Virus Issue 2

Andre Truter andre.truter at gmail.com
Fri Mar 25 19:27:48 UTC 2005 

On Fri, 25 Mar 2005 14:03:35 -0500, Jason Straight
<jason at jeetkunedomaster.net> wrote:
> On Thursday 24 March 2005 18:49, Andre Truter wrote:
> > > a.) if working as a simple user, a virus attacks only a specific part of
> > > the system? yes OR no?
> >
> > Yes, if you manage to get a virus, then it will only be able to work
> > with your own files.  It cannot damage the system.
> 
> Until the virus uses a local root exploit.

Is it really practical and worth it to write a virus that can use a
local root exploit?
What are the chances that a box will have that exploit?

Exploits are fixed relatively fast, so by the time a virus writer has
written his virus that targets a specific exploit, most machines out
there has already been patched.

Then the virus still needs to get installed on such a vulnerable box
and that in itself is a very difficult task for our virus, because of
the design of the OS and most software used.

With all these hurdles that the virus face, it might compromise maybe
a few boxes.
Now, is that time well spent for the virus writer?

The virus will have a better chance if it is written to try out all
known root exploits for the off chance that a box might still have one
unpatched exploit.
But this will make the virus big and complex.  
Again not very practical.

It is easier to manually exploit a linux box.  You start with port
scans to find possible targets, then you move from there and see what
else is exploitable on such a box.

That is why I say that your chances of getting atacked by a person is
much better that geting infected by a virus.
Linux is not a very virus-friendly environment, even if it has
unpatched exploits.

Yes, it is possible to get infected, just as it is possible to put
wings on your car and turn it into an aeroplane.  It is just not very
practical.

At this stage viruses for Linux is more acedemic than practical and I
think it will stay so for a very long time, except if you start to see
really dumb Linux applications and distrobutions taking over the
market.
There is one distro (I forgot it's name - might be Linspire) that runs
most stuff by default as root, even the user apps.  Now that is
something that might end up being susceptable to virus attacks, but it
is still less susceptable than Windows.

-- 
Andre Truter | Software Engineer | Registered Linux user #185282
ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.za.org

~ A dinosaur is a salamander designed to Mil Spec ~

More information about the ubuntu-users mailing list