Linux security

Lorin B Pino ljpino at grundyec.net
Sat Apr 29 22:16:53 UTC 2006


Daniel Carrera wrote:

> Lorin B Pino wrote:
>
>> The problem with deployment of viruses in linux would be the same 
>> problem as is being discussed with hardware drivers.  How many 
>> kernels are in use now?
>
>
> A virus doesn't need kernel hooks. It's just a program. Just like you 
> don't need different versions of Firefox for every kernel.
>
>> How does each distro perform certain tasks?
>
>
> I'm not aware of any task that is relevant to a virus that varies with 
> distros. 'rm -rf ~/*' will work on all distros. chmod will be the 
> same, Perl will be the same, etc.
>
>> Some distros structure things quite differently from each other.
>
>
> They all put the user's home in "~/".
>
>> Autopackage is trying to set up an installer that will work on any 
>> distro,
>
>
> Autopackage is doing very different things from what a virus would try 
> to do. Autopackage is trying to be a package manager that works on all 
> distros without a package manager. That's a much more complex problem 
> than a virus.
>
> Case in point: You can get Firefox, OpenOffice and many other programs 
> in binary form and have them run on all distros. And these programs 
> are far more complex than any virus.
>
> I'm sorry, but the differences between distros will not prevent a 
> virus from working any more than they prever Firefox from working 
> accross distros.
>
> Cheers,
> Daniel.

If the kernel is not a problem, then how many versions of firefox are 
running.  I am using 1.0.5, but I notice a lot of extensions are 
specific, so a virus would have to be as specific as an extension to 
have any effect on the browser.  Wouldn't this be true for the e-mail 
programs also?  Is it possible to exploit all versions of k-mail with 
one virus?  If not, then there are enough differences between versions 
that the compatibility would be thrown off, and the virus would only be 
able to touch a certain version of the program.  OE and IE just don't 
have the diversity to pose as much of a challenge to virus writers.  
Maybe this is totally wrong, but I do believe the different distros do 
things differently, and it would possibly affect the performance of a 
virus.  Some distros place programs or config files under different 
names, or in different areas of the tree, so a virus would have to be 
able to find them in different places for different distros.  Of course 
this all depends on what the virus is supposed to be doing.
I'll stop showing my ignorance now.  I only know that I have not had a 
virus in two years of linux use.  I started using linux as the 
stereotypical windows user  (computer illiterate).   What little I know 
know has come from  mailing lists such as this one.   Up to now I have 
been on a dial-up connection, and haven't been as concerned, but I may 
soon switch to ADSL.  With an always on connection, I would assume 
security would become alot more important.  Thanks for bringing up the 
topic!
~Lorin




More information about the ubuntu-users mailing list