civileme wrote: >> > Well, if we were to build it idiot proof, someone would build a better > idiot. > > The linux virus is a danger to those who download binaries from dubious > sites. and to all who run as root. Even with our poison red screen and > autologin to a non-priveleged user, there are yahoos who will run as > root. But then bliss, which came with its own disinfection kit, could > also be loaded into a binary for those who never check. And think of > the binaries NO ONE has the source to--these are potential security > holes as well, from video drivers to linmodems of the PCTel flavor. > > But actually, I would rather take over an XP box than a linux one if I > wanted to do some attacking. With a stolen VB and a little elbow grease > and their full rawsockets stack, I could indetectably cook with uranium, > and never worry that the user might detect the inadvertant fork bomb or > a sudden sluggishness in his computer, and I wouldn't have to rootkit > anything. > > Civileme has the PCtel already evolved to *lin*modem state? hehe I doubt etharp will agree with that... I have a friend which is a C++ programmer and he complains a lot about the red-root screen.. guess with which user he logs in always... I have ran into dozens of questions that after a bit of guesswork translate as " why isnt the current dir in my PATH?" Let's face it, NO SYSTEM is safe if there is a dumb operator sitting in front of it. It is the most relevant part of the equation. While today it is easy to make Viruses (most of them aren't technically viruses), a real virus-programmer can make virus or worms that can infect ANY conceivable system. A real cracker can get into an *NIX system (even some script-kiddies do it sometimes, which means we have a lot of lazy sysadmins out there). And yes, we have vulnerabilities, even with the venerable zlib. (Never mind telling me how difficult is to actually exploit zlibs vulns, that is not the point). That said, we should make it clear that simply stating that "there is a new Linux virus" is not hype. People make few viruses for Linux not because it's difficult; but simply because they are inefficient. If Linux becomes a mainstream desktop system, the percentage of dumb users will increase. Then we will see a plethora of viruses for Linux. Now writing in big red "Linux Virus! Linux users will experience levels of infection never seen before!" *IS* hype. >>Civ: I don't care WHAT files it can infect, it can infect them only in the write-access space of the user.... Hmmm, well I suppose you would be vulnerable if you ran as root, but the Standards say that ELF's go in /bin /usr /opt and /usr/local -- Last I looked the standard permissions was that root had write access there and no one else. >> Some programs like Netscape 6 have their preferred installation dir at ~/bin... there are not only dumb users, but dumb software makers as well. Wasn't there someone looking for a reason NOT to use Netscape? :^) Wooky -- -- shinjiteiru shinjirareru, korekara aruku kono michi wo! kimi ga iru yo, boku ga iru yo sore ijou nani mo iranai. umareta imi ,sagasu yori mo ima ikiteru koto kanjite, kotae yori mo, daiji na mono hitotsu hitotsu mitsuketeiku...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
