Re: linux virus

From: Stewart Honsberger (blackdeath31@13softhome.net)
Date: 06/05/02


From: blackdeath31@13softhome.net (Stewart Honsberger)
Date: Wed, 5 Jun 2002 14:19:02 -0400

On 5 Jun 2002 14:52:33 GMT, Christopher Browne wrote:
>> Is this a case of our community being hoisted upon our own petards?
>>
>> We've been so long without virii/trojans (the latter being the case
>> in this instance, obviously) that we don't have a solid base of
>> detection tools.
[...]
>> Aren't there, though, tools that exist to scan files/attachments
>> traversing through Linux/UNIX boxes for virii/trojans? If so,
>> couldn't they be adapted/ used to scan ELF (and A.out) binaries as
>> well?
>
>There's no evident vector for installation of viruses on Linux, so the
>notion of building and selling a product to "manage" access to that
>vector isn't something offering a stable business model the way it is
>on Windows.

Granted. The open-ness of the Win** environment appears to be the comonality
in the spread of such things.

>chkrootkit and "Tiger team" and SAINT are various security auditing
>tools that _are_ available; Symantec apparently hasn't concluded that
>they could make good money selling such tools, so you won't see any
>detection tool from Symantec any time soon...

Quite true. In my haste (writing during breaks at work) I forgot about
tools like that. Obviously if a file has changed, it could be detected
as being something that just should not be, and proper action taken. A
snapshot of a guaranteed clean system on a read-only media (CDROMs and
floppy disks with the tab set being two examples) and you've got all the
virus protection you need. With '.' not being part of the path, or in the
very worst case being the very LAST entry in the path (backwards to DOS-
think, which is why, I would assume, so many distros/systems are pre-pending
rather than appending it) the problems become negligible.

And going back to my previous message; a properly configured/maintained
system of rights distribution will minimize damage done by any particular
user anyways, so the potential for shutting down the likes of Wall Street
are close to nil.

-- 
Stewart Honsberger
http://blackdeath.2y.net/
blackdeath31@13softhome.net
(Remove the count to reply privately)