Re: Does Linux have viruses?

To: debian-edu@lists.debian.org
Subject: Re: Does Linux have viruses?
From: Finn-Arne Johansen <faj@bzz.no>
Date: Sat, 4 Dec 2004 02:33:30 +0100
Message-id: <[🔎] 20041204013330.GA14902@bzzware.org>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <[🔎] 20041203230754.GA8594@siisu.kleppe.newton>
References: <[🔎] 20041203230754.GA8594@siisu.kleppe.newton>

On Sat, Dec 04, 2004 at 12:07:54AM +0100, Conrad Newton wrote:
> While it is clear that it is *much easier* to write viruses for Windows,
> it does not seem altogether *impossible* that it could be done for
> Linux, too.  Unfortunately, "much easier" is not easy to quantify, and
> therefore open to dispute!

Yes, I've heard (roumors) about viruses that will attach Linux. But
lets start the other way around. 

Lets start with personal experience: 
- The Spring of 2001 I inherited an RH installation that was installed by
  RH specialists (they even train people for certification on RH). Problem
  was that the customer did not want to pay to much, so they did not buy
  a Support/Maintnance Agreement for the firewall, but only for the main
  production server. Well, some bad choices were made and they, left a
  running bind-server on the firewall, open to the world. Then add 6-8
  months, and suddenly the firewall starts sending a lots of packages.
  I've had 1 or 2 weeks, and wanting to upgrade some of the machines.
  well, there had been some strange behaviour from the firewall before
  that, and we never could get "ps" to work. strange. I was quick to
  reinstall that firewall, and to check the other servers. 
  Guess what - a fix for the bind security hole had been around for
  about 5 or 4 months. :) 
- Then move ahead 2 years, to the spring of 2003. I was in the process
  of reinstalling several servers, some old installations of RH, and
  some newer with Slackware. I knew there hed come a new release of
  openssl, and that I should upgrade one of the slackware-boxes, but
  the box was about to be reinstalled with Debian anyway, but I needed
  a day with my family. That day the machine was comprimised, and when
  I checked in on it, I found that someone was in. The server was shut
  down for some hours, and then reinstalled with Debian later that day. 

Lesson learned: 
- Dont run services you dont need availible from the outside. 
- Security patch as soon as the patch is availible. Set your servers to
  check for patches at least once a day.  

Okay, what about if I dont have anything open to the outside - then I'm
safe ? 
- Well, you have the users on the inside. They may comprimise your
  system, for not so long ago there was a bug that would cause the
  kernel to lock up 100% of the kernel. BTW I think
  debian-edu/Skoleinux was one of the first "distros" to patch this
- The webbrowser could have a bug in the way it handle some pictures
  that could make it possible to execute an app and start a
  hole/backdoor

Still here the cure is Update with the latest security patch as soon as
it's availible. 


Okay, is this worse with Open Source Software than with Closed Source
Software. Well, I dont trust black boxes. you never know what they are
running. 

-- 
Finn-Arne Johansen 
faj@bzz.no
http://bzz.no/

Reply to:

Follow-Ups:
- Re: Does Linux have viruses?
  - From: Finn-Arne Johansen <faj@bzz.no>
- Re: Does Linux have viruses?
  - From: Conrad Newton <conrad.newton@broadpark.no>

References:
- Does Linux have viruses?
  - From: Conrad Newton <conrad.newton@broadpark.no>

Prev by Date: Re: Does Linux have viruses?
Next by Date: Re: Does Linux have viruses?
Previous by thread: Re: Does Linux have viruses?
Next by thread: Re: Does Linux have viruses?
Index(es):
- Date
- Thread