[Gllug] Anti-virus

Nix nix at esperi.demon.co.uk
Thu Oct 24 22:09:18 UTC 2002 

On Tue, 22 Oct 2002, itsbruce at uklinux.net said:
> As others have said, almost all viruses circulating by e-mail are
> Windows ones.  One of the main reasons Windows is so vulnerable is that
> even on the NT variants (2K etc) the default is to give users almost
> full access to the local system.

The real problem is that a certain unaccountably popular email client
whose name contains the letters o, u, t, l, and k permits execution of
untrusted code contained within received emails, and renders HTML emails
via a component that also executes JavaScript and has numerous known
security holes, and provides programmatic interfaces to scour its
address book and send emails out...

That it *also* is as secure as a wet paper bag *and* every user is god
by default *and* it incessantly disguises what it's really doing so that
even if you're clued you can accidentally shoot yourself in the foot is
just a garnish. :(

>                                This is not how Linux systems are set
> up so unless you log in as root or have given your user account write
> access to those parts of the system where program binaries are stored,
> you are not at risk.

Well, actually, some of the many many many holes in pine (most of which
remain undiscovered and unclosed) would probably permit such a worm to
be written, but even if Linux were as popular as Windows it'd have real
trouble getting a critical mass of infected hosts, because Linux boxes
differ from each other so much and there is such a large set of email
clients in use that a buffer-overflow attack on pine wouldn't be very
useful; you'd need to find a similar attack in *lots* of mail clients.

There's safety in diversity :)

> Linux systems can be vulnerable to internet-spread worms that exploit
> services they run (Apache, Bind, Ssh) but there's never been a

All decidedly non-diverse services :(

(The *real* problem though is that all this stuff is written in C, which
is, how shall I say it, not the most secure of languages. OK, maybe it's
about the *least* secure. Buffer-overflow attacks just *cannot happen*
in most other languages... even in properly written C++ they take a bit
of talent or stupidity to produce, but in C they have to be actively
guarded against :( )

-- 
`The tooth fairy teaches children that they can sell body parts for money.'
                       --- David Richerby

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list