zentara wrote:
>
> Germano Rizzo wrote:
> >
> > Hi,
> > I often hear that the greatest number of virus (or viri?) works only in
> > DOS/Win, but I see that in SuSE is included an antivirus. Are there virus in
> > Linux? How diffused and dangerous are them?
> > Mano :)
>
> The anti-virus software included with suse is meant
> to scan for dos/windows viruses.
> I remember there was one or two viruses developed
> to attack linux. They were developed as an educational
> exercise, were GPL'd, and are not a threat. You could
> do a web search to find them.
>
> Trojans are a real threat to linux. These would be things
> like keystroke recorders, password scanners, etc., that you
> might get as part of a binary package. The best thing to do
> is never run anything as root, and install a package called
> Tripwire. Tripwire keeps track of whether any system binary
> has been changed. If it has changed, you have to wonder
> who did it and how?
>
> Another good thing is to get used to compiling your
> own binaries. Of course, source code could have
> trojan code included, but it is more likely that
> someone will spot it, and send out warnings.
>
> The last warning I've seen, was that one version
> of SSH, "secure-shell" had a backdoor in it.
>
> Many of the paranoid amoung us believe that
> knowledgable people can get into your
> system while you are on the internet. Who
> knows? I do make it a practice to disconnect
> when my system seems to "lockup" online.
> I have seen some strange changes in my system
> after being online for prolonged periods.
> Maybe someone knows how to hack thru pppd?
>
> There are more than viruses to worry about.
> --
In addition to what zentara said, crackers download "root kits" from
cracker sites. These kits allow crackers to take advantage of systems
that have poor security measures in place. The first thing that is
replaced is the program called "ls". The cracker version is slightly
larger and has a filter that doesn't allow the cracker's other programs
to display on directory lists. Other key programs are replaced by
clones that help mask the cracker's intrusion. People that run as root
all the time, or have lots of programs marked suid (rather than setting
appropriate paths and using shadow passwords) are most susceptible.
However, I've been running Linux for about a year now and I spend
anywhere from 60-120 hours per month on the Internet, and I have not
seen any evidence of intrusion on my system. It is nothing to brag about
to crack into some newbie's system, and bragging points is what cracking
is all about - one giant ego trip for the walter mittie's of the world.
--
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
