basic - continued

James Takac p3nndrag0n at gmail.com
Sun Feb 7 08:44:05 UTC 2010


Hi Douglas

On Sunday 07 February 2010 16:30:50 Knapp wrote:
> On Sat, Feb 6, 2010 at 10:58 PM, Rashkae <ubuntu at tigershaunt.com> wrote:
> > Knapp wrote:
> >> You need su to do it. There are no viruses that work with Linux but
> >> you can fool the user into being stupid and letting a trojan into the
> >> system. The basic trojan then needs to find a way to upgrade itself
> >> from user to super user. It can do this by fooling the user again or
> >> perhaps by running a piece of software with a known weakness that will
> >> then force the system to give out su access. It is not easy but it can
> >> be done. Many companies have given out prizes to anyone that could
> >> break their system because they thought it was not possible only to
> >> have to pay off the prize.
> >
> > Woa there, I'm all for Linux is more secure and all that, but that's
> > just plain false information.  Admittedly, in the age of automatic
> > updates, self propagating worms and virii are not seen as often, but
> > what do you think all those hundreds of megabytes of Security updates
> > are for?  (speaking as someone who *has* been rooted over net by a
> > Apache worm several lifetimes ago)
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
> What there is false?
>
> --
> Douglas E Knapp
>
> Open Source Sci-Fi mmoRPG Game project.
> http://sf-journey-creations.wikispot.org/Front_Page
> http://code.google.com/p/perspectiveproject/


There's an old saying that does the rounds from time to 
time ................ "Never say never!"

Yes there are the odd Linux/Unix based Virii. Most are what is called "proof 
of concept" as I understand it. Then we also know of things called "root 
kits" which are often aimed at Linux/Unix based systems. Even then there are 
malware that can act independent of OS, i.e. JS (Javascript) for instance 
which are based on code commonly executed in the browser and don't require a 
given OS to be present. Such malware can affect both Windows and Linus users 
alike if they happen to be unaware of them. One reason I advocate the use of 
Firefox and the "noscript" plugin.

I've over the years seen the argument that there are no virii (malware) that 
target Linux. Alas what a goodly number of people forget is one doesn't need 
to target an OS (operating System) in order to target the unsuspecting. 
Javascript for instance being browser supported is OS independent and 
therefore can attack both Windows and Linux based users alike depending on 
their level of awareness :(

James




More information about the ubuntu-users mailing list