Re: Hit by virus !? Help, please...
Wasn't there a 'how to make a machine really secure' thread on this list
a little while back (probably around the last time one of these data
viruses exploded)?
If I remember correctly suggestions started with using 'tripwire'
software, progressed through not using any floppies at all, then
disconnecting from any network access, and ended up with a linux box
encased in concrete in a secret underground bunker with automatic
sentries, and switched off.
The point is that it is impossible to completely protect your computer
from some sort of 'foreign' interference without rendering it useless.
Thus the sensible thing to do is to make regular back-ups, and also to
have some way of detecting when your integrity has been compromised
(excuse the lapse into pseudo-military jargon, I've been watching too
many war movies on the news), so that you don't back up corrupted data
over older but intact data if you use incremental back-up.
Having said all that, I'm absolutely useless at keeping backups, so I'm
probably heading for a complete loss of data.
Rich
Helge Hafting wrote:
>
> > I'm curious about virii and Linux...
> >
> > Am I wrong to assume that Linux is not immune to virii (I don't even know if
> > virii is a word - but it just sounds cool :) ? Obviously the security
> > features of Linux can prevent some virii from affecting certain files on your
> > system... but what about the boot sector? And what if you happen to be su'd
> > or logged in as root when you get (and heaven forbid) execute an infected
> > program?
>
> Viruses activate when infected files or bootsectors are executed. Some
> dos viruses also "take over" certain system calls.
>
> Viruses can be written for linux, but it haven't happened yet as far as I know.
> Dos/windows viruses are usually incompatible and can't work with linux,
> just as dos programs don't run in linux (unless a suitable emulator is used).
>
> So a linux-only machine is very safe. It can be vulnerable to booting
> with a boot-virus infected diskette in the drive, because such a thing
> may obliterate the harddisk before linux is loaded. These viruses will
> usually only mess with lilo though, possibly making the machine unbootable
> but no damaged files.
> These viruses may install their own int 13 handler (bios disk access)
> but linux doesn't use that after the kernel is loaded, so it is
> effectively isolated.
>
> dos-Viruses that affect files doesn't understand ext2 or the various
> linux executable formats, so no danger there. The only way to activate
> such a virus is by running some dos program in an emulator. The emulator
> will stop the virus from obliterating the disk (i.e. dos fdisk activities
> don't work in linux) The virus will only be able to mess with
> files that the user is allowed to mess with, and it won't find dos/windows
> executables among those. It can only spread to other dos files.
> It may crash the dos emulator only, not linux.
>
> A dual-boot system is worse. The viruses can do anything when dos/windows
> is running, but they don't understand ext2. Infection can spread to
> the boot sector of the linux partition, not the files.
> Of course the virus may do damage enough by interpreting the ext2
> partition as a FAT partition and write to it in this manner. Virus
> writers don't bother testing for such mistakes. Also, overwriting
> random disk sectors is a common way to to damage when the virus
> pull the trigger.
>
> If you want a real safe machine, make it linux only. No dos
> partition, no dos emulator. And set it up so it won't try booting
> from the floppy drive. (You can always change that back if you ever
> need to boot a floppy.) Such a machine will be immune until a
> linux virus is written. And a linux virus wouldn't be able
> to do much damage other than destroying the user's personal files.
>
> Helge Hafting
>
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: