Re: [Q] virus susceptibility data
On Tue, Jul 18, 2000 at 12:59:47PM +0900, Olaf Meeuwissen wrote: Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! In the better-late-than-sober dept.: o Concur on the complete absence of Linux viruses *in a practical sense*. Yes, Bliss and one, possibly two, proof-of-concept viruses have been reported. As a practical matter, however, viruses are *not* a security/integrity concern with Linux. o For an unbiased, third-party perspective, go to the anti-virus software vendors themselves. They maintain comprehensive lists of known viruses, as well as general resources, virus-related FAQs, etc. There is some concern that these vendors *overstate* the virus threat in general (implicit business concern). Yet there is little to suggest that there is a credible threat to Linux. Norton/Symantec, MacAfee, F-Secure, etc. o Check also general sources for virus-related information. Including 'Web search engines (Google, Alta Vista, Lycos), Usenet (Deja), etc. A search at Google for linux virus turns up a MacAfee announcement, and a ZDNet article discussing a Russian company's announcement of a Linux market with discussion reflecting many of the issues I raise here. o Linux is *not* immune from worms of the type that plague Microsoft systems, particularly through email interfaces, *if vendors and developers start writing clients and software which run untrusted applications without user intervention*. While Microsoft Outlook (the security hole that happens to be an email client -- Stephen Vaughan-Nichols) doesn't infest Linux, an application with similar capabilities could introduce similar security concerns. While the Linux user / file permissions security model provides some protection, individual users could destroy, damage, or compromise data confidentiality. The fact that there is a *tradition* of not adopting unsafe data practices doesn't mean that bad habits can't develop. This is, however, an application-layer transmission vector issue, and not specific to the Linux OS itself. On a related note, it appears that StarOffice and/or Eazel may be headed in the direction of automated association of filetypes with applications. I asked about this at the StarOffice demo at this week's O'Reilly Open Source Conference, specifically WRT MS Outlook-style VBA macro exploits. I'm not convinced that SOffice won't repeat these accidents of design, and would caution adoption of it as a mail client until this issue is clarified. o System security is a multi-faceted issue, and should be evaluated _en toto_, not with respect to a single factor. There are known areas in which Linux tends to suffer holes (primarily: service-related exploits, buffer exploits, and user-related behaviors with poor security practices). The same or substantively similar issues affect proprietary Unices and WindowsNT, and are best addressed by a thorough understanding and audit of your systems and services required and provided. Any security-related objections raised against introduction of Linux should reflect actual threats, and not fantasy. In light of magnitude of the real threat to Windows vs. Linux from viruses, the objection raised by management lies somewhere between ill-informed and intentionally obstructionist. The first condition may be remediable. In the event of the second, there are more and more firms looking for skilled Linux experience, I'd suggest you start shopping yourself where you *are* wanted. -- Karsten M. Self kmself@ix.netcom.com http://www.netcom.com/~kmself Evangelist, Opensales, Inc.http://www.opensales.org What part of Gestalt don't you understand? Debian GNU/Linux rocks! http://gestalt-system.sourceforge.net/K5: http://www.kuro5hin.org GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 pgp2gvQbSi0PQ.pgp Description: PGP signature
Re: [Q] virus susceptibility data
On 18 Jul 2000, Olaf Meeuwissen wrote: I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. There are no anti-virus programs because there are no viruses. There are a variety of security holes that crop up from time to time, but Windows is far worse. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include This shows a remarkable lack of cluefulness on the part of your network staff. I wish you luck, but they appear to be so stupid that you will probably not have much success.
Re: [Q] virus susceptibility data
A long time ago, in a galaxy far, far way, someone said... Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! It sounds like they're trying to give you an excuse to make life easier for Microsoft administrators by getting rid of Linux. The fact is that viruses are almost unheard of on Linux. I've only heard of 2 Linux-specific viruses in the last 3 years; neither has been seen since 1997. Viruses are really only a concern on Windows systems where there is no security (or the security mechanisms are set very lax by default with no one around to know to tighten up the system...) to keep any program from doing anything they want to the computer. There are antivirus programs that run under Linux - McAfee (now Network Associates) makes one, for example. However, due to the lack of Linux/UNIX viruses, these anti-virus programs are meant to be run on servers - mail servers, file servers, or anything else that has to interact with Windows PCs. The biggest problem relating to viruses on Linux is running untrusted scripts on your machine, just like on Windows. However, there is one very important differece between Linux and Windows in this regard: unlike Windows email programs, Linux email programs *do not* execute programs recieved as attachments automatically - you need to 1) save the program to disk and 2) manually execute it before any damage can be done. -- -- Phil Brutsche [EMAIL PROTECTED] There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe. - Albert Einstien
Re: [Q] virus susceptibility data
William T Wilson [EMAIL PROTECTED] writes: On 18 Jul 2000, Olaf Meeuwissen wrote: I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. There are no anti-virus programs because there are no viruses. The followup by Phil Brutsche says otherwise. There are a variety of security holes that crop up from time to time, but Windows is far worse. No need to convince me. Why do you think I use Debian? If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include This shows a remarkable lack of cluefulness on the part of your network staff. I wish you luck, but they appear to be so stupid that you will probably not have much success. I wouldn't call the network folks stupid, but the managers are another matter completely. Not saying they are, though ;-) Thanks for your reply anyway. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] virus susceptibility data
Phil Brutsche [EMAIL PROTECTED] writes: A long time ago, in a galaxy far, far way, someone said... Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! It sounds like they're trying to give you an excuse to make life easier for Microsoft administrators by getting rid of Linux. Don't think so. I'm administering the Debian boxes myself. It seems their prime concern (for the moment?) is anti-virus software. A system that runs any version of Windows 95 or better (is there? ;-) and has Norton Anti-Virus installed and running at least once a month is okay with them. The fact is that viruses are almost unheard of on Linux. I've only heard of 2 Linux-specific viruses in the last 3 years; neither has been seen since 1997. Do you have any pointers? There are antivirus programs that run under Linux - McAfee (now Network Associates) makes one, for example. However, due to the lack of Linux/UNIX viruses, these anti-virus programs are meant to be run on servers - mail servers, file servers, or anything else that has to interact with Windows PCs. Thanks for this pointer. I'll look into it. The biggest problem relating to viruses on Linux is running untrusted scripts on your machine, just like on Windows. However, there is one very important differece between Linux and Windows in this regard: unlike Windows email programs, Linux email programs *do not* execute programs recieved as attachments automatically - you need to 1) save the program to disk and 2) manually execute it before any damage can be done. And then they only run under the user id and with the permissions you set. Thanks for your reply, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] virus susceptibility data
Olaf Meeuwissen wrote: William T Wilson [EMAIL PROTECTED] writes: On 18 Jul 2000, Olaf Meeuwissen wrote: I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. There are no anti-virus programs because there are no viruses. The followup by Phil Brutsche says otherwise. For all intention's purposes, there are no Linux virui. Strickly speaking this is not true -- there have been virii created for Linux in the past, but they are not 'in the wild'. Here are some links to Linux virus information: Stoag - the first known Linux virus http://www.Europe.F-Secure.com/v-descs/staog.htm Bliss - the second known Linux virus http://www.Europe.F-Secure.com/v-descs/bliss.htm These are the only Linux virii in the F-Secure database. (F-Secure are the makers of the F-Prot virus software for windows. The also make an SSH terminal program). I would say that %99.999 of Linux users have not seen either of these virii (I know I haven't). The F-Secure site says that it believes that Stoag is not in circulation. I would think the same for Bliss as well. Can you count the number of Windows virii on one hand? No anti-virus software is required, even with 2 Linux virii. The 'bliss' virus even has a command line switch that causes it to remove itself! Matthew
Re: [Q] virus susceptibility data
William T Wilson wrote: On 18 Jul 2000, Olaf Meeuwissen wrote: I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. There are no anti-virus programs because there are no viruses. There are a variety of security holes that crop up from time to time, but Windows is far worse. The main reasons there are no viruses is, first, that few have been written, and second, that Linux is not so favourable an environment for infection. It is, however, a delusion to think that Linux/Unix viruses are impossible. The more we get clueless users who run everything as root, the more likely we are to see viruses spreading. To make a comparison with human health, good security is like good hygiene, and people who live in filth are likely to get diseases. -- Oliver Elphick[EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life. John 3:16
RE: [Q] virus susceptibility data
Hi Olaf,
On 18-Jul-00 Olaf Meeuwissen wrote:
Dear Debians,
I'm looking for any kind of info on vulnerability to viruses on Debian
and/or Linux. Pointers to anti-virus programs are also very welcome.
