Did I miss something, or are two word-capitalizations excessive (FLA's & TLA's don't count, right)? You used more than others: three. Need emoticons instead?
I'd like to point out that the iterations of attack vectors has little to do with install tutorials and helping n00bs. Please remember that zealousness costs more lives than it saves... and that the best way to avoid STD's is to be chaste. These people want to use computers, and I'd suggest that their non-enterprise-managed windows PC is likely to have some sort of infection already. If we want to be derisive, I could offer than windows infections will soon become smart enough to block users from installing another OS, or otherwise halting their own uninstallation On Tue, Feb 24, 2009 at 11:17 PM, Dave Compton <[email protected]> wrote: > Yes, Microsoft Windows, by default has zero write access to anything but > NTFS and FAT. So what? Also, by default, Microsoft Windows has zero > viruses. > > On the other hand, Windows by default does have access to other partitions > and it's not hard to find windows code that is capable of writing to ext3 > format file systems. I'm sure a smart virus writer would be able to > incorporate that code into his virus and make the leap across partitions and > operating systems if he wanted to. If it has not been done that's because > there's not much bang for the buck from the virus writer's point of view. > > Allen said "Then whenever you boot Wubi you get the infection." This tells > me that the scenario that Allen imagined involved using wubi to install > ubuntu, then picking up a virus while running windows which then somehow > corrupts the boot file installed by wubi.exe in such a way that it in turn > infects your ubuntu system. Not impossible but I still think it would be > easier to directly write to the ext3 filesystem from windows. The point of > my original post was to make a COMPARISON between the two risks. I still > think that the direct danger to a linux system from a infected windows > windows system makes any additional risk due to having installed via wubi > INSIGNIFICANT. > > Maybe Allen had something else in mind . Several other possibilities > occurred to me but in each case I could come up with a similar line of > reasoning. > > If my reasoning is wrong please let me know but, in fact, I didn't > COMPLETELY miss anything. > > - Dave > > p.s. Maybe in the future we can skip the excessive caps. > > > Mr O wrote: >> >> Except you COMPLETELY missed the fact that Microsoft Windows, by default, >> has ZERO write access to anything but NTFS and FAT. >> Now, infected Wubi.EXE, that's different. Many viruses target EXE files >> but a seperate partition is a no-go. >> >> >> --- On Tue, 2/24/09, Dave Compton <[email protected]> wrote: >> >>> From: Dave Compton <[email protected]> >>> Subject: [Eug-lug] Re: Linux Ubuntu Install Tutorial >>> To: "Eugene Unix and Gnu/Linux User Group" <[email protected]> >>> Date: Tuesday, February 24, 2009, 8:37 PM >>> I think the greater danger is from dual booting windows >>> & linux (with or without wubi). An infected windows >>> machine could write malware directly to the unbooted linux >>> partition. This would be both an easier way of spreading an >>> infection and more effective since *any* windows/linux >>> system would be vulnerable to it - not just those that were >>> installed via wubi. >>> >>> In fact, even the generic dual boot vulnerability seems >>> like a pretty convoluted way to spread malware. Once you >>> have control of a windows machine, the thing to do would be >>> to *use* that windows machine to carry out your evil plot - >>> not try to infect an unused linux partition in the hope that >>> it might someday be booted. The windows -> wubi -> >>> linux risk seems even lower. >>> >>> Once the wubi install process is complete you *do* end up >>> with a linux system that, at a low level, piggybacks off of >>> the windows boot system to work. It bothers me too but just >>> as a matter of principle - not for security reasons. >>> >>> - Dave > > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
