basic - continued

Tero Pesonen ubuntu-users at tpesonen.net
Sun Feb 7 15:01:49 UTC 2010 

On Sat, 2010-02-06 at 22:00 +0100, Knapp wrote:
> On Sat, Feb 6, 2010 at 5:55 PM, Amedee Van Gasse
> <amedee-ubuntu at amedee.be> wrote:
> > On 06-02-10 14:26, Odd wrote:
> >
> >> That is true, but at least a rootkit can't be installed.
> >
> > amedee at fangorn:~$ apt-cache search rootkit
> > chkrootkit - rootkit detector
> > rkhunter - rootkit, backdoor, sniffer and exploit scanner
> > unhide - Forensic tool to find hidden processes and ports
> >
> > If a rootkit can't be installed, then why is there software to check for
> > rootkits?
> 
> You need su to do it. There are no viruses that work with Linux

This sure was news to me! I think I have seen a virus (or rather a worm)
take down a large network composed of Linux and UNIX systems... the worm
most certainly did work rather nicely on Linux, exactly as designed.

>  but
> you can fool the user into being stupid and letting a trojan into the
> system. The basic trojan then needs to find a way to upgrade itself
> from user to super user. It can do this by fooling the user again or
> perhaps by running a piece of software with a known weakness that will
> then force the system to give out su access. It is not easy but it can
> be done. Many companies have given out prizes to anyone that could
> break their system because they thought it was not possible only to
> have to pay off the prize.
> 
> The smart user only installs from the repos, does not open strange
> emails and for sure does not click on anything in these emails. Last
> but not least they have their router and their firewalls set up and
> running. They also might have root kit detectors installed and if they
> are really careful might have a CD that they can run to check their
> system for them because when you boot from a CD you know what the
> software is and where it came from, hopefully. I guess you still might
> get caught by a bios infection.

In other words, one does what smart Windows users have been doing for a
good while.

> The truth is that we are NEVER 100% safe. Back up your data! Run a
> tight ship, be smart and well informed!

Exactly. But unfortunately some people go about on mailing lists telling
others there are no Linux viruses, creating a false sense, or, even
worse, a culture, of (in)security for someone to exploit once the
platform gains the critical mass that warrants someone's starting to
abuse it.

Tero Pesonen

-- 
tero-at-tpesonen.net
GPG KeyID 315FD528

More information about the ubuntu-users mailing list