[Gllug] this week's windows hole

Christopher Hunter chrisehunter at blueyonder.co.uk
Thu Sep 11 04:27:21 UTC 2003


On Wednesday 10 Sep 2003 11:10 pm, Alain Williams wrote:
> Browsing the /. comments on the latest M$ feature, I came across the link
> below.
>
> Sophos is claiming lots of Linux worms & virii, I wondered how many of
> them were real, what infection rates had been observed, etc. The big point
> being the difference between: they exist and they have done real
> damage[**].
>
> So from what *you* have direct experience:
>
> 1) How many of these are real -- ie actually seen ``in the wild'' ?
>
> 2) How many of these have caused real damage, and to how many systems ?
>
>
> Being a cynical sod I realise that sophos have a living to make by worrying
> IT managers that are continually plagued by damage to M$ systems, and so
> they unrealistically play these concerns up.
>
> Possibly tellingly I notice that in the descriptions of the Linux exploits
> they generally say 'XXX will attempt to YYYYYY', or 'XXX is a worm which
> tries to exploit YYYYY', whereas the M$ ones are 'XXX does YYYYY'. Also
> most of the Linux ones seem to be the same few just with different names.
>
> [**] I don't count sacrificial/test systems as real damage.
>
> 	http://www.sophos.com/virusinfo/analyses/index_linuxworm.html
> and
> 	http://www.sophos.com/virusinfo/analyses/index_linux.html
>
> --
> Alain Williams
>
> #include <std_disclaimer.h>
>
> FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the
> best interests of our children. See http://www.fathers-4-justice.org


It's amusing to visit that Sophos page.  Each "virus" name links to several 
items on their list - so they're obviously trying to expand the number of 
items.  In recent tests of "anti-virus" software, Sophos came somewhere close 
to the bottom of the list in terms of effectiveness, despite their high 
prices.

The only exploits I've ever seen "in the wild" in the *nix world, have been 
rootkits, most of which are pretty ineffective.  In the Windoze world, 
however, I've seen literally thousands of types of "malware", many of which 
would totally compromise commercial systems.  

There are NO "anti-virus" offerings that actually work properly - all it takes 
is a little ingenuity and time to come up with something that has viral 
characteristics and is totally undetectable by any of these "scanners".

There is, of course, the conspiracy theory that the writing of most "malware" 
is sponsored by the "anti-virus" vendors....!

Chris



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list