-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-08-07 at 14:31 -0400, Michael Letourneau wrote:
Yes true, not typically what is thought of executing though, and not really what my point was. My point was that everyone was talking about having to have the file be "executable" and executed in order to get infected. That is not true. If you actually have to execute it, thats a trojan, not really a virus.
Well, even if you get, say, a usb disk containing a program contaminated by a virus, or an email containing a virus, they are harmless till executed. Till that moment they are just data, bytes. A typical non boot sector virus, non macro virus, is a piece of code added somewhere to a executable file (program). When the program is executed the virus is also loaded (it is part of the program) and may try to infect or copy itself to system memory (independent of the "vector" program) and other programs too, in order to propagate. For instance, typically it would try to infect programs on removable media, watching the floppy drive for a victim. Now, a user would have to get that infected program in some way (usb disk, email, whatever) and execute it. A typical "well made" virus will use some method to autoexecute. The infection vector may be a trojan, like a cute screen blanker or Christmas card, but after that it behaves like a virus jumping from one executable to another. This process is more difficult in Linux. First, native linux email clients do not execute attachments by default: they need manual intervention by the user (they would act as a trojan). Some windows clients would execute them without user intervention (thus, acting as a virus). And Linux users don't usually carry executables on their removable media, AFAIK. Then the virus would have a harder time trying to contaminate other executables, except those of the user "running" the virus.
But again, in either of those cases not being root does not necessarily prevent your machine from being infected and/or the possible results thereof. Everyone remembers Melissa, http://www.cert.org/advisories/CA-1999-04.html, if that were designed for a Linux system, not being root would not stop/prevent it at all.
Ha! ] Our analysis of this macro virus indicates that human action (in the ] form of a user opening an infected Word document) is required for this ] virus to propagate. Virus or Trojan? Or social engineering? :-p All is not black and white... - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGubxbtTMYHG2NR9URAlFkAKCQfioXqLJJp9pD4fbo/NZ/ihNzPACeLZv3 sDpjPBmCqQHk6K0NOCciE3A= =zFA/ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org