[Gllug] Anti-virus

[Mark Lowes]

On Tue, 2002-10-22 at 15:45, Tethys wrote: 
> >How many of them have had their code audited and pose equal or greater
> >threats to network / machine security?
> Not many, IMHO. While few have had their code audited, equally few will
> also accept incoming (potentially malicious) data from the outside world.

I'd disgree on the numbers :)  Anything which has an open port is a
potential vector.  So all webserver code, smtp servers, pop servers ...
and so on.  On a workstation these are 'minor' risks in serverland
however it gets more interesting :) (and is one of the reasons why I
have a lot less hair than five years ago :) 

> Apache and openssl/ssh are obvious ones that do, and they *have* been
> audited (even then, problems occasionally slip though, like the recent
> ssh and mod_ssl problems).
Multiple BIND problems over the last few years, the regular holes in
ftpd's, IMAP is a regular offender as well. 

The risk in this sort of code is greater on the machine level than an
exploit in user level programs because many of them need root privs to
play with the high ports :(  However as we've seen far too many times in
the last few years the user level problems in mail clients and the like
cause more problems on the network. 

Maybe it's time for me to disconnect from the network so I can have a
nice secure setup. 

-- 
The Flying Hamster <hamster at korenwolf.net>     
http://www.korenwolf.net/
"When a movie doesn't have a brain in its head, it's kind of unfair
to require thought on the part of the audience."  --   Roger Ebert.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug