"Day Brown" <[EMAIL PROTECTED]> wrote: > I dont know what power sabotage software will come up with, > and wont try to predict.
No predictions required. This has been done before, and we'd best learn from history lest we develop a false (and dangerous) sense of security. If a virus targets the partition table, ALL operating systems on a drive are vulnerable. You can delete non-DOS partitions from DOS, and you can delete non-Linux parititions from Linux (with superuser privileges). See: http://securityresponse.symantec.com/avcenter/venc/data/stoned.empire.monk.h tml , http://securityresponse.symantec.com/avcenter/venc/data/crazy_boot.html , http://securityresponse.symantec.com/avcenter/venc/data/neuroquila.html etc. etc. etc. Notice the dates. Notice the OS. > The bets are, however, that the > coders will focus on those operating systems which have the > widest set of 'undocumented' features to work with. Dos is > notoriously short of 'features' of any kind. DOS viruses could be quite effective nonetheless (see previous examples). ANY OS that allows superuser access to the hardware for all users will be, whether you call it "DOS" or "Windows". And if you bypass the features of your OS by logging in as root (or equivalent), things aren't all that much different for "Linux" or "BSD". There's no voodoo to OS choice that will protect one from evil. If you run an executable (or allow one to run) with rights that allow low-level access to the system, there's potential for damage. The reason viruses don't spread as readily under *nix has nothing to do with not being Windows, but rather the protections provided by the OS itself. With DOS or Windows, prevention requires and add-on anti-virus package. Sadly, *nix too is increasingly being attacked. We'd best be aware and not develop a false sense of security. > The access does not havta be automatic at boot, unless maybe > with windoz recognizing all operational dos drives on the > system. You're right. It doesn't have to be automatic at boot. The partitions are vulnerable if exposed, even if not "mounted" or otherwise accessible from the OS. Fire up a recent version of FDISK on your Linux box and see if you can delete the non-DOS partition. Was it mounted? Can you delete/overwrite it with something else? I seem to recall that DR-DOS was particularly adept at deleting non-DOS drives, and I used it to clear NetWare partitions on many occasions. A virus would have no more trouble doing the same. > But MTOOLS and LTOOLS, allows a user to 'mount' a > drive of another os when, and only when, he wants to make > backup copies. And FDISK lets you destroy it without all that bother. These are old tricks, well-known to the virus-writers even if we don't recognize the vulnerabilities. - Bob To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies. More info can be found at; http://www.softcon.com/archives/SURVPC.html
