On Wednesday, February 05, 2003, Bill Stermer wrote: > Hi to all listers, > > We are still trying to get our management to buy off on Linux/390 and commit > to a zSeries upgrade along the way. During the round table talks we were > asked about virus protection and cross platform (Linux to VM) damage > possibilities. I have heard about Linux infections before but had not heard > about any mainframe specific virus that could cross platforms. What about > you folks on the list? Any virus mutations that you are aware of which could > be problematic to a newbie?
There are very few linux worms. And this is not because it is difficult to write one (anybody for a shell virus?) but because: * linux (like most server-originated systems) systems were designed in advance to be multi-user systems (where a user cannot harm the system). Anything that allows a user to gain more priviliges is considered a hole that should be fixed immeditely (even if it is "theoretical"). * The syste is quite modular. Applying changes is generally quite easy. Systems tend to be kept up-to-date with security patches. (you're not afraid that they're going to break too much). As for a cross-platform "virus": it is theoretically possible, but not very likely. THe problem is a "worm", that is able to automatically infect other systems. Normally it wouldn't be able to "infect" a system, unless that system is very badly broken. Many of those holes require some platform-spesific code. It is possible to adapt the worm for multiple kinds of hosts and this has been done in the past. But most arent. At least not when you have so many poorly-maintained intel boxes that largely outnumber the other archtectures. (which are typically servers that are better maintained). (That doesn't mean you shoudn't secure your system, of course!) Anyway, there is no reason to run a virus scanner on linux, other than to scan data (files/mails/etc.) used by windows/mac clients (even if some vendors, like Symantec, would like you to believe otherwise). -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir
