Re: [PLUG] Linux Virus Writing HOWTO

Arthur S. Alexion on Fri, 15 Mar 2002 14:40:12 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux Virus Writing HOWTO

From: "Arthur S. Alexion" <arthur@alexion.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Linux Virus Writing HOWTO

Date: Fri, 15 Mar 2002 08:37:40 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

At 12:05 PM 3/14/2002 -0500, you wrote:
On Thu, 2002-03-14 at 11:30, Timothy Lee Young wrote: > It alarms me that such a document would be created and distributed. > > However if it makes us system administrators (and users) more aware of > what avenues to watch for, and help close up the loopholes, then I guess > it isn't a bad thing to bring all this out in the open. > > But it's still kinda shocking to have this document in reality. >

Why be alarmed? This isn't really news. One of the earliest worms exploited a bug in sendmail and propagated on guess what.... unix systems. There's always been buffer overflows in sundry services.

However, the reality of the situation is that despite the fact that viruses are possible on any platform, some are far more susceptible. The difficulty isn't in writing a "Unix virus" so much as writing a "Unix virus" that will reproduce prolifically enough that it will survive in 'the wild '.

Besides the fact that office applications aren't embedded into the Linux kernel and heavily integrated into just about every corner of your system, the user/security model for *nix makes it harder for viruses to survive. It is generally taught early on Not To Run As Root.
Is the real reason *nix is relatively spared virus problems practical rather than technical?

If I wanted to take the trouble of writing mischievous code, I would want my efforts to result in the greatest possible impact. Since 90% of the computers out there run windows, my first decision would be to write a virus that operates in windows. Now, if I planned to distribute my virus via eMail, I better pick a ubiquitous eMail program, so I'd pick -- Outlook. And so on.

I feel that even my windows computer is safer than most since I don't have Outlook installed. I've lost count of the times a virus has infected a list to which I subscribe, only to find that nothing happens to my system running either Eudora or Pegasus (with all the Outlook features turned off).

I suppose Macs are safer for the same reason.

One of the best cures for paranoia is the realization that you are not a particularly interesting target. Safety thrives in obscurity.

Art

_________________________________________________________________ Art Alexion """ mailto:arthur@alexion.com <(©¿©)> Arthur S. Alexion LLC «o» http://www.alexion.com v

______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] Linux Virus Writing HOWTO
From: Tobias DiPasquale <anany@ece.villanova.edu>

Re: [PLUG] Linux Virus Writing HOWTO
From: "Kyle R . Burton" <mortis@voicenet.com>

Re: [PLUG] Linux Virus Writing HOWTO
From: Michael Leone <turgon@mike-leone.com>

References:

Re: [PLUG] Linux Virus Writing HOWTO
From: Timothy Lee Young <youtim73@netaxs.com>

Re: [PLUG] Linux Virus Writing HOWTO
From: Mental <Mental@NeverLight.com>

Prev by Date: [PLUG] Linux at IBM Software (Free stuff)

Next by Date: Re: [PLUG] Re: Hardware Recommendations

Previous by thread: Re: [PLUG] Linux Virus Writing HOWTO

Next by thread: Re: [PLUG] Linux Virus Writing HOWTO

Index(es):

Date

Thread