[SC.LUG] Linux vs. Windows Viruses

Dr A V Le Blanc LeBlanc at mcc.ac.uk
Fri Oct 10 12:28:32 BST 2003 

> "To mess up a Linux box, you need to work at it; to mess up your
> Windows box, you just need to work on it, writes SecurityFocus
> columnist Scott Granneman."

On Tue, Oct 07, 2003 at 05:26:38PM +0100, Rick [Kitty5] wrote:
> The risk of accidentally getting a virus or trojan on Linux is very minimal,
> but that's not the issue that's motivating this article. The recent spate of
> Windows worms could have happened on Linux.
...
> Its the things he simply omitted to mention that peg this as yet another
> piece of anti MS FUD, the danger is all this 'talking up' Linux security
> could come back to bite in a very bad way. It would only take the Linux
> equivalent of nimda or the sql worm and we're back to square one, sat right
> next to Microsoft feeling very sheepish.

I have to agree with this.  Red Hat acquired a very bad reputation
here in Manchester because of the number of Red Hat boxes which got
hacked.  The problem was not Red Hat at all: the main problem was,
and is, that no box can sit connected to a network unless someone
keeps its security up to date.  If you have some network service
working, you probably have a potential security hole of some kind.

A second problem: inept administration.  Recently two Linux boxes
administered by a fairly experienced administrator acquired a
Linux virus that had been around since March of this year.  How?
They connected to a certain website using Mozilla, running as root.

Recently one of my web servers got hacked.  How?  Someone had
requested that we allow PHP scripts to include files from other
sites, and someone else wrote a script that included local files
passed to it in the URL.  The hacker noticed this and passed his
own php file to the script: it downloaded a small C program,
compiled it, and ran it.  Fortunately our other security features
prevented him from exploiting this -- the program was unable to
establish a connection with outside, and ate up resources at the
same time.  Now we've reconfigured PHP to prevent this happening
in the future.

I do believe that Linux's security is and will remain better
than Microsoft's.  That still requires maintenance, good administrator
security practices, and care on the part of users; and even with all
of these you may still be vulnerable to something.

     -- Owen
     LeBlanc at mcc.ac.uk

More information about the SC mailing list