Re: Spyware / Adware
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 31 Aug 2004 16:50:09 +0200,
Adrian 'Dagurashibanipal' von Bidder <email@example.com> wrote:
> Content-Type: text/plain;
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> On Tuesday 31 August 2004 13.30, Volker Tanger wrote:
>> Yes and no. When surfing as normal user *ware programs cannot install
>> themselves as system services or overwrite programs simply as you/they
>> do not have the (file) permissions to do so.
> Technically, for most purposes, malware installing itself into an
> unprivileged user account and automatically starting itself through
> ~/.bashrc or whatever is entirely possible, especially since most malware
> these days seems to be used only as a base for DDOS attacks (including
> sending spam), so no special privileges are necessary here. (And KDE and
> Gnome are currently catching up nicely in the number of little useful (?)
> daemons that are started on a desktop machine.)
There is no click the attachement and install the malware without your
knowing it, in Linux.
Could someone write a trojan that would do this? yes, is Linux
vulnerable to "click the nudie pic and install the malware"? no, not in
any way as bad as MS-Windows. IIRC, there was one bug in the libjpeg
package a while back, which might allow this, but none of the broad
vulnerabilities caused by bad design decisions in MS-Windows (free clue
to MS, stop equating open, with execute. )
> Windows currently having >90% of the desktop market protects Linux and
> other systems currently: malware could not propagate fast enough.
> Also, most email clients don't offer to execute arbitrary email
> of IE.
Except that the js implementation in Mozilla and the rest of the OSS
browsers, is open, and subject to review. IE's isn't.
> Another thing that protects Linux systems: heterogenity. Binary
> exploits usually only work properly when a program is compiled and
> linked with specific compiler and library versions -- with different
> versions, all you=
yes, one of the flaws of the MS way, is the monoculture it engenders.
> get is a crash (which does no real harm in most cases). I think there
> are far more different Linux versions out there than there are Windows
> versions, so I *think* that even with Linux becoming a more attractive
> target, you'll never get a single malware spreading with a speed
> comparable to what's happening in Windows today.
Agreed, Linux isn't invulnerable, simply a lot less vulnerable in
design, and even less vulnerable in practice.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
-----END PGP SIGNATURE-----
Jim Richardson http://www.eskimo.com/~warlock
If you think you can tell me what to think,
I think I will tell you where to go