Some thoughts about anti-virus software for Linux
Smoot Carl-Mitchell
smoot at tic.com
Thu Jan 22 16:53:56 UTC 2009
On Wed, 2009-01-21 at 22:03 -0800, Jeff Silverman wrote:
> There seems to be little need for anti virus software up to this time.
> There are very few viruses that run on linux. My concern is that
> somebody is going to write a Trojan horse and get in one of the
> repositories. Such a Trojan could sleep for a long time and then wake
> up and do whatever it decides to do. The amount of damage such a Trojan
> could do to its own system is rather limited, if that system is
> reasonably well managed (don't use root, use sudo, that sort of thing).
> However, such a Trojan could be used to attack other vulnerable systems
> around it. A well-written Trojan could be cross platform, written in
> Java or Perl for example. A Trojan is hard to hide in source code, and
> it would be easy to track down the bastard that wrote it. I think.
>
Read this for an early Unix trojan which was very hard to detect.
http://en.wikipedia.org/wiki/Backdoor_(computing)
See the section titled "Reflections on Trusting Trust". I have seen the
source code for this trojan and it is quite sophisticated and almost
impossible to detect. You really have no idea what the code actually
does unless you have been informed of this type of attack.
We are trusting that the writers of gcc have not introduced such a
backdoor. It would be fairly easy to do and very hard to detect given
the shear size of the gcc compiler source code.
You are correct about the repositories being the most vulnerable vector
to infect Linux systems. It has always been a problem which continually
raises legitimate security concerns.
--
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list