[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spyware / Adware

Hash: SHA1

On Tue, 31 Aug 2004 16:50:09 +0200,
 Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch> wrote:
> --nextPart1758276.ghG6qVoQ34
> Content-Type: text/plain;
>   charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> On Tuesday 31 August 2004 13.30, Volker Tanger wrote:
> [spyware/adware/trojans/...:]
>> Yes and no. When surfing as normal user *ware programs cannot install
>> themselves as system services or overwrite programs simply as you/they
>> do not have the (file) permissions to do so.
> Technically, for most purposes, malware installing itself into an
> unprivileged user account and automatically starting itself through
> ~/.bashrc or whatever is entirely possible, especially since most malware
> these days seems to be used only as a base for DDOS attacks (including
> sending spam), so no special privileges are necessary here. (And KDE and
> Gnome are currently catching up nicely in the number of little useful (?)
> daemons that are started on a desktop machine.)

There is no click the attachement and install the malware without your
knowing it, in Linux. 

Could someone write a trojan that would do this? yes, is Linux
vulnerable to "click the nudie pic and install the malware"? no, not in
any way as bad as MS-Windows. IIRC, there was one bug in the libjpeg
package a while back, which might allow this, but none of the broad
vulnerabilities caused by bad design decisions in MS-Windows (free clue
to MS, stop equating open, with execute. ) 

> Windows currently having >90% of the desktop market protects Linux and
> other systems currently: malware could not propagate fast enough.
> Also, most email clients don't offer to execute arbitrary email
> attachments. OTOH, I wouldn't trust the Javascript implementations in
> the Linux browsers any more than I trust the Javascript implementation
> of IE.

Except that the js implementation in Mozilla and the rest of the OSS
browsers, is open, and subject to review. IE's isn't. 

> Another thing that protects Linux systems: heterogenity. Binary
> exploits usually only work properly when a program is compiled and
> linked with specific compiler and library versions -- with different
> versions, all you=

yes, one of the flaws of the MS way, is the monoculture it engenders. 

> get is a crash (which does no real harm in most cases). I think there
> are far more different Linux versions out there than there are Windows
> versions, so I *think* that even with Linux becoming a more attractive
> target, you'll never get a single malware spreading with a speed
> comparable to what's happening in Windows today.

Agreed, Linux isn't invulnerable, simply a lot less vulnerable in
design, and even less vulnerable in practice. 

Version: GnuPG v1.2.5 (GNU/Linux)


Jim Richardson     http://www.eskimo.com/~warlock
If you think you can tell me what to think, 
I think I will tell you where to go

Reply to: