Security with Linux - Newbie

[Eric Dunbar]

> > ... Windows doesn't let you do stupid things ...
> 
> Ah say, Chuck,
>         what are a couple of stupid things Windows won't let you do?

Like _work_ ;-). Windows is afterall the greatest virus and time
waster (mines + "Klondike/Hearts/card game") known to human-kind.

On Mon, 7 Feb 2005 17:23:32 -0800, Liz Young <liz> wrote:
> On Sun February 6 2005 11:16 pm, Lindsay wrote:
> > I have been of the understanding that Linux is relatively virus and
> > intruder safe.  How accurate is my understanding of this?
> 
> Seems accurate to me. :-)  In my experience email viruses can't spread
> the Windows way because (for one reason) attachments can't execute
> without the user saving the file, and then changing the permissions to
> executable, and then launching it.  Too much hoop-jumping to get the
> thing to spread. I'm sure there are exceptions, but in general I think
> that's why we haven't seen many Linux based email viruses (I haven't
> seen any).

I'm nearly tempted to buy the argument about the "locked down"
security-comes-first nature of Unix-like systems, with their file and
user permissions.

However, there are three things which work against virus writers.

1. Viruses do not have a homogeneous environment in which they can
run. Not only do you have two main platforms to code for (Motorola PPC
& Intel/AMD i86) but you also have a million and one variants on both
platforms -- what holes to code for, what holes to code for? Just like
in biological communities, diversity offers a certain measure of
disturbance tolerance (though, there are examples of homogeneous
biological communities that are no less disturbance tolerant...
there's only one rule in biology. There's an exception to every rule
but this one.);

2. A community with a *lot* of experts capable of responding to a
major problem very quickly. I'm not convinced at all that this model
can serve to mobilise a fast response to the sudden appearance of a
virus/malware like Microsoft could with its legion of programmers.
However, I do think that the "open" nature of OSS development leads to
a wide-spread knowledge of potential holes and of how "things work".
This, in turn, _may_ help foster conditions which inhibit the writing
of virus/malware;

3. There's a security paranoia in OSS builders which serves to "lock
down" systems with software that, by default limits network/internet
access to a machine's services and firewalls to control what goes in,
comes out, and how often certain things are allowed (which I really
should set up some day on my web accessible server that gets thousands
of login attempts each and every day on its ssh & (non-functional) ftp
ports ;-).

There are a *lot* of empty (ahem, marketing) claims out there about
the security of *nix systems. It's really time that the Linux
community (Linux in particular because some of its users appear
religious in their fervor) grow up and recognise that it cannot act
like a typical company -- marketing speak and the occasional lie are
expected from companies (they're out to extort money from you and I
after all), but from a software development paradigm (it's not a
"movement", except to the faithful ;) that is built upon the
unrestricted sharing of the creative process marketing speak is
unnecessary, and quite possibly a violation of the trust of some of
those sharing their code.

As for the "*nix is a small user base which means people won't write
viruses for it anyway. Wait till it gets bigger.". There is certainly
some truth to that statement -- it seems modern viruses are more often
than not corporate (albeit shady and sometimes illegal) ventures which
means there is relatively little pay back for writing one for *nix.

However, small does not mean that virus writers won't get their kicks
from writing viruses. The Macintosh had a thriving community of (quite
malicious -- one even erased HDs) viruses in the late 80s and possibly
even 90 or 91. What Apple did that MS fails to do well 15 years later,
was to provide (for the time) quick responses to the problems by
plugging the hole that allowed the malicious code to execute, by
isolating that code. Old Mac apps ran code stored in resources, and
there were a variety of types but, depending on the type of "resource"
(like a file within a file) it was restricted to accessing certain
memory locations, had certain disk writing/reading privileges, etc.
The only virus I've _ever_ had in 21 years of (entirely unprotected...
I hate anti-virus software) Mac use was one which was written to mimic
a custom 'window drawing code' and managed to spread to other apps
very quickly.

OS X has been around for four years and still there has been NO sign
of either malware OR virus (though, there were some rather amusing
"breaking" stories about a virus being found last year... which turned
out to be a company trying to sell anti-virus software for Mac... the
*worst* thing you can do is install anti-virus software on a Mac.
You're opening up another avenue through which your computer can be
infected ;).

Eric.