Re: Viruses [was Re: Your text]

From: "Liam R. E. Quin" <liam holoweb net>
To: gtk-app-devel-list gnome org
Subject: Re: Viruses [was Re: Your text]
Date: Wed, 10 Mar 2004 14:23:50 -0500

On Wed, 2004-03-10 at 13:37, Tristan Van Berkom wrote:

Anyone heard of any email viruses that purpotrate linux systems ?

Yes, there are a few.

They're rare because
(1) most people run Windows, so better payoff there
(2) there's more diversity in Linux setups, so it can be harder to
    write them
(3) most Linux mailers don't execute programs sent as attachments, and 
    most Linux word processors don't automatically run macros, so it can
    be slightly harder to spread them.

x86 Linux programs are no less liable to buffer overflow exploits than
their Windows counterparts, although it's possible to compile a Linux
system with a hardened stack and with overflow detection using cookies
before the frame pointer, which makes such attacks massively harder.

SPARC Linux (or Solaris) systems are much more robust simply because you
typically have to write a zero as part of the overflowed string
(big-endian return address) and C strcpy() stops on a NUL byte.

Shell-script viruses typically overwrite the user's .login or .profile
files, or append to them -- if we start getting a lot of these, I
expect most people will start making .profile, .bashrc etc. read-only.

The good news is that very few Windows viruses will work on Linux today!

Liam

-- 
Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
Ankh: irc.sorcery.net www.valinor.sorcery.net irc.gnome.org www.advogato.org

References:
- RE: Your text
  - From: Amit BHATNAGAR
- Viruses [was Re: Your text]
  - From: Tristan Van Berkom

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]