On Friday 26 July 2002 05.26, Carl wrote:
I think most of us run binaries from untrusted sources. It's a fact of life. Time to update thinking.
If you download a binary from an anonymous website, with no knowledge whatever of the person that put it there, you have no way of knowing what that binary will do. No antivirus software in the world will protect you from "rm -rf $HOME/*" or similar. On the other hand, if you compile from source, odds are you'd be safe. Especially if you stick to software you know others are running. I've never heard of a virus being distributed in source form (except for proof of concept viruses, clearly marked as such of course). In the linux world, too many people know how to read source code that such a virus/trojan would stand next to no chance of survival. I run binaries from SuSE, Netscape, AOL, Yahoo and a few other places. My thinking is that a) if I can't trust them at least I can sue, and b) so many other people are looking very intensely at those programs that if there were malicious content it will be discovered and those companies can do without the bad publicity inherent in such a scandal. But I would never run a binary I found on a web site somewhere. And if you ran something you got in the mail you shouldn't be allowed to own a computer.
Here's an example of an email which uses <iframe> in the message to *instantly*execute*the*attachment*:
<HTML><HEAD></HEAD><BODY> <iframe src=cid:Ule09MxWJ6a042KKL3l height=0 width=0> </iframe> <FONT></FONT></BODY></HTML>
No consideration allowed...
That is a well known Outlook/IE bug. I said linux mail clients.
Don't use HTML, as many of us do? Maybe you click the attach in a moment of fatigue or distraction.
I tried sending myself an executable attachment, just to see how kmail would handle it. To get it to execute I had to save it to disk, chmod it to allow execution, and execute it manually. I'd have to be pretty "fatigued" to do that by accident. And if anyone ever makes an email client for linux that allows people to execute attachments easily I hope they are tarred and feathered, as they deserve to be. But a company sysadmin could just mount /home and /tmp with the noexec flag. Then you'd definitely be rid of users' disregarding security policy.
Well you should be running =something=.
Absolutely. Something along the lines of tripwire is excellent advice. Learning at least a little about security is another. Getting an antivirus program and thinking you're safe after that is just fooling yourself. That way Microsoft lies. //Anders