Mailinglist Archive: opensuse (2803 mails)
| < Previous | Next > |
Re: [opensuse] Re: A BIG "show stopper" for openSUSE at the?corporate level anyway!!
- From: Lars Marowsky-Bree <lmb@xxxxxxx>
- Date: Thu, 17 Jul 2008 18:06:59 +0200
- Message-id: <20080717160659.GI11785@xxxxxxxxxxxxxxxx>
On 2008-07-13T16:48:03, John Andersen <jsamyth@xxxxxxxxx> wrote:
Binary trojans, if downloaded, are the same - if the user downloads and
installs a binary from some untrusted source, they are vulnerable. That
we don't see so many of those happening appears to be more of a social
line of defense (users not as stupid and prefering to use "official"
repos) than a technical one.
For trojans in openoffice documents for example, I'd dare say that
technically, that's just as vulnerable as on Windows.
True. But weaknesses exist in webbrowsers, and we've had exploitable
PNGs, flash, java, ...
Sure, Linux is good, but it's not perfect, and I think we should not
rest on our achievements, but need to be careful to stay ahead.
Regards,
Lars
--
Teamlead Kernel, SuSE Labs, Research and Development
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
It's true that a traditional system setup has difficulty in spreadingWhy do you say the system is just as vulnerable against/to trojans
viruses, but against trojans the system is just as vulnerable; and local
root exploits are not that rare, either.
Trojans usually involve a replacement module for a system module.
To get a trojan to work on linux, you have to:
1) Convince someone to download it,
2) put it in the path (usually ~/bin)
3) mark it executable
Binary trojans, if downloaded, are the same - if the user downloads and
installs a binary from some untrusted source, they are vulnerable. That
we don't see so many of those happening appears to be more of a social
line of defense (users not as stupid and prefering to use "official"
repos) than a technical one.
For trojans in openoffice documents for example, I'd dare say that
technically, that's just as vulnerable as on Windows.
Local root exploits generally require the same. You have to get
something to execute before it can exploit any pre-existing
root weakness.
True. But weaknesses exist in webbrowsers, and we've had exploitable
PNGs, flash, java, ...
Sure, Linux is good, but it's not perfect, and I think we should not
rest on our achievements, but need to be careful to stay ahead.
Regards,
Lars
--
Teamlead Kernel, SuSE Labs, Research and Development
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |