Assalamu'alaikum
Pertengahan tahun lalu kita dihebohkan dengan munculnya worm (virus ?) Code Red
dan Nimda yang banyak menghancurkan beberapa Web Server berbasis NT. Tidak
sedikit korban akibat serangan 'virus super' ini. Selanjutnya banyak pihak yang
khawatir sistem komputer mereka terinfeksi kedua virus ini.
Kehawatiran serupa juga sempat terlintas dalam benak para Administrator Linux,
khususnya mereka yang memiliki beberapa workstation berbasis Windows, meski pun
Linux dikenal sebagai OS yang memiliki tingkat keamanan cukup tinggi.
Sebagian dari mereka khawatir akan infiltrasi dan serangan virus ke dalam server
Linux mereka melalui beberapa workstationnya. Kekhawatiran ini semakin menjadi,
mengingat sifat Linux yang open source, sehingga sangat mudah disusupi virus.
Selanjutnya kekhawatiran tsb berkembang menjadi beberapa mitos yang belakangan
cukup santer, misalnya :
- Tidak lama lagi Linux akan menjadi OS yang tidak aman, karena ia akan menjadi
target serangan virus selanjutnya sebagaimana halnya Windows.
- Mengingat sifat open sourcenya, akan mudah bagi para hacker untuk menyusupkan
program virus ke dalam sistem Linux.
- Virus akan dengan mudahnya melakukan self executing di dalam sistem Linux,
sebagaimana yang dikenal pada sistem Windows.
- Virus akan dengan mudah menyebar melalui e-mail ke dalam sistem Linux,
sebagaimana yang sering terjadi pada komputer berbasis Windows.
Berikut ini ada artikel menarik yang memfokuskan pembahasan : "Mungkinkah Virus
melakukan infiltrasi ke system Linux?"
Semoga artikel ini dapat menjadi menjawab keragu-raguan seputar serangan Virus
pada sistem Linux, khususnya bagi para administrator Linux dan para pengguna
Linux pada umumnya.
Wallahua'lam
Wassalamu'alaikum wr. wb.
Agung Primamorista
==================
Linux a Virus Target?
taken from : www.roaringpenguin.com/mimedefang/anti-virus.html
In an article on vnunet.com (http://www.vnunet.com/News/1127347), two executives
of anti-virus firms opined that Linux would be the next virus target. Here are
excerpts from the article:
"Of course we will see more and more attacks on Windows, but Linux will be a
target because its use is becoming more widespread," said Raimond Genes,
European president for antivirus at Trend Micro. "It is a stable OS, but it's
not a secure OS."
Jack Clarke, European product manager at McAfee, said: "In fact it's probably
easier to write a virus for Linux because it's open source and the code is
available. So we will be seeing more Linux viruses as the OS becomes more
common and popular."
I will be charitable and call these statements "myths" or "misperceptions"
rather than other nastier but perhaps more accurate terms. Let's examine and
debunk the myths.
Myth: Widespread use equals widespread abuse
This myth goes as follows: Product X (Windows, Outlook, whatever) has more
security problems because it is far more widely used than Product Y (Linux,
Mutt, whatever).
In fact, the Apache Web server is far more widely used than Microsoft's IIS
(Source: Netcraft), but has suffered far fewer security problems (Source:
defacement archives).
Update: I have had several comments saying that this survey reveals that Windows
computers account for about 50% of Web servers, but that Apache runs more web
sites. Some people claim that under this metric, therefore, IIS is more widely
used than Apache. Even if I accept these figures, the fact is that the
defacement archives show Windows defacements outnumbering non-Windows
defacements 62 to 38. From this, I still conclude that the number of
vulnerabilities in a piece of software does not necessarily correlate with its
popularity.
Myth: Linux is not a secure OS
In fact, no commodity OS is "secure". Security is a process, not a product, as
dozens of security experts keep reminding us. Linux does, however, have
important security enhancements compared to consumer-level Windows operating
systems: File permissions and separate user accounts can greatly mitigate the
damage caused by malicious software. If all of the security features built-into
Linux are properly configured and enabled, Linux is a highly secure system.
For those who need even more security, the U.S. National Security Agency
provides a Security Enhanced Linux distribution which contains advanced security
features beyond anything found in Microsoft operating systems.
