On 10/12/09 18:12, ianseeks wrote:
On Thursday 10 Dec 2009 01:29:59 Basil Chupin wrote:
I originally posted this in offtopic but think that this would be of interest to more people than just those frequenting offtopic.
*No operating system can ever properly protect a computer from trojans as long as users continue to do silly things. Just because Linux is immune to your standard drive-by viruses it does not mean that it can escape trojan horses.*
The latest reminder to be vigilant comes via the users unfortunate enough <http://ubuntuforums.org/showthread.php?t=1349678> to download and install a malicious screensaver from gnome-look.org <http://www.gnome-look.org/content/show.php/WaterFall+Screensaver?content=1 16772>.
Although the malicious content is now removed, the code fragments left show what the trojan's potential may have been.
The program inserted a bash script into |/usr/bin/| by using |wget| and then executing the script. Originally the script's contents were a ping command but this was later changed to:
..................
http://www.zdnet.com.au/blogs/null-pointer/soa/Carelessness-busts-Linux-sec urity/0,2001102868,339299939,00.htm?feed=rss
BC
Lets hope there is someone on the KDE related download sites checking for people trying to insert malware into their programs.
It is rather disappointing that nobody from Novell/openSUSE has bothered to respond to this because I raised (again), indirectly, this question about the security of Linux in my repost (see, REPOST: Most interesting.... etc) a couple of days ago in this forum. As my REPOST message states, the question of security was not fully pursued - after it was claimed that permissions can be changed even within a user's environment. The question raised in the kubuntu forum also did not attract a response from those offering kubuntu to its audience. The security question there also remains unanswered - the same as here I have to say. I can understand why security issues, what they are and how they could be compromised, should not be publicly discussed but I cannot see why questions about security have to only be answered by ordinary users in this, or other similar fora, without somebody from the producers of the OS - in this case, openSUSE - cannot state what the "official" response is about how 'their' OS is not subject to being compromised. I think that you can get the gist of what I am talking about....(Which is something along-the-lines of getting a response from somebody who has a genuine and recognisable monicker directly linking her/him to Novell's ownership of openSUSE.) It really is like the argument going on the present time between those who claim that there is global warming and those who claim that there is no such thing. While the former keep quoting scientific papers which have been peer-reviewed, the latter can only quote blogs, lobbyists' ravings and newspaper articles. BC -- If you don't succeed you run the risk of failure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org