[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Do we really need to worry about viruses (was Re: Anyone else notice that Swen is slowing down?)

On Wed, 2003-10-01 at 23:17, ScruLoose wrote:
> On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
> > "Karsten M. Self" <kmself@ix.netcom.com> [2003:10:02:00:37:35+0100] scribed:
> > That kind of executable -- one that entices a user to click on it -- is
> > just as real a threat to non-Microsoft userland, that I insist that your
> > point is not all inclusive of the threats at hand.  Simply because there
> > is not yet a major, far reaching virus/worm propagating primarily from
> > Linux boxen, does not rule out the existence of a threat . . .
> Most non-MS users are not likely to be logged in as root when they
> check the mail, so whether some virus auto-executes or entices them to
> click on it, the damage is generally going to be pretty well contained.
> It's going to take a _hell_ of a lot of social engineering to convince
> me to su, provide my root password, install and run some program that
> showed up in my inbox. No matter how pretty a message it's packaged
> in. Even assuming that the user getting the infected mail _has_ the
> root password.
> Besides, everything about MS seems designed to actively encourage
> clueless behaviour. The whole system is designed to placate the user,
> to deliver a message of "accept, don't try to understand." Given that
> starting point, social-engineering the user into blindly running one
> _more_ piece of completely mysterious code isn't gonna be too hard.
> Finally, given the long, rich history of dangerous code propagating on
> Windows boxes, the absence of _any_ example of a widespread,
> communicable nasty on _any_ other platform does seem to indicate
> something about the success of the different security models.
> Does it prove that there can never be a nasty virus for Linux? No. Of
> course not.  But it definitely indicates a huge discrepancy in the
> _degree_ of exploitability of different systems.

Given the security model of Unix, we truly do *not* have to worry
about email viruses (or viruses coming through click-thru social-
engineering vectors).

What we *do* have to worry about are:
(1) viruses/trojans/worms/rootkits vectored thru contaminated ftp
    mirrors     (remember the gnu site being open for 3 months?)
(2) worms/rootkits coming in thru bugs (buffer overflows come 1st
    to mind) in daemons listening on TCP & IP ports.

Ron Johnson, Jr. ron.l.johnson@cox.net
Jefferson, LA USA

Causation does NOT equal correlation !!!!!!!!

Reply to: