about virus

about virus

Post by ???? » Sat, 25 Aug 2001 01:25:00



lots of people said that unix/linux has no virus problem.

but what i don't understand is that can't the programmers write a virus for
unix/linux or won't they? and what about trojian-horse? is that not a virus?

thx

 
 
 

about virus

Post by M. J. Bl » Sat, 25 Aug 2001 02:51:20



> lots of people said that unix/linux has no virus problem.

> but what i don't understand is that can't the programmers write a
> virus for unix/linux or won't they? and what about trojian-horse?
> is that not a virus?

No, it's a bit different. Of course a programmer can write a trojan
for UN*X systems, however, when you run such a program as a normal
user, not a lot of harm can be done to the system, just to the files
that l-user owns. MS Windows 9x run on FAT32 filesystems, which
doesn't know file/directory security. Windows NT4/2000 uses NTFS,
which is a bit more secure :-)

Besides that, UN*X users are usually not as st00pid as Windows
l-users to run unknown binaries. If I receive a binary, I don't run
it. If I receive a shell script, I'll have a look at it before
executing it.

--
Menno

 
 
 

about virus

Post by <qu.. » Sat, 25 Aug 2001 04:57:22


You can't have things like the Outlook or Office Macro viruses in Linux,
because the software isn't there. You can however do things like the Lion
Worm, or t0rn.

To get a widespread virus, you'd need a common application for which it to
propagate on. There really aren't a good many windows viruses going around,
like in the DOS days of stoned and cookie. It's not exactly the easiest
thing to go around installing EXE's on remote machines.

UNIX and it's friends have been in use and been torn apart for 30 years or
so now (?). Windows, in it's current form, has been around 10. This doesn't
mean UNIX was unstable 20 years ago, however. You've also got a completely
different user base on each system.

I'm sure they could also write Macintosh viruses, but 90% of the world, and
almost all of the kiddies, have Windows boxes, and that's why there are xxx
amount of viruses created each day.

I think UNIX, with the Windows user base, would be even more susceptible and
dangerous, not as an OS in itself, but with the complexity there would be
more capability for malignant code then on a simpler, Windows platform.

Quote:> No, it's a bit different. Of course a programmer can write a trojan
> for UN*X systems, however, when you run such a program as a normal
> user, not a lot of harm can be done to the system, just to the files
> that l-user owns. MS Windows 9x run on FAT32 filesystems, which
> doesn't know file/directory security. Windows NT4/2000 uses NTFS,
> which is a bit more secure :-)

> Besides that, UN*X users are usually not as st00pid as Windows
> l-users to run unknown binaries. If I receive a binary, I don't run
> it. If I receive a shell script, I'll have a look at it before
> executing it.

> --
> Menno

 
 
 

about virus

Post by Sundial Service » Sat, 25 Aug 2001 08:54:33


Any computer can be exploited.  But an important difference between Unix
and Windows is that Unix has a well-defined concept of user-IDs and
security.  It was designed from its earliest days to be a _timesharing
system.  Consequently, it has to resist both intentional and
unintentional attempts to foul things up.  It does this by placing
strict limits on what an ordinary user is allowed to do.  [In modern
Unixes, even "root" (the all-powerful wizard userID) can impose limits
upon himself.]

Although Windows-NT contains a security model, for many Windows systems
there is no security at all.  Most disturbingly there is also a grand
Achilles heel in the form of "the registry" -- a place where every
blankety-blank setting in the entire system is stored.  Viruses like
SirCam take over the system by making modifications to the registry.
And they work because, when they ask Windows to make those changes,
Windows says, "du-uh...okay!"

It's an oversimplification to say or to suggest that any system "cannot"
be exploited.  (Ask any college student or former college student.)


> lots of people said that unix/linux has no virus problem.

> but what i don't understand is that can't the programmers write a virus for
> unix/linux or won't they? and what about trojian-horse? is that not a virus?

> thx

------------------------------------------------------------------
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259

 
 
 

about virus

Post by Vilmos Sot » Sat, 25 Aug 2001 12:43:18



> lots of people said that unix/linux has no virus problem.

> but what i don't understand is that can't the programmers write a virus for
> unix/linux or won't they? and what about trojian-horse? is that not a virus?

Modern processors have some privileged instructions which can be
used only in some circumstances. These instructions are available
only to code running kernel mode. One such instruction is doing
i/o operation. Under Unix, if you want to touch a hardware, then
you cannot just do an assembler io operation; you ask the kernel
to do it for you, and it *might* do that for you based on the
permissions you have. In plain English, you have to play by the
rules. If you want to do something, then you ask the kernel to
do it, and there is no way around it.

Under Unix/Linux, all config files and binaries are not writable
by non-root users. So whatever you try, you simple cannot overwrite,
say, the password file.

Under Windows9x, however, you always have "root" privileges. This is
why you can erase c:\windows, touch the registry not through
the regedit (del c:\windows\user.dat), etc. There is *NO WAY* to
make a Windows9x box secure due to this design. I don't say this
is a bad design, since it wants to be compatible with older systems
where multiuser things were unheard, but neither I am happy to connect
such a machine a network. Unfortunately I have to...

WindowsNT is a different beast. It does have privilege separation,
and the problems stem not from bad design (take it with a grain of
salt...) but due to bad coding. There is a program which does
something stupid when you feed it nonconventional data, and if
this program runs with root rights, then you can take over the
machine. This also happens to Unix machines. However, if you
correct the problem, then there is no way to exploit *THAT* error
again. It is not something like you change a string in SirCam.

A rule of thumb under Unix/Linux is that you always be logged
in as a regular user and change to root only if you need it.
Thus if you, say run a networked app and there is a sec. hole
in it, in the worst case your files will be erased but the
system core will continue running happily and safely. Never
run networked games as root for example.

Vilmos

 
 
 

1. Virus protection against WINDOWS Viruses, server releated.

Does anyone out there know of a piece of virus protection software against
Windows based viruses?
The reason I ask is that I have a lot of Windows clients plugged into my
Samba servers sharing files like Word documents and emails and would like to
perform scans at night.

Any info would be greatfully recieved.

Thankyou in advance,

James.

2. mount fat32 problem

3. viruses or virus checkers?

4. How do I mirror a (subset of an) ftp site?

5. Virus Alert: happy99.exe attachment is a virus.

6. Solaris 8 04/01 and Xinerama?

7. virus warning on virus-watch.com

8. How to make a driver loadable?

9. Linux file virus, 8759 bytes, is this a known virus?

10. Sendmail virus checkerHas anyone any information on a sendmail virus checker

11. VIRUS ALERT- Linux/*BSD honour virus found

12. anti-virus software maker 'predicts' increase in 'Linux-based' Viruses !