This is a comprehensive anti-virus defense system for Linux workstations. The program is compatible with all of the most popular Linux versions. http://linux.tucows.com/internet/preview/251301.html ________________________________________________________________ Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com
Is it possible to have viruses in linux? never heard of that before! Carl William Spitzer IV <cwsiv@juno.com> wrote:This is a comprehensive anti-virus defense system for Linux workstations. The program is compatible with all of the most popular Linux versions. http://linux.tucows.com/internet/preview/251301.html ________________________________________________________________ Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com --------------------------------- Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, and more
jvollmer@visi.com
Is it possible to have viruses in linux? never heard of that before! Carl William Spitzer IV <cwsiv@juno.com> wrote:This is a comprehensive anti-virus defense system for Linux workstations. The program is compatible with all of the most popular Linux versions. http://linux.tucows.com/internet/preview/251301.html
As I understand it, Linux is resistant to viruses as long as you don't execute code containing a virus as root. Likewise for trojans. If you want to check for viruses, you can install Antivir/Linux which should be on your distro CDs. You might also want to check for rootkits. Get chkrootkit-0.39a.tgz off of <http://www.chkrootkit.org>. -- JAY VOLLMER JVOLLMER@VISI.COM TEXT REFS DOUBLEPLUSUNGOOD SELFTHINK VERGING CRIMETHINK IGNORE FULLWISE
On Mon, 24 Feb 2003 16:03:27 -0800 (PST) Minimochi <minimochi2003@yahoo.com> wrote:
Is it possible to have viruses in linux? never heard of that before!
All of these anti-virus programs for linux, are for scanning windows files, from linux, especially mail. The threat to linux is growing however, do a search on http://freshmeat.net for the "linux virus writing howto". There are ways to attack elf files, but they do not spread easily as in the windows OS. Don't sweat yet, it's still very hard to do, and you are more likely to get a worm or trojan from precompiled rpm's from unknown sources. I worry alot about that. I assume the big distributions are pretty honest, but they could easily slip back doors into their rpms if they wanted( or were secretly asked to by governments, in the "interest of national security", of course.). If they do try it, they will probably do a very good job of it, since they aren't hackers, they can afford the best programmers. So things would be well hidden, and you would have to be very smart to detect it. Probably alot of assembly level stuff, writing invisible files to empty disk space, and reading it off when you go online. Hmm, sounds like WindowsXP, :-). --use Perl; #powerful programmable prestidigitation
On Tuesday 25 February 2003 00:41, zentara wrote:
Don't sweat yet, it's still very hard to do, and you are more likely to get a worm or trojan from precompiled rpm's from unknown sources. I worry alot about that. I assume the big distributions are pretty honest, but they could easily slip back doors into their rpms if they wanted( or were secretly asked to by governments, in the "interest of national security", of course.).
If they do try it, they will probably do a very good job of it, since they aren't hackers, they can afford the best programmers. So things would be well hidden, and you would have to be very smart to detect it. Probably alot of assembly level stuff, writing invisible files to empty disk space, and reading it off when you go online. Hmm, sounds like WindowsXP, :-).
Question... how could they do this and still get away with it... they have to provide the source code and it would only take someone to compile the source code and get different code to that supplied in the precompiled binary rpm for the gaff to be blown... If they provided the code with the actual back door in it then someone who was curious could easily stumble on it as well. Putting backdoors into an entirely binary, closed source, operating system is a whole different kettle of fish... -- Paul Cooke Registered Linux user 273897 Machine registration number 156819 Linux Counter: Home Page = http://counter.li.org/
On Tuesday 25 February 2003 19:54, Paul Cooke wrote:
On Tuesday 25 February 2003 00:41, zentara wrote:
If they do try it, they will probably do a very good job of it, since they aren't hackers, they can afford the best programmers.
Hm, well :)
So things would be well hidden, and you would have to be very smart to detect it. Probably alot of assembly level stuff, writing invisible files to empty disk space, and reading it off when you go online. Hmm, sounds like WindowsXP, :-).
Question... how could they do this and still get away with it... they have to provide the source code and it would only take someone to compile the source code and get different code to that supplied in the precompiled binary rpm for the gaff to be blown...
Ken Thompson revealed that he introduced a backdoor into the standard unix login program. This was when unix was open source, before AT&T decided they could make money from selling it. Check out his confession at http://www.acm.org/classics/sep95/ If you have the compiler, and you're good enough, there's nearly nothing you can't do In the end you just have to decide to trust somebody. In my case I have decided to trust SuSE, not because I know them (I don't) but because if I can't trust a reputable company like them, I might as well give up, sell my computers and go live in a cave. Note that this doesn't mean their code is necessarily safe. All code has bugs, and backdoors could be introduced upstream. There's just no way SuSE, or anyone else, could go through every line of code in all their thousands of rpms. But I want to believe that they wouldn't do anything voluntarily, and that they are "on my side" and are struggling to keep their code clean. Anders
On Tue, 25 Feb 2003 18:54:21 +0000 Paul Cooke <paul.cooke100@blueyonder.co.uk> wrote:
On Tuesday 25 February 2003 00:41, zentara wrote:
Don't sweat yet, it's still very hard to do, and you are more likely to get a worm or trojan from precompiled rpm's from unknown sources. I worry alot about that. I assume the big distributions are pretty honest, but they could easily slip back doors into their rpms if they wanted( or were secretly asked to by governments, in the "interest of national security", of course.).
If they do try it, they will probably do a very good job of it, since they aren't hackers, they can afford the best programmers. So things would be well hidden, and you would have to be very smart to detect it. Probably alot of assembly level stuff, writing invisible files to empty disk space, and reading it off when you go online. Hmm, sounds like WindowsXP, :-).
Question... how could they do this and still get away with it... they have to provide the source code and it would only take someone to compile the source code and get different code to that supplied in the precompiled binary rpm for the gaff to be blown... If they provided the code with the actual back door in it then someone who was curious could easily stumble on it as well.
Putting backdoors into an entirely binary, closed source, operating system is a whole different kettle of fish...
Well I said the danger is in the precompiled binaries. Even with the source code, how many people actually check every line of c code? All they have to do to mess up the binary rpm, is to alter the source code and recompile the rpm, then put the "untouched good source" into the source rpms. So you go get the source rpm and it looks clean, but you have a tampered binary. How many people are just installing binary rpms without question? Do they get the source rpm's and do a check? Probably less .01 percent. Another worry which is gaining attention is switching DNS servers to feed you bad code. Say for instance, some evil person on the network, knows you go to "such and such mirror" to get your binary rpms. When you login they could redirect to a bogus nameserver, which will send you to a "bogus mirror" of the real site, filled with tampered rpms. Then once they know you've downloaded their worm, they let you connect again to the real site. The original site is totally innocent. How often do you check the md5sums of the files you download from a mirror, against the md5sums listed on the original server? With all the electronic switching going on, some agent in Washington, can issue a signal, so that when you call a number to your ISP, you are actually being switched to a big phony ISP, which simulates your ISP, and can redirect you to bogus DNS servers, and possibly gain peer-2-peer access into your computer. I'm not saying it's happening, but it's a real danger. Furthermore, we are all taught to trust the authorities starting in gradeschool, so suggestions of the above, is usually met with shouts of "the government wouldn't do that !!". Which makes it harder to discuss. -- use Perl; #powerful programmable prestidigitation
----- Original Message ----- From: "zentara" <zentara@zentara.net> To: <suse-linux-e@suse.com> Sent: Tuesday, February 25, 2003 1:50 PM Subject: Re: [SLE] [OT] backdoors in GPL'd code. Unlikely. - was Re: [SLE] Kaspersky Anti-Virus for Linux Workstation
How many people are just installing binary rpms without question? Do they get the source rpm's and do a check? Probably less .01 percent.
But that's probably enough to make it unlikely (certainly not impossible) with getting away with a back door. Most people just install the RPMs and go. But, we both know that there are some people that are paranoid enough to check EVERYTHING. Read the PGP boards if you have any doubts - some of these people see conspiracies in everything. All it would take to reveal the back door would be for ONE person to see it there. Even though I believe that some of these people are paranoid, they are providing a valuable service. After all, just because they're paranoid doesn't mean that no one is out to get them. <g>
On Tuesday 25 February 2003 22:07, Michael Satterwhite wrote:
Most people just install the RPMs and go. But, we both know that there are some people that are paranoid enough to check EVERYTHING.
Unfortunately that's almost completely impossible. Did you read the link I posted?
The 03.02.25 at 14:50, zentara wrote:
Another worry which is gaining attention is switching DNS servers to feed you bad code. Say for instance, some evil person on the network, knows you go to "such and such mirror" to get your binary rpms. When you login they could redirect to a bogus nameserver, which will send you to a "bogus mirror" of the real site, filled with tampered rpms. Then once they know you've downloaded their worm, they let you connect again to the real site. The original site is totally innocent. How often do you check the md5sums of the files you download from a mirror, against the md5sums listed on the original server?
I have been analysing how YOU works, and I know it runs this test after it downloads a patch (on all of them), and before trying to install any of them: rpm --checksig /usr/local/update/i386/update/8.1/rpm/i586/arts-1.0.4-4.i586.patch.rpm According to the rpm man page: SIGNATURE CHECKING The general form of an rpm signature check command is rpm --checksig <package_file>+ This checks the PGP signature of package <package_file> to ensure its integrity and origin. PGP configuration infor mation is read from configuration files. See the section on PGP SIGNATURES for details. Thus, that man in the middle attack has been thought off :-)
With all the electronic switching going on, some agent in Washington, can issue a signal, so that when you call a number to your ISP, you are actually being switched to a big phony ISP, which simulates your ISP, and can redirect you to bogus DNS servers, and possibly gain peer-2-peer access into your computer.
Telephone (POT) is old technology - I worked in that field - and the exchanges are not networked, not in the sense we do with PCs (it knows no tcp/ip, for example). To do such a reroute you need full cooperation of the telephone company and their technicians. It is not as simple as "giving a signal from outside". -- Cheers, Carlos Robinson
On Wed, 26 Feb 2003 02:58:54 +0100 (CET) "Carlos E. R." <robin1.listas@tiscali.es> wrote:
With all the electronic switching going on, some agent in Washington, can issue a signal, so that when you call a number to your ISP, you are actually being switched to a big phony ISP, which simulates your ISP, and can redirect you to bogus DNS servers, and possibly gain peer-2-peer access into your computer.
Telephone (POT) is old technology - I worked in that field - and the exchanges are not networked, not in the sense we do with PCs (it knows no tcp/ip, for example). To do such a reroute you need full cooperation of the telephone company and their technicians. It is not as simple as "giving a signal from outside".
Hmmm, there is an ongoing argument going on right now concerning legislation which allows federal agents to initiate instant wire taps from their personal computers. I guess they want it, because crooks are using multiple different cell phones to foil conventional taps. That means there is a way for outside computers to manipulate the electronic switches at the phone company. Now initiating a tap, may not be the same as redirecting a call to a different number, but it's getting close. Plus who knows what they are'nt telling us? The secrecy involved in all this is suspicious in itself, knowing that the government usually is using technology which is 20 years ahead of what the public is aware of. It's just something to be aware of, as we move into "The Age of Big Brother". To get a glimpse of what they are currently "talking about": http://www.eff.org/Privacy/Surveillance/CALEA/meeks_wiretap.article http://hotwired.lycos.com/clipper/privacy.epic.html Now this is what they are telling the public. What have the super-secret agencies been doing already? -- use Perl; #powerful programmable prestidigitation
In a previous message, zentara wrote:
the government usually is using technology which is 20 years ahead of what the public is aware of.
This sort of thing really wicks me off. Secret services might have particularly advanced tech *in* *certain* *areas*, but this will be very limited in its scope. It's not like our governments have quantum computers and are snooping on all our encrypted messages, or phasers with stun and kill settings, or silly stuff like that. Also, when it comes to interfering with public communications, they have to deal with public machinery, which is known and understood by the companies that implement it, so no matter how "advanced" their secrets, they still have to deal with the "primitive" stuff that we actually use. John -- John Pettigrew Headstrong Games john@headstrong-games.co.uk Fun : Strategy : Price http://www.headstrong-games.co.uk/ Board games that won't break the bank Knossos: escape the ever-changing labyrinth before the Minotaur catches you!
The 03.02.26 at 07:22, zentara wrote:
Telephone (POT) is old technology - I worked in that field - and the exchanges are not networked, not in the sense we do with PCs (it knows no tcp/ip, for example). To do such a reroute you need full cooperation of the telephone company and their technicians. It is not as simple as "giving a signal from outside".
Hmmm, there is an ongoing argument going on right now concerning legislation which allows federal agents to initiate instant wire taps from their personal computers. I guess they want it, because crooks are using multiple different cell phones to foil conventional taps.
That's different: from the control center I could tap any conversation for listening, but randomly. If you want to listen to a particular phone call, unless you have access to one of the two subscriber's exchanges, it is way more dificult to tap; the reason is the circuit used is random, and sometimes the route as well. It takes some time to determine the route a particular conversation is using, the exchanges were not designed for that. But, if you have control of the local exchange, you can do anything, and it is undetectable from outside. As for GSM mobile, I don't know.
That means there is a way for outside computers to manipulate the electronic switches at the phone company.
Although digital exchanges are computers at heart, they are not designed to be controlled by computer network - at least the system I know, the 5 -. It is controlled by rs232 terminals and x.25 point to point conections. External control is not so easy, it wasn't designed for that originally.
Now initiating a tap, may not be the same as redirecting a call to a different number, but it's getting close. Plus who knows what they are'nt telling us? The secrecy involved in all this is suspicious in itself, knowing that the government usually is using technology which is 20 years ahead of what the public is aware of.
I do know that here (Spain), and on the telcos I worked for, it wasn't done. I would have known :-) - unless by brute approach, ie, tapping every single transmision, somewhere in the fiber network or microwave relays (TX/RX is not encrypted). For the second thing, I wouldn't be surprised the USA has the technology for it, and that it is actually doing it continously "abroad".
Now this is what they are telling the public. What have the super-secret agencies been doing already?
I think we are getting way, way off topic O:-) -- Cheers, Carlos Robinson
----- Original Message ----- From: "Minimochi" <minimochi2003@yahoo.com> To: "Carl William Spitzer IV" <cwsiv@juno.com>; <oclug@oclug.org> Cc: <suse-linux-e@suse.com> Sent: Tuesday, February 25, 2003 12:03 AM Subject: Re: [SLE] Kaspersky Anti-Virus for Linux Workstation
Is it possible to have viruses in linux? never heard of that before! Carl William Spitzer IV <cwsiv@juno.com> wrote:This is a comprehensive
anti-virus defense system for Linux workstations.
The program is compatible with all of the most popular Linux versions. http://linux.tucows.com/internet/preview/251301.html
<chop> As far as I know, the anti-virus software is to protect Windows machines __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
----- Original Message ----- From: "Minimochi" <minimochi2003@yahoo.com> To: "Carl William Spitzer IV" <cwsiv@juno.com>; <oclug@oclug.org> Cc: <suse-linux-e@suse.com> Sent: Tuesday, February 25, 2003 12:03 AM Subject: Re: [SLE] Kaspersky Anti-Virus for Linux Workstation
Is it possible to have viruses in linux? never heard of that before! Carl William Spitzer IV <cwsiv@juno.com> wrote:This is a comprehensive
anti-virus defense system for Linux workstations.
