> which? i'm unaware of any linux viruses that are or have recently "made the > rounds" ... i know of several worms, but those are quite different and > require different measures to protect one's systems against... of course, > perhaps i've just been lucky and never seen or heard of any of these linux > viruses in the wild... > > > That WILL eventually get more common. > > what would lead to this occuring? personally, i can see a few reasons this > could occur:
Lindows selling on WallMart PCs would be one. Like it or not, that is Linux, and it's target is inexperienced users. Even with Red Hat, or something else, most inexperienced users will sign in as root, because they don't know about su (or sudo), and don't care about the side effects. This is a lazyness issue far more than an education one. As Linux gains popularity, and ease of use, users will use root increasingly as they now use administrator on Windows boxes. Remember, Windows can and should have this same defense. Users ignore it though, and they will on Linux also. > o we start developing software that allows easy and automatic execution of > untrusted code > o we start running everything (or at least more than should be) as root all > the time > > these are, though, opposites of the current general trends .. As previously stated, Administrator is probably the most common user (or users given admin equiv) in Windows. I don't foresee this changing when Linux becomes more popular with less technical users. > but simply having more users won't make the UNIX permissions system less > powerful or our email apps to run scripts they receive in their inboxes. nor > will that change the fact that there is diversity amongst linux systems and > that security issues are addressed quickly... Having patches/fixes available, and having fixes in place are two VERY different things. > > I_Love_You. Nimda has been the most interesting in a long time, simply > > because it attacked on so many fronts. > > i think perhaps we're talking about different issues. i'm talking about > viruses, and you're speaking about worms (and viruses). but they are > completely different animals. Sure, but both are adressed by Anti-virus software, so I'll lump them together. > in the case of worms, yes, linux is just as vulnerable as most any other OS > since they primarily capitalize on the ability to elevate > privelege/capabilities through taking advantage of security flaws in > priveleged apps. the solutions there are keeping fewer priveleged apps around > and improving the quality of our programs... > > antivirus type software isn't effective in stopping worms, though... Why not? I'm far more likely to update an Antivirus DAT file in an automated procedure than I am to update an entire system. I don't care if it's Debian, Red Hat, Suse or Gentoo. I wouldn't run an automated update for any of them in an evening procedure. Maybe, MAYBE on a desktop, but even then, I'd run it on one desktop, not across a corporation. Chances of me getting a worm/virus/trojan/etc before a signature file is released is far less likely than the chances of me botching something up with a new deb/rpm/etc. Any time the OS loads a file, it should be scanned for known sigs. If it matches, the file is shut down. Virus, worm, rootkit, whatever, it should, and does work against them all. > > It's about time that someone > > invented a virus that sat dormant until you accessed a banking site, or a > > stock trading site, and THEN did it's dirty work. Maybe it just increases > > such animals most assuredly exist. code red (worm, not virus) was an > interesting phantom of the possibilities, and it is not the first. but those > who are both intelligent enough to create such things and have the > motivations to do such things probably really don't care much about you and > me. they are either white hats, or they care about the credit card companies > and the secrets of large companies and governments; their attacks are > focussed on those that bring in real monetary or political rewards and are > all too often successful. i don't think your stock trading or my ICQ logs are > interesting enough for those sorts of "talents" =/ Me? Boring? Kids do that to ya. OK, fine, I was always pretty boring. But then ICQ/MAIL history being sent to everyone's spouse/family would make for far more interesting news than something like an avril lavergne virus that does nothing except fill an inbox. Look what happened when Clinton's infidelity became public. Imagine that happening now...