If I can't convince some people here at work, I'm about to be told to
disconnect from the net or use (heaven forbid!) Windows for any kind
of internet activity beyond our firewall. And that seems to include
sending email like this to the list. Gack!
As other have pointed out, there are almost no known viruses for
UNIX/Linux as such, and the two or three ever heard of are (as far as I
know) almost never encountered. For some reason, hackers don't bother
to attack UNIX systems that way (probably there's more mileage in other
types of attack).
A line of virus which might well be possible, and platform-independent,
is the planting of Java in HTML. This could hit UNIX/Linux and Windows
equally, though I haven't heard of it on Linux. A lot of Linux MUAs
can open HTML attachments in Netscape, though usually not automatically
(the user has to choose).
DOS/Windows viruses are another matter, in these days when people
routinely mail each other Word/Excel etc attachments in the name of
communication. Even Linux folk have to deal with these things, which
usually means running Windows on another machine, or in WABI or WINE or
VMWare, and opening the file (though most Word docs can be handled in
Linux-native WordPerfect which should not be vulnerable to a Word macro
virus, for instance).
Once you have done that, your Windows installation may be messed up
(though the Linux part of your installation should survive). In any case,
if you subsequently forward the attachment to a colleague you will be
sending the virus on, whether your Linux system is immune to it or not.
These add up to arguments for virus-checking incoming mail, even on
a UNIX/Linux system.
Clearly, plain-text and similar emails don't need checking, and usually
attachments are not opened automatically either, so there should be
no need to virus-check every mail (which, if it's done on delivery,
really slows things down).
I simply take the precaution of running a virus check only on a mail
containing a possibly suspicious attachment and leaving the rest alone
(having been caught once by a macro virus in a Word/Win-3.1 document
which caused my WABI/Win-3.1 Word to send it on whenever I subsequently
used this Word).
The program I use is VirusScan ('uvscan') from Network Associates:
see in the first place http://www.nai.com and, in particular,
http://software.mcafee.com/centers/download/
along with the MacAfee virus database (though you can use others). It
seems to work quite well. You can configure it to be run standalone
rather than as a filter for incoming mail: then, if you see a mail
attachment that you think might need a check, you just feen that
attachment to the virus checker (My MUA, XFMail, has a flexible MIME menu
which allows you to View As any attachment; and you can set one of the
As options to be a pipe to the checker).
Phil Brutsche in this thread said that there is one very
important differece between Linux and Windows in this regard: unlike
Windows email programs, Linux email programs *do not* execute programs
recieved as attachments automatically - you need to 1) save the program to
disk and 2) manually execute it before any damage can be done.
This is not quite true, either in principle or in fact.
First, nothing stops someone from developing an email program (MUA)
which _could_ automatically (without user selection) open an attachment
it thought it knew how to handle (though I don't know of one; but
a naive user could set this up in the rules for filtering incoming mail,
I dare say).
Secondly, when you receive an email consisting (in effect) solely of
an attachment with no other significant information, all you can usefully
do is open the attachment. In many MUAs this is simply a matter of
clicking on the attachment bar and the rest is then automatic;
the scope for user discrimination is almost nil (with the exception
of running a virus check on it).
Now, although I wouldn't recommend it to anyone, in XFMail at least
you could have one of your MIME entries of the form
type/subtype extn command
application/prog exe exec
which would have the effect of executing the attachment as a program.
I hope this helps. Olaf's situation is not as straightforward as he
might wish!
Ted.
E-Mail: (Ted Harding) [EMAIL PROTECTED]
Fax-to-email: +44 (0)870 284 7749
Date: 18-Jul-00 Time: 10:55:45
-- XFMail --
Re: [Q] virus susceptibility data
Okay - call it a Martian[1] solution, but the only way your linux box could hold a virus is if the data was writeable by users. I have 18 Gb of CDROMS shared via samba - the entire partition is mounted read only, and clients can't write to the share anyway. OR the other solution is to run your standard windows virus checker on the contents of the share And you won't need another license cos you're running an existing license. The drawback there is every infectable file will have to be read over the network but thats what schedualled birus checks are good for. [1] I can call it a martian solution - theres no martians around to object :) At 03:03 PM 7/18/00 +0900, you wrote: Phil Brutsche [EMAIL PROTECTED] writes: A long time ago, in a galaxy far, far way, someone said... Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! It sounds like they're trying to give you an excuse to make life easier for Microsoft administrators by getting rid of Linux. Don't think so. I'm administering the Debian boxes myself. It seems their prime concern (for the moment?) is anti-virus software. A system that runs any version of Windows 95 or better (is there? ;-) and has Norton Anti-Virus installed and running at least once a month is okay with them. The fact is that viruses are almost unheard of on Linux. I've only heard of 2 Linux-specific viruses in the last 3 years; neither has been seen since 1997. Do you have any pointers? There are antivirus programs that run under Linux - McAfee (now Network Associates) makes one, for example. However, due to the lack of Linux/UNIX viruses, these anti-virus programs are meant to be run on servers - mail servers, file servers, or anything else that has to interact with Windows PCs. Thanks for this pointer. I'll look into it. The biggest problem relating to viruses on Linux is running untrusted scripts on your machine, just like on Windows. However, there is one very important differece between Linux and Windows in this regard: unlike Windows email programs, Linux email programs *do not* execute programs recieved as attachments automatically - you need to 1) save the program to disk and 2) manually execute it before any damage can be done. And then they only run under the user id and with the permissions you set. Thanks for your reply, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Criggie
Re: [Q] virus susceptibility data
Olaf Meeuwissen [EMAIL PROTECTED] writes: Don't think so. I'm administering the Debian boxes myself. It seems their prime concern (for the moment?) is anti-virus software. A system that runs any version of Windows 95 or better (is there? ;-) and has Norton Anti-Virus installed and running at least once a month is okay with them. At least once a month is *not* enough -- our computer department recommends updating the virus database once a *week*! (But then consider that the anti-virus software can't detect new viruses like the I LOVE YOU virus.) The fact is that viruses are almost unheard of on Linux. I've only heard of 2 Linux-specific viruses in the last 3 years; neither has been seen since 1997. Do you have any pointers? Have a look at the AMaViS homepage http://satan.oih.rwth-aachen.de/AMaViS/, they have a fine link list there at the bottom. Greetings, joachim
Re: [Q] virus susceptibility data
On Tue, Jul 18, 2000 at 04:24:42PM +1000, Matthew Dalton wrote: For all intention's purposes, there are no Linux virui. Strickly speaking this is not true -- there have been virii created for Linux in the past, but they are not 'in the wild'. For those who like a pointless bit of language trivia, Tom Christiansen has a long rant on why the plural of virus is 'viruses', and most especially, is not 'virii': http://language.perl.com/misc/virus.html -- Andrew Sullivan Computer Services [EMAIL PROTECTED]Burlington Public Library +1 905 639 3611 x158 2331 New Street Burlington, Ontario, Canada L7R 1J4
Re: [Q] virus susceptibility data
, == , Ted Harding [EMAIL PROTECTED] writes: , A line of virus which might well be possible, and , platform-independent, is the planting of Java in HTML. This , could hit UNIX/Linux and Windows equally, though I haven't , heard of it on Linux. A lot of Linux MUAs can open HTML , attachments in Netscape, though usually not automatically (the , user has to choose). For another potential platform independent security problem in HTML[1], see: http://www.zope.org/Members/jim/ZopeSecurity/ClientSideTrojan this a bit different though, as you can't breach the security of your computer, just other web sites where you have non-standard privileges (whether this is based on IP address, HTTP authorisation, or cookie based scheme - did I miss anything?). Footnote: [1] I will blame HTML for it here, but technically, you could argue it isn't HTML's fault. -- Brian May [EMAIL PROTECTED]
Re: [Q] virus susceptibility data
Olaf Meeuwissen [EMAIL PROTECTED] writes: Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! I'd like to say thanks to all the nice folk that sent replies (on and off the list). I'm looking into some of the suggestions I got and am waiting for the network folks here to get back to me. I think I have a pretty decent chance of staying connected using Debian with all the info I got and the backup of my supervisor, a Mac aficionado :-). He pointed out that it might be more cost and security effective to stop using M$IE and Exchange altogether rather than invest in anti-virus software. I'd personally add Windoze to the list, though ;-). -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
[Q] virus susceptibility data
Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! Thanks in advance, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
