2007/8/22, Joachim Schrod <jschrod@acm.org>:
Sloan wrote:
It seems to be essentially one of the "honor system" viruses for unix, you know the drill:
1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not)
Let me propose another hilarious 5-step process:
1. Read the LWN.net security page.
2. Detect how many exploits are based on data files, and not on executables. just last week: pax, hdr file format, squirrelmail (read an email), xvid (look at a video), clamav (DoS attack), gpdf, firefox (too many bugs to enumerate), flash plugin, libgd (used in many applications), gimp, imlib2 (image loading), libvorbis, openoffice, xine (again, videos are cool), xpdf.
3. Stop feeling so smug.
4. Follow other exploit publications, security pages, and security mailing lists; detect how many privledge escalation exploits are out there. Understand that they can be triggered by remote exploits from step 2.
O'REALLY ? In which part is there a auto infection system, you know virus need to reproduce then self, you are talking about a troyan not a virus. But let say you are right and is easy to build a real virus in linux, so if is that's easy, why isn't there a virus yet. I mean Linux had a enormous base of servers installed, but hackers need to get in manually to take control of the machine and plant a spam server or anything else they want to do, if make a automatic virus is that easy, why they don't just do it ... ok, is because every body hate MS, yea right. -- Marcel Mourguiart -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org