Re: Debunking the "Linux can't have viruses" myth ...

From: Jon Gomez (jon.gomez.04_at_cnu.edu)
Date: 11/24/04 

Date: Tue, 23 Nov 2004 18:31:50 -0500

Moe Trin wrote:
> In article <41a37801$0$84108$14726298@news.sunsite.dk>, Jon Gomez wrote:
>
>>I recently tried chrootkit based on its praise from people here.
>>According
>>to the instructions, it requires root access... so I ran it as root. I
>>could not help feeling a little paranoid, considering the context, that I
>>was exposing my system.
>
> 'ckrootkit' is mainly a script - that looks for specific symptoms that
> have been seen in the past. It's long, and convoluted, but it's not that
> hard to read through. And you are exemplifying the reason it exists _IF_
> you just blindly install programs and run them. That is one way that
> root kits get installed in the first place. NOT THE ONLY WAY, but one.

I think it would be cool if non-technically literate people would be able to
use Linux without any expectation of ability. But as Rick pointed out,
distros help solve this problem.

>>I know many people don't have the time or skill to personally read
>>through every piece of code, so they are required to be on a trust-based
>>relationship. Of course, in the same way that the hack of smoothwall was
>>announced, they might diligently look for an exploit announcement, and
>>thereafter work on cleaning their system...if any system remains. They
>>still would have been hacked.
>
> Yeah, the Debian file servers also got cracked earlier this year, and
> someone tried to slip a 'mickey' into the kernel tree as well. But this
> was detected, and if you are subscribed to appropriate mailing lists (or
> even reading Usenet mirrors of them) you'd be aware of this and can take
> the appropriate action.

Could you give me more advice on which lists / mirrors I might check out?

>>He who trusts an idiot is an idiot himself. However, in the determination
>>thereof, it's prb a balance between idiot and paranoia.
>
> And "life" is somehow different that this?

That was the point ;-) The message to which I was responding used idiot in
a way that seemed to me rather intense, so I suggest that it is a balance,
not a black and white thing.

>>Besides, if linux is going to be used by the general populace, including
>>people who are stunned by mouses with different number of buttons, rather
>>than just by those with technical skills, we should probably assume,
>>defensively, that there will be plenty of idiots. So is there anything we
>>can do to try to make linux more idiot-proof? (as opposed to more secure)
>
> There is a classic answer about idiots becoming more inventive.

Or the most foolish man in the world can ask a question the wisest man may
not answer? True. So we should continue to make software / systems
smarter, no?

>>I bet you could still convince someone to login to root for "normal"
>>maintenance ops, since nowadays you can convince ppl to do setuid root for
>>granting capabilities (like CAP_NET_RAW). I would still be very much
>>upset if someone overwrote the core utils like ls, mv, cp, rm, with things
>>that
>>when I ran them they wiped out my home tree. That presupposes the
>>continued existence of system executables, in which case the kernel and
>>gcc
>>are not the only important aspects of a system. Heck, you could end up
>>doing problematic things with just a user account, like installing a
>>program that hammers away at root's password, though you should notice
>>this, of course ;-).
>
> All to true.
>
> Old guy

Okay. I appreciate your comments. True, I did look over the script for
chkrootkit, but I didn't read it line by line. Judge me how you will.

Thanks,

Jon.

-- * Does the walker choose the path, or does the path choose the walker?
(fr. Sabriel) * --

Quantcast