[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anyone else notice that Swen is slowing down?

Well, to respond to the subject first: No, Swen is definately not 
slowing down here... And my attempt to install amavis/clamav was a bit 
of a failure, so I'm seeing a lot of crap... 

On Thursday 02 October 2003 06:17, ScruLoose wrote:
> Most non-MS users are not likely to be logged in as root when they
> check the mail, so whether some virus auto-executes or entices them
> to click on it, the damage is generally going to be pretty well
> contained.
> It's going to take a _hell_ of a lot of social engineering to
> convince me to su, provide my root password, install and run some
> program that showed up in my inbox. No matter how pretty a message
> it's packaged in. Even assuming that the user getting the infected
> mail _has_ the root password.

Well, a virus like Swen wouldn't need root access to spread. I don't 
know what Swen does to a Windows machine (and I don't care, I haven't 
got any), but just to annoy people with enormous amounts of e-mail, 
someone could imageinebly write a perl script with its own SMTP-engine. 
If a non-priviliged user was fooled into executing the perl script, it 
could still spread to any platform with Perl installed. 

Indeed, it is unlikely that such a virus would make any significant 
impact on the system, unless of course, it was then able to exploit a 
local vulnerability to gain root (or gid 'games', I love those 
upgrades! :-) ). However, most users have their most important 
documents in their home dir anyway, so a virus deleting those would do 
real damage anyway, and it would do real damage to Linux' reputation as 
being more secure.

Scenario: A perl script deleting all the files in the homedir of 
infected users, spreading to all the contacts that is in user's 
addressbooks. This would likely include all the homedirs of all the 
users in an organization:

PHB: Sysadmin, what's happening?
Sysadmin: A simple virus. It didn't damage the system, we're running as 
PHB: What do you mean, didn't damage the system, it deleted all my 

The PHB is not going to care a lot for the integrity of the system once 
his files are all gone, his perception of damage is going to be very 
different from yours. 

>Besides, everything about MS seems designed to actively encourage
>clueless behaviour.

I agree, and this is the major point that we have to ensure as MS 
marketshare starts dropping and we start taking over the desktop, Linux 
users are more clued. A company starting migration to Linux must 
realize that for their own security, they have to train their employees 
better than they did with MS systems. 

Anyway, I think the main technical strength lies in that a lot of 
seemingly unimportant fixes are given attention, so that there will not 
exist many possibilities to execute code unless the user knows about 


Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/        OpenPGP KeyID: 6A6A0BBC

Reply to: