[opensuse] Re: Who said Linux doesnot get Virus infections
James Knott wrote:
Hans van der Merwe wrote:
Why is this not an issue with anyone? Deleting a normal users data is a big thing. They consider the PC broken if their files disappear.
That's a minor issue, compared to some of the other things malware can do. Stuff such as stealing passwords and other personal info, spam generators, corrupting the entire computer etc.
Exactly. And Hans argument is that "stealing passwords and other personal info, spam generators" and such are important issues as well and don't require root rights. They can be done with user-level exploits. Here, you seem to agree; though your other posts don't look like it. The fanboys here concentrate on the point that malware will have more difficulties in corrupting the entire computer. For granted, but they don't admit that stolen user data, arbitrary actions under the user's account (the attack vector here are not executable mail attachments, but wrong interpretation of data files; just look up recent CVEs) and corrupted user files are as bad for normal desktop users as corrupted systems. (Maybe even worse, come to think of it.) Some guys here tell that one should have backups and just restore the corrupted or damaged files. For first, that doesn't protect against stolen passwords or turning one's computer into a spam spouter. Second, how can you be sure that the malware is not already in the backup? If one has multi-generation backup (and few have this on private desktop systems), one has the problem to select the proper version that is not infected. As the CEO of a company that does security consulting, I can confirm that malware is not restricted to Windows in its effectivity. Windows malware volume is larger, but it's frightening to see the mindset "we're safe because we run Unix/Linux/MacOS/take your pick" that appears in many posts in this thread. We have been called quite some time to clean up security incidents with Unix systems (Linux included) at customers -- and these were folks with enterprise-level IT processes. I shudder when I think about the perceived security of private users. But obviously this real-life experience and the untold man-hours that were needed for cleanup can not happen because they must not happen. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
As the CEO of a company that does security consulting, I can confirm that malware is not restricted to Windows in its effectivity. Windows malware volume is larger, but it's frightening to see the mindset "we're safe because we run Unix/Linux/MacOS/take your pick" that appears in many posts in this thread. Remembering this thread was not just Linux in general, but Linux as a Desktop OS, I am not convinced that Linux by design and by usage is less secure or even close to a Windows desktop. They all need security
We have been called quite some time to clean up security incidents with Unix systems (Linux included) at customers -- and these were folks with enterprise-level IT processes. More exposed processes raise the risk, and warrant more protection. Servers, or server processes, will be more vulnerable to and more often attacked, but that is not the topic of this discussion. These servers are not desktops and hopefully do not have an admin of the sort we have
I shudder when I think about the perceived security of private users. Could you elaborate? But obviously this real-life experience and the untold man-hours that were needed for cleanup can not happen because they must not happen. I appreciate your real life input, but I am not sure you fully understand the scope of this discussion. I'm not sure you would say all systems are equally insecure, but if your experience has shown that to you, I will defer. Mine doesn't, so I will agree to disagree with that
On 08/08/2007 08:59 PM, Joachim Schrod wrote: patches, but I believe the Linux community responds quicker. I use Linux fairly often to clean infected media from Windows users, i.e. USB drives, knowing they pose me little threat. No one is saying we are safe just because we run Linux, but that we believe we are much SAFER than if we ran Windows. Are you saying this is false? theorized. point, and will continue to believe I am much SAFER running Linux on my personal home computer than I would be if I ran Windows, even as a knowledgeable user, because the design of Linux is fundamentally better and more secure than Windows. It is far from perfect, but much better. I appreciate your viewpoint, but can't totally agree. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joachim Schrod wrote:
I shudder when I think about the perceived security of private users. But obviously this real-life experience and the untold man-hours that were needed for cleanup can not happen because they must not happen.
It's amazing what some people think. I have a friend, who runs XP and has an ADSL connection. A few years ago, I set her up with a firewall/NAT/WiFi box. Later on, she had a problem with her ADSL line, so when she called for support, they told her to remove the box (standard practice). Now, she refuses to use that firewall, because she was told to remove it and it didn't click in that the request was only for the duration of the support call. She also has installed AV software, but has not paid for any updates. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2007-08-08 at 14:59 +0200, Joachim Schrod wrote:
James Knott wrote:
Hans van der Merwe wrote:
Why is this not an issue with anyone? Deleting a normal users data is a big thing. They consider the PC broken if their files disappear.
That's a minor issue, compared to some of the other things malware can do. Stuff such as stealing passwords and other personal info, spam generators, corrupting the entire computer etc.
Exactly.
And Hans argument is that "stealing passwords and other personal info, spam generators" and such are important issues as well and don't require root rights. They can be done with user-level exploits. Here, you seem to agree; though your other posts don't look like it.
The fanboys here concentrate on the point that malware will have more difficulties in corrupting the entire computer. For granted, but they don't admit that stolen user data, arbitrary actions under the user's account (the attack vector here are not executable mail attachments, but wrong interpretation of data files; just look up recent CVEs) and corrupted user files are as bad for normal desktop users as corrupted systems. (Maybe even worse, come to think of it.)
Some guys here tell that one should have backups and just restore the corrupted or damaged files. For first, that doesn't protect against stolen passwords or turning one's computer into a spam spouter. Second, how can you be sure that the malware is not already in the backup? If one has multi-generation backup (and few have this on private desktop systems), one has the problem to select the proper version that is not infected.
As the CEO of a company that does security consulting, I can confirm that malware is not restricted to Windows in its effectivity. Windows malware volume is larger, but it's frightening to see the mindset "we're safe because we run Unix/Linux/MacOS/take your pick" that appears in many posts in this thread. We have been called quite some time to clean up security incidents with Unix systems (Linux included) at customers -- and these were folks with enterprise-level IT processes. I shudder when I think about the perceived security of private users. But obviously this real-life experience and the untold man-hours that were needed for cleanup can not happen because they must not happen.
Joachim
Indeed, Some of the sites harbouring virii-collections have all sorts of virii that can do harm to linux systems, (When not configured & maintained properly) Thankfully, these are a minute portion of all the worms, virii, backdoors or other evil stuff that has M$ as their target... HW -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
On Wed, 2007-08-08 at 14:59 +0200, Joachim Schrod wrote:
James Knott wrote:
Hans van der Merwe wrote:
Why is this not an issue with anyone? Deleting a normal users data is a big thing. They consider the PC broken if their files disappear.
That's a minor issue, compared to some of the other things malware can do. Stuff such as stealing passwords and other personal info, spam generators, corrupting the entire computer etc.
Exactly.
As the CEO of a company that does security consulting, I can confirm that malware is not restricted to Windows in its effectivity. Windows malware volume is larger, but it's frightening to see the mindset "we're safe because we run Unix/Linux/MacOS/take your pick" that appears in many posts in this thread. We have been called quite some time to clean up security incidents with Unix systems (Linux included) at customers -- and these were folks with enterprise-level IT processes. I shudder when I think about the perceived security of private users. But obviously this real-life experience and the untold man-hours that were needed for cleanup can not happen because they must not happen.
Joachim
Indeed,
Some of the sites harbouring virii-collections have all sorts of virii that can do harm to linux systems, (When not configured & maintained properly)
Thankfully, these are a minute portion of all the worms, virii, backdoors or other evil stuff that has M$ as their target...
HW
For a real life example of a linux infecting site, Bruce Schneier
blogged this article:
http://www.schneier.com/blog/archives/2007/08/how_a_linux_ser.html which
mentioned the location of an infection site at:
http://83.19.148.250/~matys/pliki/
I'm afraid it's still live as of tonight. Believe me, they are around,
live and you do not want anything from there on your linux system.
*
Pete Connolly wrote:
For a real life example of a linux infecting site, Bruce Schneier blogged this article: http://www.schneier.com/blog/archives/2007/08/how_a_linux_ser.html which mentioned the location of an infection site at:
http://83.19.148.250/~matys/pliki/
I'm afraid it's still live as of tonight. Believe me, they are around, live and you do not want anything from there on your linux system.
OK, I'm game. I visited the site and downloaded some files. I had a closer look at one called "ave" which appears to be one of those so-called "linux viruses", attempting to use old do_brk and do_munmap exploits to get root. It's a bit tedious to set up. It seems to be essentially one of the "honor system" viruses for unix, you know the drill: 1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not) If you're running a fairly recent linux distro, nothing happens. But the naive local user who's running some old redhat 6.2 or the like, and goes through the honor system drill above might well lose big time. Not to be cocky, there is some danger here, but it's a far cry from the ease with which windows systems are regularly pwned with no effort whatsoever on the part of the hapless user. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Hans Witvliet
-
James Knott
-
Joachim Schrod
-
Joe Morris (NTM)
-
Pete Connolly
-
Sloan