On 15 Jun, 2010, at 2:25 PM, Okalany Daniel wrote:
Yes, the problem is its commonly accepted that Linux/Unix are immune to malware. That’s why very few people have antiviruses on their servers (those who do are probably running a file server/mail server and the antivirus scans through only emails/stored M$ files).
Any OS that allows anyone to install software (user or distro maker alike) is susceptible to this kind of attack. I do not have a copy of the exploited code handy but there's a good chance that scanning the source and/or compiled binary wouldn't give you a hit on a virus scanner.
MD5 checksums would be almost useless in this case (if I can replace the binary I can presumably replace the .md5 sited right next to it) which is why people started signing md5 files (in some package/build systems) with the PGP keys of the security/package officers.
It is however, not possible for this bit of software to install itself on my servers without my knowledge which is the current number one attack vector.
Is opensource bulletproof? Nope, I just finished patching my freebsd systems against <http://portaudit.FreeBSD.org/313da7dc-763b-11df-bcce-0018f3e2eb82.html >. This process is not new. That doesn't make me feel less secure about my choice of UNIX as an OS. Something randomly wiping my disk because I plugged in a USB key into my machine would make me uneasy.
-- patrick_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ All Archives can be found at http://www.mail-archive.com/[email protected]/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
