Re: Viruses

From: Ryan Leduc <leduc control toronto edu>
To: gnome-list <gnome-list gnome org>
Subject: Re: Viruses
Date: Tue, 06 Jul 1999 18:39:34 -0400
Bruce Stephens wrote:
> 
> lauris@ariman.ee writes:
> 
> > As soon, as Linux (BSD etc.) will become mainstream we are
> > probably facing a load of viruses (trojans, worms etc.).
> 
> I don't think so.  They'll get more common, but Unixoid systems are
> always going to be safer than Windows 9x systems, simply because of
> file protections and file ownerships.
> 

This is true, but a trojan horse that is suid root, is the equivalent 
of an *.exe in the win world.

If people download strange programs and run then with win98, they will
do the same with linux on their pc.  They'll just su, install, and then
run the executable as themselves..  The masses won't know what suid root
is.  The results will be the same..

When linux deposes winDoze, all these viruses will be targeted at
linux.  Same users, same results..  Just more steps.  The advantage of
linux is (at the moment), you won't get caught (hopefully ;-) if you
know what you are doing (ie..  ware of strange suid binaries, use pgp to
verify packages etc..).

A lot won't.  I think it's a good idea to make this more foolproof for
the average user.  It's a good chance to one up winDoze.  Besides, the
person we save may be ourselves ;-)

> > These will start to proliferate the same way they do in WinMac world
> > for the simple reason that all installing in unix have to be done as
> > superuser.
> 
> This is unlikely.  When I install a Windows application, I typically
> run a self-extracting executable (or what I presume is one).  That
> allows a trojan or a virus a really convenient way in (since I'm
> voluntarily executing an arbitrary executable).
> 

Good point. However, its still easy (see above) to get burned.

> On the whole, that doesn't happen in the Unix world.  When I get a
> binary, I get a collection of files in a known format (tar, RPM,
> etc.), and the installer (which I already have) just has to put the
> files in the right places.  So the only thing I'm doing as root is
> running a known program---something like rpm.  (rpm can do other
> stuff, too, like run ldconfig.  I'm not sure how careful it is about
> what a package can ask it to do, so there's a potential loophole, I
> suppose.)  I can look inside an rpm/tar/pkg before I install it; I
> can't (necessarily) look inside an executable.
> 

Yes, tar and rpms are better. However, many people use tar/rpm to
install
binary files, that they then run.  An extra step, but still the same
results..

I think one reason we don't see a huge profliferation of "viruses" etc
is that most linux/unix users know what they are doing, and are
careful.  Gnome will enable that to change..

Let's face it people, we are vulnerable.  We can deal with it, or make
like ostriches..

> The next time someone suggests writing an InstallShield-like program
> for your favourite Unixoid system to allow people to package things up
> as executables, hit them.

Tempting..   ;-)

The recent wave of mail viruses got me thinking..  As gnome gains
features,
it should be possible to create similar viruses aimed at gnome. It may
be worthwhile to consider doing the following:

1) Build in virus scans to mailtools to check incoming mails.  Setup
easy ways to upgrade (require pgp etc verification) virus information.

2) Create a "safe" and easy way of testing an unknown binary.  Say
running it in 
a simulated "virtual" system, and have a way to check to see if it does
anything
"suspect,"  but only let it think it is modifying files, sending mail,
accessing the net etc..

3) Make it very easy to sign and verify (say with pgp) messages, to
reduce chance the message came from someone else.    warn user if
attached executable arrives, but message not signed..  If mailer
remembers key password, ensure it only signs messages by explicit
instructions from keyboard.


Ryan

-- 

__________________________________________________________________________
         Ryan Leduc         |    leduc@control.toronto.edu
                            |                                       
   University of Toronto    |   'Any mans death diminishes me,
                            |    because I am involved in Mankind;
   Dept of Electrical and   |    And therefore never send to know
    Computer Engineering    |    for whom the bell tolls;
   Systems  Control Group   |    
                            |    It tolls for thee.'
                            |   
    Toronto, Ont, Canada    |         John Donne
                            |   
                            |    http://www.control.toronto.edu/~leduc 
--------------------------------------------------------------------------
Follow-Ups:
- RE: Viruses
  - From: Roger Vaughn
References:
- Viruses
  - From: lauris
- Re: Viruses
  - From: Bruce Stephens
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]