LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-22-2008, 06:39 AM   #16
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529

Quote:
Originally Posted by irlandes View Post
That number of 800 was stated as mostly security programmer attempts to see if it were possible to create such a virus.
The reason for asking for a pointer is twofold: I do like to read when I have the time and it is relatively easy to misread or misrepresent the facts. Mind you, I'm not saying you do, but the figure of 800 looks more like variations on a theme than actual different approaches. As example: the ones Rkelsen mentioned below are not viruses but worms (worms differ for multiple reasons like in terms of interactivity, propagation method and TTL).


Quote:
Originally Posted by irlandes View Post
I just Googled, and found a Linux virus in the wild in 2001 and one in 2007. Estimates are from 10 to 100 in the wild, but there seemed to be no major impact on Linux users. Some doubt that as many as 10 are in the wild.
Same thing about pointer here. I'm no expert or guru, but it should be clear estimates vary depending on level of expertise, using the "right" taxonomy and raison d'etre. For instance since commercial entities have invested hugely in and make a living out of this (locking in users, keeping signatures to their own circle and keeping newcomers out and probably more nastiness) so their reports should not be trusted unless proof is given.


Quote:
Originally Posted by irlandes View Post
The file shows September 28, 2007.
Yes, you basically are continuing a thread you posted on 2007/09/28 on another board about the same thing with the same "feats": not much detail and no proof of this concerning GNU/Linux.


Quote:
Originally Posted by irlandes View Post
and the tricky part was it functioned in Linux, except it was impotent with no permissions. I have wondered it perhaps it was clever enough to work both in Linux and Windows. Spaces put in to bust link for obvious reasons.
Until you give an objective explanation with proof of whatever part you have determined "functions" on GNU/Linux I suggest you do not promote this as "something that works on Linux". You don't want to do that. If you do without giving proof I have to denounce it as FUD.


Quote:
Originally Posted by irlandes View Post
If I had the ambition to reinstall Windows XP again, I would install that virus on my W3115 not connected to the Web, and give it the password to see what happens.
That's what virtualisation is for.


Quote:
Originally Posted by irlandes View Post
I do not agree it is wrong to offer to send it to others, who may be involved in some sort of study on such topics. I do not even understand the statement that I should not offer to send it to someone who knows what it is and wants to study it. If the owners of this URL want to specify that no one can offer to send a Linux virus to someone who wants to study it, that is their right, but as far as I know that has not been decreed.
While it may have slipped your attention I am a moderator at LQ. So when I ask you not to offer or pass on things like that I have some things on my mind: 0) the LQ Rules, see "Posts containing information (...) or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.", 1) the amount of people here that advertise them doing that kind of research in a objective and professional way and post from that knowledge can probably be counted on one hand, and if they really would fancy a sample of an '07 virus that has been spotted ITW long time ago then they would have contacted you long time ago.


Quote:
Originally Posted by irlandes View Post
In fact, I think that's how anti-virus companies develop their defenses.
Nice try, but it doesn't apply. LQ ain't no AV company, nor do we openly count employees of those amongst our members.
So hear me telling you this CFB: no trojan, virus, worm, rootkit or otherwise harmful content should be offered on Linuxquestions.org, and that is not up for discussion. You're free (and invited) to discuss moderation with me via e-mail.


Quote:
Originally Posted by irlandes View Post
I find it somewhat patronizing to be told it is wrong to click on it when I am logged in as user. I made a calculated decision to do so, on a machine which I totally own in the privacy of my own home, believing that it couldn't harm my machine very much when logged in as user.
OK, since you obviously are "interested" in "researching" things like that, let me ask you this then. Which of the following precautions did you take before running that?
- Determine signature by running AV,
- OS insulation (virtualisation),
- Integrity check (complete before and after audit and full checksums of VM and host),
- Run binary through debugger, auditing syscalls, run IDS,
- Network insulation (sealed subnet, log and drop all network traffic).
If you did none of those, then how did you calculate the risk? And with risk I don't mean risk for you but for the community. Because if this was something that could have propagated by you deliberately activating it w/o giving thought to consequences you have put the community at risk. And I'm pretty sure that is not something the community likes to see.



In closing I have to say we've had some good discussions on LQ about GNU/Linux and viruses and it's not worth rehashing all of that. Best search LQ for those discussions and read them if anyone cares. There are basically two routes possible when dealing with questions about GNU/Linux and viruses. One is the path leading to architecture (separation of privilege, DAC rights, etc, etc) and the other that of the Modus Operandi (monetary gain, also auction boards, also see RBN, also see spam). Any conclusion of good GNU/Linux and viruses discussions should point out that 0) the chance of encountering a "Linux virus" In The Wild is relatively small when keeping *on* trodden paths, 1) that users should not be complacent, 2) that their focus should be on best practices, and that 3) any virus discussion distracts from the problems we're faced with that *are* priorities. You see, we don't need no friggin' payload-bearing virus for XSS and similar resulting in spam/bot piggybacking, vulnerabilities, badly or misconfigured applications, not hardened or not updated SW installations or rootkits and trojans.
 
Old 04-22-2008, 12:22 PM   #17
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
irlandes, what you are describing sounds more like a Trojan than a virus, but I could be wrong. I also see nothing wrong with you offering to send a virus as long as both you and the recipient know what it is (but no thank you, I'll pass). And, if you want to infect your own system as a test go ahead (I hope you used protection). Finding out how things work and tinkering with them is why a lot of us got into using Linux in the first place. rkelsen, what you have given examples of are worms. http://en.wikipedia.org/wiki/List_of...iruses#Viruses gives us a few examples of viruses. The major difference between the Windows world and the Linux world with regard to viruses seems to be that since OSS is built on the concept of "release early, release often" the vulnerabilities that the viruses exploit seem to get fixed rather than relying on some third party to compare every string of bits on your computer against a database of known viruses. Anybody with any amount of computer security knowledge knows that is the wrong approach to grant access. You should give a default deny and only allow packages that are in your database. But, what do I know. I still can't figure out why a Word document needs to have the ability to run macros.

Forrest

Last edited by forrestt; 04-22-2008 at 12:30 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Vista worries cause businesses to consider Macs and Linux LXer Syndicated Linux News 0 11-20-2007 03:10 AM
LXer: No worries: head of MEPIS Linux is fine LXer Syndicated Linux News 0 11-02-2007 03:10 PM
Munich Set to Approve Linux Despite Patent Worries ekaqu Linux - News 5 10-04-2004 06:49 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM


All times are GMT -5. The time now is 01:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration