On Fri, Jan 04, 2002 at 09:41:27PM +0700, [EMAIL PROTECTED] wrote: Namanya buatan manusia itu nggak ada yg perfect om....ya kita fight aja.
>Assalamu'alaikum > > >Pertengahan tahun lalu kita dihebohkan dengan munculnya worm (virus ?) Code Red >dan Nimda yang banyak menghancurkan beberapa Web Server berbasis NT. Tidak >sedikit korban akibat serangan 'virus super' ini. Selanjutnya banyak pihak yang >khawatir sistem komputer mereka terinfeksi kedua virus ini. > >Kehawatiran serupa juga sempat terlintas dalam benak para Administrator Linux, >khususnya mereka yang memiliki beberapa workstation berbasis Windows, meski pun >Linux dikenal sebagai OS yang memiliki tingkat keamanan cukup tinggi. > >Sebagian dari mereka khawatir akan infiltrasi dan serangan virus ke dalam server >Linux mereka melalui beberapa workstationnya. Kekhawatiran ini semakin menjadi, >mengingat sifat Linux yang open source, sehingga sangat mudah disusupi virus. > >Selanjutnya kekhawatiran tsb berkembang menjadi beberapa mitos yang belakangan >cukup santer, misalnya : > >- Tidak lama lagi Linux akan menjadi OS yang tidak aman, karena ia akan menjadi >target serangan virus selanjutnya sebagaimana halnya Windows. >- Mengingat sifat open sourcenya, akan mudah bagi para hacker untuk menyusupkan >program virus ke dalam sistem Linux. >- Virus akan dengan mudahnya melakukan self executing di dalam sistem Linux, >sebagaimana yang dikenal pada sistem Windows. >- Virus akan dengan mudah menyebar melalui e-mail ke dalam sistem Linux, >sebagaimana yang sering terjadi pada komputer berbasis Windows. > >Berikut ini ada artikel menarik yang memfokuskan pembahasan : "Mungkinkah Virus >melakukan infiltrasi ke system Linux?" > >Semoga artikel ini dapat menjadi menjawab keragu-raguan seputar serangan Virus >pada sistem Linux, khususnya bagi para administrator Linux dan para pengguna >Linux pada umumnya. > >Wallahua'lam > > >Wassalamu'alaikum wr. wb. > > > >Agung Primamorista > >================== > > >Linux a Virus Target? > >taken from : www.roaringpenguin.com/mimedefang/anti-virus.html > >In an article on vnunet.com (http://www.vnunet.com/News/1127347), two executives >of anti-virus firms opined that Linux would be the next virus target. Here are >excerpts from the article: > > "Of course we will see more and more attacks on Windows, but Linux will be a > target because its use is becoming more widespread," said Raimond Genes, > European president for antivirus at Trend Micro. "It is a stable OS, but it's > not a secure OS." > > > Jack Clarke, European product manager at McAfee, said: "In fact it's probably > easier to write a virus for Linux because it's open source and the code is > available. So we will be seeing more Linux viruses as the OS becomes more > common and popular." > >I will be charitable and call these statements "myths" or "misperceptions" >rather than other nastier but perhaps more accurate terms. Let's examine and >debunk the myths. > > > > >Myth: Widespread use equals widespread abuse > >This myth goes as follows: Product X (Windows, Outlook, whatever) has more >security problems because it is far more widely used than Product Y (Linux, >Mutt, whatever). >In fact, the Apache Web server is far more widely used than Microsoft's IIS >(Source: Netcraft), but has suffered far fewer security problems (Source: >defacement archives). > >Update: I have had several comments saying that this survey reveals that Windows >computers account for about 50% of Web servers, but that Apache runs more web >sites. Some people claim that under this metric, therefore, IIS is more widely >used than Apache. Even if I accept these figures, the fact is that the >defacement archives show Windows defacements outnumbering non-Windows >defacements 62 to 38. From this, I still conclude that the number of >vulnerabilities in a piece of software does not necessarily correlate with its >popularity. > > >Myth: Linux is not a secure OS > >In fact, no commodity OS is "secure". Security is a process, not a product, as >dozens of security experts keep reminding us. Linux does, however, have >important security enhancements compared to consumer-level Windows operating >systems: File permissions and separate user accounts can greatly mitigate the >damage caused by malicious software. If all of the security features built-into >Linux are properly configured and enabled, Linux is a highly secure system. > >For those who need even more security, the U.S. National Security Agency >provides a Security Enhanced Linux distribution which contains advanced security >features beyond anything found in Microsoft operating systems. > > > > >Myth: It is easier to write viruses if you have the OS source code > >I would suggest just the opposite: If source code is widely-available, many >organizations with an interest in security (such as the NSA, for example) can >audit the code, correct security problems, and feed these corrections back to >the main code tree. >Why is it that tens of thousands of viruses exist for closed-source systems like >Windows (with several of them actively propagating around the Internet as you >read this), while only a handful of pathetic "proof-of-concept" viruses have >been written for Linux, and none has propagated to any extent? > >Why is it that open-source Apache has a far better security record than >closed-source IIS? > > > > >Why Linux viruses are unlikely? > >In order for an e-mail virus to propagate, it must be able to: >1. Enter the target machine >2. Execute on the target machine >3. Propagate itself > >Linux makes steps 2 and 3 very difficult. > > > > >Social Engineering to Enable Execution > >Under Windows, a file is marked as "executable" based on its filename extension >(.exe, .com, .scr, etc.) Encoding metadata (like file type) into the file name >is a very bad idea and has horrendous security consequences. Encoding metadata >in this way allows for the simple-minded social-engineering attacks we see on >windows: "Click here for a cool screensaver!!!" > >Such an attack under Linux would go like this: "Save this file; open up a shell; >enable execute permissions on the file by typing 'chmod a+x filename', and then >run it by typing './filename'." > >Obviously, the Linux permissions system makes such a social-engineering attack >very difficult. > > > > >Software Flaws to Enable Execution > >Another means by which viruses can execute are by exploiting bugs in e-mail >client software. Both Outlook and the various Linux mail clients have had their >share of bugs, and this is indeed a risk, even on Linux. However, because of the >overwhelming uniformity of Windows desktops, a virus which exploits a software >bug in Outlook is far more likely to propagate than one which exploits a >software bug on a Linux e-mail client. This is simply because of the huge array >of Linux e-mail clients in use. At any given time, only a small portion of all >Linux users are vulnerable to e-mail client bugs. > > > > >Virus Propagation > >To propagate itself, an e-mail virus must re-mail itself to others. On >Windows/Outlook, this is simple, because there is a uniform, well-known >interface for obtaining address lists and sending e-mail. On Linux, this is >harder. There is no uniform way for a virus to read your address book, so a >Linux virus would have to work harder to propagate itself. > > > > >Linux in the Future > >There is a trend under Linux to build complex, rich desktop environments which >allow rich interaction between programs. These environments could, if not >designed correctly, increase the chances for viruses to execute and propagate. >So far, however, the designers of these environments seem to be following >sensible design and security procedures. No-one, for example, has built a Linux >e-mail client which automatically executes an attachment with just one mouse >click. > > > > >Challenge to Anti-Virus Companies > >I firmly believe that it is in the anti-virus companies' interest for people to >continue using insecure software. After all, obtaining millions of dollars of >anti-virus revenue depends on keeping people in a constant state of anxiety and >unease. > >Secure desktop software could eliminate the entire anti-virus industry. Even >simple (and free) products like MIMEDefang can eliminate large classes of e-mail >viruses without the need to constantly update signature files. I therefore issue >the following challenges to anti-virus companies: > >1. If you have the courage and decency to do so, release products which block >executable e-mail attachments, similar to the example filter supplied with >MIMEDefang. Several MIMEDefang installations blocked the "goner" virus even >though it came out after the MIMEDefang software was installed. Do not force >your customers to scramble for signature updates each time a new virus appears. >Of course, this will hurt your revenue stream, but you should be more interested >in the security of your clients, rather than the size of their wallets... right? > >2. I challenge any anti-virus company to infect my desktop Linux machine with >an e-mail borne virus. I hereby offer a prize of $2000 Canadian to the first >person to successfully infect my machine with an e-mail borne virus. Sucessful >infection means: >1. The virus must enter my machine via e-mail. >2. It must create a file called "/etc/VIRUS-WAS-HERE" on my machine. >3. It must e-mail a message from my desktop machine >(shishi.roaringpenguin.com) with the subject "I GET THE PRIZE" to the e-mail >address "[EMAIL PROTECTED]", with a copy to "[EMAIL PROTECTED]" >Until someone manages to win the prize, I expect Raimond Genes and Jack Clarke >to retract their statements. -- budsz -- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3
