[Nottingham] Safer by design or just overlooked? (Was: Gameover Zeus (GOZ) and Cryptolocker malware rackets)

Martin martin at ml1.co.uk
Tue Jun 10 11:26:04 UTC 2014


On 10/06/14 08:50, Jason Irwin wrote:
> On 09/06/14 23:47, Martin wrote:
>>> Is Ubuntu vulnerable to the above?
>> Simple answer: Nope.
> Isn't there one doing the rounds that affects Android as well?

Quite possibly in that who knows what can be picked up from the various
"Apps shops"?!...

And the Android permissions may as well not be there being as all the
Android Apps seem to all demand access to /everything/...


> Also, is there anything inherent to the GNU/Linux security set-up that
> would prevent such crypto-crap?

The *nix-style permissions structure?


> Surely if the user is tricked into running something, then it's
> game-over. Anything they can access is vulnerable.

Yes. The 'subvert the user trickery' is often too 'easy' (or the bad
guys are just too cunning). Hopefully the actual 'running something' is
harder or will be unusual enough to alert even the most naive user.

Note the cold-call "IT Support" scam that is still doing the rounds:
Foreign call centre call, number unobtainable: "We know you have a
virus, B-movie technobabble, instructions to user to trustingly open up
remote access to add fix-it malware..."...

At least for a Linux user the first big hurdle there is that Linux users
know that malware is not a common everyday occurrence for their systems.


> On GNU/Linux that's probably just going to be their home folder and
> shares...hmm....NFS mounts...nasty.
> Or is AppArmour/SELinux going to stick the boot in and stop it?

That should strangle the malware when it first tries to do anything
silly to the system bits. Meanwhile, the user would be alerted that this
is 'unknown software' trying to do something. If accepted by the user,
then at least the user's area would still be toast...


> i.e. are we currently protected by scarcity?

Possibly, but I don't think that is the full story...



Very good question there!

There has to be more to it than just the power of the dedication and
personal pride of those who put our Linux distros together...

Cheers,
Martin



-- 
- ------------------ - ----------------------------------------
-    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg



More information about the Nottingham mailing list