The program is compatible with all of the most popular Linux versions. http://linux.tucows.com/internet/preview/251301.html
<chop>
As far as I know, the anti-virus software is to protect Windows machines
Viruses CAN happen. The only difference is that the virus will run with the effective permissions of the user that opened it. As we all know normal users cant do TOO much, so viruses would only damage your personal files and not any important system files. Don't rule out trojans either. As a normal user you can still bind a program to an unpriveleged TCP port. That would give a hacker a bit of time to log in and crack your root account. Then again hackers can be a lazy folk and craking the root account on a desktop probably wouldnt be worth their while. -- #------------------------ #Eric Bambach #Eric@CISU.net #------------------------
Likely its to protect windoze boxes from virual loads sent via email. Remember the backbone of the net is Unix yet viruses spread. They spread because they dont harm unix but harmlessly pass through and deliver trouble to windoze boxes. If they infected the backbone a part of it would go down and the spread would stop there. Likely your typical office uses windows but could use a *nix firewall to protect the office. </politics on> Consider your private attorney communications leaking out if a government sends a backoffice trigger. As of this time I dont know of anyone working on such a project. These days liberty is at its greatest risk due to the War on Islam lead by America. Its for us Nerds to fight by testing and improving the protections for electronic liberty. </politics off> CWSIV On Mon, 24 Feb 2003 16:03:27 -0800 (PST) Minimochi <minimochi2003@yahoo.com>
Is it possible to have viruses in linux? never heard of that before!
Carl William Spitzer IV <cwsiv@juno.com> wrote:This is a comprehensive anti-virus defense system for Linux workstations. The program is compatible with all of the most popular Linux versions. http://linux.tucows.com/internet/preview/251301.html
________________________________________________________________ Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com
On Sunday 02 March 2003 22:59 pm, Carl William Spitzer IV wrote:
Likely its to protect windoze boxes from virual loads sent via email. Remember the backbone of the net is Unix yet viruses spread. They spread because they dont harm unix but harmlessly pass through and deliver trouble to windoze boxes. If they infected the backbone a part of it would go down and the spread would stop there. Likely your typical office uses windows but could use a *nix firewall to protect the office.
</politics on> Consider your private attorney communications leaking out if a government sends a backoffice trigger. As of this time I dont know of anyone working on such a project. These days liberty is at its greatest risk due to the War on Islam lead by America. Its for us Nerds to fight by testing and improving the protections for electronic liberty. </politics off>
CWSIV
You were doing just fine, til you had to bring that crap up. Keep your derned 'political beliefs' to yourself. Either that, or come on over here to the States and do me a big favor...jump in front of the next plane/jet/bomb. John
On Monday 03 March 2003 06:59 am, Carl William Spitzer IV wrote:
Likely its to protect windoze boxes from virual loads sent via email. Remember the backbone of the net is Unix yet viruses spread. They spread because they dont harm unix but harmlessly pass through and deliver trouble to windoze boxes. If they infected the backbone a part of it would go down and the spread would stop there. Likely your typical office uses windows but could use a *nix firewall to protect the office.
</politics on> Consider your private attorney communications leaking out if a government sends a backoffice trigger. As of this time I dont know of anyone working on such a project. These days liberty is at its greatest risk due to the War on Islam lead by America. Its for us Nerds to fight by testing and improving the protections for electronic liberty.
I hate to discuss politics and I know that this is not the proper place for such a discussion but I can't help rephrasing what you write here: "These days liberty is at its greatest risk simply because some crazy people find pleasure in killing innoscent people by the thousands by crashing planes in buildings and putting bombs in buses. It is the duty of everybody around the world - including us "Nerds" - to fight back in order to protect our freedom & civilization against these acts by all means."
</politics off>
CWSIV
On Mon, 24 Feb 2003 16:03:27 -0800 (PST) Minimochi <minimochi2003@yahoo.com>
Is it possible to have viruses in linux? never heard of that before!
Carl William Spitzer IV <cwsiv@juno.com> wrote:This is a comprehensive anti-virus defense system for Linux workstations. The program is compatible with all of the most popular Linux versions. http://linux.tucows.com/internet/preview/251301.html
________________________________________________________________ Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com
-- Panos Platon Tsapralis, SAP-R/3 specialist, ABAP/4 developer, Registered Linux User #305894, Athens, GREECE, e-mail: panosplaton@in.gr, panosplaton@hotmail.com ____________________________________________________________ Do You Yahoo!? Αποκτήστε τη δωρεάν @yahoo.gr διεύθυνση σας στο http://www.otenet.gr
participants (13)
-
Anders Johansson -
Carl William Spitzer IV -
Carlos E. R. -
Eric -
Jay Vollmer -
John -
John Pettigrew -
Linux World 999 -
Michael Satterwhite -
Minimochi -
Panos Platon Tsapralis -
Paul Cooke -
zentara