trojan problem

[Jeremiah Foster]

On Fri, 2006-01-27 at 11:31 +0000, Anders Karlsson wrote:
> On 1/27/06, Jeremiah Foster <jeremiah at easywebsite.se> wrote:
> > Of course it is. There are no "trojans" on linux. There are rootkits but
> > they are much more difficult to install. A trojan is usually a peice of
> > malware disguised as an email attachment that appears useful. The user
> > clicks on it and unwittingly installs it on Windows. On ubuntu if you
> > want to install software often you have to be root to do so. This limits
> > the abilities of trojans to install themselves on users computers making
> > linux much more secure.
> 
> Strictly speaking, a trojan is software that is malicious while
> disguised as legitimate software. 

But a trojan requires installation. This often requires root privileges,
which also requires much more than just clicking on a link. 

> They exist for Linux as well (there
> was one in the openssl or openssh configure script a while back).

These are more like exploits than trojans. Any program you install can
affect the system with unintended consequences, this does not make them
trojans.

> Linux is not invulnerable to virii, and there are hundreds of virii
> for Linux, they just do not spread so easily. Because Windows has a
> much larger install base, and usually less cluefull users, virii
> writers targets Windows because the reward is bigger.

Linux has a different security model, and a different approach to
dealing with security issues. This makes it much more secure. To say
there are not inherent flaws in the Microsoft OS from a security
standpoint is factually incorrect. 

> Do not make the mistake of believing "because I use Linux no harm will
> come to me". The bigger the install base, the bigger the target and
> the bigger the reward for a successful virii.

This is obvious.