LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 01-14-2006, 01:07 AM   #31
shotokan
Member
 
Registered: Mar 2005
Distribution: slackware, LFS
Posts: 204

Rep: Reputation: 30

I think if you're a network adim you take any kind of vulnerability seriously. AFAIK most servers use linux.

The fact is that it is the network adim's job to keep out bad guys. They wouldn't have a job if linux was unvulnerable.
 
Old 01-14-2006, 11:53 PM   #32
cousinlucky
Member
 
Registered: Nov 2005
Location: Staten Island N.Y.
Distribution: PCLinuxOS Mate
Posts: 226

Rep: Reputation: 84
OK!! I am a computer Illiterate. I am old and cynical. That said, I will never believe that Microsoft does Not Purposely engineer " access holes " in its operating systems. Yes, I have spent an awful lot of money attempting to plug up the windows holes I became vulnerable to and all completely for naught. I am out of the " Microsoft Herd " now and can testify to the severe pain of using Windows.

I can not accept that highly trained computer engineers at Microsoft have not been directed to develop software that can be used to exploit its users. My Suse Linux 10 operating system may be being " watched " but it has not been totally hijacked and requiring a hard drive reformat as my Windows XP OS had been many, many, many times.

If Linux has vulnerabilities are there programs or fixes to these vulnerabilities and where would I find them ?? Are there any Linux programs available to detect such vulnerabilities ??
 
Old 01-15-2006, 01:17 PM   #33
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 46
If I write a script, and call it hatebug:

#!/bin/sh
echo "I hate you..."
rm -fr /

And attach it to an Email, is this not a virus? Remember years ago the lovebug? That was a vbscript email attachment was it not? Whats the difference?

The difference of course is that Microsoft intentionally exposes it's users to threats. I'm not sure what the agenda is behind this bizarre behavior. You say "I don't believe it is intentional." I'm sorry but you can not convince me all the great minds at Microsoft didn't realize a vbscript attachment executed in a Windows environment had absolute and total control of anything and everything on that computer? I remember installing "Windows Scripting Host" on a Windows 95 computer years ago when it first became available. I installed it so I could write perl scripts but as soon as I realized the default action was set to open (run the script with WSH) I changed the default to edit (open in notepad). I realized the damage a vb or perl script could do so please don't tell me all those Microsoft engineers didn't know what type of danger they were putting the users in when they set those defaults. This is only one example of Microsoft intentionally leaving default settings to place users at maximum risk, there are countless examples.

So lets go back to my virus shell script email attachment. I went ahead and sent the file to myself pretending I was an average clueless windows user. So in Thunderbird when I open the email I see this:

Code:
test hatebug email
___________________

#!/bin/sh
echo "I hate you..."
rm -fr /
So I can see exactly whats in the email and the attachment. I would have to be an idiot to anything but delete this attachment but since I'm a Windows user now I went ahead and double clicked on the attachment. I got a popup box With 2 options and a CheckBox.

( ) Open with |Browse|
(*) Save to Disk
[]Do this automatically for file like this from now on

As you can see the default is pretty safe but being a Windows user I changed the default to Open with. I also clicked on the Do this automatically check box so Thunderbird will remember my stupid actions. Then I clicked on the Browse button and selected /bin/sh as the default application. Hummm... Not much disk activity.

I hate you...
rm: cannot remove `/': Permission denied

Thats pretty boring.

As for the article mentioned in post #1. You might want to consider that a large majority of security holes or vulnerabilities found in linux are people looking through the code in an attempt to make the code more secure. Millions of eyes etc... Microsofts source code is closed. So the millions of eyes become a few hundred. And even if they find a vulnerability they are not allowed to tell anyone but their boss.
 
Old 01-15-2006, 03:19 PM   #34
J_K9
Member
 
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700

Rep: Reputation: 30
Excellent post /bin/bash - I thought it was really helpful at outlining the basics so that hopefully the people who post in this thread without a valuable argument will have a good one to refer to...

Cheers,

-jk

Ps. cousinlucky: You can find all the latest vulnerabilities over at Bugtraq (select Vendor: Linux). The best way to patch these is simply to update your distro regularly - and you run SUSE, which is quite possibly the quickest update-releasing distro out there! Oh, and look into AppArmor

Last edited by J_K9; 01-15-2006 at 03:21 PM.
 
Old 01-15-2006, 04:23 PM   #35
cousinlucky
Member
 
Registered: Nov 2005
Location: Staten Island N.Y.
Distribution: PCLinuxOS Mate
Posts: 226

Rep: Reputation: 84
Hi J_K9, I noticed the AppArmor section of my OS but Novell will not discuss how to configure it or even explain it unless I sign up and pay for their technical support, which is quite costly. The installation book that came with the disks does not cover AppArmor at all. I have resolved to just leave it alone until such time as I have adequately familiarized myself with Linux and Suse ( which, unfortunately, might take quite a while for me) I have at least been downloading the updates regularly. Thank You greatly for the Link, and the advice. I noticed that you and other knowledgable Linux users use your distro.

Last edited by cousinlucky; 01-15-2006 at 04:33 PM.
 
Old 01-15-2006, 04:32 PM   #36
J_K9
Member
 
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700

Rep: Reputation: 30
Hi,

No probs about the links! I'm in a bit of a rush, but if you visit the AppArmor page there should be some information there regarding its usage. Otherwise, you can ask on their mailing lists (at the bottom of that page) and someone is bound to help you

Cheers,

-jk
 
Old 01-15-2006, 05:41 PM   #37
cousinlucky
Member
 
Registered: Nov 2005
Location: Staten Island N.Y.
Distribution: PCLinuxOS Mate
Posts: 226

Rep: Reputation: 84
Thanks again J_K9 I shall someday get a live Ubundu disk and see what your distro is about. - Best Regards !!
 
