On Thu, 6 Feb 2003, John Summerfield wrote:
> On Wed, 5 Feb 2003, Bill Stermer wrote:
>
> > Hi to all listers,
> >
> > We are still trying to get our management to buy off on Linux/390 and commit to a
>zSeries upgrade along the way. During the round table talks we were asked about virus
>protection and cross platform (Linux to VM) damage possibilities. I have heard about
>Linux infections before but had not heard about any mainframe specific virus that
>could cross platforms. What about you folks on the list? Any virus mutations that you
>are aware of which could be problematic to a newbie?
>
>
> Some time go, Kaspersky released a desktop AV package for Linux. It was
> offered as a free download by (I think) zdnet. The announcement was
> greeted with guffaws and exclamations of "Who needs such a thin?"
>
> Well, ever eager to learn, I asked Kaspersky. The first reply was
> toovague, so I asked again, pressing the point I wanted to know
> specifically what viruses were around.
>
> The list came back with such dreaded names as lion, Ramon and three
> others so notable I don't recall them.
>
> Those I recognised are actually worms, and greybeards at that. None
> could infect any reasonably up2date system.
>
> In my view, the risk of an actual virus getting about infecting Linux
> machines is fairly slight. Consider;
> Most Windows viruses spread by using Lookout Express and other office
> procut APIs. A great way of reducing your risk of infection on Windows
> is to use some other email client and office suite.
Or to patch them with the latest security pathces!
>
> MS Office products are not available for Linux.
>
> Now, it might be that if everone on Windows used, say, Eudora and
> SmartSuite then those products would be found to have similar problems.
>
> On Linux, there is no predominant email client as there is on Windows.
> Some use Ximian Evolution, others use Kmail or Mozilla or Balsa. At the
> moment I'm typing away in Pine, many prefer Mutt.
Is your pine updated? (A reminder: a rather trivial hole in pine <=4.44
was only exposed when pine 4.50 was about to be released, and it turned
out tha the problem was fixed there. THe author of pine knew of this
problem much earlier. It is only by pure luck that some black-hats didn't)
Many of the windows worms ("virusus") spread through the use of
long-patched security holes.
Another problem is that when you "open" an attachment, you can't know in
advance if it will be a harmless image, or an executable (that may be a
worm, even if you are not a privilged user)
The more I look at evolution and kmail, the more they look like outlook's
interface with this exact design flaw.
>
> I tried running executale content from Kmail (which I use a lot), and
> failed. If you manage to do it with any Linux email client, file a bug
> report and use something else.
>
Interesting: what about koffice documents? do they have any built-in
macros?
I know that many in the gnumeric development community want to make it
able to run visual basic macros.
Are there any such macrosthat are executed on document open?
> Linux does not run Windows programs, especially if you don't install
> Wine or Crossover. Therefore, it's not troubled by Windows Wogs.
>
> Even if you did get a Linux virus, the damage it would do is limited to
> the account of the user that received it. Others would be unaffected.
This is true, and very important.
But keep in mind that it only takes a user to spread a worm.
>
> Now, trojan horses are another matter. If I can persuade you to run
> "this nifty little program" then it can do damage to you (even if it
> does what I said it does), and if I can persuade you to run it as root,
> then it can do considerable damage.
>
> I don't think AV software will help much with that.
Fully agree. Although AV products try to do so on windows ...
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
