RE: [opensuse] A BIG "show stopper" for openSUSE at the corporate level anyway!!
Well, I disagree with them. On-access IS needed now and even more in the future!
But it is not needed for linux. It is only needed for linux boxes doing file serving for windows boxes! Ie, it can be better handled directly from samba, not from the kernel. ~~~~~~~~~~~~~~ Just out of curiosity, why would on-access scanning not be needed for Linux? Best, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James D. Parra wrote:
Well, I disagree with them. On-access IS needed now and even more in the future!
But it is not needed for linux. It is only needed for linux boxes doing file serving for windows boxes! Ie, it can be better handled directly from samba, not from the kernel. ~~~~~~~~~~~~~~
Just out of curiosity, why would on-access scanning not be needed for Linux?
Best,
James
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus? -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-07 at 21:14 -0400, James Knott wrote:
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus?
And you do not need on-access-scanning for those. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIcsYBtTMYHG2NR9URAoxRAJ9gsp989Zgs+7cXfgEq+8H+Fp9iCACaAsWl 6nLS8NlR9EAUg5tx4DN9aRI= =eZgM -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
James D. Parra wrote:
Well, I disagree with them. On-access IS needed now and even more in the future!
But it is not needed for linux. It is only needed for linux boxes doing file serving for windows boxes! Ie, it can be better handled directly from samba, not from the kernel. ~~~~~~~~~~~~~~
Just out of curiosity, why would on-access scanning not be needed for Linux?
Best,
James
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus?
That's a good part of why I'm getting requests. And, I recently passed on a worm NOT knowing it was attached. I don't care to do that again. Fred -- This message originated from a Linux computer using Open Source software: openSuSE Linux 11.0 No Gates, no Windows....just Linux - STABLE & SECURE! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-07 at 22:11 -0400, Fred A. Miller wrote:
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus?
That's a good part of why I'm getting requests. And, I recently passed on a worm NOT knowing it was attached. I don't care to do that again.
The point is, you do NOT need dazuko to scan mails for viruses and worms. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIcz2YtTMYHG2NR9URAoFtAJ91uoyPHXvFZtk7DC+i0WJcoE8IXACfXi6t puMkaTPR2BSVqvVRsdF3Bw8= =4vyC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Monday 2008-07-07 at 22:11 -0400, Fred A. Miller wrote:
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus?
That's a good part of why I'm getting requests. And, I recently passed on a worm NOT knowing it was attached. I don't care to do that again.
The point is, you do NOT need dazuko to scan mails for viruses and worms.
Sure......SAMBA and MickySoft anti-virus.....now that's a worthwhile solution.....NOT! Fred -- This message originated from a Linux computer using Open Source software: openSuSE Linux 11.0 No Gates, no Windows....just Linux - STABLE & SECURE! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 13:01 -0400, Fred A. Miller wrote:
That's a good part of why I'm getting requests. And, I recently passed on a worm NOT knowing it was attached. I don't care to do that again.
The point is, you do NOT need dazuko to scan mails for viruses and worms.
Sure......SAMBA and MickySoft anti-virus.....now that's a worthwhile solution.....NOT!
Sigh... you do not need either samba nor "MickySoft anti-virus", nor dazuko, for scanning email in Linux. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc683tTMYHG2NR9URAu6mAJ4yrZ/GpfP2XsYFzUyL6h0awKTRMQCgkQ29 o03qjC65pk1orsUxiT3qqCo= =Qdgv -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Tuesday 2008-07-08 at 13:01 -0400, Fred A. Miller wrote:
That's a good part of why I'm getting requests. And, I recently passed > on a worm NOT knowing it was attached. I don't care to do that again.
The point is, you do NOT need dazuko to scan mails for viruses and worms.
Sure......SAMBA and MickySoft anti-virus.....now that's a worthwhile solution.....NOT!
Sigh... you do not need either samba nor "MickySoft anti-virus", nor dazuko, for scanning email in Linux.
That is true, and there is some software that is expensive that will do the job. No thanks. Fred -- This message originated from a Linux computer using Open Source software: openSuSE Linux 11.0 No Gates, no Windows....just Linux - STABLE & SECURE! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Fred A. Miller wrote:
Carlos E. R. wrote:
Sigh... you do not need either samba nor "MickySoft anti-virus", nor dazuko, for scanning email in Linux.
That is true, and there is some software that is expensive that will do the job. No thanks.
I've been using clamav etc on my smtp servers to scan mail - works for me! Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 08 Jul 2008 15:09:00 -0400, Fred A. Miller wrote:
That is true, and there is some software that is expensive that will do the job. No thanks.
Somehow you don't *want* to understand. You can integrate either free or commercial virus scanners directly into your mail server, so that the MTA passes the mail for checking to the scanner which then passes it back. No on-access scanning needed here. Likewise with samba, where you can also integrate a virus scanner in the same manner. Again no on-access scanning needed. This now understandable enough? Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fred A. Miller wrote:
Carlos E. R. wrote:
The Monday 2008-07-07 at 22:11 -0400, Fred A. Miller wrote:
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus?
That's a good part of why I'm getting requests. And, I recently passed on a worm NOT knowing it was attached. I don't care to do that again.
The point is, you do NOT need dazuko to scan mails for viruses and worms.
Sure......SAMBA and MickySoft anti-virus.....now that's a worthwhile solution.....NOT!
Fred
I think that what Carlos is suggesting is that Samba implements the AV on-access scan (hopefully when files move from filestore, to filestore or both). Full scans would then really only be needed after a virus database update. I have a vague sense of deja vu here. There is is a tendency for some people to go for overkill solutions with AV strategies and to be frank on a Linux machine full on-access scanning is overkill. Linux does not really have the points of vulnerability to file based viruses that Windows has unless one is doing something very silly. Boot sector viruses could be problematic, but they usually only activate on bootable devices and always have been an easily controlled threat outside of DOS based systems. A more effective approach to scanning with the *NIX world probably would be monitoring for applications that are attempting to do things they should not. The threats are there but I would suggest a rather different approach is required for the *NIX world. I have worked with at least one server based AV on access solution (non-Linux/Windows) with which it was found that not only e-mails were being scanned on arriving, they were scanned on delivery to the file system, and then scanned when read the users mail client. With all the subsequent performance hit this entailed. At the moment, with a report by one individual on this list that ClamAV only detected 60% of a virus test set and Antivir a better (but still unacceptable) 95% on the same set, rather suggest (at least until these products are either more fully assessed, or someone can point to such an assessment) these products are currently *not* up to the task anyway so this issue could really be a moot point. For the record I had done a quick search to see if ClamAV had ever gone through such an assessment and I was a bit surprised to find it never really has... the ClamAV site has a rather weak set of comments about untangled (but on some the comments of the validity of untangled results elsewhere suggests that that outfits results should be treated with some caution). However, the virus bulletin has recently done an assessment of Linux based AV products on ubuntu... You will need to register to access the info but is is worth a look at... http://www.virusbtn.com/vb100 A corporate user should be able to afford a properly tested commercial solution if this that important to them, and until the open source products are good enough to withstand this kind of assessment I think there is a bit of problem here. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIc8HMasN0sSnLmgIRAiU2AJ494RED/SOFc57H1W3jb2NwFbGB0QCeIopI tf3mtLOeTYquI4XbDUZYrUI= =rP3x -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G T Smith wrote:
Fred A. Miller wrote: only detected 60% of a virus test set and Antivir a better (but still unacceptable) 95% on the same set, rather suggest (at least until these
Oops It seems that Avira AntiVir did pass the VB100 assessment.... - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIc8KoasN0sSnLmgIRAiBHAJ0b14zl4WXyMn75gA00dVgHT71RmQCfXTSH ihOVLbHzWxMcQbqOC600z/4= =+I2i -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2008-07-08 at 13:01 -0400, Fred A. Miller wrote:
Carlos E. R. wrote:
The Monday 2008-07-07 at 22:11 -0400, Fred A. Miller wrote:
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus?
That's a good part of why I'm getting requests. And, I recently passed on a worm NOT knowing it was attached. I don't care to do that again.
The point is, you do NOT need dazuko to scan mails for viruses and worms.
Sure......SAMBA and MickySoft anti-virus.....now that's a worthwhile solution.....NOT!
You mean something like: scanning.... virus found, deleting: /windows/C/WINDOWS/system virus found, deleting: /windows/C/WINDOWS/system32 ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-07 at 18:06 -0700, James D. Parra wrote: I'd appreciate if you started using another mail client that respected proper quoting and threading practice.
Well, I disagree with them. On-access IS needed now and even more in the future!
But it is not needed for linux. It is only needed for linux boxes doing file serving for windows boxes! Ie, it can be better handled directly from samba, not from the kernel.
Just out of curiosity, why would on-access scanning not be needed for Linux?
What for? What do you need it for? On-access scanning is used to scan for viruses, and you can not replace any program in linux unless you are root. And you are not... At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIcsXPtTMYHG2NR9URAtIfAJ931S91TE7qKe3QzmlBkW4q5iMS6ACffdMz xz69zPBF2T/jEw+/s3qCwWo= =MtYL -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the bigger deal. I don't know about others here, but I can replace my OS; I can't replace my documents. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the bigger deal. I don't know about others here, but I can replace my OS; I can't replace my documents.
From the daily backup maybe?
/Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 08 Jul 2008 18:34:54 +0200, Per Jessen wrote:
Jim Henderson wrote:
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the bigger deal. I don't know about others here, but I can replace my OS; I can't replace my documents.
From the daily backup maybe?
How many home users even know how to do daily backups? How many have the technology? I've got 4 dead DLT drives in the basement. I just suffered the near total loss of the drive that was holding my backups (the drive isn't even recognised by the system any more). AV is *part* of the way of protecting yourself. It's not the whole ball of wax, but it is an important part. I've run Linux boxes for *years* without on-access virus scanning. And no, I've never been infected. But that doesn't mean that it shouldn't be being worked on; there's enough proof of concept viruses out there (and cross-platform OO - for example - ones) that it's something that should be worked on. The fact that someone created one shows that someone's exercising some forward thinking about this...Linux hasn't been a target because it's a small segment of the desktops out there. As the desktop market grows, the need will likely grow as well. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
The fact that someone created one shows that someone's exercising some forward thinking about this...Linux hasn't been a target because it's a small segment of the desktops out there. As the desktop market grows, the need will likely grow as well.
So goes the popular wisdom which I often hear repeated - however linux has been a major segment of the internet server market for some years, and still the sky hasn't fallen. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 08 Jul 2008 12:56:23 -0700, J Sloan wrote:
Jim Henderson wrote:
The fact that someone created one shows that someone's exercising some forward thinking about this...Linux hasn't been a target because it's a small segment of the desktops out there. As the desktop market grows, the need will likely grow as well.
So goes the popular wisdom which I often hear repeated - however linux has been a major segment of the internet server market for some years, and still the sky hasn't fallen.
So it makes sense to be unprepared? Servers tend not to have users opening files on them - desktops do. Servers have a totally different usage scenario than desktops. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* J Sloan
Jim Henderson wrote:
The fact that someone created one shows that someone's exercising some forward thinking about this...Linux hasn't been a target because it's a small segment of the desktops out there. As the desktop market grows, the need will likely grow as well.
Yep. I hear you. My UNIX Mac OS X laptop has been totally infested with virus files since OS X started grabbing so much of the desktop market. ;D The main reason for all these Windows virus infestations is due to the Windows scripting engine and how Windows programs handle files. I'm not say that UNIX/Linux desktops won't have issues with the cyclones of air between the keyboard and the chair just click, click, clicking on things but if the apps and os themselves have intelligence built into them to at least punch the user in the face with a warning that what they're doing isn't such a good idea .. we won't face near what the Wintendo crowd does. We won't get infested just by having the damn things on a network. -ben -- "Gratitude is merely the secret hope of further favors." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 17:26 -0500, Ben Rosenberg wrote:
Yep. I hear you. My UNIX Mac OS X laptop has been totally infested with virus files since OS X started grabbing so much of the desktop market. ;D
I know very little of macs, but I'm curious: what type of virus, what do they infest? macros, system binaries, what? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc/EptTMYHG2NR9URAnY4AJsHBShrEN7WEVuwx+i43sWHEzSVLACeNIgk eVtyUG8J7z267qZVQK3p8Bs= =1pzC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 08 July 2008 15:58, Carlos E. R. wrote:
The Tuesday 2008-07-08 at 17:26 -0500, Ben Rosenberg wrote:
Yep. I hear you. My UNIX Mac OS X laptop has been totally infested with virus files since OS X started grabbing so much of the desktop market. ;D
I know very little of macs, but I'm curious: what type of virus, what do they infest? macros, system binaries, what?
Note the huge winking grin: ;D When / where I was a kid, we called that a "shitty-assed grin." (Don't ask me why, I don't know. Some immigrant farmer thing, no doubt...)
-- Cheers, Carlos E. R.
RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 16:04 -0700, Randall R Schulz wrote:
On Tuesday 08 July 2008 15:58, Carlos E. R. wrote:
The Tuesday 2008-07-08 at 17:26 -0500, Ben Rosenberg wrote:
Yep. I hear you. My UNIX Mac OS X laptop has been totally infested with virus files since OS X started grabbing so much of the desktop market. ;D
I know very little of macs, but I'm curious: what type of virus, what do they infest? macros, system binaries, what?
Note the huge winking grin:
;D
When / where I was a kid, we called that a "shitty-assed grin." (Don't ask me why, I don't know. Some immigrant farmer thing, no doubt...)
Ah! I recogn I'm slow understanding some types of humour. :-} - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc/dQtTMYHG2NR9URAgGUAJwMiquFV+SLMa6rzr5Zi6NWzu2PCACbBM85 mijfBjvsHExhbGGLhqVULkE= =HzFO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
They are the same as Linux, Solaris or other BSD based systems ..
rootkits and scripts that they LUSER has to execute for them to do
anything. Some are executed by browers or whatever .. but those same
bugs that do that will effect Linux, Solaris or other BSD based systems.
There have been a bunch of "proof of concept" virus/trojans just like on
other UNIXish OS's.
* Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2008-07-08 at 17:26 -0500, Ben Rosenberg wrote:
Yep. I hear you. My UNIX Mac OS X laptop has been totally infested with virus files since OS X started grabbing so much of the desktop market. ;D
I know very little of macs, but I'm curious: what type of virus, what do they infest? macros, system binaries, what?
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFIc/EptTMYHG2NR9URAnY4AJsHBShrEN7WEVuwx+i43sWHEzSVLACeNIgk eVtyUG8J7z267qZVQK3p8Bs= =1pzC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org -- XO Communications IP Tier 2 OPS St Louis, MO. -- "Gratitude is merely the secret hope of further favors." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 19:41 -0000, Jim Henderson wrote:
I've run Linux boxes for *years* without on-access virus scanning. And no, I've never been infected. But that doesn't mean that it shouldn't be being worked on; there's enough proof of concept viruses out there (and cross-platform OO - for example - ones) that it's something that should be worked on.
The fact that someone created one shows that someone's exercising some forward thinking about this...Linux hasn't been a target because it's a small segment of the desktops out there. As the desktop market grows, the need will likely grow as well.
But you don't really need on-access-scan to protect linux from possible (future) viruses. What you need to protect are the entry points to the computer: email, external disks, shared mounts... and some inteligence on the part of the user, like scanning downloaded software, manually if needed. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc85atTMYHG2NR9URAhlVAJ46qrWfoFnzWd8SyNmItrCy3ZzPMQCZAXdX 1GyovFQ0roF5b32j2y/XM1g= =nsFS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 08 Jul 2008 22:30:15 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2008-07-08 at 19:41 -0000, Jim Henderson wrote:
I've run Linux boxes for *years* without on-access virus scanning. And no, I've never been infected. But that doesn't mean that it shouldn't be being worked on; there's enough proof of concept viruses out there (and cross-platform OO - for example - ones) that it's something that should be worked on.
The fact that someone created one shows that someone's exercising some forward thinking about this...Linux hasn't been a target because it's a small segment of the desktops out there. As the desktop market grows, the need will likely grow as well.
But you don't really need on-access-scan to protect linux from possible (future) viruses.
What you need to protect are the entry points to the computer: email, external disks, shared mounts... and some inteligence on the part of the user, like scanning downloaded software, manually if needed.
On access scanning, though, is a proven way of dealing particularly with removable media - rather than: 1. I put a USB key in the drive. 2. I scan the key 3. I use the data on the key This process is streamlined by: 1. I put a USB key in the drive 2. I access the data on the key; if it's infected, I get a notification of some sort and access is denied to the file until it's cleaned, usually with manual intervention. This is the workflow users of DOS, DOS/Windows, and Windows are familiar with. From a "let's migrate people to Linux" standpoint, keeping a technical workflow like this as similar as possible is a good thing. Telling the users "it's your responsibility to scan every file you open on your own, manually" isn't a good approach. After all, end users have demonstrated an inability to do something like this on Windows; we are talking about people who forward "Bill Gates will send you $1,000 if you forward this message along" messages thinking they really will get $1,000 for forwarding a message along. In an ideal world, we *should* be able to expect users to be smarter than that, but in the real world, we really can't. We don't treat other aspects of security lightly in Linux, so why *should* we treat viruses as less than that? I would also think that users would only install services they need on a system, but we still configure a firewall for them. We expect users to login with a username and a password - but we have added autologon for those who can't be trained to login. Etc, etc, etc. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 21:06 -0000, Jim Henderson wrote:
But you don't really need on-access-scan to protect linux from possible (future) viruses.
What you need to protect are the entry points to the computer: email, external disks, shared mounts... and some inteligence on the part of the user, like scanning downloaded software, manually if needed.
On access scanning, though, is a proven way of dealing particularly with removable media - rather than:
1. I put a USB key in the drive. 2. I scan the key 3. I use the data on the key
This process is streamlined by:
1. I put a USB key in the drive 2. I access the data on the key; if it's infected, I get a notification of some sort and access is denied to the file until it's cleaned, usually with manual intervention.
This is wasteful and even unsafe; unsafe because only accessed files are scanned. Wasteful because a file is scanned every time it is accessed, repeatedly, which is slow. I don't do that even when I use windows. And not needed in Linux because linux doesn't need this protection: it is only needed for windows. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc+titTMYHG2NR9URArPWAJwMDQOGuc/yPK5ZwL4xtjSN/c0/fgCfSu7p u5XPZ2mdjRUxBW6c1uJc4Rw= =YZ1b -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 00:33:57 +0200, Carlos E. R. wrote:
This is wasteful and even unsafe; unsafe because only accessed files are scanned. Wasteful because a file is scanned every time it is accessed, repeatedly, which is slow. I don't do that even when I use windows.
Unsafe? I want to protect my machine from files that I'm using. Personally, I don't care about the files I'm not using.
And not needed in Linux because linux doesn't need this protection: it is only needed for windows.
It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead. If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now. Sorry about that, but that's just the way it is." That's a good way to turn people off of Linux. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
----- Original Message -----
From: "Jim Henderson"
This is wasteful and even unsafe; unsafe because only accessed files are scanned. Wasteful because a file is scanned every time it is accessed, repeatedly, which is slow. I don't do that even when I use windows.
Unsafe? I want to protect my machine from files that I'm using. Personally, I don't care about the files I'm not using.
Heh, you just made _our_ point. I don't consider merely handling a file "using" it. My linux box doesn't "use" most of the files that may reside on it's hard drive which may contain a virus. Even the ones that are actually used, say via wine, have only the same very limited ability to cause harm that any other user-owned file has, which has proven over time to be limited enough that viri do not spread via them. Think of the basic unix system like rip-stop nylon cloth. With effort you can poke a hole or make a little rip here & there, but they don't spread. With effort and luck a user here or there may lose a few files, or even their whole account. With more effort and more luck, a whole box here or there might be killed or owned. But the virus that did it still can not proliferate. Frankly, a given lost file or whole user account or even whole box, those aren't why viri are a problem. The only reason viri are a problem is because they proliferate and have the ability to cause that harm not once but to all boxes in an unstoppable and lightning fast wave. That doesn't happen here. This is why they're just not a problem here. They can not proliferate like that. So, full-time, all-files, on-access kernel level scanning is pretty much like swatting at flies with a sledgehammer. Sometimes overkill is cool and desireable and fun, and sometimes it's just ignorant, stupid, and wasteful. -- Brian K. White brian@aljex.com http://www.myspace.com/KEYofR +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO FreeBSD #callahans Satriani Filk! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 12:21:55 -0400, Brian K. White wrote:
This is why they're just not a problem here. They can not proliferate like that.
So of course it makes sense to let the infected files lie dormant until someone uses a system like Windows to access them. This doesn't seem like a good idea to me, but what do I know - I've only been using computers for nearly 30 years now. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 09 July 2008 19:11:27 Jim Henderson wrote:
On Wed, 09 Jul 2008 12:21:55 -0400, Brian K. White wrote:
This is why they're just not a problem here. They can not proliferate like that.
So of course it makes sense to let the infected files lie dormant until someone uses a system like Windows to access them.
This doesn't seem like a good idea to me, but what do I know - I've only been using computers for nearly 30 years now.
And in all those years, have you ever come across any system other than windows that needed a virus scanner? I don't believe symantec does on-access scanning for the S/390 either, and the Sun machines in the world seems to have gotten along fine without it Let's face facts, shall we: you have been thoroughly indoctrinated by your windows experiences, and now you want to take that along with you. It's just not needed Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 19:20:46 +0200, Anders Johansson wrote:
On Wednesday 09 July 2008 19:11:27 Jim Henderson wrote:
On Wed, 09 Jul 2008 12:21:55 -0400, Brian K. White wrote:
This is why they're just not a problem here. They can not proliferate like that.
So of course it makes sense to let the infected files lie dormant until someone uses a system like Windows to access them.
This doesn't seem like a good idea to me, but what do I know - I've only been using computers for nearly 30 years now.
And in all those years, have you ever come across any system other than windows that needed a virus scanner?
I don't believe symantec does on-access scanning for the S/390 either, and the Sun machines in the world seems to have gotten along fine without it
Yeah, I didn't need one on my Timex Sinclair either. Or my C64. Or my Apple II. Those systems tended not to be networked. S/390 is kinda hard for virus developers to access to actually create a virus for it. It's not something you can just go down to your local computer store and purchase for a reasonable price, after all.
Let's face facts, shall we: you have been thoroughly indoctrinated by your windows experiences, and now you want to take that along with you.
It's just not needed
It's not needed *today* perhaps. That doesn't mean it will *never* be needed. I've been a Linux user for nearly 12 years now. Do I use virus protection? No. Why? Because, like you said, it's not needed. However, I also am *careful* about what websites I visit and what programs I run. As more and more "typical" users use Linux, *perhaps* this is something that will be needed. Perhaps not. That doesn't mean it's not an option worth exploring. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 09 July 2008 19:30:44 Jim Henderson wrote:
I've been a Linux user for nearly 12 years now. Do I use virus protection? No. Why? Because, like you said, it's not needed. However, I also am *careful* about what websites I visit and what programs I run. As more and more "typical" users use Linux, *perhaps* this is something that will be needed. Perhaps not.
That doesn't mean it's not an option worth exploring.
What exactly do you think a virus scanner can do for you? Do you seriously believe it can protect against malicious code? A virus scanner looks for well known virus code. By definition, it is only useful once there are known viruses to look for. Any damaging code that is not already well known will not be found. Unless of course you think scanners look for all instances of "rm", or calls to socket() to send email, or whatever else viruses do. Do you can safely ignore a virus scanner on your linux-only system until you start reading about virus proliferation, because then - and only then - will a virus scanner find anything. Don't hold your breath though. As several have said already, the attack vector just isn't there Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 22:35:26 +0200, Anders Johansson wrote:
On Wednesday 09 July 2008 19:30:44 Jim Henderson wrote:
I've been a Linux user for nearly 12 years now. Do I use virus protection? No. Why? Because, like you said, it's not needed. However, I also am *careful* about what websites I visit and what programs I run. As more and more "typical" users use Linux, *perhaps* this is something that will be needed. Perhaps not.
That doesn't mean it's not an option worth exploring.
What exactly do you think a virus scanner can do for you? Do you seriously believe it can protect against malicious code?
I have *seen* virus scanners protect against malicious code. Unknown malicious code? No, but (for example) when I had a lab full of machines that got infected by the Yale/Alameda virus because of students not being careful, I was glad to have a TSR virus scanner to prevent it from getting into memory in the first place.
A virus scanner looks for well known virus code. By definition, it is only useful once there are known viruses to look for. Any damaging code that is not already well known will not be found.
*Exactly*. Are you saying there's no value in looking for *known* threats? I'm not quite sure what your point is here.
Unless of course you think scanners look for all instances of "rm", or calls to socket() to send email, or whatever else viruses do.
No, I'm very well acquainted with what virus scanners can do (and do), having used them for many, many years, as well as having experimented with virus interactions in a secured environment.
Do you can safely ignore a virus scanner on your linux-only system until you start reading about virus proliferation, because then - and only then - will a virus scanner find anything.
That doesn't mean there isn't value in planning for that possibility.
Don't hold your breath though. As several have said already, the attack vector just isn't there
I'm not convinced it's not there. I'm convinced it isn't being used today. As long as there are users using systems, the vector is there. Many viruses spread now through social engineering. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
----- Original Message -----
From: "Jim Henderson"
This is why they're just not a problem here. They can not proliferate like that.
So of course it makes sense to let the infected files lie dormant until someone uses a system like Windows to access them.
Is it a car's responsibility to scan the trunk for bombs? Even if you could add that ability for a mere 100% increase in initial cost, weight, fuel consumption, occupied volume, and ongoing maintenance? Even a mere 10% overhead? Is it your shirt's responsibility to scan every floppy you put in your pocket for viruses? How about thumb drives? Should we build a virus scanner into every usb thumb drive? Why don't SAN/NAS boxes do it? I'm not denying that there are uses for virus scanners. I'm saying the average linux box has better things to do with it's cpu and i/o resources peforming actual useful tasks. If you want to scan everything for virii, then put that into a dedicated appliance on the network between the users and the application host. But I'll partially backpedal. I guess the same argument could be made about routers, spi firewalls, and vpn endpoints. There are hardware appliances for those, and yet there is also a use for doing them in software on the application host too in small sites. And probably SAN/NAS boxes that perform full time all data scanning will actually start appearing. It's just retarded to make the box waste time scanning things it knows cannot possibly contain a virus, or that cannot hurt anything even if they do. It's a bad trade-off, doing work 100% of the time just to protect against 1% chance of a problem. When ImageMagick reads a file, even one created on a windows machine that may contain a virus, I do not need the kernel to scan it for virii. When ImageMagick writes a temp file, I do not need to scan it for virii either at write or read times. When my multi-user database app writes a thousand temp files every minute and does thousands of surgical reads and writes of individual records evey minute I do not need every one of those transactions being scanned for a virus. I most especially do not need the the even more numerous index maintenance ops being scanned. If I wanted to be super nice, just as an over-the-top service to my users, I might possibly install a module into apache and scan all outgoing static and dynamic content as it is served out.
This doesn't seem like a good idea to me, but what do I know - I've only been using computers for nearly 30 years now.
Same here. Just about exactly when I started hacking on my Dads TRS-80's and my school's Apple ][e's and Prime's and my friend's Ti-99a's and C64's Brian K. White brian@aljex.com http://www.myspace.com/KEYofR +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO FreeBSD #callahans Satriani Filk! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 15:31:19 -0400, Brian K. White wrote:
This is why they're just not a problem here. They can not proliferate like that.
So of course it makes sense to let the infected files lie dormant until someone uses a system like Windows to access them.
Is it a car's responsibility to scan the trunk for bombs? Even if you could add that ability for a mere 100% increase in initial cost, weight, fuel consumption, occupied volume, and ongoing maintenance? Even a mere 10% overhead?
Not exactly the same thing, but if someone put an add-on in a car to allow it to be scanned constantly, would anyone object?
Is it your shirt's responsibility to scan every floppy you put in your pocket for viruses?
Of course not. My shirt doesn't run programs. My computer does.
How about thumb drives? Should we build a virus scanner into every usb thumb drive?
My USB drives don't run programs. My computer does. ;-)
Why don't SAN/NAS boxes do it?
Because they're *storage* devices, not *processing* devices.
I'm not denying that there are uses for virus scanners. I'm saying the average linux box has better things to do with it's cpu and i/o resources peforming actual useful tasks. If you want to scan everything for virii, then put that into a dedicated appliance on the network between the users and the application host.
Actually, the idea is not to "scan everything", it's to "scan things that are accessed". Scanning everything would be like running a scheduled scan once a day. When you've got relatively static data, that works fine, at least it has for me.
But I'll partially backpedal. I guess the same argument could be made about routers, spi firewalls, and vpn endpoints. There are hardware appliances for those, and yet there is also a use for doing them in software on the application host too in small sites. And probably SAN/NAS boxes that perform full time all data scanning will actually start appearing.
Quite possibly. But also keep in mind that people who implement a single system aren't going to want an overcomplicated second system to scan for viruses. They'll look at the Windows world and say "I don't need a separate machine to scan my Windows machines, so using Linux adds cost = another machine, another install, higher maintenance, etc". I don't think *anyone* is advocating that the *kernel* do the scanning. But leveraging kernel hooks to implement scanning is how it's done on other OSes. Hell, even NetWare has on-access scanning capabilities with third party add-ons, and NOBODY runs applications (not in the sense that one runs OpenOffice) on NetWare. End users have exactly ZERO access to run apps on the NetWare kernel. And on-access scanning there *typically* doesn't kill the kernel or overload it with work, even on systems 10 years ago. Even on systems with *thousands* of users accessing files. So it seems to me that if an on-access scanning agent on Linux impacts performance to the degree that some say it does, then there's an architecture problem in the agent. I've seen effective on-access scanning implemented on systems running 80[34]86 processors.
It's just retarded to make the box waste time scanning things it knows cannot possibly contain a virus, or that cannot hurt anything even if they do.
So a well architected solution wouldn't scan image files, for example - using the 'file' command it's easy to tell if a file contains executable code or not. Or to exclude /tmp directories. Again using the NetWare analogy, AV solutions there that do on-demand scanning typically allow the administrator to exclude files by file extension (since file typing isn't something implemented in that kernel or with the standard utilities - not that it couldn't be) or by directory. I remember seeing problems with some scanning the _NETWARE directory and deciding database files there that stored user information were infected and then "cleaning" them.
It's a bad trade-off, doing work 100% of the time just to protect against 1% chance of a problem. When ImageMagick reads a file, even one created on a windows machine that may contain a virus, I do not need the kernel to scan it for virii. When ImageMagick writes a temp file, I do not need to scan it for virii either at write or read times. When my multi-user database app writes a thousand temp files every minute and does thousands of surgical reads and writes of individual records evey minute I do not need every one of those transactions being scanned for a virus. I most especially do not need the the even more numerous index maintenance ops being scanned. If I wanted to be super nice, just as an over-the-top service to my users, I might possibly install a module into apache and scan all outgoing static and dynamic content as it is served out.
And that's what exclusions for. Why is it that some think on-access has to be an "all or nothing" proposition? Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Wed, 09 Jul 2008 15:31:19 -0400, Brian K. White wrote:
Is it a car's responsibility to scan the trunk for bombs? Even if you could add that ability for a mere 100% increase in initial cost, weight, fuel consumption, occupied volume, and ongoing maintenance? Even a mere 10% overhead?
Not exactly the same thing, but if someone put an add-on in a car to allow it to be scanned constantly, would anyone object?
If the "add-on" cut the gas mileage in half, limited acceleration, increased the weight of the car by 2300 pounds, and required daily updates and maintenance, I'd say "take that retarded thing out of my car". I don't need a solution like that. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 15:11:36 -0700, J Sloan wrote:
If the "add-on" cut the gas mileage in half, limited acceleration, increased the weight of the car by 2300 pounds, and required daily updates and maintenance, I'd say "take that retarded thing out of my car". I don't need a solution like that.
I don't think I've ever seen on-access scanning that had that kind of an impact on a system. And I've seen some poorly-implemented on-access scanning in my time. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2008-07-09 at 17:11 +0000, Jim Henderson wrote:
On Wed, 09 Jul 2008 12:21:55 -0400, Brian K. White wrote:
This is why they're just not a problem here. They can not proliferate like that.
So of course it makes sense to let the infected files lie dormant until someone uses a system like Windows to access them.
This doesn't seem like a good idea to me, but what do I know - I've only been using computers for nearly 30 years now.
I keep thinking that a hook to scan on a file being introduced to the system would be the way to go, matched up with scanning of any file accessed on removable media, like floppies, or usb/firewire-drives. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 18:29:43 -0400, Mike McMullin wrote:
I keep thinking that a hook to scan on a file being introduced to the system would be the way to go, matched up with scanning of any file accessed on removable media, like floppies, or usb/firewire-drives.
I don't know about usb/firewire drives being treated differently, but that's because I've got a couple 1 TB storage devices that connect that way. But if I could exclude their mountpoints from scanning after doing an initial scan, that'd make me happy (if I was really concerned about it). Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Jim Henderson
On Wed, 09 Jul 2008 12:21:55 -0400, Brian K. White wrote:
This is why they're just not a problem here. They can not proliferate like that.
So of course it makes sense to let the infected files lie dormant until someone uses a system like Windows to access them.
This doesn't seem like a good idea to me, but what do I know - I've only been using computers for nearly 30 years now.
And in that 30 years UNIX was used to build the Internet and there has yet to be someone who cared enough to write something that can hack root on the fly and self-perpetuate a payload to every system that accesses it. Again, remember what Yoda said .. " you must unlearn what you have learned. " I just want the question answered as to why Apple has about 20% of the laptop market and x amount of the "desktop" market yet no one has written a virus that can hop from Macbook to MacbookPro to Mac Mini to Mac Pro as they hop from Win2k to XP to Vista? Please just answer why a mainstream UNIX OS has not one virus for it? When I get a good answer about why UNIX has to have it's users execute the Trojan like a bunch click-click monkeys .. I'll probably stop being a pain in da butt about it. ;D -ben -- XO Communications IP Tier 2 OPS St Louis, MO. -- "Gratitude is merely the secret hope of further favors." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 17:57:32 -0500, Ben Rosenberg wrote:
This doesn't seem like a good idea to me, but what do I know - I've only been using computers for nearly 30 years now.
And in that 30 years UNIX was used to build the Internet and there has yet to be someone who cared enough to write something that can hack root on the fly and self-perpetuate a payload to every system that accesses it. Again, remember what Yoda said .. " you must unlearn what you have learned. "
Perpetrating a virus through servers doesn't make as big a splash. There are plenty of reasons why nobody has cared. Windows has a big ol' bulls- eye painted on it for the virus writers.
I just want the question answered as to why Apple has about 20% of the laptop market and x amount of the "desktop" market yet no one has written a virus that can hop from Macbook to MacbookPro to Mac Mini to Mac Pro as they hop from Win2k to XP to Vista? Please just answer why a mainstream UNIX OS has not one virus for it?
So, Bliss doesn't exist? Yep, that's a Linux virus that infects ELF binaries. It self-replicates. It is proof-of concept work, but it does demonstrate that it is theroretically possible. Then there's also things like the Morris worm. Some of the oldest worms on the 'net were propagated solely through Unix systems. That was designed as a POC and it got out of hand and caused massive denial of services. Oh, and the US GAO estimated the cost of the worm between 10 and 100 million US dollars.
When I get a good answer about why UNIX has to have it's users execute the Trojan like a bunch click-click monkeys .. I'll probably stop being a pain in da butt about it. ;D
Because people are moving from Windows to Linux. Windows users have a tendancy to do stupid things like run programs they shouldn't trust. There is no magic about becoming magically smarter when you move from Windows to Linux - you don't get any special insight that says "oh, I shouldn't open the executable file that my sister-in-law's second cousin's mother's third cousin sent to me without checking to see if it's a virus first". Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Donnerstag, 10. Juli 2008, Jim Henderson wrote:
Perpetrating a virus through servers doesn't make as big a splash.
Sure, nobody would notice eBay, Google or Amazon going down because of
that....
CU
--
Stefan Hundhammer
On Wednesday 09 July 2008 17:57, Ben Rosenberg wrote:
I just want the question answered as to why Apple has about 20% of the laptop market and x amount of the "desktop" market yet no one has written a virus that can hop from Macbook to MacbookPro to Mac Mini to Mac Pro as they hop from Win2k to XP to Vista? Please just answer why a mainstream UNIX OS has not one virus for it?
The public still has the mistaken impression that computer viruses (also trojans, worms, etc) are practical for all operating systems. This is stated on the net over and over and over... and its a lie. The design of *nix systems (including MAC) prevents 99% of all practical viri that are possible in windows (name your flavor). Penetrating the other 1% of potential vulnerability is just not practical. A person (very specialized person mind you) might be able to exploit a kernel vulnerability on a given *nix system.... but which kernel? If probing datagrams can not get past the kernel, who knows what is behind that address. Can it be done... sure! Is it practical (say easy) NO! So far the public doesn't believe this... but you have the right thought line. As linux (and MAC) market share increase and viruses don't (on that platform), then the truth will be realized. In the mean-time, its a waiting game... and some preaching. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2008-07-09T18:26:58, M Harris
The public still has the mistaken impression that computer viruses (also trojans, worms, etc) are practical for all operating systems. This is stated on the net over and over and over... and its a lie. The design of *nix systems (including MAC) prevents 99% of all practical viri that are possible in windows (name your flavor). Penetrating the other 1% of potential vulnerability is just not practical.
Right. There never was a sendmail worm. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Lars Marowsky-Bree wrote:
On 2008-07-09T18:26:58, M Harris
wrote: The public still has the mistaken impression that computer viruses (also trojans, worms, etc) are practical for all operating systems. This is stated on the net over and over and over... and its a lie. The design of *nix systems (including MAC) prevents 99% of all practical viri that are possible in windows (name your flavor). Penetrating the other 1% of potential vulnerability is just not practical.
Right. There never was a sendmail worm.
The internet was a different place in 1988. Systems were basically wide open, and there was a lot of trust. Heck, you could telnet from a server at University of California to a server at MIT back then. In the years since 1988, unix/internet security has hardened considerably, while microsoft is just now taking baby steps towards security it seems. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 10 July 2008 11:55, J Sloan wrote:
Right. There never was a sendmail worm.
The internet was a different place in 1988. Systems were basically wide SNIP In the years since 1988, unix/internet security has hardened considerably, while microsoft is just now taking baby steps towards security it seems.
Yes. Basically, if sendmail is configured correctly (and whole entire books have been written on the subject) it is rock solid today. I am not saying that there have not been any isolated (even serious) vulnerabilities in the *nix world--- for crying out loud we're not talking about isolated bugs here. I *am* saying that the vulnerabilities *inherent* with windows (name your flavor) do not exist in *nix because of significant design constraints. Almost all *experts* have said that the reason you don't see exploitation on Linux or Mac is because the market share is not high enough. That is bogus. The reason you don't see exploitation on Linux or Mac (wide-spread in the likes of MS) is because the *inherent* design flaws of MS do not exist on Mac, (FreeBSD), or Linux. Everyone will be able to see the truth of this claim as the laptop market share continues to climb for Mac, and as more and more Llinux distros become pre-loaded. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2008-07-11T16:12:50, M Harris
I am not saying that there have not been any isolated (even serious) vulnerabilities in the *nix world--- for crying out loud we're not talking about isolated bugs here. I *am* saying that the vulnerabilities *inherent* with windows (name your flavor) do not exist in *nix because of significant design constraints.
I think that's a somewhat dangerous attitude to take. With the prevailence of single user systems, the system is essentially just as toasted if the home directory is destroyed; further, there's a dangerous tendency for people to "cache" the root password, which strikes me as an execeptionally smart time to strike, and some people even recommend setting up sudo for all users without password! It's true that a traditional system setup has difficulty in spreading viruses, but against trojans the system is just as vulnerable; and local root exploits are not that rare, either. That doesn't mean that I consider on-access scanning, implemented via kernel hooks, a smart idea; clearly, scanning on or during transmission (ftp, http, smtp, IMAP etc) is preferable; server-side only is not sufficient for encrypted content though. INotify is neat, but is only delayed; it might be too late, as it needs to happen before the trojan is activated and had a chance to try and disable the local protection layer. AppArmor, DAC, MAC et al are great tools. This doesn't mean that we don't need a general API/ABI which applications - such as Samba, MUA and MTA, browsers et al - can call to have a particular bit of content scanned before proceeding. If you then wanted, you could run an LDD_PRELOAD for apps which don't cooperate and use this to map open()/close() to such functionality. This would approximate the protection you get on Windows with none of the problems of Linux kernel hooks. (Which does not mean this could not be used by an inotify() based scanner as well.) The clear thing though is that on Linux, scanning must happen in user-space. The kernel could possibly cooperate - access denied before the user-space scanner has cleared the file -, but we need something sanner than on-access scanning hooks. Regards, Lars -- Teamlead Kernel, SuSE Labs, Research and Development SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) "Experience is the name everyone gives to their mistakes." -- Oscar Wilde -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Jul 13, 2008 at 10:27 AM, Lars Marowsky-Bree
It's true that a traditional system setup has difficulty in spreading viruses, but against trojans the system is just as vulnerable; and local root exploits are not that rare, either.
Why do you say the system is just as vulnerable against/to trojans Trojans usually involve a replacement module for a system module. To get a trojan to work on linux, you have to: 1) Convince someone to download it, 2) put it in the path (usually ~/bin) 3) mark it executable That has stymied most trojans to date. Had it not, they would be common. They are not common, so those impediments must be highly effective. Local root exploits generally require the same. You have to get something to execute before it can exploit any pre-existing root weakness. -- ----------JSA--------- Sig line deleted for the humor impaired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-07-13 at 16:48 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 10:27 AM, Lars Marowsky-Bree
wrote: It's true that a traditional system setup has difficulty in spreading viruses, but against trojans the system is just as vulnerable; and local root exploits are not that rare, either.
Why do you say the system is just as vulnerable against/to trojans
Trojans usually involve a replacement module for a system module. To get a trojan to work on linux, you have to: 1) Convince someone to download it,
Just create an interesting repository in the build service and pervert it. Or hack pervert an existing repo. Or pervert the source code of some project, it might take some time till discovered. :-P - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIepc/tTMYHG2NR9URAunmAJ48FN1QcfHVPJH2+jajAdtU74CDWQCeKNHB 5ui34KgV3ECEUq6R7lPOlAc= =0BD4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Jul 13, 2008 at 5:01 PM, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-07-13 at 16:48 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 10:27 AM, Lars Marowsky-Bree
wrote: It's true that a traditional system setup has difficulty in spreading viruses, but against trojans the system is just as vulnerable; and local root exploits are not that rare, either.
Why do you say the system is just as vulnerable against/to trojans
Trojans usually involve a replacement module for a system module. To get a trojan to work on linux, you have to: 1) Convince someone to download it,
Just create an interesting repository in the build service and pervert it.
Or hack pervert an existing repo.
Or pervert the source code of some project, it might take some time till discovered.
Of these the last seems possible. Especially if the project is in disarray, and check ins are not carefully watched. But Repos usually are signed, and in addition to the above you have to convince the masses that the key should be imported and trusted. -- ----------JSA--------- Sig line deleted for the humor impaired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-07-13 at 17:06 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 5:01 PM, Carlos E. R.
Trojans usually involve a replacement module for a system module. To get a trojan to work on linux, you have to: 1) Convince someone to download it,
Just create an interesting repository in the build service and pervert it.
Or hack pervert an existing repo.
Or pervert the source code of some project, it might take some time till discovered.
Of these the last seems possible. Especially if the project is in disarray, and check ins are not carefully watched.
But Repos usually are signed, and in addition to the above you have to convince the masses that the key should be imported and trusted.
Just create a repo with a signature with the intention from the start to pervert it. It is signed, so what? There is no strong web of trust in the pgp sense (face to person signing of keys). About convincing the masses to import the key, that's easy enough: once you want to add a repo, you just press enter when yast asks about importing the key. What do you expect? How can we manually import each key and whom do we ask if each repo (there are hundreds) is trustworthy? How do we know who is behind and responsible for each repo? Where are the descriptions of each repo, a declaration of intentions, a list of owners? No, we simply search for a repo that contains what we want (with a search engine, perhaps), add it, answer yes to all questions. Bingo! F! I'm not telling there is inmediate danger, but that there could be. It scares me more than viruses, that's a fact. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIeqiDtTMYHG2NR9URArzzAKCGiIa7l94hClpoPhWpwBSjlCjqMQCfcH7V 4LhEU/R811kQClf4fCyRyrU= =yvz0 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Jul 13, 2008 at 6:14 PM, Carlos E. R.
There is no strong web of trust in the pgp sense (face to person signing of keys). True, but with source code availability this is less needed. (Anticipating your next question, No, I don't read every line of source code. :-(
No, we simply search for a repo that contains what we want (with a search engine, perhaps), add it, answer yes to all questions. Bingo! F!
Maybe some do, but I bet most don't. I bet you don't. Usually by the time you figure out how to add repros you also figure out some of the risks.
I'm not telling there is inmediate danger, but that there could be. It scares me more than viruses, that's a fact.
That's for sure. I would think a port-open log would be a useful thing. (Outbound and Inbound). Thatway the ticking timebomb at least leaves a track when it opens a port in the wee hours and sends your database to China. -- ----------JSA--------- Sig line deleted for the humor impaired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Jul 13, 2008 at 11:38 PM, John Andersen
On Sun, Jul 13, 2008 at 6:14 PM, Carlos E. R.
wrote: There is no strong web of trust in the pgp sense (face to person signing of keys). True, but with source code availability this is less needed. (Anticipating your next question, No, I don't read every line of source code. :-(
No, we simply search for a repo that contains what we want (with a search engine, perhaps), add it, answer yes to all questions. Bingo! F!
Maybe some do, but I bet most don't. I bet you don't. Usually by the time you figure out how to add repros you also figure out some of the risks.
I'm not telling there is inmediate danger, but that there could be. It scares me more than viruses, that's a fact.
That's for sure. I would think a port-open log would be a useful thing. (Outbound and Inbound). Thatway the ticking timebomb at least leaves a track when it opens a port in the wee hours and sends your database to China.
You can upload it to the opensuse wiki... that seems to go pretty unchecked, too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2008-07-14 at 03:14 +0200, Carlos E. R. wrote:
But Repos usually are signed, and in addition to the above you have to convince the masses that the key should be imported and trusted.
Just create a repo with a signature with the intention from the start to pervert it. It is signed, so what? There is no strong web of trust in the pgp sense (face to person signing of keys).
About convincing the masses to import the key, that's easy enough: once you want to add a repo, you just press enter when yast asks about importing the key. What do you expect? How can we manually import each key and whom do we ask if each repo (there are hundreds) is trustworthy? How do we know who is behind and responsible for each repo? Where are the descriptions of each repo, a declaration of intentions, a list of owners?
No, we simply search for a repo that contains what we want (with a search engine, perhaps), add it, answer yes to all questions. Bingo! F!
I'm not telling there is inmediate danger, but that there could be. It scares me more than viruses, that's a fact.
Yes, i agree, It's easy to create a repo. (well, atleast the administrative part of it, not the creating of a properly functioning spec-file) But what do you suggest? You cann't ask the people of SuSE to check and re-check the content of the OBS for each and every repo. web-of-trust for email is one thing, doing the same for a repo is quite something else... A job-interview with AJ, Stephan or Marcus before they get entrance to the OBS? Don't think so. Perhaps a treshold can be the place of the code in the obs: 1) under repo/home:/<any-joker> not to be trusted 2) anywhere else : can be trusted And if you consider your projcet that usefull/important for the world, you have to explain it to the maintainers of the obs, and they can check the code before giving you access to the "trusted parts" of the OBS. (just some 0.02 euro's) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-14 at 19:30 +0200, Hans Witvliet wrote: ...
I'm not telling there is inmediate danger, but that there could be. It scares me more than viruses, that's a fact.
Yes, i agree, It's easy to create a repo. (well, atleast the administrative part of it, not the creating of a properly functioning spec-file)
Right; I wouldn't know how to do the second part :-)
But what do you suggest? You cann't ask the people of SuSE to check and re-check the content of the OBS for each and every repo.
I have no idea. I just throw the question, then go back and watch you argue it ;-) No, seriously, I don't know. I'm just airing my own doubts. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIe5o8tTMYHG2NR9URAsewAJsHZdWAVQByzPxTAmzarAbcjxEMXACaAmy5 +PXDvOQpVbbCRNJ8OFomZ6c= =RtcH -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Jul 14, 2008 at 11:25 AM, Carlos E. R.
But what do you suggest? You cann't ask the people of SuSE to check and re-check the content of the OBS for each and every repo.
I have no idea. I just throw the question, then go back and watch you argue it ;-)
Most viruses/trojans are powerless to do anything but destroy data on the local machine unless or until they open a network connection. If there were to exist a test harness that could run any application and trap attempts to open any port (either to listen or to connect) and log these (perhaps asking for confirmation) it might be useful to detect these things. This is available for XP and Vista, and works very well. Unfortunately you have no clue why its opening a port, and it doesn't tell you much other than that the application tried to listen on a port. The test harness should also not let the tested application set the execute permission on any file. This would prevent it from making an outbound connection and downloading something nasty. Is there anything that prevents an application from setting execute permissions is SELinux? How much of this risk would be eliminated by using the SELinux extensions? -- ----------JSA--------- Sig line deleted for the humor impaired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-14 at 11:56 -0700, John Andersen wrote:
On Mon, Jul 14, 2008 at 11:25 AM, Carlos E. R.
wrote: But what do you suggest? You cann't ask the people of SuSE to check and re-check the content of the OBS for each and every repo.
I have no idea. I just throw the question, then go back and watch you argue it ;-)
Most viruses/trojans are powerless to do anything but destroy data on the local machine unless or until they open a network connection.
The paragraphs above referred to the danger of someone perverting a repository and users installing perverted packages.
If there were to exist a test harness that could run any application and trap attempts to open any port (either to listen or to connect) and log these (perhaps asking for confirmation) it might be useful to detect these things.
This is available for XP and Vista, and works very well. Unfortunately you have no clue why its opening a port, and it doesn't tell you much other than that the application tried to listen on a port.
The test harness should also not let the tested application set the execute permission on any file. This would prevent it from making an outbound connection and downloading something nasty.
Is there anything that prevents an application from setting execute permissions is SELinux?
How much of this risk would be eliminated by using the SELinux extensions?
Apparmour can do that, and more, but you need to adjust the profile for each program it runs. Or rather services. I think you can not run bot selinux and apparmour, and suse comes with the second. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIf+GutTMYHG2NR9URAkfxAKCLnF5IDkt1pd5yKM08Wproer1fJQCffmvr qb8e2USlPLPw9jacaIx+DAc= =AyWo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Jul 14, 2008 at 07:30:10PM +0200, Hans Witvliet wrote:
On Mon, 2008-07-14 at 03:14 +0200, Carlos E. R. wrote:
But Repos usually are signed, and in addition to the above you have to convince the masses that the key should be imported and trusted.
Just create a repo with a signature with the intention from the start to pervert it. It is signed, so what? There is no strong web of trust in the pgp sense (face to person signing of keys).
About convincing the masses to import the key, that's easy enough: once you want to add a repo, you just press enter when yast asks about importing the key. What do you expect? How can we manually import each key and whom do we ask if each repo (there are hundreds) is trustworthy? How do we know who is behind and responsible for each repo? Where are the descriptions of each repo, a declaration of intentions, a list of owners?
No, we simply search for a repo that contains what we want (with a search engine, perhaps), add it, answer yes to all questions. Bingo! F!
I'm not telling there is inmediate danger, but that there could be. It scares me more than viruses, that's a fact.
Yes, i agree, It's easy to create a repo. (well, atleast the administrative part of it, not the creating of a properly functioning spec-file)
But what do you suggest? You cann't ask the people of SuSE to check and re-check the content of the OBS for each and every repo.
web-of-trust for email is one thing, doing the same for a repo is quite something else... A job-interview with AJ, Stephan or Marcus before they get entrance to the OBS? Don't think so.
Perhaps a treshold can be the place of the code in the obs: 1) under repo/home:/<any-joker> not to be trusted 2) anywhere else : can be trusted
And if you consider your projcet that usefull/important for the world, you have to explain it to the maintainers of the obs, and they can check the code before giving you access to the "trusted parts" of the OBS.
We have currently one student working on this notion of trust, but it is a very difficult topic to model and to make correct working. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-14 at 21:55 +0200, Marcus Meissner wrote:
We have currently one student working on this notion of trust, but it is a very difficult topic to model and to make correct working.
Thanks: it will be interesting to learn of the results/conclusions :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIf+UttTMYHG2NR9URAud1AJ44HN0Fcs2w0tJYDg7CxL87OkhymACfdjse F9MEeNtm53fqsJvoR+mHrYQ= =FPcu -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 17 July 2008 07:34:49 pm Carlos E. R. wrote:
The Monday 2008-07-14 at 21:55 +0200, Marcus Meissner wrote:
We have currently one student working on this notion of trust, but it is a very difficult topic to model and to make correct working.
Thanks: it will be interesting to learn of the results/conclusions :-)
I know it exists, but I got to look all Build Service related pages: It would be nice to give a comments on ideas. Warning: It is a lot of reading. http://en.opensuse.org/Build_Service/Concepts/Trust -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Jul 17, 2008 at 11:51:20PM -0500, Rajko M. wrote:
On Thursday 17 July 2008 07:34:49 pm Carlos E. R. wrote:
The Monday 2008-07-14 at 21:55 +0200, Marcus Meissner wrote:
We have currently one student working on this notion of trust, but it is a very difficult topic to model and to make correct working.
Thanks: it will be interesting to learn of the results/conclusions :-)
I know it exists, but I got to look all Build Service related pages: It would be nice to give a comments on ideas. Warning: It is a lot of reading.
This is a _DRAFT_ work and mostly it shows its near to impossible. And its not security related. ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 13 Jul 2008 17:06:15 -0700, John Andersen wrote:
But Repos usually are signed, and in addition to the above you have to convince the masses that the key should be imported and trusted.
How hard is that - really - to do, though? Most people find something they want to install and install it. I wonder how many people just click through the "trust this key and import it" prompt. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Jul 13, 2008 at 7:55 PM, Jim Henderson
On Sun, 13 Jul 2008 17:06:15 -0700, John Andersen wrote:
But Repos usually are signed, and in addition to the above you have to convince the masses that the key should be imported and trusted.
How hard is that - really - to do, though? Most people find something they want to install and install it. I wonder how many people just click through the "trust this key and import it" prompt.
Jim
True. I suppose anyone could put a repo out, sign it and await suckers to install compromised software. I always stick to repos mentioned on Opensuse's 3rd party repo page or from names I recognize. The ease with which a userland application can start listening on a port is the main risk (in my opinion) when it comes to rogue software. (This is THE one area where a iptables based firewall is useful IMHO, although I prefer a separate hardware firewall/router for this). Outgoing connections are even more problematic. But bringing it back on topic just a little, NONE of the available scanning packages check for Linux exploits anyway, so unless you are scanning to protect windows machines the anti-virus anti-malware scanners are useless. -- ----------JSA--------- Sig line deleted for the humor impaired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 13 July 2008 07:01:01 pm Carlos E. R. wrote:
Just create an interesting repository in the build service and pervert it.
Build Service and any other large project is not the easiest venue. I don't think that some guys didn't came on idea to misuse them, but didn't made it [1].
Or pervert the source code of some project, it might take some time till discovered.
Make rpm and make people want it.
They will download, install and run it.
The only thing is that it must be some *not* very interesting topic [2] for
masses, otherwise it will come under scrutiny very fast. It is a Linux
culture that actually keeps the things under control, not special Linux
architectural advantages [3].
[1] Security trough obscurity is often criticized as bad practice, but
actually it is the only way security can work. You will not see lock made out
of glass, nor your password is not 'open source'. Obscurity is present in any
security solution.
Only weak security hidden by obscurity is bad. Lock with 2 cylinders
or 'password' password are bad ideas, and obscurity doesn't help much.
[2] Names can be:
Device driver for <exotic hardware>, setup tool for the same, access to
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M.
[1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work.
Simply not true. Just because you don't have all pieces to the puzzle does not mean that the security is provided by obscurity. The entire plans for the lock (or the software) can be provided but the key is private. Its an absurd argument to state that because the key is private that obscurity is providing all of the security.
You will not see lock made out of glass, Glass breaks.
nor your password is not 'open source'. Obscurity is present in any security solution.
Describing Keys as obscurity is a stretch. It perverts the entire argument about closed source code vs open source. -- ----------JSA--------- Sig line deleted for the humor impaired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-07-13 at 23:26 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M.
wrote: [1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work.
Simply not true. Just because you don't have all pieces to the puzzle does not mean that the security is provided by obscurity.
The patches for the recent DNS security problem were prepared in secret by all distros and OSes. The hole itself has not been publicly explained, as far as I know. That's a good sample of security by secrecy... - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIezT9tTMYHG2NR9URAm7pAKCTqOZZXmsr83jG9vv/fBNb4jerYQCdEJ4X qnT4HEOhPpPq4znNAixz9+Q= =2G7m -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-07-13 at 23:26 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M.
wrote: [1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work.
Simply not true. Just because you don't have all pieces to the puzzle does not mean that the security is provided by obscurity.
The patches for the recent DNS security problem were prepared in secret by all distros and OSes. The hole itself has not been publicly explained, as far as I know.
That's a good sample of security by secrecy...
Not quite. They simply didn't announce how that problem could be exploited. The source code and fix will be publicly available. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-14 at 09:43 -0400, James Knott wrote:
The patches for the recent DNS security problem were prepared in secret by all distros and OSes. The hole itself has not been publicly explained, as far as I know.
That's a good sample of security by secrecy...
Not quite. They simply didn't announce how that problem could be exploited. The source code and fix will be publicly available.
The analysis of the exploitation has not been made public; and the fact of the possible exploitation was kept secret till all distros had prepared their respective patches, which were then published the same day. It certainly has not been managed in the open. The details will be published, if I didn't misunderstood, at a conference in August. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIe26KtTMYHG2NR9URAmPrAJ9sMsSZTMBSy0UQha9wfYNX3DazZQCfd8h2 nAMK21KrUse76A2qepFB2dY= =Or4u -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Sunday 2008-07-13 at 23:26 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M.
wrote: [1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work. ... The patches for the recent DNS security problem were prepared in secret by all distros and OSes. The hole itself has not been publicly explained, as far as I know.
That's a good sample of security by secrecy...
This is stretching the definition of "security by obscurity" to the point of silliness. You're usually better than this, Carlos. In all these cases, the algorithms are publicly known and described, the procedures are publicly specified, the programs are exposed to public scrutiny. All of this has always been known as "security by design". "Security by obscurity" has always been defined as hidden algorithms, hidden procedures, hidden programs. So we have no way of knowing whether a program is secure or not, until either someone cracks it, as is usual in the Microsoft environment, or until the developers and their allies uncover a flaw in the programming, as is usual in the open-source environment. When developers uncover a critical flaw in a critical, widely required component like DNS, it is only prudent to fix the flaw before letting it be known to users _and_possible_evildoers_. The old source has always been available (with the flaw), and the fixed source will be available as soon as is prudent. To put the hiding of keys and passwords in the same class as hiding algorithms, procedures, and programs is simply silly. Really, guys! John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-14 at 16:09 -0400, John E. Perry wrote:
Carlos E. R. wrote:
The Sunday 2008-07-13 at 23:26 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M. <> wrote:
[1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work. ... The patches for the recent DNS security problem were prepared in secret by all distros and OSes. The hole itself has not been publicly explained, as far as I know.
That's a good sample of security by secrecy...
This is stretching the definition of "security by obscurity" to the point of silliness. You're usually better than this, Carlos.
In all these cases, the algorithms are publicly known and described, the procedures are publicly specified, the programs are exposed to public scrutiny. All of this has always been known as "security by design".
"Security by obscurity" has always been defined as hidden algorithms, hidden procedures, hidden programs. So we have no way of knowing whether a program is secure or not, until either someone cracks it, as is usual in the Microsoft environment, or until the developers and their allies uncover a flaw in the programming, as is usual in the open-source environment.
When developers uncover a critical flaw in a critical, widely required component like DNS, it is only prudent to fix the flaw before letting it be known to users _and_possible_evildoers_. The old source has always been available (with the flaw), and the fixed source will be available as soon as is prudent.
To put the hiding of keys and passwords in the same class as hiding algorithms, procedures, and programs is simply silly. Really, guys!
Nevertheless, what I said is absolutely true: the recent patches for the DNS security problem have been prepared in secret. It was a secret there were a security problem and that they were preparing a solution, and it was released simultaneously by all distributions on the same day. Till everyone was prepared, the kept silence. Whether that is security by obscurity, maybe not; I didn't say that. It is security by secrecy, if you prefer. The secret was that the door had a hole, lest somebody tried to find and use it. Not that I object to that procedure. It was secret for good reasons. But a secret for security reasons none the less, in the open source camp. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIf+bptTMYHG2NR9URAlbnAJwLerk7ncroaAnU2Ht36gVOmRyNngCfZwJ1 pcbuECqZZ+vk5GCWp5AriUE= =7C4y -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
... Nevertheless, what I said is absolutely true: the recent patches for the DNS security problem have been prepared in secret. It was a secret there were a security problem and that they were preparing a solution, and it was released simultaneously by all distributions on the same day. Till everyone was prepared, the kept silence.
Splitting that particular set of hairs makes no difference to me; I stand firmly by all my comments. jp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2008-07-18 at 01:11 -0400, John E. Perry wrote:
Carlos E. R. wrote:
... Nevertheless, what I said is absolutely true: the recent patches for the DNS security problem have been prepared in secret. It was a secret there were a security problem and that they were preparing a solution, and it was released simultaneously by all distributions on the same day. Till everyone was prepared, the kept silence.
Splitting that particular set of hairs makes no difference to me; I stand firmly by all my comments.
So do I :-) It is a fact that secrecy is sometimes used for security in Linux. Temporarily at least. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIgGwMtTMYHG2NR9URAu92AJ9+IAEIrWidvAF5rithTkh/WAHJKACcClVj l0xQE/To7UfvOOjGUv3SSeY= =GHkS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Friday 2008-07-18 at 01:11 -0400, John E. Perry wrote:
Carlos E. R. wrote:
... Nevertheless, what I said is absolutely true: the recent patches
DNS security problem have been prepared in secret. It was a secret
for the there
were a security problem and that they were preparing a solution, and it was released simultaneously by all distributions on the same day. Till everyone was prepared, the kept silence.
Splitting that particular set of hairs makes no difference to me; I stand firmly by all my comments.
So do I :-)
It is a fact that secrecy is sometimes used for security in Linux. Temporarily at least.
-- Cheers, Carlos E. R.
You seem to be missing the entire point. "Security through obscurity" means never revealing how something works, in the hopes that someone won't look through the source code, in order to find a way in. It does not mean keeping a known flaw secret, while working on a fix. If they were to publicly reveal the flaw, before the fix was available, it'd be the same as putting a sign on your house "The back door lock is busted. Please go around back to break in". On the other hand, security in open source software means the mechanism is open for all to inspect and the strength depends on doing things properly, instead of hoping no one notices the flaws. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 14 July 2008 01:26:17 am John Andersen wrote:
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M.
wrote: [1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work.
Simply not true. Just because you don't have all pieces to the puzzle does not mean that the security is provided by obscurity.
Obscure is something hidden in the dark. While phrase "security trough obscurity" was used mostly to criticize closed source code where is impossible to check applied methods by anyone (good and bad), every security in the world works by hiding in the dark (obscure) some information, ie. pieces of puzzle.
The entire plans for the lock (or the software) can be provided but the key is private. Its an absurd argument to state that because the key is private that obscurity is providing all of the security.
How far it goes is another question, hiding only keys or passwords, or hiding all and providing physical access only to a part of lock or computer that has to be accessed, that depends on specifics of application. There is no need that some highly secure application plans are publicly available, which is true for locks too. You know standard home locks, but not special.
You will not see lock made out of glass,
Glass breaks.
Sure. Let me try again, glass lock will provide visual clue when is part of puzzle solved. Obscuring that information you make lock safe. The same is valid for computer security.
nor your password is not 'open source'. Obscurity is present in any security solution.
Describing Keys as obscurity is a stretch. It perverts the entire argument about closed source code vs open source.
Who was talking about closed source code vs open source, and keys are not public, so they are obscured. -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-07-13 at 23:26 -0500, Rajko M. wrote:
On Sunday 13 July 2008 07:01:01 pm Carlos E. R. wrote:
Just create an interesting repository in the build service and pervert it.
Build Service and any other large project is not the easiest venue. I don't think that some guys didn't came on idea to misuse them, but didn't made it [1].
If a chap is determined enough he can do it, at least once. Unless he manage a fake ID, and can try again with another.
Or pervert the source code of some project, it might take some time till discovered.
Make rpm and make people want it. They will download, install and run it.
The only thing is that it must be some *not* very interesting topic [2] for masses, otherwise it will come under scrutiny very fast. It is a Linux culture that actually keeps the things under control, not special Linux architectural advantages [3].
Probably. Maybe it is hapening out there in small scale (scams). - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIezWVtTMYHG2NR9URApvhAJ9GpibjvqrVPyx2BHOk7VH4uQSJpgCfV5xC 0sSxslXOUnZ8BW9PR1DWlmM= =oLUk -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Rajko M. wrote:
[1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work. You will not see lock made out of glass, nor your password is not 'open source'. Obscurity is present in any security solution.
You're confusing method with keys. Locks tend to use common methods, but the keys are "secret". A password is a key. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 14 July 2008 06:18:16 am James Knott wrote:
You're confusing method with keys. Locks tend to use common methods, but the keys are "secret". A password is a key.
What is kept secret is matter of particular security application. Common methods, or better to say design, are used in standard locks, but there are special locks that have even design hidden. It is just a matter of protection level. -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, July 14, 2008 6:52 pm, Rajko M. wrote:
On Monday 14 July 2008 06:18:16 am James Knott wrote:
You're confusing method with keys. Locks tend to use common methods, but the keys are "secret". A password is a key.
What is kept secret is matter of particular security application. Common methods, or better to say design, are used in standard locks, but there are special locks that have even design hidden. It is just a matter of protection level.
That's why I keep all my important files on 8" Floppies. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
PerfectReign wrote:
On Mon, July 14, 2008 6:52 pm, Rajko M. wrote:
On Monday 14 July 2008 06:18:16 am James Knott wrote:
You're confusing method with keys. Locks tend to use common methods, but the keys are "secret". A password is a key.
What is kept secret is matter of particular security application. Common methods, or better to say design, are used in standard locks, but there are special locks that have even design hidden. It is just a matter of protection level.
That's why I keep all my important files on 8" Floppies.
Punch cards are better. Hollerith is an obscure code these days. ;-) -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 15 July 2008 04:13:43 am James Knott wrote:
What is kept secret is matter of particular security application. Common methods, or better to say design, are used in standard locks, but there are special locks that have even design hidden. It is just a matter of protection level.
That's why I keep all my important files on 8" Floppies.
Punch cards are better. Hollerith is an obscure code these days. ;-)
Believe it or not, I've got an IBM 2540 card punch and a 3050 reader. Should work. :P -- kai www.filesite.org || www.4thedadz.com || www.perfectreign.com remember - a turn signal is a statement, not a request -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kai Ponte wrote:
On Tuesday 15 July 2008 04:13:43 am James Knott wrote:
What is kept secret is matter of particular security application. Common methods, or better to say design, are used in standard locks, but there are special locks that have even design hidden. It is just a matter of protection level.
That's why I keep all my important files on 8" Floppies.
Punch cards are better. Hollerith is an obscure code these days. ;-)
Believe it or not, I've got an IBM 2540 card punch and a 3050 reader. Should work. :P
Got Linux drivers? ;-) -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* James Knott (james.knott@rogers.com) [20080716 00:08]:
Got Linux drivers? ;-)
Reminds me that AFAIK, IBM once had the idea for a trade show (after their S/390 port) to bootstrap the kernel from punch cards and discovered that given the size of the kernel, it would take ages to do so and so dropped the project :) Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Philipp Thomas wrote:
Reminds me that AFAIK, IBM once had the idea for a trade show (after their S/390 port) to bootstrap the kernel from punch cards and discovered that given the size of the kernel, it would take ages to do so and so dropped the project :)
Yeah, you'd need paper tape at least :) Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 16 July 2008 08:44:36 am Dave Howorth wrote:
Philipp Thomas wrote:
Reminds me that AFAIK, IBM once had the idea for a trade show (after their S/390 port) to bootstrap the kernel from punch cards and discovered that given the size of the kernel, it would take ages to do so and so dropped the project :)
Yeah, you'd need paper tape at least :)
Cheers, Dave
I work on a machine that still uses paper(mylar) tape to reload it's base functions and then another that loads the'program' to drill holes in parts. Mike -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 16 Jul 2008 12:48:13 +0200, Philipp Thomas wrote:
and discovered that given the size of the kernel, it would take ages to do so and so dropped the project :)
A colleague just showed me in a zvm session that the current SLES kernel needs ~140000 cards and the rest that's needed is another ~ 190000 cards. Now you do the math :) BTW, it the kernel *is* still fed to the card reader, the reading device just isn't hardware anymore :) Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Now that's funny.
This wouldn't be nearly as cool but, how about a cassette tape recording of 110 baud serial or modem?
Play it back and maybe it could be a weekend long gag that it's booting all weekend and says hello world right at the end.
"Wow this bash with gnu readline is... hardly any more convenient on this teletype than what we had..."
The first hurdle is, can you fit a program that knows how to pause and restart the tape drive within the first 18k? Which is about when the first side of the first tape will run out, assuming plain jane 30minutes/side tapes.
I've heard descriptions of card access memory from a partner in my company, Howie Wolowitz, who wrote the first versions of filePro (before that, profile, and before that it was "electric file clerk") for Tandy and worked in all manner of banks and things way way back.
I'm not sure if I'm glad, or crushed that I missed out and never had to/got to work on such a horrific contraption.
Can you imagine? A huge crazy looping spaghetti continuous running stream of paper cards as RAM?
I had a nice fully factory refurbished data general nova 4 (or 45?) to myself for several years. wasn't mine but in the family and it's been tossed since I last saw it :(
But I got to boot it & play with it for a few years, do a little basic, rdos, and like the big indian girls in Blazing Saddles, "keep teepee warm in winter!" except better looking. ;) possibly even more fun to play with!
Telephone booth that was about the equal of 1/3 of an original XT in all ways except cubic feet, decibles, and btu's.
But that was practically modern. 8" 1M floppy, 10M hd with the huge alloy platters a foot & a half across, 300 baud tractor feed teletype terminal for the main console, 1200 or maybe even 9600 baud vt-something-or-others. Oh and the shelf of manuals and circuit diagrams that ran the length of one wall and was full end to end with big 3-ring binders with triple fold-out diagrams... Loved that 60's/70's idea of what the future looks like. I wish any of my current omputer hardware looked as cool as that 300 baud teletype terminal with the curviing lines and the textured white mystery material it's made of, accented nicely by the different shades of shiny blue typewriter keys from cobalt to sky...
And that mystery material probably stops bullets, should the need arise.
Brian K. White brian@aljex.com http://www.myspace.com/KEYofR
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!
----- Original Message -----
From: "Philipp Thomas"
* James Knott (james.knott@rogers.com) [20080716 00:08]:
Got Linux drivers? ;-)
Reminds me that AFAIK, IBM once had the idea for a trade show (after their S/390 port) to bootstrap the kernel from punch cards and discovered that given the size of the kernel, it would take ages to do so and so dropped the project :)
Philipp
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 270.4.11/1553 - Release Date: 7/15/2008 5:48 AM
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-07-17 at 02:47 -0400, Brian K. White wrote:
I've heard descriptions of card access memory from a partner in my company, Howie Wolowitz, who wrote the first versions of filePro (before that, profile, and before that it was "electric file clerk") for Tandy and worked in all manner of banks and things way way back.
I'm not sure if I'm glad, or crushed that I missed out and never had to/got to work on such a horrific contraption.
If you lived the times, you'd simply be amazed at the advancement from adding machines made of gears, and rooms filled with accountants. And they will keep coming. :-)
Can you imagine? A huge crazy looping spaghetti continuous running stream of paper cards as RAM?
ROM. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIfz2itTMYHG2NR9URAs1FAJ4uEwTDrmhnC/sSj2wcbb8DxIiapACgmMpW w3MFRasDqUUJGN81wC19msE= =btfE -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Rajko M. (rmatov101@charter.net) [20080715 03:53]:
but there are special locks that have even design hidden. It is just a matter of protection level.
Hiding somthing does not raise the protection, that's a common misconception. If the design has flaws, someone will eventually discover and exploit them. Make the design open and let experts analyze and discuss it and chances are much higher that possible flaws will be detected *before* the lock is in wide use. Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2008-07-13T16:48:03, John Andersen
It's true that a traditional system setup has difficulty in spreading viruses, but against trojans the system is just as vulnerable; and local root exploits are not that rare, either. Why do you say the system is just as vulnerable against/to trojans
Trojans usually involve a replacement module for a system module. To get a trojan to work on linux, you have to: 1) Convince someone to download it, 2) put it in the path (usually ~/bin) 3) mark it executable
Binary trojans, if downloaded, are the same - if the user downloads and installs a binary from some untrusted source, they are vulnerable. That we don't see so many of those happening appears to be more of a social line of defense (users not as stupid and prefering to use "official" repos) than a technical one. For trojans in openoffice documents for example, I'd dare say that technically, that's just as vulnerable as on Windows.
Local root exploits generally require the same. You have to get something to execute before it can exploit any pre-existing root weakness.
True. But weaknesses exist in webbrowsers, and we've had exploitable PNGs, flash, java, ... Sure, Linux is good, but it's not perfect, and I think we should not rest on our achievements, but need to be careful to stay ahead. Regards, Lars -- Teamlead Kernel, SuSE Labs, Research and Development SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) "Experience is the name everyone gives to their mistakes." -- Oscar Wilde -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2008-07-17 at 18:06 +0200, Lars Marowsky-Bree wrote:
Sure, Linux is good, but it's not perfect, and I think we should not rest on our achievements, but need to be careful to stay ahead.
That the correct attitude! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Lars Marowsky-Bree wrote:
... True. But weaknesses exist in webbrowsers, and we've had exploitable PNGs, flash, java, ...
Sure, Linux is good, but it's not perfect, and I think we should not rest on our achievements, but need to be careful to stay ahead.
All true, Lars, but no one that I recall said we were proof against all possible attacks -- indeed, several were emphatic in saying we needed _appropriate_ defenses. The subject, of this thread, remember, was the assertion that the kernel developers were idiots because they did not include an explicit kernel-level provision for intrusion checking on every access to any file. John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2008-07-09 at 18:26 -0500, M Harris wrote:
On Wednesday 09 July 2008 17:57, Ben Rosenberg wrote:
I just want the question answered as to why Apple has about 20% of the laptop market and x amount of the "desktop" market yet no one has written a virus that can hop from Macbook to MacbookPro to Mac Mini to Mac Pro as they hop from Win2k to XP to Vista? Please just answer why a mainstream UNIX OS has not one virus for it?
The public still has the mistaken impression that computer viruses (also trojans, worms, etc) are practical for all operating systems. This is stated on the net over and over and over... and its a lie. The design of *nix systems (including MAC) prevents 99% of all practical viri that are possible in windows (name your flavor). Penetrating the other 1% of potential vulnerability is just not practical.
A person (very specialized person mind you) might be able to exploit a kernel vulnerability on a given *nix system.... but which kernel? If probing datagrams can not get past the kernel, who knows what is behind that address. Can it be done... sure! Is it practical (say easy) NO! So far the public doesn't believe this... but you have the right thought line. As linux (and MAC) market share increase and viruses don't (on that platform), then the truth will be realized. In the mean-time, its a waiting game... and some preaching.
You're absolutely correct on most points. Nix viruses are much harder to create, and its "intended audience" much smaller. But are you willing to accept that 1% chance (probably much, much smaller)? Being defaced or loosing contracts because of delays, sensitive info brought into the open, loss of life? What are you going to say to your employer/judge? I could have done something about it, but i thought the chances it would happer were too slim? Better safe then sorry, unless the concequenses are none (to you). hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet a écrit :
But are you willing to accept that 1% chance (probably much, much smaller)?
live if done so. one have to adress the most probable threat first. you have more risk to remove accidentally data from your server (yourself) than having a virus problem, so better work on backups, methods... even the time lost in reading this thread is probably worst than the virus risk... when one work on security he learn than the earlier the security is taken care of the better. That mean the earlier in the system building, that is in the os and in the applications, and this is what is done jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
You're absolutely correct on most points. Nix viruses are much harder to create, and its "intended audience" much smaller.
But are you willing to accept that 1% chance (probably much, much smaller)? Being defaced or loosing contracts because of delays, sensitive info brought into the open, loss of life?
What are you going to say to your employer/judge? I could have done something about it, but i thought the chances it would happer were too slim?
Better safe then sorry, unless the concequenses are none (to you).
There is naturally a correlation between the risk and the effort. For instance there is a nonzero probability that a new years reveler will shoot a gun into the air, the bullet will come back down at a high velocity, penetrate your roof and kill you. So, you've reinforced your roof to make it bulletproof, correct? After all, better safe than sorry! Is the concept of a unix virus theoretically possible? Of course. Do I worry that unix will somehow suffer microsoft-like virus issues? No. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Jim Henderson
It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead.
I've heard this on this list and other lists for going on 14 years now .. and Linux gets more and more and more popular. When are the script kiddies going to take advantage of the broken scripting engine in Linux? OH Right .. there is no such thing built into it's core. And if one needs to run windows on their Linux box .. VM's rock. A virus kills a VM dead .. rm -rf <file> and create a new one. Easy Peasy. Just make sure you VM can mount a share on your Linux/UNIX FS to store it's data where at least it's reasonably safe. -- XO Communications IP Tier 2 OPS St Louis, MO. -- "Gratitude is merely the secret hope of further favors." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 11:29:37 -0500, Ben Rosenberg wrote:
* Jim Henderson
[Jul 09. 2008 10:22]: It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead.
I've heard this on this list and other lists for going on 14 years now .. and Linux gets more and more and more popular. When are the script kiddies going to take advantage of the broken scripting engine in Linux? OH Right .. there is no such thing built into it's core.
And if one needs to run windows on their Linux box .. VM's rock. A virus kills a VM dead .. rm -rf <file> and create a new one. Easy Peasy. Just make sure you VM can mount a share on your Linux/UNIX FS to store it's data where at least it's reasonably safe.
Yeah, so of course it makes no sense at all to spend time on implementing on-access scanning. Ever. It's so much better to use much more complicated solutions. I should've seen that at once! ;-) Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-07-09 at 17:09 -0000, Jim Henderson wrote:
On Wed, 09 Jul 2008 11:29:37 -0500, Ben Rosenberg wrote:
* Jim Henderson <> [Jul 09. 2008 10:22]:
It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead.
I've heard this on this list and other lists for going on 14 years now .. and Linux gets more and more and more popular. When are the script kiddies going to take advantage of the broken scripting engine in Linux? OH Right .. there is no such thing built into it's core.
And if one needs to run windows on their Linux box .. VM's rock. A virus kills a VM dead .. rm -rf <file> and create a new one. Easy Peasy. Just make sure you VM can mount a share on your Linux/UNIX FS to store it's data where at least it's reasonably safe.
Yeah, so of course it makes no sense at all to spend time on implementing on-access scanning. Ever.
You are right, it doesn't make sense :-P As I understand, it was implemented and then removed. It is not needed. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdPrwtTMYHG2NR9URApvfAJ0fS+6SiO0ZzCE8uZBTk8dPvrYmrQCdG08i Oh77a3cz5bt0NWIBEIlj4xg= =+FNb -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 19:52:46 +0200, Carlos E. R. wrote:
Yeah, so of course it makes no sense at all to spend time on implementing on-access scanning. Ever.
You are right, it doesn't make sense :-P
As I understand, it was implemented and then removed. It is not needed.
So, if I was going to be facetious, I'd say that AppArmor/SELinux also should be removed, since the only things changing files should be things the user is aware of, right? MAC is just an unneeded layer, since it takes effort on the user's part to change configuration settings and such. ;-) I understand it's more a kernel issue, so from the standpoint of implementing it, this is the wrong place to discuss the actual implementation. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Wed, 09 Jul 2008 19:52:46 +0200, Carlos E. R. wrote:
As I understand, it was implemented and then removed. It is not needed.
So, if I was going to be facetious, I'd say that AppArmor/SELinux also should be removed, since the only things changing files should be things the user is aware of, right? MAC is just an unneeded layer, since it takes effort on the user's part to change configuration settings and such. ;-)
No, apparmor is fine - it's lightweight and relatively non-intrusive. OTOH on access file scanning is overly intrusive, resource hungry and, to be quite honest, unnecessary for non-microsoft OSes. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 11:13:30 -0700, J Sloan wrote:
No, apparmor is fine - it's lightweight and relatively non-intrusive.
But it doesn't serve any useful purpose, so why waste the resources on it?
OTOH on access file scanning is overly intrusive, resource hungry and, to be quite honest, unnecessary for non-microsoft OSes.
Unnecessary for non-MS OSes because virus writers don't target the platform. They want to cause the most damage possible (or spread the farthest, or whatever), so MS is the target. As MS loses their market share, that will shift. But now we're going in circles. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Wed, 09 Jul 2008 11:13:30 -0700, J Sloan wrote:
No, apparmor is fine - it's lightweight and relatively non-intrusive.
But it doesn't serve any useful purpose, so why waste the resources on it?
Why do you say it serves no useful purpose?
OTOH on access file scanning is overly intrusive, resource hungry and, to be quite honest, unnecessary for non-microsoft OSes.
Unnecessary for non-MS OSes because virus writers don't target the platform. They want to cause the most damage possible (or spread the farthest, or whatever), so MS is the target. As MS loses their market share, that will shift.
That's where we differ. You folks assume that there is no difference between the unix and pc operating systems, other than market share, while we see major differences in the security model and overall design. As a result of your beliefs, you assume that linux will be as easy a target as ms windows, and that we must hurry to adopt cumbersome, resource hungry, microsoft-style band-aid solutions. I disagree. We might as well agree to disagree agreeably. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 11:41:52 -0700, J Sloan wrote:
Why do you say it serves no useful purpose?
Because just like Antivirus on Linux, the only thing that AppArmor is doing is preventing a user-initiated program from making changes to the system; changes that wouldn't happen if the user were being smart. IOW, both systems (AV using OAS and AA) are designed to protect the user from themselves.
