NOD32 on Linux
MR ZenWiz
mrzenwiz at gmail.com
Thu Feb 3 22:24:01 UTC 2011
On Thu, Feb 3, 2011 at 8:26 AM, Smoot Carl-Mitchell <smoot at tic.com> wrote:
>
> There are still attack vectors into Unix and Unix like systems (Linux).
> Daemons running with root privileges or setuid programs are a problem,
> since if you obtain root privileges, you can do anything. The SELinux
> framework if you enable it does mitigate some of these issues by
> restricting application permissions further to specific folders or
> files.
>
> A user can thwart these measures by doing dumb things like using the
> root account for everyday tasks or executing a trojan horse sent as an
> email attachment or embedded as a link in a web page as root.
>
While this is quite true, it is also much more difficult to gain
access other than by user stupidity (or ignorance). Unlike the
Windows model, where security is virtually non-existent and most users
run as their own administrators 90% or more of the time, the
UNIX/Linux model is tighter and generally less susceptible to direct
attack.
For one thing, UNIX and Linux kernel vulnerabilities are fixed at a
much faster and higher rate than Windows bugs, and in most of the
cases I've seen of such genuine vulnerabilities, they are found and
fixed by developers and contributors much more frequently than being
found (and not fixed) by dedicated virus writers.
As viruses (not viri - this is grammatically incorrect) are much
harder to write against UNIX and Linux, Trojans will likely be (and
are) more profligate than viruses.
It is also worth noting that the vast majority of Windows viruses use
vulnerabilities in applications such as MS Word and IE to get through
the holes in Windows, and a great many of them are not actually
Windows flaws per se. Witness the most recent "day 0" Windows bug
that Microsoft recently announced
(http://www.infoworld.com/t/malware/what-microsoft-didnt-say-about-the-latest-windows-zero-day-flaw-914)
- it is actually a day 0 bug in IE, but they seemed to feel it was
better to blame it on Windows rather than take yet another hit on
their prize bastard child browser, which is steadily losing market
share to other, better options (Firefox, Safari, etc.).
More information about the ubuntu-users
mailing list