John Rudd wrote: > What Unix-like systems have going for them IS NOT privilege separation, > it is that the *nix culture is much more aggressive/responsive when it > comes to generating patches for vulnerabilities ... getting them out > more frequently than Windows service packs. But that depends upon the > diligence and cynicism of the sysadmin. And that diligence and > cynicism, when carried at a healthy level, includes running AV software > even on Unix-like systems, even for messages to/from Unix-like users. > After all, ANY user, windows or mac or linux or even solaris, can be > dumb/absent-minded/gullible/etc. enough to click on the wrong > attachment, and it only takes doing that _once_. > > But for those Unix-like systems run by naive sysadmins, you find that > they may not take all of the necessary precautions against various > intrusions because they assume "Linux isn't vulnerable" or "Linux isn't > yet high enough on the radar to be a target" or "it's only a target for > people seeking publicity" or (the wost of all) "it's only a theory, no > one has actually done it yet". And that lack of cynicism will be > exactly what makes their systems vulnerable. Just as it was for the > sendmail exploits that were used by the Morris worm.
I've had to repair or replace a number of "Contact Us" and feedback type php scripts that were incredibly easy to exploit and in fact actually were exploited. More than once one of my own systems was spewing spam from badly crafted web pages. Many of these would never be found except for Google - they are a spammer's best friend right up there with sloppy coders. I use scripts now to monitor user space for new php code. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
