Virus Issue 2

Andre Truter andre.truter at gmail.com
Thu Mar 24 23:49:20 UTC 2005 

On Thu, 24 Mar 2005 16:50:53 +0100, René L. Reingard
<reingard at hispeed.ch> wrote:
> 
> Hi Joachim
> 
> Good what you mentioned.
> 
> > 1. Don't work as root.
> > 2. Keep your system up to date.
> > 3. Think before you klick.
> 
> what are the benefits - regarding protection of your system - when not
> working as root?
> 
> question:
> 
> a.) if working as a simple user, a virus attacks only a specific part of
> the system? yes OR no?

Yes, if you manage to get a virus, then it will only be able to work
with your own files.  It cannot damage the system.

> b.) if working as a simple user, hanging in the world wide web, the root
> can not become exploit by anyone? yes OR no?

Normally, no.  It is still possible for an atacker to exploit your
system via unpatched security holes, but working as a normal user
reduce the risks and makes it more difficult for an atacker.
It is also a good idea to be behind a firewall.  Of your machine is
direct on the WEB, make sure the network interface connected to the
net is firewalled.

> 
> what we realy know about viruses, trojans and others? are the ones we
> know, not allways somewhat the tip of the iceberg? the iceberg of what is
> truly possible?
> 
One major advantage that Linux, UNIX and BSD have with regards to
viruses is the good design.  UNIX has been around much longer than
Windows and the machines that are connected directly to the web more
often are runnning Linux and UNIX, so they are easier to reach than
the average Windows machine, but still they are not targetet as much
becasue due to the proper design it is just so much more difficult to
write a successful virus for it.
Also, more sensitive data are stored on UNIX and Linux servers around
the world.  Would that not be better targets than the average PC at
home?

> questions:
> 
> c.) could it not be true, that much more powerful attacks are possible,
> unknown to our limited thinking?
Yes, I am sure it is possible, but again, the good design of
UNIX/Linux/BSD makes it just so much more difficult.  Also the fact
that Linux is OperSource means that such attacks can be prevented,
because there are so many people looking at the code. Chances are that
by the time one cracker/virus writer has picked up on a flaw, 20
OpenSource developers has also discovered the same flaw and by the
time the virus/attack is released, the patch is already out.

Generally OpenSource projects have a very fast response time to
vulnerabilities, sometimes 24 hours. Look at Mozilla and Apache for
example.
So, virus writers does not have a lot of time to write a virus. 
Chances are that by the time a virus is written, the patches are out
already.

> d.) what about a virus, trojan or whatever, allready on your machine,
> hidden and unknown to you, which has the power to take over control of
> your system, when he likes?
> 
This possible, but normally someone needs to break into your machine
and install it.  So it takes a positive affort from a cracker to sit
and attack your machine and try out all kinds of vulnerabilities just
to get in and install a backdoor.  On Linux these things normally are
not installed via mail or through an open port, like on Windows. You
can maybe download a supect package that contain a trojan, but you
need to make sure that you only install stuff from valid sources.

> interested to think more on that.
> 

My opinion is that you are much more likely to be atacked by a cracker
or script-kiddie than getting a virus on Linux.

Here are some interesting links:

http://librenix.com/?inode=21
http://math-www.uni-paderborn.de/~axel/bliss/
http://www.lwfug.org/~abartoli/virus-writing-HOWTO/_html/

-- 
Andre Truter | Software Engineer | Registered Linux user #185282
ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.za.org

~ A dinosaur is a salamander designed to Mil Spec ~

More information about the ubuntu-users mailing list