linux viruses

linux viruses

Post by John Burt » Thu, 01 Jul 1993 20:14:10

Quote:>The only Security hole, where a (DOS) might swap in is while
>booting with a floppy since floppies are easy to get infected,
>a friend just got a * Virus, which put itself into a hook
>which is available on AMI BIOS . It somehow got itself moved
>into the cmos RAM (SETUP) and got into rum prior any Bootsektor
>was loaded. After this he removed all DOS from his Harddisk
>put at DOS place a linux Partition and changed booting priority
>to C: (HD), and installed lilo so everything is safe now, He only
>can boot now if he tells lilo to read the Floppy Bootsektor
>but it cannot happen by accident (this is how his machine got
>infected on the DOS Side.)

There is NO WAY a virus could store itsself in the CMOS ram. Apart from
the fact that there are only a few bytes, it is not possible to execute
code from the CMOS RAM.

Quote:>: Bootsector viruses won't be able to affect Linux, because
>: a) they won't survive :) (all memory will be set to zero)

Are you sure linux couldn't be fooled into thinking there is less memory
that there really is, and not zeroing it all...

Quote:>They can survive if they are quick enough to catch alle
>interups and getting a timer to move them back again :-)
>: b) Linux catches ALL interrupt vectors, so there is no way
>:    one of the non-existant viruses could be activated

This makes little sense. What are you trying to say.

Quote:>: There is no way for a Linux virus to hide (all active processes
>: are registered in the process table, so ps will display all of
>: them). It is impossible for viruses to manipulate the memory
>: management to hide, they can't duplicate, if you write protect
>: your files.

So what. MSDOS only allows one process, the one you have run, and you
know what that is. If the program you are running has been modified, it
doesn't need to 'hide' anywhere. You can't write protect the whole disk.
(Well, you could but you wouldn't want to).

The point is that is would be possible to write a virus that run under linux,
or indeed any unix, but it would only be able to spread where security
was poor (or exploiting a bug). All this talk about viruses hiding in the
CMOS RAM is just a waste of time.

-- John Burton


1. Rare Linux Virus

just noticed this in today's Linux Today newsletter:

can we get this one nailed down with the truth before the FUD spreaders
start up all their lies please?

I want the gen on exactly how to prevent it getting in in the first place.
I'm running Mandrake 8.0 with Bastille as my firewall.

Don't blind me with science... I just want to know if I really have
anything to worry about and what simple config changes if any I should
make sure are done.

Paul Cooke

2. adduser in SLS 0.98 (I read the FAQ and it still doesn't work)

3. First Linux virus exists!#$

4. Apache 1.1.1 SSI problem

5. First Linux virus found

6. Need RAID help please!

7. Linux virus : a bitter accolade

8. RH 7.2 Won't play sound nor mount CD's

9. NA Linux Virus Scanner?

10. Linux Virus Scanner

11. Linux viruses !!

12. Why so little linux viruses...?

13. Linux Virus?