Re: Will Linux become as vulnerable as MS ??
From: Travis Casey (efindel_at_earthlink.net)
Date: 02/27/04
- Next message: Drew Cutter: "e-identity tokens"
- Previous message: Ben Measures: "Re: Windows 2000 Source Code File"
- In reply to: Matt: "Re: Will Linux become as vulnerable as MS ??"
- Next in thread: Matt: "Re: Will Linux become as vulnerable as MS ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 01:20:06 GMT
Matt wrote:
> Jim Richardson wrote:
>> 6) With Linux, click on the attachment all you want, it's not going to
>> be executed unless you go *way* out of your way to make it do so. Unlike
>> MS-Windows...
>
> But what if somebody popularizes a distro in which the default mail app
> makes it easy to execute attachments? I am not an expert, but this is
> easily doable, isn't it?
>
> Maybe that sounds unlikely now, but ten years from now, Linux might be
> half of the OS market. Then there will be more demand for a "friendly"
> Linux (cf. Lindows already).
Here's a question, though: how many people really want to be able to
*execute* attachments? Not *open* them, which is a different thing, but
*execute* them?
The vast majority of non-virus/worm attachments that I see sent are either
graphics files, documents, or zip files. None of those need to be
*executed* -- they only need to be *opened* by the appropriate application.
*Right now*, with KMail, I can open any attachment that I have an associated
application for the type of on the system with two clicks -- one on the
attachment icon, one on the dialog box that pops up and asks me if I really
want to do this. If I don't have an application already associated, then I
also have to select an application to open it with.
The main kind of executable I see people send back and forth in Windows is
program installers. Under current Linux distributions, the equivalent
would be sending a RPM or Debian package -- neither of which is "executed"
as such -- they're opened with a package manager, and generally one would
want to be root to do that.
One could easily set up a Linux distro so that only "safe" file types are
associated with applications -- JPEG, PNG, PDF, etc. (Or, alternatively,
that the mail program only knows about those file types.)
The biggest things that I see Windows viruses exploiting are that (1)
Windows happily executes several different kinds of files regardless of
where you're clicking on them from, and (2) the default setup on modern
versions of Windows hides extensions that the system knows about... so that
someone can send "hotbabe.jpg.exe" and get people to click on it. One can
make it easy to *open* documents, pictures, archives, etc. without making
it easy to *execute* arbitrary programs that have been sent.
--
ZZzz |\ _,,,---,,_ Travis S. Casey <efindel@earthlink.net>
/,`.-'`' -. ;-;;,_ No one agrees with me. Not even me.
|,4- ) )-,_..;\ ( `'-'
'---''(_/--' `-'\_)
- Next message: Drew Cutter: "e-identity tokens"
- Previous message: Ben Measures: "Re: Windows 2000 Source Code File"
- In reply to: Matt: "Re: Will Linux become as vulnerable as MS ??"
- Next in thread: Matt: "Re: Will Linux become as vulnerable as MS ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
