"Day Brown" <[EMAIL PROTECTED]> wrote: > [...] > I have no way of evaluating the reality vs the perception.
But you have no problem stating absolutes, regardless. > It is obvious to me however, that those interested in coding > sabotage software will focus on the OS which they think will > have the most undocumented and obscure subroutines to work > with. They will focus on the targets which will provide a population within which they can thrive. That equates roughly to market share. As *nix gains popularity, attention will return to it (network-borne viruses started there with RTM's worm) as a target. An OS name is no protection. > As Ralf Brown's INTERVUE database shows, the set of > interrupts is considerable. but when you add to that the > millions of lines of code used in windoz, or even the small > set for nix, the permutations become nearly infinite. I don't think virus coders are dealing with anything like permutations, just opportunities. There was no shortage of virus development, and one might even argue that there was more virus innovation (stealth, mutating, etc.), during the heyDay of DOS than today. Many of the current crop seem to be cut'n'paste copies of one another. Disappointing compared to the rich variety encountered in the good old Days. If you expand into simple denial-of-service attacks, recent experience has shown that even "simple" devices such as routers and switches can have surprising vulnerabilities which can be exploited by the creative. Relying on "simplicity" for protection is foolishness. OpenBSD has an excellent reputation for security, not because it's "not Windows", but because they've made a conscious (and laborous) audit of the source code specifically to look for vulnerabilities. They did NOT rely on "Unix" or "simplicity" for protection. The the benefit of all, their efforts have certainly improved the overall security profile of *nix in general. > Your cite of of the Adaptec is timely. I recognize the part > number, and believe every nix distro will have drivers for it. Yes, just like DOS and Windows. Just like ANY supported hardware on ANY OS. > If you have a scsi and an ide... you can boot from the ide, > but if you dont add the scsi driver, I dont see any way that > a dos boot can do anything to the scsi. Which is why I have > the scsi driver set on optional load on the drdos config.sys > ? device=tekram.sys Which is of course something completely different than what you stated in your posting of 3/18. DOS, *nix and Windows can't (readily) access hardware for which they has no driver. Of course, if you're going to go through all the effort to maintain hardware profiles for "backup" and "operational" modes, then you're talking about a setup suited only for the casual home user, or where regular outages (power off) are acceptable for backups. You DO backup regularly, right? Not that that's bad, but I would argue that it's not much less complex than having a second networked machine which you physically disconnect when "working". And it's a lot simpler to pull a 10Base-T plug than reconfigure a system for different drivers to do a simple backup, plus you gain redundant hardware should the "working" computer fail in any way. > If anyone can come up with dos virus that can install the > scsi driver, I'll get off the net. Inasmuch as dos is well > known as being 'dead', the sabotage attempt is unlikely. Which has nothing to do with what you originally posted about regarding the use of a DOS partition as magical protection. If the OS can't access the controller, the data on drives attached to that controller is presumably safe, REGARDLESS OF OS, including Windows. You could also jumper a drive to be read-only and similarly provide protection independent of OS (including Windows). > Whatever could be done in dos wont, and whatever could be attempted is > more easily recognized by the dos virus scanners, who have far > less code to look thru. Virus scanners don't peruse the source code, they look for signatures -- patterns -- in binaries. A 1MB file takes a certain amount of time to scan, regardless of the complexity of the application which generated it. > Fundamentally, viruses depend on complexity to hide in. Fundamentally, they exploit human stupidity. The propogation of misinformation only makes their job easier. > Anyway, when I boot nix off the scsi, as I do for netscape... > Suse dont even 'see' the dos drive, so again, a nix virus would > have to mount the vfat before it could do anything to it. Are you sure? Assuming Linux boots off SCSI and DOS off IDE, does "dmesg | more" indicate that the IDE controller was recognized (look for /dev/hda,hdb,hdc,hdd etc.)? What happens if you launch "fdisk /dev/hda" (or whatever was recognized). If fdisk can see it, a partition can be killed without mounting the partition, REGARDLESS of what it's formatted for. I expect you'll indicate next that you left some important little detail out, like you remove the IDE controller between boots, or that you've managed to compile a SuSE kernel with no IDE support. > That is another layer in the firewall. That is security through obscurity, and NOT part of a good security practice, even for a casual. It certainly is not a "firewall" by any stretch of the imagination. > The remoteness of a coder > successfully crafting a nix virus, and then adding the ability > to mount a dos drive, seems beyond the realm of credibility. Yes, they're unlikely to craft one when the source for fdisk is so readily available. Why would they want to be hardware (controller) specific? Use the code readily at hand to wipe out any sort of partition, regardless of OS or whether "mounted" or not. > I can certainly see them considering a windoz/nix dual boot, and > perhaps being successful at infecting it. But again, since the > dos user base is so tiny, nobody would bother with it. Propogating the infection and the vulnerability of a partition are two different issues. It might SPREAD using one OS or another, but again IF THE CONTROLLER TO WHICH THE DRIVES ARE ATTACHED IS VISIBLE, THE PARTITIONS ON THOSE DRIVES ARE PROBABLY VULNERABLE AS WELL. > afterall, everyone uses better operating systems. Chant all you want, a DOS partition provides no protection unto itself. > I dont ever run anything beside the file transfer tools which > even knows there is another drive with another os. Are you running a distribution with fdisk as root most of the time? Most folks don't consciously run viruses. You can't declare yourself protected just because you refuse to check out the possibilities. - Bob To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies. More info can be found at; http://www.softcon.com/archives/SURVPC.html
