Re: head off email viruses: distinguishing documents from executables?



El mar, 04-11-2003 a las 03:26, Steven G. Johnson escribió:
> As usual, I have been getting lots of MS email viruses on my GNU/Linux
> email account.  Occasionally, however, instead of trashing them, I marvel
> at the evil social engineering that goes into them, and I think about how
> a similar attack might be aimed at other systems, e.g. Linux.
> 
> One of the tricks seems to be to attach a .zip file of something that
> purports to be a document, but is actually an executable (readme.doc.scr),
> combined with an email ("Read this for our meeting tomorrow") that tricks
> the user into opening it.  One could conceivably do a similar trick with
> Linux (attaching a .tar.gz).


The main difference between Linux and Windows is that you must give the
execution flag to that file so it will never be executed until you allow
it.

Nautilus just open the file with an application but NEVER executes a
file if it cannot be executed.


> 
> The basic problem is this: simply *reading* a file, no matter whom it is
> from, *should* always be safe...at least there is no technical reason it
> can't be, and this is what people expect from the real-world metaphor.
> But, of course, with MS, you open a document and launch an executable in
> the same way (double-click).  Similarly on a Mac.  And similarly (last I
> checked, admittedly a long time ago) with GNOME.  The only exception is
> the command line.  How does Nautilus handle this?

If you give a file the execution flag, it's because you want execute
that file. The problem is yours if that file is a virus...

> 
> As a basic safety feature, when you double-click on an executable file,
> before you execute it you might pop up a dialog saying "This is an
> executable program, not a document, and it may run arbitrary commands; are
> you sure you want to launch it?" (with a check box to disable the warning
> for *that file* in the future).  By default, you may even want to disable
> click-to-run executables entirely, except for specially-created desktop
> shortcuts, since most people only need to launch executables from the
> menu, by drag-and-drop, or by double-clicking an associated document.

That dialog will be really bad, will break nautilus as a functional
graphic shell and you should do the same with bash because nautilus
executes ONLY the same things you can execute with bash, the difference
is that it can detect and specific application to open a document (not
execute it).

> 
> Sorry to bother you if you've already thought about this, but I figured it
> wouldn't hurt to be pro-active.

IMHO this "feature" is not needed.

> 
> Cordially,
> Steven G. Johnson
> 
> PS. There are of course, other attacks if you can trick a user into
> opening a file, such as evil .tar.gz files that create dotfiles (or write
> in dot-directories), etcetera, when they are uncompressed from a known
> location (e.g. $HOME).

But that's a user problem, if he/she does not trust the tar.gz source,
that .tar.gz should not be installed or he/she should review it before
the uncompress (You can see this kind of things with file-roller....)

> 
> PPS. Sorry if this is misdirected; I couldn't find any kind of GNOME
> security list (which might be a nice idea if it doesn't exist).


Cheers.
-- 
Carlos Perelló Marín
Debian GNU/Linux Sid (PowerPC)
Linux Registered User #121232
mailto:carlos pemas net || mailto:carlos gnome org
http://carlos.pemas.net
Valencia - Spain

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]