> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of -ray > Sent: Thursday, July 04, 2002 2:14 PM > To: [email protected] > Subject: Re: [brlug-general] security through obscurity > > > > There is a long standing notion that Unix is immune to virii, > which i think we all know is BS. I think it's a combination > of unix users being just a little too smart to fall for the > traditional virus infection tricks, and the virus writers > being just a little too dumb to write a good unix virus.
Have you tried to get virus updates for your 4.3.3 or 5L or other boxes of late? The last virus update was in Feb. of 97 (or 98). Fact of the matter is, that nobody tries on a regular basis. Typically, virus writers are on a crusade of their own design, and target "the great Satan" Microsoft. I read an interesting /. Article not too long ago where a guy challenged folk to write a UNIX worm/virus/etc. No one was actually able to do so, and those who actually got them through to him via email would've required him to perform an action as a priv. user (your comment on $HOME notwithstanding) to cause any kind of real damage. You and I both know that a stack of rmlv commands (or even mklv for that matter) would have you and I running for the hills (or at least our firearms) should they ever make it through to our production boxes. Which brings me to my point. Any admin running his personal email on a production box (database, ERP, web, etc.) should be taken out to the woods, have honey rubbed on his arse and have someone blow a bear whistle. A database server is just that...whether DB2, Oracle, or even MySQL. Unless the installed application requires email to function (mailx for monitoring emails excepted), your "Enlarge your middle finger Now" emails should never be hitting that box...one could argue it should never see the light of real IP either, but that's a discussion for another day. >snip< > Windows users don't care > about reinstalling the OS after a virus infection, they want > to know if their irreplaceable data is still there. I can zip through > your pine, mozilla, and kmail address books and propagate just as easily > (probably easier) as going through the Outlook address book. > I would beg to differ just a smidge. I freaking care a lot! I'm an AIX admin, have a Linux desktop at the office, and would totally freak if my install needed a full reload. Granted, through many years of dealing with the M$ paradigm, I have modularized a lot of what I have & do. I don't open attachments I'm not abolutely sure where they come from, and I read email in my Pine, Evolution and others with reckless abandon. Since my user paradigm doesn't allow my user to have system priv., then only my personal address book is in danger. I put my personal stuff in an accessible (though not changeable) location for just the reasons you mention. MP3's in /usr/local/MP3. Documents in /usr/local/docs. Etc. etc. Good system policy can thwart all your efforts to ravage my $HOME. After all, if all the items you are targeting aren't in my $HOME, then your point is moot. > $HOME is arguably the most important directory on your linux desktop > system. It is to me, anyway. > > When we get a lot more mom and pop Unix desktop users out > there, and virus writers start seriously targeting them, i > think we could have a major unix virus problem on our hands. Again, I don't think "mom and pop" are the target. I think the evil empire is. We shall see. --jms Sr. UNIX Sysadmin Our Lady of the Lake Regional Medical Center ;-)
