Tobias DiPasquale on Fri, 15 Mar 2002 11:20:18 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux Virus Writing HOWTO


On Fri, 2002-03-15 at 08:37, Arthur S. Alexion wrote:
> 
> Is the real reason *nix is relatively spared virus problems practical 
> rather than technical?

Partially. The technical aspects of UNIX having an _enforced_ root user
make it difficult to reak havoc on a UNIX system without having said
permissions. But having said that, most creators of viruses that
actually see the wild are looking to infect a lot of computers. This is
not truly feasible in the UNIX world, since a cross-UNIX virus would be
technically difficult, at best (it would have to be very large to
understand the differences between the different Unices).

> 
> If I wanted to take the trouble of writing mischievous code, I would want 
> my efforts to result in the greatest possible impact.  Since 90% of the 
> computers out there run windows, my first decision would be to write a 
> virus that operates in windows.  Now, if I planned to distribute my virus 
> via eMail, I better pick a ubiquitous eMail program, so I'd pick -- 
> Outlook. And so on.
> 
> I feel that even my windows computer is safer than most since I don't have 
> Outlook installed.  I've lost count of the times a virus has infected a 
> list to which I subscribe, only to find that nothing happens to my system 
> running either Eudora or Pegasus (with all the Outlook features turned off).
> 
> I suppose Macs are safer for the same reason.

The problem is just exactly that. Microsoft products, not Windows as a
platform. The petri-dish environment they have created in their
applications, where every possible action can have a macro attached to
it, allows for the vast majority of the new viruses today. Viruses were
never this prevalent when they had to travel via BBS and floppy disk.
Microsoft's attitude towards a scripted future of integrated apps has
sealed their fate in this regard. And, to boot, if you wish to turn the
scripting off in an attempt to be safer, much of the functionality of
the product is turned off with it. So, in a sense, the customer is being
punished for wishing for better security.

> One of the best cures for paranoia is the realization that you are not a 
> particularly interesting target.  Safety thrives in obscurity.

This all depends on your outlook on the subject (no pun intended). I may
not be a very interesting target, but if I'm an easy one, I don't see
much difference in the two situations. I can (and probably will) be
exploited by some automated script or infection mechanism, simply
because a vulnerability exists. My Apache server still gets hits from
the Code Red worm, attempting to locate default.ida. No matter how
uninteresting a target you may be, an attack on you will surely
interrupt the flow of your day. And the easier it is to perpetrate such
an attack, the more you will get attacked. Safety thrives in security.

> Art
> 
> 
> 
> _________________________________________________________________
> Art Alexion                 """         mailto:arthur@alexion.com
>                            <(©¿©)>
> Arthur S. Alexion LLC       «o»            http://www.alexion.com
>                               v
> 
> 
> ______________________________________________________________________
> Philadelphia Linux Users Group       -      http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug
-- 
<< T o b i a s   D i P a s q u a l e >>
anany@ece.villanova.edu | tdipas01@villanova.edu | toby@khenry.com

Of course, in order to partially emulate an ASR-33, you could perhaps
connect an 
IBM selectric up to your computer while running a looped recording of
gunfight 
and an idling 58 chevy with one blown piston. For the final touch, you
could replace 
the room's light switch with a dimmer switch and wiggle it back and
forth whenever 
you are printing something out.

-- Anonymous Coward, SlashDot, commenting about Caldera's release of
some 
   original UNIX sources

Attachment: signature.asc
Description: This is a digitally signed message part