Re: Why are there few viruses for UNIX/Linux systems?
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 08/16/03
- Next message: Bill Unruh: "Re: Why are there few viruses for UNIX/Linux systems?"
- Previous message: John Culleton: "Re: Possiible Kmail virus."
- In reply to: Nico Kadel-Garcia: "Re: Why are there few viruses for UNIX/Linux systems?"
- Next in thread: Bill Unruh: "Re: Why are there few viruses for UNIX/Linux systems?"
- Reply: Bill Unruh: "Re: Why are there few viruses for UNIX/Linux systems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 16 Aug 2003 09:51:19 -0700
In article <5ef%a.1003$N37.912@nwrdny02.gnilink.net>,
Nico Kadel-Garcia wrote:
>> http://www.linuxmafia.com/~rick/faq/#virus
>
> Unfortunately, that analysis tells a few serious lies, namely:
>
>> Any program on a Linux box, viruses included, can only do what the user
>> who ran it can do. Real users aren't allowed to hurt the system (only
>> the root user can), so neither can programs they run.
>
> This is, of course, not true. The damage a non-root user can do is much,
> much, much less. But by abusing unsecured setups and by exploiting
> not-yet-patched-on-that-machine holes, it's often possible for a skilled
> attacker to gain root privileges.
I believe I understand your distinction, but I do not see how it makes
the quote above untrue. In essence IIUC you're saying that a virus would
enter as non-root, at which point it or a human attacker would have to
find and exploit a second, unspecified vulnerability.
Even at its worst, this doesn't sound that bad. Whereas on Windows a
single vulnerability can destroy the OS, here it takes at least two,
possibly with human assistance required.
Can you explain where is the "serious lie" above? In the phrase:
Real users aren't allowed to hurt the system
I read "system" to mean "reasonably well-configured system," and ISTM to
hold true. Do you think that all or most Linux systems have known,
exploitable weaknesses? I doubt it. At least I hope mine do not. :)
I think the most damage a non-root user's processes could hope to
inflict would be a DoS. There are numerous ways in which this might be
done, but even many of those can be prevented with fs quotas and process
restrictions.
> It's vastly *easier* to do that under
> Mickey$oft^H^H^H various other OS's, but being Linux doesn't make it
> impossible.
Of course not. If it was impossible we wouldn't need this newsgroup. :)
One thing worthy of mention is that although privilege restrictions may
prevent the destruction of the OS, a Linux virus could be every bit as
painful to the user as a Windows one. If I lost all my $HOME files, the
fact that the OS is intact would provide little consolation. I don't
bother to back up the OS other than /etc, because I know I can easily
reinstall it. $HOME is what matters.
Nonetheless I doubt we'll ever see a serious Unix virus problem. The MS
world is dominated by marketing, and as a result they get software like
Outlook Express and Office: insecure OOTB and difficult to secure at
all. We'll probably never fall under that kind of control, so our
software is less likely to develop in such directions.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: Bill Unruh: "Re: Why are there few viruses for UNIX/Linux systems?"
- Previous message: John Culleton: "Re: Possiible Kmail virus."
- In reply to: Nico Kadel-Garcia: "Re: Why are there few viruses for UNIX/Linux systems?"
- Next in thread: Bill Unruh: "Re: Why are there few viruses for UNIX/Linux systems?"
- Reply: Bill Unruh: "Re: Why are there few viruses for UNIX/Linux systems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