That's where we differ. You folks assume that there is no difference between the unix and pc operating systems, other than market share, while we see major differences in the security model and overall design.
As a result of your beliefs, you assume that linux will be as easy a target as ms windows, and that we must hurry to adopt cumbersome, resource hungry, microsoft-style band-aid solutions.
I disagree. We might as well agree to disagree agreeably.
Agreed. :-) Except that I'm not one of the "you folks" you are talking about - I don't assume no difference between the OS; I assume little difference between users' use of the systems. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-07-09 at 18:57 -0000, Jim Henderson wrote:
On Wed, 09 Jul 2008 11:41:52 -0700, J Sloan wrote:
Why do you say it serves no useful purpose?
Because just like Antivirus on Linux, the only thing that AppArmor is doing is preventing a user-initiated program from making changes to the system; changes that wouldn't happen if the user were being smart.
No, it prevents a program initiated by the system, a program serving some service, from accessing things it was not designed to access. And it doesn't mean the user did something wrong: it may be that a cracker found a hole and violated apache. Even if an on-access-scanner scanned the apache binary chances are it wouldn't find anything wrong... because linux binaries are very diverse. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdRlYtTMYHG2NR9URAkmVAJ4iDd8N7EvOrjO7YggKgVYw03feegCgiJ6I 0KrlfAE16zxcHu7y7DKxJvs= =ky6X -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 09 July 2008 20:57:29 Jim Henderson wrote:
Because just like Antivirus on Linux, the only thing that AppArmor is doing is preventing a user-initiated program from making changes to the system; changes that wouldn't happen if the user were being smart.
AppArmor primarily exists to protect servers. It has nothing whatever in common with anti-virus programs. Servers generally don't need user input to do something, they wouldn't scale very well if they did - this is why they need extra protection. If apache required the sysadmin to confirm each and every GET or POST, then we would never have any issue with defacements, and apparmor would not be needed, you are correct Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-07-09 at 18:03 -0000, Jim Henderson wrote:
Yeah, so of course it makes no sense at all to spend time on implementing on-access scanning. Ever.
You are right, it doesn't make sense :-P
As I understand, it was implemented and then removed. It is not needed.
So, if I was going to be facetious, I'd say that AppArmor/SELinux also should be removed, since the only things changing files should be things the user is aware of, right? MAC is just an unneeded layer, since it takes effort on the user's part to change configuration settings and such. ;-)
You'd find there has been lots of discussions about AA between the kernel devs. I'm not even sure AA is on the main kernel yet, it wasn't for some time. But AA serves a pourpose, O-A-S doesn't :-P No, seriously, AA is seen to do protection now in Linux against some types of attacks. Antivirus no, not now, yet, and hopefully, never.
I understand it's more a kernel issue, so from the standpoint of implementing it, this is the wrong place to discuss the actual implementation.
Yes, but I suppose the dazuko people could (should!) argue that point with the kernel devs. I hope they did and lost, because the thought that they simply forgot to argue or did not notice the problem is worse. I, dunno. The thing is they have been overrun by the train and left their users with their pants down. Bad on them, not the fault of suse as the OP claimed. Hopefully they will find some way to do they type of scanning you want, but that will take some time. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdQKYtTMYHG2NR9URAqTfAJ4jG6+jKTE95bGE7BF5xxcGCLlO8ACeJQOo U4yl+KSKUo3eGL/lDUJog6w= =24Sh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 20:25:27 +0200, Carlos E. R. wrote:
The Wednesday 2008-07-09 at 18:03 -0000, Jim Henderson wrote:
Yeah, so of course it makes no sense at all to spend time on implementing on-access scanning. Ever.
You are right, it doesn't make sense :-P
As I understand, it was implemented and then removed. It is not needed.
So, if I was going to be facetious, I'd say that AppArmor/SELinux also should be removed, since the only things changing files should be things the user is aware of, right? MAC is just an unneeded layer, since it takes effort on the user's part to change configuration settings and such. ;-)
You'd find there has been lots of discussions about AA between the kernel devs. I'm not even sure AA is on the main kernel yet, it wasn't for some time.
But AA serves a pourpose, O-A-S doesn't :-P
But if everything bad that happens to the system is caused by the user doing something stupid, then what's the purpose of AA above and beyond AV (in general) or OAS (specifically)? OAS and AV are tools to protect the user from themselves. So is AA. I fail to see the difference.
No, seriously, AA is seen to do protection now in Linux against some types of attacks. Antivirus no, not now, yet, and hopefully, never.
It's that *hopefully* part that worries me. It doesn't keep me up at night, but it is the idea that "we're invulnerable, no virus could ever hurt us" that is ultimately going to be seen as a challenge to the coders. When the user base is big enough to be a good target, I would expect to see more viruses written.
I understand it's more a kernel issue, so from the standpoint of implementing it, this is the wrong place to discuss the actual implementation.
Yes, but I suppose the dazuko people could (should!) argue that point with the kernel devs. I hope they did and lost, because the thought that they simply forgot to argue or did not notice the problem is worse. I, dunno.
Well, yes; the authors of the tool are the ones who should be having this debate. For me this is largely academic because - as you have said about yourself - viruses don't affect me on Linux.
The thing is they have been overrun by the train and left their users with their pants down. Bad on them, not the fault of suse as the OP claimed.
*This* I agree with. The only "fault" from the SUSE folks is that it was included even though it was broken. That shouldn't have happened.
Hopefully they will find some way to do they type of scanning you want, but that will take some time.
Yep, I understand that it will take time. The need isn't immediate, either. In my mind, it makes more sense to plan ahead so we don't hit a time where it *becomes* an immediate need and we all get caught with our pants down. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Jim Henderson
On Wed, 09 Jul 2008 11:29:37 -0500, Ben Rosenberg wrote:
* Jim Henderson
[Jul 09. 2008 10:22]: It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead.
I've heard this on this list and other lists for going on 14 years now .. and Linux gets more and more and more popular. When are the script kiddies going to take advantage of the broken scripting engine in Linux? OH Right .. there is no such thing built into it's core.
And if one needs to run windows on their Linux box .. VM's rock. A virus kills a VM dead .. rm -rf <file> and create a new one. Easy Peasy. Just make sure you VM can mount a share on your Linux/UNIX FS to store it's data where at least it's reasonably safe.
Yeah, so of course it makes no sense at all to spend time on implementing on-access scanning. Ever.
It's so much better to use much more complicated solutions. I should've seen that at once! ;-)
It's not ANY more complicated then the ritualistic reinstall of Windows to clean it up .. that most users have to do or have done on a regular basis. *rolls eyes* ;D If it's just Linux with NO VM or Wine and your in some kind of danger of passing on a virus via your mail client .. change mail clients cause if a Linux/UNIX developer doesn't have it built into their client to warn the user they are doing anything with a file that is a binary exe file ... that's a crappy mail client. As I said .. I see nothing wrong with a user having ClamAV or some other solution scanning their files if they so choose to do so .. but unless someone gets a self-perpetuating virus to buzz around a UNIX system as root without any interaction from me as a user .. I'm not wasting cpu cycles on that stuff. I know what I send out via email and windows virus/trojans can't hurt a UNIX system. Just like in life .. a little care and no passing of infections is needed. ;D It boils down to that personal responsibility thing. :D -ben -- XO Communications IP Tier 2 OPS St Louis, MO. -- "Gratitude is merely the secret hope of further favors." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 17:48:34 -0500, Ben Rosenberg wrote:
Yeah, so of course it makes no sense at all to spend time on implementing on-access scanning. Ever.
It's so much better to use much more complicated solutions. I should've seen that at once! ;-)
It's not ANY more complicated then the ritualistic reinstall of Windows to clean it up .. that most users have to do or have done on a regular basis. *rolls eyes* ;D
I can't remember the last time I reinstalled Windows from scratch, VM or otherwise. Of course, I don't run it on native hardware any more - I use a combination of VMware, WINE, and Citrix to use Windows apps for work - and there aren't many I need any more.
If it's just Linux with NO VM or Wine and your in some kind of danger of passing on a virus via your mail client .. change mail clients cause if a Linux/UNIX developer doesn't have it built into their client to warn the user they are doing anything with a file that is a binary exe file ... that's a crappy mail client.
Maybe it makes sense that people who write mail clients write mail clients and not AV software. Why a monolithic app to deal with them both? Again, that seems antithetical to the whole idea behind *nix development, which is to make things modular and to reuse those modules.
As I said .. I see nothing wrong with a user having ClamAV or some other solution scanning their files if they so choose to do so ..
And I see nothing wrong with giving the user *the choice* of on-access scanning if they want it.
but unless someone gets a self-perpetuating virus to buzz around a UNIX system as root without any interaction from me as a user .. I'm not wasting cpu cycles on that stuff. I know what I send out via email and windows virus/trojans can't hurt a UNIX system. Just like in life .. a little care and no passing of infections is needed. ;D
It boils down to that personal responsibility thing. :D
Sure, and part of that personal responsibility is protecting yourself from being infected or put in a position where you might spread an infection. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mittwoch, 9. Juli 2008, Ben Rosenberg wrote:
It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead.
I've heard this on this list and other lists for going on 14 years now .. and Linux gets more and more and more popular. When are the script kiddies going to take advantage of the broken scripting engine in Linux?
Don't forget, it's not a worthwhile target. It's not the machines of Joe's
Pizza down the street that might be affected, only unimportant sites like
Google, eBay, Amazon and the like. If I was a hacker with an ego to prove and
in need of my personal 15 minutes of fame, for sure I'd goe for Joe's Pizza,
not for one of those big players...
;-)
SCNR
CU
--
Stefan Hundhammer
Jim Henderson wrote:
It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead.
Wrong kind of planning - I don't think we should plan to be as insecure as windows.
If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now. Sorry about that, but that's just the way it is."
That's a good way to turn people off of Linux.
What an odd way to look at it. I find that the reality is more along the lines of "You know that thing you had to do all the time in windows? Well, you don't need to waste your time doing it in linux, as it's totally unnecessary". That applies to e.g. disk defragging, therapeutic reboots, OS reinstalls, anti virus/popup/worm software maintenance, etc. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 11:05:55 -0700, J Sloan wrote:
Jim Henderson wrote:
It isn't needed in Linux *today*, maybe, but again, it makes sense to plan ahead.
Wrong kind of planning - I don't think we should plan to be as insecure as windows.
A lack of planning is exactly what it seems is happening on this front. "We don't need it, we're invulnerable to viruses, no, don't tell me differently - lalalalalalala I'm not listening!" seems to be the predominant attitude.
If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now. Sorry about that, but that's just the way it is."
That's a good way to turn people off of Linux.
What an odd way to look at it. I find that the reality is more along the lines of "You know that thing you had to do all the time in windows? Well, you don't need to waste your time doing it in linux, as it's totally unnecessary". That applies to e.g. disk defragging, therapeutic reboots, OS reinstalls, anti virus/popup/worm software maintenance, etc.
So again, we should also get rid of AppArmor and SELinux as well, since we obviously don't need those - since the *user* has to start a program that would make a change to the things those security layers protect. Right? I mean really - what purpose do they serve? They just take up CPU cycles, slow the system down, and they protect things that don't need protecting. Everyone backs up their config files, so even if they are somehow compromised by a user doing something as stupid as launching an untrusted program, it's not a great loss, right? Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-07-09 at 18:14 -0000, Jim Henderson wrote:
A lack of planning is exactly what it seems is happening on this front. "We don't need it, we're invulnerable to viruses, no, don't tell me differently - lalalalalalala I'm not listening!" seems to be the predominant attitude.
...
So again, we should also get rid of AppArmor and SELinux as well, since we obviously don't need those - since the *user* has to start a program that would make a change to the things those security layers protect. Right?
I mean really - what purpose do they serve? They just take up CPU cycles, slow the system down, and they protect things that don't need protecting. Everyone backs up their config files, so even if they are somehow compromised by a user doing something as stupid as launching an untrusted program, it's not a great loss, right?
There is something else. An antivirus only protects agains _known_ viruses, while apparmour, that doesn't make the computer slower, protects agains new, unknown, "bad things". - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdQegtTMYHG2NR9URAvCXAJ0Xj/gL1j5sFGq2+Ljtzl+IXoDg7ACfSeh0 MWi0xQhmmHtunecprn3dV5s= =HIKj -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Jul 9, 2008 at 8:14 AM, Jim Henderson
If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now.
No, you say you don't need to do that at all any more, and you get the 30% resources you were devoting to on-demand virus scanning back. -- ----------JSA--------- Sig line deleted for the humor impaired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 19:35:37 -0700, John Andersen wrote:
On Wed, Jul 9, 2008 at 8:14 AM, Jim Henderson
wrote: If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now.
No, you say you don't need to do that at all any more, and you get the 30% resources you were devoting to on-demand virus scanning back.
I don't know of ANY platform where on-access scanning takes 30% of the system's resources. If that's the state of things on Linux, then there's an architectural problem in how it's being done. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Wed, 09 Jul 2008 19:35:37 -0700, John Andersen wrote:
On Wed, Jul 9, 2008 at 8:14 AM, Jim Henderson
wrote: If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now.
No, you say you don't need to do that at all any more, and you get the 30% resources you were devoting to on-demand virus scanning back.
I don't know of ANY platform where on-access scanning takes 30% of the system's resources. If that's the state of things on Linux, then there's an architectural problem in how it's being done.
Have you done benchmarking then? Something like dbench with on access scanning turned on vs no access scanning? what were the results? Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 10 Jul 2008 10:01:59 -0700, J Sloan wrote:
Have you done benchmarking then? Something like dbench with on access scanning turned on vs no access scanning? what were the results?
I haven't done formal benchmarking, no. I've used systems and watched processor utilization while using them. I've had occasion to be responsible for systems management where OAS virus scanning was in use. The only times I saw it behave in the way described was when something was WRONG. Not as a part of normal operations. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 10 July 2008 09:03, Jim Henderson wrote:
...
I don't know of ANY platform where on-access scanning takes 30% of the system's resources. If that's the state of things on Linux, then there's an architectural problem in how it's being done.
I've seen abominations like this on Windows (where at one job, the IT infrastructure management mandated a A-V program for all Windows desktops and attempted to prevent users from disabling it). It depends greatly on the kind of use you make of your system. If you're doing software development, say, where common activities such as rebuilding a large program can cause hundreds or thousands of files to be accessed, the A-V scanning (highly redundant and manifestly unnecessary) can take more time by a wide margin than the actual work of the program that accesses the files.
Jim
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 10 Jul 2008 10:02:43 -0700, Randall R Schulz wrote:
On Thursday 10 July 2008 09:03, Jim Henderson wrote:
...
I don't know of ANY platform where on-access scanning takes 30% of the system's resources. If that's the state of things on Linux, then there's an architectural problem in how it's being done.
I've seen abominations like this on Windows (where at one job, the IT infrastructure management mandated a A-V program for all Windows desktops and attempted to prevent users from disabling it).
It depends greatly on the kind of use you make of your system. If you're doing software development, say, where common activities such as rebuilding a large program can cause hundreds or thousands of files to be accessed, the A-V scanning (highly redundant and manifestly unnecessary) can take more time by a wide margin than the actual work of the program that accesses the files.
I could see that in special use cases that could happen, but I haven't ever seen it be *the norm* for a platform. Given enough motivation, one could make *any* system crawl with a fairly little bit of effort. In college, we wrote a program to "kill" Sun workstations (actually had a valid reason to use it as well on a few occasions) by malloc'ing all the memory in the machine. Fun to watch on SLC (diskless) workstations. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Wed, 09 Jul 2008 19:35:37 -0700, John Andersen wrote:
On Wed, Jul 9, 2008 at 8:14 AM, Jim Henderson
wrote: If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now. No, you say you don't need to do that at all any more, and you get the 30% resources you were devoting to on-demand virus scanning back.
I don't know of ANY platform where on-access scanning takes 30% of the system's resources. If that's the state of things on Linux, then there's an architectural problem in how it's being done.
Jim
Way back in the dark ages, when I was using DOS on an XT clone at work, the network login forced a virus scan at boot up. This made my computer unusable for about a half hour! -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 10 Jul 2008 13:33:02 -0400, James Knott wrote:
Jim Henderson wrote:
On Wed, 09 Jul 2008 19:35:37 -0700, John Andersen wrote:
On Wed, Jul 9, 2008 at 8:14 AM, Jim Henderson
wrote: If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now. No, you say you don't need to do that at all any more, and you get the 30% resources you were devoting to on-demand virus scanning back.
I don't know of ANY platform where on-access scanning takes 30% of the system's resources. If that's the state of things on Linux, then there's an architectural problem in how it's being done.
Jim
Way back in the dark ages, when I was using DOS on an XT clone at work, the network login forced a virus scan at boot up. This made my computer unusable for about a half hour!
So, we've got one example of a poorly implemented solution from back in the dark ages. Back in the dark ages, I had to automate scanning boot diskettes. What you are describing also is not On Access Scanning, but a forced system scan that prevented anything else from going. We're talking about OAS. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
----- Original Message -----
From: "Jim Henderson"
On Wed, Jul 9, 2008 at 8:14 AM, Jim Henderson
wrote: If we want people to adopt Linux, we have to not tell them "so this thing you did with Windows automatically? You need to do it manually now.
No, you say you don't need to do that at all any more, and you get the 30% resources you were devoting to on-demand virus scanning back.
I don't know of ANY platform where on-access scanning takes 30% of the system's resources. If that's the state of things on Linux, then there's an architectural problem in how it's being done.
It doesn't have to take 30% of all resources to be intolerably inefficient. If it turns an N usec syscall into a 3N usec syscal, well thats a 300% drop in efficiency. If it turns a syscall that requires N memory transactions into one that requires 3N transactions, thats a 300% drop in efficiency. The more those calls are used, the worse the real-world hit. -- Brian K. White brian@aljex.com http://www.myspace.com/KEYofR +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO FreeBSD #callahans Satriani Filk! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 10 Jul 2008 17:54:36 -0400, Brian K. White wrote:
It doesn't have to take 30% of all resources to be intolerably inefficient. If it turns an N usec syscall into a 3N usec syscal, well thats a 300% drop in efficiency. If it turns a syscall that requires N memory transactions into one that requires 3N transactions, thats a 300% drop in efficiency. The more those calls are used, the worse the real-world hit.
As I've said repeatedly though this discussion - if you find that to be unacceptable, fine, don't use it. For those who want a solution like that and are willing to live with the performance hit, there should be an option available. There are plenty of ways to reduce that impact by making the use of OAS selectable based on file type or path. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
How many home users even know how to do daily backups? How many have the technology? Of course my coworkers might argue I am not the normal user but I have daily backup of my wife's computer. One of our admins here showed me how to do it with rsync and it was very easy. Thanks for reminding me that I was supposed to help my father set that up on his computer.
I've got 4 dead DLT drives in the basement. I just suffered the near total loss of the drive that was holding my backups (the drive isn't even recognised by the system any more). for me that isn't a problem because I have two identical backup drives and use rsync for those too. The nightly order is backup1 > backup2 then wife's pc > backup1
small segment of the desktops out there. As the desktop market grows, the need will likely grow as well. That makes me wonder if Linux ever really catches on in the desktop market, would the virus issue become as serious as it is for Windows? I have heard plenty of arguments that Linux is much safer but I often wonder if it is safer only because it isn't mainstream enough to interest the virus writers.
Damon Register -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 07/09/2008 07:19 PM, Damon Register wrote:
Jim Henderson wrote:
As the desktop market grows, the need will likely grow as well. That makes me wonder if Linux ever really catches on in the desktop market, would the virus issue become as serious as it is for Windows? I have heard plenty of arguments that Linux is much safer but I often wonder if it is safer only because it isn't mainstream enough to interest the virus writers.
Damon Register
I may be naive, but I just don't see it this way (but I a not a programmer). I used to use OS/2, which was a great system, and AFAIK NEVER had a virus, not because it was not popular, but because it was well written. Though systems are more complicated and asked to do a whole lot more now, I think Linux is well designed from the basics up, and is more secure by design, not just because of obscurity. One of the strengths of open source is the fact that more code is reviewed and by more people. It is also designed to actually work as a regular user. I know I use and promote Linux not because it is more secure by obscurity, but because it is more secure by design. It would seem to be easier to write a virus for Linux in the sense it is open source and you can see the code. It is also obvious that since there are many virus writers in it for the prestige and fame they get, and yet there hasn't been any Linux viruses, that just seeing the code doesn't make it easy. The Linux design makes it better, not just its market share, IMHO. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2008-07-09 at 20:44 +0800, Joe Morris wrote:
On 07/09/2008 07:19 PM, Damon Register wrote:
Jim Henderson wrote:
As the desktop market grows, the need will likely grow as well. That makes me wonder if Linux ever really catches on in the desktop market, would the virus issue become as serious as it is for Windows? I have heard plenty of arguments that Linux is much safer but I often wonder if it is safer only because it isn't mainstream enough to interest the virus writers.
Damon Register
I may be naive, but I just don't see it this way (but I a not a programmer). I used to use OS/2, which was a great system, and AFAIK NEVER had a virus, not because it was not popular, but because it was well written. Though systems are more complicated and asked to do a whole lot more now, I think Linux is well designed from the basics up, and is more secure by design, not just because of obscurity. One of the strengths of open source is the fact that more code is reviewed and by more people. It is also designed to actually work as a regular user. I know I use and promote Linux not because it is more secure by obscurity, but because it is more secure by design. It would seem to be easier to write a virus for Linux in the sense it is open source and you can see the code. It is also obvious that since there are many virus writers in it for the prestige and fame they get, and yet there hasn't been any Linux viruses, that just seeing the code doesn't make it easy. The Linux design makes it better, not just its market share, IMHO.
No matter how well designed an o.s. is, there will allways be weakpoints, and people waiting and trying to abuse them. Any os can be cracked, some are infested be design (don't have to specify that one -;) Others are harder to break, Linux, FreeBSD, OpenBSD.. An innocent and handy rpm, provided by someone who claims to have an updated version of tcpdump, strace what ever.... For many month everything goes well and the program performs as expected. But then, one nasty day, a sloppy admin uses the tool as root user in stead of his normal account And then: Bingo! backdoors opened drives screwed up. Some minutes ago, someone asked how often people make backups. I wonder how often do people examine the source code of the stuff they install? Probably even less. The software that comes directly from SuSE i trust for 100%. But how about the stuff that comes from packman or the buildservice Or some obscure download site. Or Adobe? Closed source drives for wifi or video card? Do you trust them? Did they wrote it themselves or was it obtained by some obscure company that is persuaded to include some backdoors by the cia/mosad/your friendly heroine dealer..... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Damon Register wrote:
That makes me wonder if Linux ever really catches on in the desktop market, would the virus issue become as serious as it is for Windows? I have heard plenty of arguments that Linux is much safer but I often wonder if it is safer only because it isn't mainstream enough to interest the virus writers.
LOL! linux has been a major player in the internet server market for years... Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 10:58:42 -0700, J Sloan wrote:
LOL! linux has been a major player in the internet server market for years...
Server use cases are different than desktop use cases. As a result of being in the server market, it *is* targeted for rootkits. That's why we have rkhunter. IMHO, the biggest danger is thinking the systems are invulnerable to attack. That's a HUGE mistake to make - because when you get to the point of being all cocky about "my system can't be hacked", someone will prove you wrong. That's the worst kind of hubris there is from a systems standpoint. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Wed, 09 Jul 2008 10:58:42 -0700, J Sloan wrote:
LOL! linux has been a major player in the internet server market for years...
Server use cases are different than desktop use cases.
As a result of being in the server market, it *is* targeted for rootkits. That's why we have rkhunter.
IMHO, the biggest danger is thinking the systems are invulnerable to attack. That's a HUGE mistake to make - because when you get to the point of being all cocky about "my system can't be hacked", someone will prove you wrong.
That's the worst kind of hubris there is from a systems standpoint.
You're attacking a straw man here. Nobody has ever claimed that any OS is invulnerable. However, the sort of irrational fear that one becomes accustomed to as a result of using microsoft OSes is out of place in the *nix world. In other words, linux users should be aware of the environment, and exercise due diligence, but there's no need for the chicken little routine. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 09 Jul 2008 11:17:22 -0700, J Sloan wrote:
You're attacking a straw man here. Nobody has ever claimed that any OS is invulnerable. However, the sort of irrational fear that one becomes accustomed to as a result of using microsoft OSes is out of place in the *nix world. In other words, linux users should be aware of the environment, and exercise due diligence, but there's no need for the chicken little routine.
Just because there's "no need for the chicken little routine" doesn't mean that we shouldn't be vigilant about protecting ourselves from potential threats down the road. Today viruses are not a major problem on Linux. They're hardly a blip. I hope they stay that way. But that doesn't mean it makes sense to not explore ways of protecting oneself against that threat. I wouldn't want to be caught at the 11th hour when the first massive virus attack hits Linux and have nobody have even thought about how to deal with it in a way that makes sense for the "average user". Users shouldn't *have* to be rocket scientists to protect themselves. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
Just because there's "no need for the chicken little routine" doesn't mean that we shouldn't be vigilant about protecting ourselves from potential threats down the road.
Today viruses are not a major problem on Linux. They're hardly a blip. I hope they stay that way. But that doesn't mean it makes sense to not explore ways of protecting oneself against that threat. I wouldn't want to be caught at the 11th hour when the first massive virus attack hits Linux and have nobody have even thought about how to deal with it in a way that makes sense for the "average user".
Users shouldn't *have* to be rocket scientists to protect themselves.
You seem to be missing something here. Unlike Windows, a virus on Linux can't "just happen". You have to make it executable and then execute it. Also, most Linux users do not run as root, again unlike unlike on Windows, where it's often necessary to run as admin, so the most a Linux virus can do, is clobber your own directory. Another thing you can easily do in Linux is mount partitions non-executable and read only, which makes it even harder for a virus to do it's stuff. Further, Windows is a security sieve, which can never be fully secured. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apologies for length of this mail but the issue is not simple... I am getting the impression that the *NIX community is moving into new territory here and some of the discussion does seem to show a lack of awareness of the nature of the current threat in terms of Linux and Windows. This is a little ironic as some of the original inspiration for the early DOS viruses came from some of the antics of early UNIX hackers, and some of the original (legitimate?) research on self replicating automata was also performed on the platform. Many years ago (just after the Flood ) I was a minor part of the group charged with assessing AV products for recommendation to the UK academic community, So I know a little about the subject. To start, three points... Firstly there is no bulletproof way to determine whether a system has been compromised by a virus or other malware. Secondly, the virus, or trojan (or worm) to really worry about is the one you do not know about. Thirdly AV protection is more about avoiding the embarrassment of being caught out by something we do know about than anything else. When one is told a system is virus free what really is being said that nothing that we know about has been detected. Even then the most reliable results on determining whether a system has been compromised are only to be found on a cold system examined by a read only trusted bootable media booted from that media (a cold scan). Compromises with stealth capabilities are unlikely to be detected reliably on a running system and can be dangerous to attempt to remove while the system is running. BTW If one is connecting a writeable device to an untrusted machine without cold scanning it first, you will always be a taking a risk. (I am still slightly bemused by the number of experienced technical support people who bypass this precaution). Signature based scanning has had its critics for quite some time, and the first weaknesses showed up with the early polymorphic and stealth viruses in the early 90s. Heuristic scanning that looks for code patterns which may not be benign rather than strings of bytes has the potential to detect potential new threats (at the cost of a slightly higher risk of false positives). The two approaches used in conjunction give a very good chance of recognising code that may not be benign, but usually have a somewhat heavier performance payload. Tools such as AppArmor have a part in a non development environment but have the potential to be problematic in a development environment. The role this tool is somewhat different in any case. If one looks at the classes of virus that exist and the normal vectors for those viruses in the context of *NIX systems one can get an overview of the probable real risks involved. Binary viruses are usually OS specific and new variants are relatively rare nowadays. However, there is no reason that these cannot be developed for Linux systems. As binary viruses require good technical knowledge and are hard to write 'script kiddies' are unlikely to have either the skills or patience to write these when easier options are available. Professional criminal authors are a different story. Macro viruses are almost exclusively application specific, early on M$, WordPerfect, CA, Lotus and others incorporated mechanisms for office applications to interact with the host OS and filesystem with a script autoloading facility. It took a little while to realise what a big mistake some of this was. Unfortunately, by the time the mistake had been realised it proved to be difficult for the genie to be put back in the bottle for a variety of reasons. Macro viruses will be a problem across platforms *iff* system calls are generalised and things like path naming are standardised. (Open Office is moving down this route). With the advent of malware scripting toolkits the number of script based viruses has exploded (but AFAIK most of the toolkits have signature components that can be used identify the results of their products). These are the preferred tools of 'script kiddies' and the criminal community because of the ease of production, but the product is potentially easier to identify. In the M$ world the scripting component of a compromise is more usually a dropper which changes COM configuration and registry settings, the script does not normally propagate itself but is propagated by the components it installs. This is also the architectural vulnerability most often exploited by most known mail WORM or browser based attacks. (M$ have taken some measures to block these particular holes but in such a manner that some of their user community seem to spend a lot of effort circumventing the effects of this protection). The *NIX architecture is radically different and does not have an equivalent security hole and the usual constraints on the privileges afforded to scripts are such that the threat should be minimal, but that is not to say that a dropper script is not a theoretical possibility with *NIX. The ability for these viruses to compromise a Linux system at the system level would be more related to bad security practices or malicious intent by someone already on the system rather than any weakness inherent to the *NIX system model. Using a Linux to host Windows clients networked filestore is in this context a very good idea as the server if properly secured will effectively be in a position to perform a cold scan of Windows files. (Something that would be questionable on a Windows Server). But on-access scanning ideally should be restricted to the results of write operations on the windows client filestore (some admins apply on-access scanning in a fairly indiscriminate manner). The scanner software selected should also have been properly assessed by an independent body, and at this moment in time one of the most popular linux based scanners (ClamAV) appears to have never been submitted to such an assessment. The comments on the ClamAV website about this are not very reassuring. see http://www.clamav.net/index.php?s=linuxworld (It does do other things but as an AV tool at this moment in time it is of questionable value and probably should be supplemented with something else). Boot sector viruses are a very different issue, on server class machines which are rarely rebooted or booted from untrusted media the risk is probably minimal. On client workstations (particularly multi-boot systems) these still have the potential to be a major threat. One surprise is that AFAIK no-one has written a successful compromise to GRUB or LILO (but give it time). As boot sector virus payload become active before the OS takes control of the system, the system can potentially be compromised before the OS and its security provisions are in place. (Conventional BIOS related protection which always has been weak is unlikely to be useful in more complex modern partitioning setups in blocking this particular attack). The original vector for infection is by having infected media on a device which is checked in the boot sequence (and the infected media does not itself have to be bootable). This can usually be easily blocked by changing the boot sequence. However, there was and is a class of multi-vector viruses in the DOS world which propagated by both boot sector and file infections so there are other possible routes for this type of infection to occur. (The NT bootloader sequence was in theory less vulnerable to this type of attack, but I do recall that at least one proof of concept was produced). Again cold scanning is probably the only way of assuring that such an infection has not occurred, however as the contents the boot records should be well defined this should be bulletproof for this threat. It should be noted file system based viruses are something that can be a problem but they are no longer the most serious security threat. Far more dangerous and damaging are the various SQL injection attacks and the resultant compromised web sites dropping or running damaging scripts and applications on client workstations. These are often the result of poor security awareness by non technically orientated PHP web developers. Most linux browsers default settings can make such attacks more difficult on the platform, but only if those in front of the screen act with some sense. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIdhFIasN0sSnLmgIRAox7AKDv69GHr2i6GI6bO/KHVXn0I9CW9wCdHJQ0 5zpeXpfaxJp3Y9XhKT9pudo= =Jcfv -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith a écrit :
Apologies for length of this mail but the issue is not simple...
just changing subject on a so boring thread is not a good idea
Secondly, the virus, or trojan (or worm) to really worry about is the one you do not know about.
rignt. So why do you write all the rest, given I don't know of any Linux virus? jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-07-10 at 16:02 +0200, jdd sur free wrote:
G T Smith a écrit :
Apologies for length of this mail but the issue is not simple...
just changing subject on a so boring thread is not a good idea
I don't think so, the name change was appropriate :-)
Secondly, the virus, or trojan (or worm) to really worry about is the one you do not know about.
rignt. So why do you write all the rest, given I don't know of any Linux virus?
There are linux virus, only that they haven't been successfully. More like a proof of concept. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdiMktTMYHG2NR9URAjTjAJ49pyzIB2TKmdMHYsoX9wV4HtGlUACffBq9 6WDyuIgsatTXnGoQ6Y0XdSw= =FcNd -----END PGP SIGNATURE-----
Carlos E. R. a écrit :
The Thursday 2008-07-10 at 16:02 +0200, jdd sur free wrote:
G T Smith a écrit :
Apologies for length of this mail but the issue is not simple...
just changing subject on a so boring thread is not a good idea
I don't think so, the name change was appropriate :-)
I mean, better open a new thread
Secondly, the virus, or trojan (or worm) to really worry about is the one you do not know about.
rignt. So why do you write all the rest, given I don't know of any Linux virus?