Myth: It is easier to write viruses if you have the OS source code
I would suggest just the opposite: If source code is widely-available, many
organizations with an interest in security (such as the NSA, for example) can
audit the code, correct security problems, and feed these corrections back to
the main code tree.
Why is it that tens of thousands of viruses exist for closed-source systems like
Windows (with several of them actively propagating around the Internet as you
read this), while only a handful of pathetic "proof-of-concept" viruses have
been written for Linux, and none has propagated to any extent?
Why is it that open-source Apache has a far better security record than
closed-source IIS?
Why Linux viruses are unlikely?
In order for an e-mail virus to propagate, it must be able to:
1. Enter the target machine
2. Execute on the target machine
3. Propagate itself
Linux makes steps 2 and 3 very difficult.
Social Engineering to Enable Execution
Under Windows, a file is marked as "executable" based on its filename extension
(.exe, .com, .scr, etc.) Encoding metadata (like file type) into the file name
is a very bad idea and has horrendous security consequences. Encoding metadata
in this way allows for the simple-minded social-engineering attacks we see on
windows: "Click here for a cool screensaver!!!"
Such an attack under Linux would go like this: "Save this file; open up a shell;
enable execute permissions on the file by typing 'chmod a+x filename', and then
run it by typing './filename'."
Obviously, the Linux permissions system makes such a social-engineering attack
very difficult.
Software Flaws to Enable Execution
Another means by which viruses can execute are by exploiting bugs in e-mail
client software. Both Outlook and the various Linux mail clients have had their
share of bugs, and this is indeed a risk, even on Linux. However, because of the
overwhelming uniformity of Windows desktops, a virus which exploits a software
bug in Outlook is far more likely to propagate than one which exploits a
software bug on a Linux e-mail client. This is simply because of the huge array
of Linux e-mail clients in use. At any given time, only a small portion of all
Linux users are vulnerable to e-mail client bugs.
Virus Propagation
To propagate itself, an e-mail virus must re-mail itself to others. On
Windows/Outlook, this is simple, because there is a uniform, well-known
interface for obtaining address lists and sending e-mail. On Linux, this is
harder. There is no uniform way for a virus to read your address book, so a
Linux virus would have to work harder to propagate itself.
Linux in the Future
There is a trend under Linux to build complex, rich desktop environments which
allow rich interaction between programs. These environments could, if not
designed correctly, increase the chances for viruses to execute and propagate.
So far, however, the designers of these environments seem to be following
sensible design and security procedures. No-one, for example, has built a Linux
e-mail client which automatically executes an attachment with just one mouse
click.
Challenge to Anti-Virus Companies
I firmly believe that it is in the anti-virus companies' interest for people to
continue using insecure software. After all, obtaining millions of dollars of
anti-virus revenue depends on keeping people in a constant state of anxiety and
unease.
Secure desktop software could eliminate the entire anti-virus industry. Even
simple (and free) products like MIMEDefang can eliminate large classes of e-mail
viruses without the need to constantly update signature files. I therefore issue
the following challenges to anti-virus companies:
1. If you have the courage and decency to do so, release products which block
executable e-mail attachments, similar to the example filter supplied with
MIMEDefang. Several MIMEDefang installations blocked the "goner" virus even
though it came out after the MIMEDefang software was installed. Do not force
your customers to scramble for signature updates each time a new virus appears.
Of course, this will hurt your revenue stream, but you should be more interested
in the security of your clients, rather than the size of their wallets... right?
2. I challenge any anti-virus company to infect my desktop Linux machine with
an e-mail borne virus. I hereby offer a prize of $2000 Canadian to the first
person to successfully infect my machine with an e-mail borne virus. Sucessful
infection means:
1. The virus must enter my machine via e-mail.
2. It must create a file called "/etc/VIRUS-WAS-HERE" on my machine.
3. It must e-mail a message from my desktop machine
(shishi.roaringpenguin.com) with the subject "I GET THE PRIZE" to the e-mail
address "[EMAIL PROTECTED]", with a copy to "[EMAIL PROTECTED]"
Until someone manages to win the prize, I expect Raimond Genes and Jack Clarke
to retract their statements.
--
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
