[opensuse] Re: Who said Linux doesnot get Virus infections

newer
[opensuse] Recover data from...

older
[opensuse] GConf schema installer...

Joachim Schrod

22 Aug 2007 22 Aug '07

15:16

Sloan wrote:

...

It seems to be essentially one of the "honor system" viruses for unix, you know the drill:

1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not)

Let me propose another hilarious 5-step process: 1. Read the LWN.net security page. 2. Detect how many exploits are based on data files, and not on executables. just last week: pax, hdr file format, squirrelmail (read an email), xvid (look at a video), clamav (DoS attack), gpdf, firefox (too many bugs to enumerate), flash plugin, libgd (used in many applications), gimp, imlib2 (image loading), libvorbis, openoffice, xine (again, videos are cool), xpdf. 3. Stop feeling so smug. 4. Follow other exploit publications, security pages, and security mailing lists; detect how many privledge escalation exploits are out there. Understand that they can be triggered by remote exploits from step 2. 5. Start feeling numb when you read all the dumb posts in this thread that focus on executable programs that the user must run (because this is the prominent attack vector on Windows). It depends on your intelligence if you need to follow this through to the end or if you realize soon enough that from "downloading and running executables is not a relevant attack vector for Linux" does *NOT* follow "Linux is safe". In math, this is called the difference between equivalence and implication. Hmm, no, sorry; your post was not hilarious. It was not even funny. You didn't thought it was insightful, did you? Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Show replies by date

joe

22 Aug 22 Aug

16:11

Joachim Schrod wrote:

...

Sloan wrote:

...
It seems to be essentially one of the "honor system" viruses for unix, you know the drill:

1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not)

Let me propose another hilarious 5-step process:

1. Read the LWN.net security page.

2. Detect how many exploits are based on data files, and not on executables. just last week: pax, hdr file format, squirrelmail (read an email), xvid (look at a video), clamav (DoS attack), gpdf, firefox (too many bugs to enumerate), flash plugin, libgd (used in many applications), gimp, imlib2 (image loading), libvorbis, openoffice, xine (again, videos are cool), xpdf.

Of course, there are bugs and security holes everywhere, but you seem to have lost perspective - an important point is the severity of the "exploit". There is a big difference between "potential race condition resulting in a possible information leak" and the sort of complete machine takeover that is common in the windows world.

...

3. Stop feeling so smug.

You deleted my last paragraph, so I'll repeat it here: "Not to be cocky, there is some danger here, but it's a far cry from the ease with which windows systems are regularly pwned with no effort whatsoever on the part of the hapless user." <snip>

...

Hmm, no, sorry; your post was not hilarious. It was not even funny. You didn't thought it was insightful, did you?

I suppose it was about as hilarious as this posting of yours. Insightful? I never really thought of pointing out the obvious as being insightful, why do you ask? Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Marcel Mourguiart

16:13

New subject: [opensuse] Re: Who said Linux doesnot get Virus infections

2007/8/22, Joachim Schrod :

...

Sloan wrote:

...
It seems to be essentially one of the "honor system" viruses for unix, you know the drill:

1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not)

Let me propose another hilarious 5-step process:

1. Read the LWN.net security page.

2. Detect how many exploits are based on data files, and not on executables. just last week: pax, hdr file format, squirrelmail (read an email), xvid (look at a video), clamav (DoS attack), gpdf, firefox (too many bugs to enumerate), flash plugin, libgd (used in many applications), gimp, imlib2 (image loading), libvorbis, openoffice, xine (again, videos are cool), xpdf.

3. Stop feeling so smug.

4. Follow other exploit publications, security pages, and security mailing lists; detect how many privledge escalation exploits are out there. Understand that they can be triggered by remote exploits from step 2.

O'REALLY ? In which part is there a auto infection system, you know virus need to reproduce then self, you are talking about a troyan not a virus. But let say you are right and is easy to build a real virus in linux, so if is that's easy, why isn't there a virus yet. I mean Linux had a enormous base of servers installed, but hackers need to get in manually to take control of the machine and plant a spam server or anything else they want to do, if make a automatic virus is that easy, why they don't just do it ... ok, is because every body hate MS, yea right. -- Marcel Mourguiart -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Federico Mena Quintero

16:50

On Wed, 2007-08-22 at 17:16 +0200, Joachim Schrod wrote: Hi, Joachim,

...

It depends on your intelligence if you need to follow this through to the end or if you realize soon enough that from "downloading and running executables is not a relevant attack vector for Linux" does *NOT* follow "Linux is safe". In math, this is called the difference between equivalence and implication.

Hmm, no, sorry; your post was not hilarious. It was not even funny. You didn't thought it was insightful, did you?

It is evident that you know a lot more about security than most people. However, please don't ridicule people for knowing less than you do. Remember that the impression laypeople have of "Linux is more secure than anything else" is due to *our own fault*. We have trumpeted our security like if it were infallible, instead of telling people the truth. It is not their fault that they don't know things thoroughly. Cheers, and thanks for the good list of security references, Federico -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Joachim Schrod

17:46

...

...
...
...
...
"FMQ" == Federico Mena Quintero writes:

FMQ> On Wed, 2007-08-22 at 17:16 +0200, Joachim Schrod wrote: FMQ> Hi, Joachim,

...

...
It depends on your intelligence if you need to follow this through to the end or if you realize soon enough that from "downloading and running executables is not a relevant attack vector for Linux" does *NOT* follow "Linux is safe". In math, this is called the difference between equivalence and implication.

Hmm, no, sorry; your post was not hilarious. It was not even funny. You didn't thought it was insightful, did you?

FMQ> It is evident that you know a lot more about security than most FMQ> people. However, please don't ridicule people for knowing less FMQ> than you do. I ridiculed him (or her?) because this was an answer to a post that *cited* me, where I already mentioned that the most problematic attack vector on Unix is data and and not programs. In fact, I mentioned that twice already in this thread over the last two weeks. Since I didn't come through with my original sober remarks, I thought that I need to step up the flamethrower a small notch and repeat my message with more color. And obviously it worked this time; you are the 2nd who replies... If the GP thinks that this is a personal flame, my apologies. I wanted to ridicule his stated opinions, not him as a person. FMQ> Cheers, and thanks for the good list of security references, You're welcome. ;-) Actually, for security non-pros, LWN.net's security page is one of the best information sources concerning current Linux vulnerabilities. It is a bit sad that SUSE is listed with so few alerts and vuln repairs there. If anybody is more concerned about current vulnerabilities beyond Linux, without having the time to read bugtraq et.al., I can only recommend the weekly SANS security alert "@RISK": http://www.sans.org/newsletters/?portal=2cef83944a34033fcbabdb9b8fc80c76#ris... The Critical Vulnerability Analysis and the Security Alert Consensus have merged to become @RISK: The Consensus Security Alert. Delivered every Monday morning, @RISK first summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them, and then adds a unique feature: a summary of the actions 15 giant organizations have taken to protect their users. @RISK adds to the critical vulnerability list a complete catalog of all the new security vulnerabilities discovered during the past week. Thus in one bulletin, you get the critical ones, what others are doing to protect themselves, plus a complete list of the full spectrum of newly discovered vulnerabilities. The summary is not so interesting for us Linux folks, as it concentrates on Windows vulnerabilities, but the list of new vulnerabilities is really great. For people who work in this area, a week's notice is too long. But there are many who have not so pressing time constraints, and for them this is a great information resource to have. Cheers, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

John E. Perry

17:08

Joachim Schrod wrote:

...

... Let me propose another hilarious 5-step process:

1. Read the LWN.net security page.

OK, so I did.

...

2. Detect how many exploits are based on data files, and not on executables. just last week: ...

Not a single exploit listed. Many vulnerabilities, almost all qualified as "user-assisted" or "local.

...

3. Stop feeling so smug.

I know of no one who's "feeling smug" -- except maybe you?

...

4. Follow other exploit publications, security pages, and security mailing lists; detect how many privledge escalation exploits are out there. Understand that they can be triggered by remote exploits from step 2.

I do, frequently, and in every case, it's the same -- zero exploits, many vulnerabilities, almost all qualified as "user-assisted". All with solutions or planned solutions. And all found by professionals doing good work -- not by bad guys looking to do harm. Contrast that with the Microsoft situation.

...

5. Start feeling numb when you read all the dumb posts in this thread that focus on executable programs that the user must run (because this is the prominent attack vector on Windows).

Actually, I can only feel irritated at the one hysteria-monger who can't see the difference between good work finding and characterizing vulnerabilities and poor work reacting to exploits of vulnerabilities swept under the rug. John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Kai Ponte

18:22

On Wednesday 22 August 2007 10:08, John E. Perry wrote:

...

Joachim Schrod wrote:

...
... Let me propose another hilarious 5-step process:

1. Read the LWN.net security page.

OK, so I did.

...
2. Detect how many exploits are based on data files, and not on executables. just last week: ...

Not a single exploit listed. Many vulnerabilities, almost all qualified as "user-assisted" or "local.

...
3. Stop feeling so smug.

I know of no one who's "feeling smug" -- except maybe you?

I feel smug. Or was that smog? *looks outside at brown air...* Okay, maybe that *was* smog. Nevermind. -- kai ponte www.perfectreign.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Ken Jennings

23 Aug 23 Aug

00:47

On Wednesday 2007-08-22 11:16, Joachim Schrod wrote:

...

Sloan wrote:

...
It seems to be essentially one of the "honor system" viruses for unix, you know the drill:

1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not)

Let me propose another hilarious 5-step process:

Allow me to propose a one step process: 1) You explain why every linux/unix/*ix box on the planet is not owned by hackers and spammers while so many possible exploits exist. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

6095

Age (days ago)

6096

Last active (days ago)

List overview

Download

7 comments

7 participants

participants (7)

Federico Mena Quintero
Joachim Schrod
joe
John E. Perry
Kai Ponte
Ken Jennings
Marcel Mourguiart