[ubuntu-uk] A small Bet, because Im fed up with not knowing.

Tony Arnold tony.arnold at manchester.ac.uk
Mon Oct 9 11:33:06 BST 2006


On Mon, 2006-10-09 at 10:51 +0100, Nik Butler wrote:

> So .  Hence my question.. how easy is it really to make a process from 
> email to infection.

I suspect on Linux, the process would not start from e-mail, mainly
because of the lack of execute permission on e-mail attachments and the
extra steps a user has to go through in order to run an attached
executable.

This also implies that the majority of viruses etc on Windows are spread
by users being conned into doing something inherently insecure. I've
always suspected this to be the case, but I don't know of any hard
evidence to support it.

> I can accept that firewalls and applications require user security and 
> poor passwords make poor defences but should a desktop user be allowing 
> port 22 or other overflow port to be open directly . Actually thats a 
> key thought and the reason I wanted to have the conversation what should 
> the Desktop environment come with as a locked down and locked out 
> feature set.

I'm not convinced the distinction between desktop and server is that
clear cut. Many desktop systems act as servers, e.g., ssh, http, smtp
etc. (my own desktop runs postfix and routes mail for a few machines; it
also runs a WEB server).

My view is both servers and desktop systems should come with no ports
open at all by default. One of the reasons I liked Ubuntu. I guess what
you are asking is should a desktop system even allow the
user/administrator to open up ports. That would make life very difficult
if that was the case!

> > I've also seen system utilities replaced with versions that hide the bad
> > software, so root access must have been gained somehow.
> >   
> Yes me to but mostly on my servers with public facing or natted IPs. but 
> not my Desktops.

I guess servers are targeted because they are usually so visible on the
network! They also usually have plenty of bandwidth and plenty of CPU
power. It's true that as soon as you open ports on a desktop system,
then the attacks start coming in. My desktop is constantly attacked on
port 22 and the WEB server gets attacked too.

> > The only thing I'm not sure about is whether any of this is
> > self-propagating.
> >   
> No, theyre not.. but I have pleny of example script bots and scripts 
> from infected machines that show how they scour and report back to the 
> irc channel.

Given what can be done manually or via scripts, I'm surprised this has
not been automated into self-propagating code. There must be something
innate in Windows that makes this so easy.

> I suspect Metasploit will be the first to find a way through and when 
> they do the arms race will step up a bit. However I dont expect to end 
> up paying a "fee" to protect my system against problems inherent in the 
> system in the first place and thats another good reason to be 
> considering a alternative.

My biggest objection to Windows is the need to apply so many band-aids
to the system in order to keep it secure, i.e., anti-virus,
anti-spyware, intrusion protection, firewall. And you have to pay for
these band-aids! But I feel a rant coming on so I'll stop!

Regards,
Tony.
-- 
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold




More information about the ubuntu-uk mailing list