[ubuntu-uk] A small Bet, because Im fed up with not knowing.

Alan Pope alan at popey.com
Mon Oct 9 12:32:53 BST 2006


On Mon, Oct 09, 2006 at 11:14:05AM +0100, stude.list+ubuntuuk at googlemail.com wrote:
> Surely the only way to demonstrate it would be to knowingly infect
> your own machine? how stupid do you think I am I ain't about to do
> that!
> 

qemu/vmware can provide you with a "safe" environment in which to practice.
"Safe" assuming your rooting virus can't attack the host platform via a
vector in the emulator.

> It is perfectly possible to write a Linux virus, once on the system
> with root privileges you can do pretty much anything. Problem is finding a
> venerability to use to propagate, the damn Linux people have this
> strange idea of patching things without waiting several weeks for a
> certain day of the month, how absurd to reduce the attack time! (note
> the sarcasm).
> 

One word, php. Probably one of the most attacked things on the internet at
the moment after windows boxen is machines running php scripts. So whilst
php itself may be safe and patched up to the eyeballs, the scripts that
idiot web """masters""" install can quite easily provide a hole for people
to get in through. They can also provide easy spam propogation mechanisms
too. We (lug.org.uk) have had our "customers" (UK LUGs) put both insecure
PHP scripts and dumb mailer scripts in their web homes. In the past we have
been compromised as a result. 

So don't be complacent, Linux is most definately under attack, but isn't
necessarily the vector of acces, but something running under the insanely
common LAMP stack can be.

> > final piece, I understand that the BBC is giving advice to users based
> > on established "popular" operating systems I am just always amazed they
> > dont suggest that people switch to something else.
> Especially since the news.bbc.co.uk website is running Apache on
> Linux! (according to netcraft.com
> http://uptime.netcraft.com/up/graph?site=news.bbc.co.uk )
> 

They run a heavily modified apache, yes. They have in the past run on Linux
and on Solaris.

> This is what really annoys me abut the BBC, they use Open Source Free
> software, but block me from accessing content on their site if I
> choose to use Linux or other open source free software.

I guess you're alluding to Real and Flash there? Yeah, bummer. Roll on Dirac.

> And the fact I
> help fund the BBC (paying license fee) and they use my money to
> perform commercial marketing for Microsoft.
> 

Sad isn't it :(

However I bet their execs drive gas-guzzling cars and don't necessarily
recycle everything they could. Any company is going to do some things that
the 'shareholders' don't like. I guess you need to tell them if you want
anything changed. 

Cheers,
Al.





More information about the ubuntu-uk mailing list