Virus Issue 2

Jason Straight jason at jeetkunedomaster.net
Fri Mar 25 19:49:11 UTC 2005 

On Friday 25 March 2005 14:27, Andre Truter wrote:
> Is it really practical and worth it to write a virus that can use a
> local root exploit?
> What are the chances that a box will have that exploit?

It's nt practical, or worth it, to write any virus, but still there are 
thousands of them.

> Exploits are fixed relatively fast, so by the time a virus writer has
> written his virus that targets a specific exploit, most machines out
> there has already been patched.

In todays linux world, on your machine and mine, but what happens as linux 
becomes more popular by all those same people who go so far as to enter a 
password into a zipfile in their e-mail to install a virus, and at the same 
time dont' do their updates.

> Then the virus still needs to get installed on such a vulnerable box
> and that in itself is a very difficult task for our virus, because of
> the design of the OS and most software used.

Social engineering - the weakest part of any OS is the user.

> With all these hurdles that the virus face, it might compromise maybe
> a few boxes.
> Now, is that time well spent for the virus writer?

3% of all known linux users now - maybe not. In 3-5 yrs 3% could be a lot 
more. Plus people out there will do it just to "prove themselves" l33t.

> The virus will have a better chance if it is written to try out all
> known root exploits for the off chance that a box might still have one
> unpatched exploit.
> But this will make the virus big and complex.  
> Again not very practical.

Show me a practical virus writer. :)

> It is easier to manually exploit a linux box.  You start with port
> scans to find possible targets, then you move from there and see what
> else is exploitable on such a box.
>
> That is why I say that your chances of getting atacked by a person is
> much better that geting infected by a virus.
> Linux is not a very virus-friendly environment, even if it has
> unpatched exploits.

I don't disagree, I just think that the time will eventually come that linux 
will be a target, not neccesarily one that gets hit.

> Yes, it is possible to get infected, just as it is possible to put
> wings on your car and turn it into an aeroplane.  It is just not very
> practical.
>
> At this stage viruses for Linux is more acedemic than practical and I
> think it will stay so for a very long time, except if you start to see
> really dumb Linux applications and distrobutions taking over the
> market.

Which I think we probably will. Eventually as linux gains more and more market 
share there will be more and more people trying to get a piece of the action. 
And those same sloppy programmers who write software for windows that's 
exploitable will be writing their crap for linux too.

> There is one distro (I forgot it's name - might be Linspire) that runs
> most stuff by default as root, even the user apps.  Now that is
> something that might end up being susceptable to virus attacks, but it
> is still less susceptable than Windows.

I totally agree that linux isn't a virus magnet by any means like windows is, 
but eventually - as popularity grows - we will see more l33t script coders 
trying to make a name for themselves. They probably won't be very successful, 
but they'll still do it. They've already proven they have no life by writing 
viruses in the first place.

-- 
http://www.skycon.net/
ICQ: 1796276
AIM: JasonRStraight
MSN: glock21-45cal at hotmail.com
OS: Ubuntu/Kubuntu Linux http://www.ubuntu.org/ http://www.kubuntu.org.uk/

More information about the ubuntu-users mailing list