On Friday 06 Jun 2003 7:40 am, rikona wrote: > Hello JoeHill, > > Thursday, June 5, 2003, 9:41:02 PM, you wrote: > >> Wouldn't it be relatively easy to write a script virus as an > >> attachment and do the kinds of things that happen in Win? > > J> no for two reasons. one you'd have to execute it yourself, so it's not a > J> true virus or trojan unless it can execute itself, > > I agree with the strict definition, but most script/executable viruses > now try to trick the user into running it. One of the favorites is to > use a long name with lots of spaces: > > nude-picture.jpg .exe > > Most programs will NOT display the .exe part. With the text > description that comes with it in the email, it will sound like > something you just HAVE to look at :-), so..... You're dead. > > I think linux can't have spaces in the name, right, so this particular > trick won't work? >
Yes Linux can have spaces, but when you are typing a file name containing spaces in the command line you must wrap the entire file name in quotes "" > But, does linux have a file extension (like an exe in Win) that just > runs when you try to open it? In sylpheed, an attached image shows > when you select the attachment, so I presume it 'opens'/runs it. If > this were an executable, would it run? sylpheed also has an ominous > 'execute' button on the toolbar. :-) Does this have to be clicked to > make something run? File extensions have no strict meaning in Linux. People just use them for convenience. So a file does not have to end in .exe to be executable, or to end in .jpg to be a JPEG. Linux can often guess the file type by looking at the file structure, and may also take into account an extension if present. To be executable a file must have its 'execute' attribute bit set. ALL the currently available email clients will by default leave this bit unset, but its possible some future client could be stupid enough to automatically set it "for your convenience". But even then the file could only run with your user permissions and not take over the entire machine. > > J> and two, you would have to su to root for the script to get control > J> of your machine. > > True, it would not be like Win98, where everything gets trashed. But > could it not trash everything for that user? If so, that is still a > big risk for a basically single user machine. > Yes. But you take backups don't you? derek -- ---------------------------------- www.jennings.homelinux.net
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
