zentara wrote:
Germano Rizzo wrote:
Hi, I often hear that the greatest number of virus (or viri?) works only in DOS/Win, but I see that in SuSE is included an antivirus. Are there virus in Linux? How diffused and dangerous are them? Mano :)
The anti-virus software included with suse is meant to scan for dos/windows viruses. I remember there was one or two viruses developed to attack linux. They were developed as an educational exercise, were GPL'd, and are not a threat. You could do a web search to find them.
Trojans are a real threat to linux. These would be things like keystroke recorders, password scanners, etc., that you might get as part of a binary package. The best thing to do is never run anything as root, and install a package called Tripwire. Tripwire keeps track of whether any system binary has been changed. If it has changed, you have to wonder who did it and how?
Another good thing is to get used to compiling your own binaries. Of course, source code could have trojan code included, but it is more likely that someone will spot it, and send out warnings.
The last warning I've seen, was that one version of SSH, "secure-shell" had a backdoor in it.
Many of the paranoid amoung us believe that knowledgable people can get into your system while you are on the internet. Who knows? I do make it a practice to disconnect when my system seems to "lockup" online. I have seen some strange changes in my system after being online for prolonged periods. Maybe someone knows how to hack thru pppd?
There are more than viruses to worry about. --
In addition to what zentara said, crackers download "root kits" from cracker sites. These kits allow crackers to take advantage of systems that have poor security measures in place. The first thing that is replaced is the program called "ls". The cracker version is slightly larger and has a filter that doesn't allow the cracker's other programs to display on directory lists. Other key programs are replaced by clones that help mask the cracker's intrusion. People that run as root all the time, or have lots of programs marked suid (rather than setting appropriate paths and using shadow passwords) are most susceptible. However, I've been running Linux for about a year now and I spend anywhere from 60-120 hours per month on the Internet, and I have not seen any evidence of intrusion on my system. It is nothing to brag about to crack into some newbie's system, and bragging points is what cracking is all about - one giant ego trip for the walter mittie's of the world. -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>