[MLB-WIRELESS] Virus risks on Linux?
Tony Langdon
tlangdon at atctraining.com.au
Wed Oct 9 10:02:31 EST 2002
not true. Standard RedHat 7.3, by default, has way more scripting languages
than windows will ever have.
Also, functionality of mail readers for Linux approaches, and in some areas
surpasses what windows offers.
The difference is - scripting langauages for Linux are 'abstracted' from the
operating system, making it difficult to wreak any real harm, whereas in
windows these scripting languages are a fundamental part of the O/S, and
therefore have read/write permission for everything. This is a foolish
scenario of course as any virus writer has free-run of the system once he is
past the initial hurdle - getting the email onto the users' desktop.
You've put it better than I have, in that it's the way in which Microsoft
has implemented the scripting support that is so dangerous, whereas Linux
scripts aren't able to access the OS itself, unless you give them that
permission.
It is daft to run *any* program as root, unless it is gauranteed secure -
which it rarely is, hence the regular 'vulnerabilites' type updates we see
for Linux distros.
And it's this sort of constant reminding that is the reason Linux users do
generally setup a user account and work from there, as well as the ease of
switching to root, if you need to tweak the system. So let's keep it up,
nothing like encouraging good habits. :)
"end user" software *never* runs as root unless a. the system is not
connected to *any* network, b. you are happy with destroying your system
with a single typo (done it 3 times myself) or c. you just like living
dangerously.
Much the same here. :)
of course, as you suggest, non-root processes have a very limited
opportunity to do harm.
Unless they can exploit a local root hole in something on the system...
(Download patches, I hear you say :) )
For a pure Linux environment, there's no real need for a traditional virus
scanner.... yet. That may change one day, if more virus writers target
Linux.
agreed. I think the hax0r community will be less inclined to destroy an
open-source operating system. Many folks (even non-crackers) consider
microsoft to be equivalent to the tax-man, and could not care less if
microsoft were targetted. Linux is a community-owned system, and is less
likely to be actively targetted.
I have run Linux for 3 years or so (no windows in our house) I have never
been touched by any virus/attack/anything, and I'm on the net 24/7.
I have *recieved* a few viruses, but simply deleted them.. <shrug>
viruses, today, are irrelevant to Linux.
Agreed, in the case of viruses as Windows users know them. However, worms
are a different matter, but the methods for preventing worm infestation are
generally good administration practice (disable unecessary services and keep
software up to date, as well as judicious use of iptables/ipchains/etc).
---
Outgoing mail has been scanned for Viruses
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus Database: 223 - Release Date: 30/09/2002
This correspondence is for the named persons use only. It may contain
confidential or legally privileged information or both. No confidentiality
or privilege is waived or lost by any mistransmission. If you receive this
correspondence in error, please immediately delete it from your system and
notify the sender. You must not disclose, copy or rely on any part of this
correspondence if you are not the intended recipient.
Any opinions expressed in this message are those of the individual sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wireless.org.au/pipermail/melbwireless/attachments/20021009/ae7f4e45/attachment.html>
More information about the Melbwireless
mailing list