There are linux virus, only that they haven't been successfully. More like a proof of concept.
so, no threat... jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 10 July 2008 07:56:33 am Carlos E. R. wrote:
The Thursday 2008-07-10 at 16:02 +0200, jdd sur free wrote:
G T Smith a écrit :
Apologies for length of this mail but the issue is not simple...
just changing subject on a so boring thread is not a good idea
I don't think so, the name change was appropriate :-)
Secondly, the virus, or trojan (or worm) to really worry about is the one you do not know about.
rignt. So why do you write all the rest, given I don't know of any Linux virus?
There are linux virus, only that they haven't been successfully. More like a proof of concept.
Yeah I remember the first one making big news around '97. http://tinyurl.com/6dqgto It was somewhat shot down then too. Still, the Bliss virus made news back then.. http://math-www.uni-paderborn.de/~axel/bliss/ -- kai www.filesite.org || www.4thedadz.com || www.perfectreign.com remember - a turn signal is a statement, not a request -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-07-10 at 08:25 -0700, Kai Ponte wrote:
There are linux virus, only that they haven't been successfully. More like a proof of concept.
Yeah I remember the first one making big news around '97.
It was somewhat shot down then too. Still, the Bliss virus made news back then..
It seems a proof of concept, it hasn't been out on the wild, contaminating by contagion from a computer to another, from what I read there. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdqKutTMYHG2NR9URAsUlAJ9HU2omXNsk6i7RsxYbKIhkdA+F7gCeL2NN q85LTk/RAswc6tLAetvOknE= =1C4a -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the bigger deal. I don't know about others here, but I can replace my OS; I can't replace my documents.
Quite right, Jim. Carlos is smug about this whole issue, but because of Linux's popularity, we WILL SOON have much more of this to deal with. On access filtering IS the correct answer when your mail isn't being fed through your own or business email server software. Here again, in particular for newbies, it MUST be working out-of-the-box - easy for them to install and setup. Fred -- This message originated from a Linux computer using Open Source software: openSuSE Linux 11.0 No Gates, no Windows....just Linux - STABLE & SECURE! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Dienstag, 8. Juli 2008, Fred A. Miller wrote:
Quite right, Jim. Carlos is smug about this whole issue, but because of Linux's popularity, we WILL SOON have much more of this to deal with.
Some people (many of them involved in selling antivirus software -
coincidence?) have been saying that since years. Just try a Google search
for "Linux viruses". Some examples:
http://www.desktoplinux.com/articles/AT3307459975.html (2003)
http://www.vnunet.com/vnunet/news/2116855/linux-lined-virus-target (2001)
Yet, that horror scenario has yet to materialize.
An interesting article on the topic:
http://librenix.com/?inode=21
That does not mean that security on Linux is to be taken lightly. But I don't
see any good reason for that kind of paranoia that might make me want to
dedicate a good deal of my system's performance to scanning every hard disk
block for viruses as it is read.
Just think about it: The major points of attack of the well-known Windows
viruses simply don't exist. No Linux programmer in his right mind will write
a mail client that simply executes anything that might be a piece of code in
a mail attachment. There are no ActiveX controls that are commonly downloaded
and executed as the user surfs the web. There is no plethora of games and
warez that users are so used to download and execute without thinking. And
even if any of those scenarios actually happen, it will hit that one user,
not the entire system. Sure, that's bad for that one user (and hopefully that
user has a backup of the files he invested time in on a USB stick or DVD or
some other media). But it's not the complete system that is compromised.
CU
--
Stefan Hundhammer
Stefan Hundhammer wrote:
Just think about it: The major points of attack of the well-known Windows viruses simply don't exist. No Linux programmer in his right mind will write a mail client that simply executes anything that might be a piece of code in a mail attachment. There are no ActiveX controls that are commonly downloaded and executed as the user surfs the web. There is no plethora of games and warez that users are so used to download and execute without thinking. And even if any of those scenarios actually happen, it will hit that one user, not the entire system. Sure, that's bad for that one user (and hopefully that user has a backup of the files he invested time in on a USB stick or DVD or some other media). But it's not the complete system that is compromised.
CU
FWIW, one thing I would like to scan is USB external drives. Recently I plugged my USB flash drive into a customer's computer and wound up with a virus on it. Many years ago, floppies were a common way of spreading a virus. Now USB drives fill that role. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 13:42 -0400, James Knott wrote:
FWIW, one thing I would like to scan is USB external drives. Recently I plugged my USB flash drive into a customer's computer and wound up with a virus on it. Many years ago, floppies were a common way of spreading a virus. Now USB drives fill that role.
But surely, that virus was not propagated by the linux machine, and it probably came from another windows machine. I met the first IBM PC virus when I was a student somewhere in the eighties. A dancing ball. There were two viruses then, one a boot sector virus, another attached itself to the end of executables. I killed them with my "bare hands", I had no antivirus, not invented. I used msdos debugger and pctools. Things have changed. I was never infected. Not then, not ever since. And I have never infected anyone. And since I use Linux, hundreds of virus have come my way in email. I have never propagated any of them, I have never been affected. I don't even have to think about them. It is not that difficult. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc7JAtTMYHG2NR9URAmsgAJ4/7YF9USEyLPB6l3hWutSOXamWWgCeK8YT fcYReeogQHty0WL9HbAQR2Y= =OhrV -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2008-07-08 at 13:42 -0400, James Knott wrote:
FWIW, one thing I would like to scan is USB external drives. Recently I plugged my USB flash drive into a customer's computer and wound up with a virus on it. Many years ago, floppies were a common way of spreading a virus. Now USB drives fill that role.
But surely, that virus was not propagated by the linux machine, and it probably came from another windows machine.
Quite so, but that drive gets plugged into Windows boxes (I use it for work). It included an autorun.inf file, so it would run when that drive was plugged into another Windows box. ClamAV on my Linux box found it.
I met the first IBM PC virus when I was a student somewhere in the eighties. A dancing ball. There were two viruses then, one a boot sector virus, another attached itself to the end of executables. I killed them with my "bare hands", I had no antivirus, not invented. I used msdos debugger and pctools. Things have changed.
I once got a boot sector virus from a night school computer, via a floppy disk. Fortunately, IBM AV caught it. My computer was running OS/2 then and the boot sector was about the only way in for a virus.
I was never infected. Not then, not ever since. And I have never infected anyone.
And since I use Linux, hundreds of virus have come my way in email. I have never propagated any of them, I have never been affected. I don't even have to think about them.
It is not that difficult.
-- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 14:38 -0400, James Knott wrote:
The Tuesday 2008-07-08 at 13:42 -0400, James Knott wrote:
FWIW, one thing I would like to scan is USB external drives. Recently I plugged my USB flash drive into a customer's computer and wound up with a virus on it. Many years ago, floppies were a common way of spreading a virus. Now USB drives fill that role.
But surely, that virus was not propagated by the linux machine, and it probably came from another windows machine.
Quite so, but that drive gets plugged into Windows boxes (I use it for work). It included an autorun.inf file, so it would run when that drive was plugged into another Windows box. ClamAV on my Linux box found it.
But how did that autorun.inf get there? It would be the duty of the windows machine that created/wrote it to do the verification for windows viruses, not of the linux machine on which you accessed it later and on which it can not do damage. However, perhaps it could be added a script to the automount process in kde/gnome to scan the usb disk when mounted/umounted. That would be less intrusive that having on-access scan on all the files written to the usb-stick all the time.
I met the first IBM PC virus when I was a student somewhere in the eighties. A dancing ball. There were two viruses then, one a boot sector virus, another attached itself to the end of executables. I killed them with my "bare hands", I had no antivirus, not invented. I used msdos debugger and pctools. Things have changed.
I once got a boot sector virus from a night school computer, via a floppy disk. Fortunately, IBM AV caught it. My computer was running OS/2 then and the boot sector was about the only way in for a virus.
It was a very common intrusion method. I soon learnt to not leave the door of the data floppies closed, so that i would not reboot from them without thinking. And if I did try to reboot, I would power off before pluggin the right disk. And later, when I got my first HD, boot from floppy was disabled. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc7uctTMYHG2NR9URAp/SAJ9DR5UXc+wsz0hMgEp1Y4eNyee2RQCfRt1Q nYqe7CpoAnzP7/vKuZkTHZ0= =giGe -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
----- Original Message -----
From: "Fred A. Miller"
Jim Henderson wrote:
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the bigger deal. I don't know about others here, but I can replace my OS; I can't replace my documents.
Quite right, Jim. Carlos is smug about this whole issue, but because of Linux's popularity, we WILL SOON have much more of this to deal with. On access filtering IS the correct answer when your mail isn't being fed through your own or business email server software. Here again, in particular for newbies, it MUST be working out-of-the-box - easy for them to install and setup.
I think you are just plain wrong about this. You can stop picking on Carlos. Many people who are smarter than you or I share the same opinion on this topic. (It could also be argued that smarter people than me wrote dazuko, *shrug*) Universal, kernel-level, on-access scanning is a horrendous kludge patch slapped onto an otherwise insecure and fundamentally insecurable os (windows). It's necessary there because the underlying os is not capable of promising actual security. To make linux or any *ix do that is retarded. Otherwise, why stop at files? If the on-access argument is valid, then so is memory acces, and nic traffic, and serial traffic, and keybaord input, etc... Take the on-access argument to it's next logical progression and have memory access scanning. But, what will scan the memoy before it's accessed? Code stored in other memory. Better scan _that_... never ending and basically not sane. The sane approach is make the kernel able to make certain promises, and all of kernel and userspace can safely make assumptions based on that. In the case of linux, barring the usual exceptions of plain bugs which all software has including virus scanners, the kernel can and does make those promises, and so it is perfectly safe to build the rest of the system on top of that and so only certain files ever need to be scanned and those only need to be scanned during certain operations, not every access by the kernel. Files in a samba share can be scanned _by samba_ or by an agent samba invokes, as they are being written or read _via samba_. Any other files and subsystems can have a similar targeted scanning module, such as postfix, etc.. You are right that software should do a better job of "just working", but you should probably not try to meddle in basic system design. Instead, openSUSE, if it's going to declare that dazuko is not a proper design and will not be supported, should probably just remove all rpm's and dpendancies rather than have broken ones in the repo's. And place an explanation in the release notes. Let MS do on-access scanning. The fact that it needs to is just part of why that os sucks. We do not need to emulate it. -- Brian K. White brian@aljex.com http://www.myspace.com/KEYofR +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO FreeBSD #callahans Satriani Filk! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2008-07-08 at 13:52 -0400, Brian K. White wrote:
Files in a samba share can be scanned _by samba_ or by an agent samba invokes, as they are being written or read _via samba_. Any other files and subsystems can have a similar targeted scanning module, such as postfix, etc..
You are right that software should do a better job of "just working", but you should probably not try to meddle in basic system design. Instead, openSUSE, if it's going to declare that dazuko is not a proper design and will not be supported, should probably just remove all rpm's and dpendancies rather than have broken ones in the repo's. And place an explanation in the release notes.
Let MS do on-access scanning. The fact that it needs to is just part of why that os sucks. We do not need to emulate it.
Completely true, however, there is a minute problem. It does not scale. Nice for SOHO-solutions, but forget about it when you're over 50 users. Scanning does takes place but drains all the cpu and all other users who do something (like ls) on a smb/cifs mounted directory just HANG! On access scanning (once, after download completes and before it is moved to the users home-dir) is the best solution. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2008-07-09T00:54:09, Hans Witvliet
On access scanning (once, after download completes and before it is moved to the users home-dir) is the best solution.
I suggest someone to go and implement it cleanly then, instead of arguing how it is needed and best ;-) Regards, Lars -- Teamlead Kernel, SuSE Labs, Research and Development SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) "Experience is the name everyone gives to their mistakes." -- Oscar Wilde -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 10 July 2008 07:09:56 am Lars Marowsky-Bree wrote:
On 2008-07-09T00:54:09, Hans Witvliet
wrote: On access scanning (once, after download completes and before it is moved to the users home-dir) is the best solution.
I suggest someone to go and implement it cleanly then, instead of arguing how it is needed and best ;-)
:-D That is where all including peer review fails. Not enough workforce for programming tasks. -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 08 Jul 2008 13:16:12 -0400, Fred A. Miller wrote:
Jim Henderson wrote:
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the bigger deal. I don't know about others here, but I can replace my OS; I can't replace my documents.
Quite right, Jim. Carlos is smug about this whole issue, but because of Linux's popularity, we WILL SOON have much more of this to deal with. On access filtering IS the correct answer when your mail isn't being fed through your own or business email server software. Here again, in particular for newbies, it MUST be working out-of-the-box - easy for them to install and setup.
I don't disagree, but can we make this not be a personal issue, please? Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 16:22 -0000, Jim Henderson wrote:
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the bigger deal. I don't know about others here, but I can replace my OS; I can't replace my documents.
Mmmm... what about backups? Surely, there are other things that scare me much more, as a real danger of loosing my documents, than viruses: disk failures (sw&hw), for instance. Antivirus is not going to protect me. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc7PZtTMYHG2NR9URAuT5AJ43OYxEA/SOtPrNyfHcpDq5H1gEyQCeJjcV mZ7MzV7eyaRa34b3EUzaqoM= =Zswl -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 08 Jul 2008 20:37:11 +0200, Carlos E. R. wrote:
Mmmm... what about backups? Surely, there are other things that scare me much more, as a real danger of loosing my documents, than viruses: disk failures (sw&hw), for instance. Antivirus is not going to protect me.
Sure and I make backups. But if I make backups of an infected file, the backups don't really help me, do they? I personally think the lack of Linux viruses is overblown - sure, there aren't many out there, and they are hard to catch, but that doesn't mean that there's no point in protecting yourself. If you run WINE, for example, now your machine is somewhat more susceptible. I can't run Norton Anti Virus under WINE, though, so something's got to be available to protect the system to any potential exposure. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-07-08 at 19:35 -0000, Jim Henderson wrote:
On Tue, 08 Jul 2008 20:37:11 +0200, Carlos E. R. wrote:
Mmmm... what about backups? Surely, there are other things that scare me much more, as a real danger of loosing my documents, than viruses: disk failures (sw&hw), for instance. Antivirus is not going to protect me.
Sure and I make backups. But if I make backups of an infected file, the backups don't really help me, do they?
You can have an historical backup, some version will be correct. However, there is something else: files on /home will be data files. The types of data files that can be infected are those office files that include macros, and cleaning them is as easy as removing all macros from them.
I personally think the lack of Linux viruses is overblown - sure, there aren't many out there, and they are hard to catch, but that doesn't mean that there's no point in protecting yourself. If you run WINE, for example, now your machine is somewhat more susceptible. I can't run Norton Anti Virus under WINE, though, so something's got to be available to protect the system to any potential exposure.
Well, for wine you can scan the wine directory after using it with a normal antivirus. Yes, I agree there could be, perhaps, some danger with wine, depending on what you use. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIc+8gtTMYHG2NR9URAkqOAJ4honjK8yD4iYHBs95ahC38wvsi2ACdFRYK UFCuL7jvulP+3EV/8ddVMZ4= =XPeT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Henderson wrote:
I personally think the lack of Linux viruses is overblown - sure, there aren't many out there, and they are hard to catch, but that doesn't mean that there's no point in protecting yourself. If you run WINE, for example, now your machine is somewhat more susceptible. I can't run Norton Anti Virus under WINE, though, so something's got to be available to protect the system to any potential exposure.
Jim
I use Avast "free for personal use" antivirus for linux to do an occasional scan. Its rated up with macafee and norton. Regards Dave P -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James D. Parra wrote:
Well, I disagree with them. On-access IS needed now and even more in the future!
But it is not needed for linux. It is only needed for linux boxes doing file serving for windows boxes! Ie, it can be better handled directly from samba, not from the kernel. ~~~~~~~~~~~~~~
Just out of curiosity, why would on-access scanning not be needed for Linux?
Well, for starters, windoze viruses are not even remotely a problem for linux. It's just a non-issue. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (34)
-
Anders Johansson
-
Andrew Joakimsen
-
Ben Rosenberg
-
Brian K. White
-
Carlos E. R.
-
Carlos E. R.
-
Damon Register
-
Dave Howorth
-
Dave Plater
-
Fred A. Miller
-
G T Smith
-
Hans Witvliet
-
J Sloan
-
James D. Parra
-
James Knott
-
jdd sur free
-
Jim Henderson
-
Joe Morris
-
Joe Sloan
-
John Andersen
-
John E. Perry
-
ka1ifq
-
Kai Ponte
-
Lars Marowsky-Bree
-
M Harris
-
Marcus Meissner
-
Mike McMullin
-
Per Jessen
-
PerfectReign
-
Philipp Thomas
-
Philipp Thomas
-
Rajko M.
-
Randall R Schulz
-
Stefan Hundhammer