LinuxQuestions.org
Page 3 of 3 12 3
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Do viruses exist for Linux? (https://www.linuxquestions.org/questions/linux-security-4/do-viruses-exist-for-linux-141088/)

deepsix 02-21-2004 04:24 PM
Quote:
Originally posted by chort
Wrong. How much do you know about Information Security? I've been in the industry in one capacity or another for around 7 years now. I'm a Certified Information Systems Security Professional. What you're spreading is blatant misinformation.

Symmantec, McAfee, et al do not remove services or install update patches to your system. What anti-virus programs do are look for files and system settings that match patterns of known viruses/worms, and to a limited extent they look for behaviors that are consistent with a virus or worm and try to quarantine the responsible file. In other words, they are exactly what they say: Anti-Virus.

They're not IDSs (although both companies make IDS products), they aren't firewalls (although both companies make those, too)... Anti-Virus simply seeks and destroys viruses and worms. It's reactive in that you have to get the virus before they will do anything. They don't harden your system at all.

Your notion of creating a virus which stays off the radar of major A-V vendors is a nice faerie tale. First off, A-V companies have a huge amount of resources, you would probably be staggered by all the collection methods they have. Then you have all these organization out there that have Anti-Virus products installed. When they discover that they have a virus that got through, they report that immediately to their vendor.

If you think it's possible to create a virus that will go undetected for any meaningful amount of time, you're wrong. The people at Valve Software were arguably idiots when it came to protecting their systems, but they eventually discovered the trojans that allowed their Half-Life2 source code to be stolen. Nearly all organizations have IDSs installed that will detect anomalous traffic. Eventually someone will discover your creation by accident. The only way to have your virus not be discovered is to never use it, and then by definition it's not a very successful virus, is it?

Your last arguments about systems with top secret data or personal information competely miss the point. Did anyone even pay attention at all to what I posted before? Virus/worm creators are largely uninterested in collecting information off of personal computers, what they want to do is create a large zombie army of machines that can be remotely controlled. It doesn't matter what OS those machines have, it doesn't matter how fast or slow the machines are, it doesn't matter what type of Internet connection they have, it's the sheer quantity of zombie boxes that is important.

Those zombies can be used to launch DDoS attacks against sites such as SCO, Microsoft, Amazon, etc... They can be used to send millions of spam messages per day, which surprisingly actually get enough responses to make it very profitable (especially if you aren't paying for the computers and bandwidth to send the spam and host the websites). The zombies can be used to set up elaborate "phising" schemes for capturing large amounts of credit card numbers or bank accounts through scams.

Out of all the things I just described above, how many of them require root?
Answer: ZERO

Do you people get it now???


Apparently you arent getting it...........you have changed everthing I've said into something dramatic ...........DO WHAT YOU WANT WITH YOUR MONEY PAL.........and I hope it fares well......
I FARE WELL WITH MINE......but maybe take a step back and realize that the bumpersticker mentality of you need Norton or you need Macaffe or whatever.......may be what drove you to write what you just wrote.........REALLLY take a step back and look at the details look at the source.......oh....sorry you cant ......

anyways .........this is my last post .........FINAL

PEACE from someone in information security.................

chort 02-21-2004 05:37 PM
What does looking at the source of anti-virus products have to do with *anything*? You can look at the source of things like clamav, etc... It just does exactly what I said.

Since you just resorted to personal attacks and completely ignored my technical statements, I'll assume you are conceding that you don't have a sound technical case. In that case, thank you and please stop trying to mislead people with inaccurate information.

By the way, I don't work for an A-V company and I've only bought one A-V scanner in my life (AVG), which isn't even working (go figure), so I'm far from some type of industry fanboi. I'm just trying to give people the facts instead of a bunch of made up opinions.

OlRoy 02-22-2004 05:20 PM
Quote:
Originally posted by deepsix
Apparently you arent getting it...........you have changed everthing I've said into something dramatic ...........DO WHAT YOU WANT WITH YOUR MONEY PAL.........and I hope it fares well......
I FARE WELL WITH MINE......but maybe take a step back and realize that the bumpersticker mentality of you need Norton or you need Macaffe or whatever.......may be what drove you to write what you just wrote.........REALLLY take a step back and look at the details look at the source.......oh....sorry you cant ......

anyways .........this is my last post .........FINAL

PEACE from someone in information security.................
There is absolutely no way there could be someone in information security who feels that AV software is useless.

frieza 02-22-2004 05:49 PM
yes they exist, but most people i would immagine woldn't want to write viruses to take down linux systems.. if I were a cracker i'd spend more effort into breaking into a system and using it to launch attacks against others..

deepsix 05-23-2004 06:24 PM
after long hours late nights and trying to get ppl to break into a machine I set up f0r them....I have to say I did receive a virus.....but It was one that only affected the current users priveleges(easily expunged)........so dont use X as root........dont run programs that require X as root........and for godsake dont run services wich arent needed........
if your running a server ....use a chroot/jail..........
no antivirus will prevent polymorphic???
no firewall will prevent mistakes that you allow......and further more......why not use netcat to answer a few server calls for you .......you can even make it execute a program as needed on a timely basis.

but I have to retract my statement that antivirus software isnt necessary .....IT IS! for those who dont have the knowlege to make it on their own............

Capt_Caveman 05-23-2004 07:31 PM
Bummer. Just out of curiousity, what virus was it?

deepsix 05-23-2004 07:52 PM
its was a trojan of sorts .....wich waits for the user to gain root priveleges and use it..........
(many rootkits available on the web nowadays).........ssh......was the culprit

Capt_Caveman 05-23-2004 09:11 PM
Not a virus, but I imagine having AV would have helped anyway.


All times are GMT -5. The time now is 02:52 AM.
Page 3 of 3 12 3
Show 50 post(s) from this thread on one page