On Sunday 25 Apr 2004 12:38 pm, Stephen Kuhn wrote: > JoePill, I know you'll dig this one...ahem... > > http://www.securityfocus.com/columnists/235
Very biased and FUD but he does make a few good points. Most of which have already been covered by our favourite distro. For Joe Public automated updates would be good. I could write a worm and a backdoor into Linux without too much thought. It wouldn't run as root, but you don't need to run as root to run an SMTP client. It wouldn't auto-run, but the latest and most successful MS worms don't either. So the spammers could target Linux. There ought to be a kernel configuration to require that applications opening any network link are trusted. Now 2.6 has capability bits it should be possible to do. I don't know how the kazaa look-alikes work under Linux, but I imagine that the exported files are just saved under the user's home. A worm could probably just write itself into that folder. With Linux an email virus/worm cannot destroy the system easily, but they can subvert it. And that is what most new viruses/worms try to do. Now is not the time to rest on our laurels. -- Richard Urwin
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
