[Ubuntu-US-CA] Ubuntu Tri-Fold Source Files
Aaditya Bhatia
aaditya at dragonsblaze.com
Sun Mar 28 21:39:31 UTC 2010
On Sun, Mar 28, 2010 at 1:58 PM, Nathan Haines <nhaines at ubuntu.com> wrote:
> On 03/28/2010 01:20 PM, Aaditya Bhatia wrote:
>> We don't execute every file on sight, so we're virus-proof by design,
>> at least in this sense. Might sound a little complicated for a newbie,
>> but doesn't this point deserve a mention?
>>
>>
> It deserves a mention but only in an accurate way. Most "viruses" are
> either worms or trojans that exploit software vulnerabilities to gain
> priviledge escalation or execute a payload and this is never caused by
> "executing a file", it's caused by exploiting buffer overruns and other
> developer oversights.
>
> Windows and Mac OS also don't "execute every file on sight" anymore, so
> "in this sense" doesn't provide any contrast to the other systems
> (besides being beside the point, since that's not how viruses spread
> anymore).
>
Clarifying what I said earlier, OSes obviously don't execute the files on
sight, but sometimes they do access portions of them in easily
exploitable ways, resulting in execution of an embedded exploit. For
example, downloading an infected executable file and navigating to it
in Windows Explorer used to be enough for the viruses to propagate on
XP. Vista addressed that by prompting the user before executing
something with admin privileges etc. I'm not aware of the details of
how viruses work, but there should be something on these lines that we
can publish without falsely implicating others. Anything like "You
don't need an virus-scanner in Linux because..." should work. I agree
that whatever we publish must be accurate.
--
Aaditya
http://www.dragonsblaze.com/
More information about the Ubuntu-us-ca
mailing list