Old 01-16-2006, 09:17 AM   #38
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,425

Rep: Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159
It's foolish to suppose that any computer operating-system is "invulnerable," because the simple truth is that all of them are vulnerable.

Windows is right-now extraordinarily vulnerable because of the way that it is typically mis-managed by uninformed users, but even that is not per se the fault of Windows.

"We live in a town where nobody has to lock their doors" would be a thought of the past if you owned a police scanner. With the Internet, you can find out about vulnerabilities and exploits in the Linux system, or Windows, as soon as they are discovered.
 
Old 01-16-2006, 09:59 AM   #39
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
Quote:
Originally Posted by /bin/bash
If I write a script, and call it hatebug:

#!/bin/sh
echo "I hate you..."
rm -fr /

And attach it to an Email, is this not a virus? Remember years ago the lovebug? That was a vbscript email attachment was it not? Whats the difference?
I though a virus was supposed to be self replicating. If you scripted some way of the script emailing itself to the users mailbox before doing its damage then you would have a virus. I believe what you have there is a trojan.

I'm sure I read a definition og these things some time on a website, possibly symantecs or something.
 
Old 01-16-2006, 10:38 AM   #40
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 53
(One of ) the first person who had studied virus gave the definition in his book Viruses: the disease of computers, it was in 1985 something like this. A bit later, I coded my first virus and ran all the antivirus into a debugger until I manage to become invisible. Symantec was the easiest to fool!

Fred Cohen demonstrated that we cannot decide if a program is a virus. So antivirus are somehow useless for new virii.
They look at known signature or try to use heuristics to see if it does something uncommon. But what is something uncommon?? The problem is here..


If I want to target one and only one person, I don't need it to be selfreplicating (a worm). It may also render it more visible.

Trojan has no real meaning, it is a subset of virus.


Quote:
According to legend, the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. In today's computer world, a Trojan horse is defined as a "malicious, security-breaking program that is disguised as something benign".
Sure if I program a virus, I won't call it "virus.exe" but Britney.exe or something

It is still easy to program virii that are undetected under several OS.

Windows is maybe a bit more vulnerable because it is closed source. For example, the virus can put itself in memory at boot time by a lot of ways, some are undocumented.
This does not exist in the OSS world.
 
Old 01-16-2006, 11:33 AM   #41
baldy3105
Member
 
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 876

Rep: Reputation: 184Reputation: 184
I think you'll find that the reason the self replicating programs were refered to as virus is that they behave like one, i.e they use the hosts own resources to replicated and spread. Self replication is definitely a requirement for a 'virus'.

If it isn't self replicating it ain't a 'virus' in the strictest sense.

You're sript might get run inadvertantly while the user thinks he is opening something that is harmless. I think thats called a trojan.
 
Old 01-16-2006, 05:30 PM   #42
cousinlucky
Member
 
Registered: Nov 2005
Location: Staten Island N.Y.
Distribution: PCLinuxOS Mate
Posts: 226

Rep: Reputation: 84
Nine pages of listed Linux vulnerabilities. I assume that is for all of the distros combined.
Is any of them a Hijacking vulnerability ??
 
Old 01-17-2006, 09:43 AM   #43
J_K9
Member
 
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700

Rep: Reputation: 30
cousinlucky - What do you mean by a 'hijacking vulnerability'? A hacker/cracker can take advantage of any vulnerability if they are skillful enough, so I guess they are all 'hijacking vulnerabilities'. The guy's just gotta get into your system first (directly or indirectly)

Quote:
I assume that is for all of the distros combined.
Only the distros which run the kernel version which a certain vulnerability corresponds to. For example, a distro with kernel 2.6.15.1 will have different (and possibly less) vulnerabilities than the 2.5.x line. Some are also driver vulnerabilities, which makes only distros which bring that driver packaged vulnerable.

Cheers,

-jk
 
Old 01-18-2006, 03:04 AM   #44
cousinlucky
Member
 
Registered: Nov 2005
Location: Staten Island N.Y.
Distribution: PCLinuxOS Mate
Posts: 226

Rep: Reputation: 84
Some of the programs I discovered in my Windows OS only reported my computing activity, passwords, and the like to somewhere or someone.

However there were other progams that put my computer onto a LAN network or would not allow me to use any other browser except Internet Explorer. There were others that denied me access to my Email. These are the things I mean by hijacking programs. I appologise if I am not using the right terminology in my posts.
 
Old 01-18-2006, 03:27 AM   #45
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 53
Quote:
Originally Posted by cousinlucky
However there were other progams that put my computer onto a LAN network or would not allow me to use any other browser except Internet Explorer.
For the LANs that only accepts IE, this sometimes help (see Update):
http://toastytech.com/evil/msproxy.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
if linux becomes popular, won't it become more vulnerable than windows lynchpin9 Linux - Security 8 01-25-2006 06:24 AM
Linux servers were the most vulnerable????? xgreen Linux - Security 12 02-23-2004 08:55 PM
How vulnerable is Linux Vincent_Vega Linux - Security 7 01-18-2004 07:44 AM
SpyWare - Linux/UNIX system vulnerable? cmf5150 General 5 01-16-2004 08:25 PM
in what way is Linux less vulnerable than Windows? ryancw Linux - Newbie 18 10-10-2003 04:45 AM


All times are GMT -5. The time now is 04:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration