Oh, I run binaries as root, so you do too."

    Have you every thought of /usr/local?
    ./configure --prefix=/usr/local?

    My /usr/local is writable by my staff. My staff consists of... me. So, I have root, my desktop login and staff. Just install stuff on /usr/local, as staff. Voila. Staff can't touch my $HOME or any of the system binaries. So any malicious script (at install time aka make install) is pretty much contained in... /usr/local.

    Let's say I run a infected binary in /usr/local/bin as my desktop login. I loose my stuff. You can argue that this is just as bad, but my system is still not compromised.

    This isn't rocket science, guys.