Mailinglist Archive: opensuse-kde (132 mails)

< Previous Next >
Re: [suse-kde] Installing F-PROT Virus Scanner
  • From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 26 Jul 2002 10:27:49 +0200
  • Message-id: <200207261027.49739.andjoh@xxxxxxxxxxxxxxxxxxxxx>
On Friday 26 July 2002 05.26, Carl wrote:
> I think most of us run binaries from
> untrusted sources. It's a fact of life. Time to update thinking.

If you download a binary from an anonymous website, with no knowledge whatever
of the person that put it there, you have no way of knowing what that binary
will do. No antivirus software in the world will protect you from "rm -rf
$HOME/*" or similar.

On the other hand, if you compile from source, odds are you'd be safe.
Especially if you stick to software you know others are running. I've never
heard of a virus being distributed in source form (except for proof of
concept viruses, clearly marked as such of course). In the linux world, too
many people know how to read source code that such a virus/trojan would stand
next to no chance of survival.

I run binaries from SuSE, Netscape, AOL, Yahoo and a few other places. My
thinking is that a) if I can't trust them at least I can sue, and b) so many
other people are looking very intensely at those programs that if there were
malicious content it will be discovered and those companies can do without
the bad publicity inherent in such a scandal. But I would never run a binary
I found on a web site somewhere. And if you ran something you got in the mail
you shouldn't be allowed to own a computer.

> Here's an example of an email which uses <iframe> in the message to
> *instantly*execute*the*attachment*:
> <iframe src=cid:Ule09MxWJ6a042KKL3l height=0 width=0>
> </iframe>
> No consideration allowed...

That is a well known Outlook/IE bug. I said linux mail clients.

> Don't use HTML, as many of us do? Maybe you click the attach in a moment
> of fatigue or distraction.

I tried sending myself an executable attachment, just to see how kmail would
handle it. To get it to execute I had to save it to disk, chmod it to allow
execution, and execute it manually. I'd have to be pretty "fatigued" to do
that by accident.

And if anyone ever makes an email client for linux that allows people to
execute attachments easily I hope they are tarred and feathered, as they
deserve to be.

But a company sysadmin could just mount /home and /tmp with the noexec flag.
Then you'd definitely be rid of users' disregarding security policy.

> Well you should be running =something=.

Absolutely. Something along the lines of tripwire is excellent advice.
Learning at least a little about security is another. Getting an antivirus
program and thinking you're safe after that is just fooling yourself. That
way Microsoft lies.


< Previous Next >