Linux security

[Alan McKinnon]

On Friday 28 April 2006 22:09, Daniel Carrera wrote:
> Hello,
>
> I'm wondering if Linux really is inherently resistant to viruses.

It isn't

> Notice, I don't mean "completely inmune". I want to figure out if
> saying "it is extremely hard to make a Linux virus" is a true
> statement.

Why would writing a Linux virus be hard? It's just code, written to 
infect other executable files with copies of itself. Trojans are just 
regular programs that you happen to consider do not-nice things.

The hard part with a Linux virus is not writing it, it's *deploying* 
it.

> First, let's be clear about the threat: loss of user data. The
> operating system itself is not that important. It's your critical
> documents. So, Linux's separation of priviledge does not actually
> help here.

But this was discussed to death on the list or maybe Sounder just last 
week. Bottom line is that your data cannot be protected from you. You 
need to have write access to your own files therefore programs 
running as you can write to (and erase your files).

A possible solution is to overhaul the OS in such a way that data 
files can be tagged as writable only by specified apps i.e. only 
*this* signed copy of OO.o can write to *that* .odt file. I really 
don't think this is workable, the admin burden and inconvenience will 
be large.

[snip]

> What else is there protecting Linux?

Make it hard to deploy the virus. Once it's running, all bets are off 
so your protection is preventing the thing from running at all. And 
the best defence for that is educating users. 

-- 
If only you and dead people understand hex, 
how many people understand hex?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five