On Wed, 10 May 2000, Hartnett wrote:
> Being newer to the Linux world the recent attention about the "ILOVEYOU"
> virus has made me wonder about Linux. To my knowledge there is not much
> going on with Linux and virus threats at this time.
A virus works by modifying program executables, such that the virus gets run
when the program does. They also typically stay memory resident in a hidden
fashion.
Most Unix systems (including Linux) are largely immune to the types of
attack your typical PC virus attacks. On a Unix system, if a user were to run
an infected program, the virus would be unable to modify any of the programs
installed (see below for an exception), as regular users don't have permission
to modify program files. Any virus attempting to run memory resident would
show up in the process list, and be easily suspect.
This is not to say that a Unix-based virus would be impossible. If you
installed an "infected" program as root, and ran it as root, it could infect
other programs. Or, if you installed an infected program as root that
included a suid-root executable, when run by regular users it would take on
root privileges.
Also, while virus-like activity is curtailed by Unix system security,
anything you do as a user can affect you. In particular, a virus could still
deploy its payload and (for example) wipe out all the files in your own home
directory. The system itself, and other users, will be unaffected, but you
lose. If you have a program files owned by your user account (and not root),
those could be infected.
Attacks against Unix systems are more typically trojans -- programs claiming
to be one thing but actually doing something else -- and/or exploits of
security holes in standard system software. Such attacks have a better chance
of doing what the attacker wants then a traditional PC virus.
Some guidelines to protect your Unix system against these attacks:
- Make sure your system is secure against outside attack (e.g., don't
run unneeded services, don't telnet in as root, etc.)
- Make sure any security fixes for the software you have are installed
- Only use software from trusted sources
- Install software as root, but run it as a user
> However, do we need to have some sort of virus package for our systems, if
> so any recommendations on how it should operate, and perhaps even a
> package worth looking at?
There are virus scanners for Unix available, but they only scan for PC (DOS,
Windows, Mac) viruses. There aren't any Linux viruses for them to catch.
These scanners are designed to be run on a Unix system acting as a server to
PC workstations, and protect the network file systems in use against infection
from those PCs.
> Why do I use OS/2 ... I like having a choice !!
Wow, an OS/2 user. That brings back memories. ;-)
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
