On Sunday 08 May 2005 17:00, Dave Feustel wrote: > For the OpenBSD experts on this list: > > Can the malware at Gookle.com described at the link > crack OpenBSD and/or Konqueror? > (I am far from an expert, so I practice 'better safe > than sorry' when I see f-secure's explicit warnings). > > http://www.f-secure.com/v-descs/googkle.shtml > > Thanks, > Dave Feustel
First of all, I wanted to say that I'm no OpenBSD expert. I just tried it using VMWare as a Linux alternative. The advice I'll give applies for all Unix operating system, including Linux and *BSD. The short answer is simply "no". It's technically possible to exploit a security problem of Unix systems, typically a buffer overflow. But a malware like this could only affect the system with the user rights that the browser runs with. In short, it could at most destroy the personal data of the user running the browser. All system files and executable files are only modifiable as root and on Unix system, noone would have the idea to run a web browser with root privileges. On the other hand, it's quite typical for Windows users to run Internet Explorer (notoriously the least secure browser of the market) with Administrator privileges. And this is not the only limitation to malware spreading. Malware spreads very easily on Windows systems not only because of a way less secure system, but because of the monoculture that is typical. Almost everyone on Windows use the same security-deficient tools, like IE, Outlook Express, Office, and so on... On Unix, cultural diversity is typical. There are plenty of programs to do the same task and Unix users typically don't use the same tools neither the same versions of them. And lots of people have different configurations, services enabled, deamons, kernels and so on... That makes malware spreading on Unix systems very unlikely. Additionnally, Windows only runs on one architecture: PCs with Intel 8086 architecture or binary compatible processors. (There has been a port of NT 3.5 on Alpha, but that was cancelled, which effectively killed a very promising processor serie) On the other hand, Unix runs on widely different architectures with very different processors, memory organization and the like. A buffer overflow exploit developped for the PowerPC processor serie cannot work on the 8086, Alpha, MIPS, Sparc processor series. And last there is the way the operating system gets fixed and improved. Unix kernels, deamons, tools are constantly refined and improved. When a security problem is found, it's almost immediately corrected, leaving no time for virus writers to exploit the problem. In the Windows world, there are thousands of security problems that will never be fixed (else that would dramatically break existing executables) and Microsoft typically denies security problems and only dares to fix an issue when it already affected tens of thousands of people with existing malware. -- Patrick BURNAND <[EMAIL PROTECTED]>
