Hi
I wanted to trigger a conversation here on why Viruses infect Windows PCs and not GNU/Linux systems,
Dr. Nagarjuna explained the concept of a file in a posix file system is never set with execute permissions by default and that's why a GNU/Linux system cannot get infected with a Virus.
The only way a program (virus) could infect the system would be is if a user actually saved an attachment to disk, then did a 'chmod 755 attachment' and then executed it by either double clicking it or ./attachment... Thus the user would have to be really dumb to infect his computer. ;-)
Anyone care to comment or add to this?
All thoughts are most welcome since I am keen on the education more than anything. Also I'm also wondering if I could be mistaken and that there are potentially problems / vulnerabilities on a GNU/Linux system...
Regards
Rishi
Evening Rishi...;)
On 2004.01.29 00:55 Rishi Gangoly wrote:
anything. Also I'm also wondering if I could be mistaken and that there are potentially problems / vulnerabilities on a GNU/Linux system...
[snip]
I can assure you there are a multitude of them in forms of ....
* Buffer Overflow Exploits * Various other Code Exploits and Privelege Escalation Exploits.
Gnu/Linux and most other Open Operating systems have their fare share of security issues and ones that can be addressed in a very realistic fashion.
Trevor
On Thu, 29 Jan 2004, Trevor Warren wrote:
Gnu/Linux and most other Open Operating systems have their fare share of security issues and ones that can be addressed in a very realistic fashion.
It's not just GNU/Linux or even operating systems that are susceptible to this. Any sufficiently large program has a high potential for security holes.
When writing a large program, it is quite likely that some security aspects will be missed while getting the program to actually work. This is where code review comes in.
With open source, it is easier for more people to inspect the code and warn the developers about potential problems before they are actually exploited.
An experience I had with libyahoo2:
The first release of libyahoo2 was 0.5. Very soon after that release, I received a bug report about a possible buffer overflow. 0.6 was released soon after with that fix in place.
Philip
On Thu, 29 Jan 2004, Rishi Gangoly wrote:
The only way a program (virus) could infect the system would be is if a user actually saved an attachment to disk, then did a 'chmod 755 attachment' and then executed it by either double clicking it or ./attachment... Thus the user would have to be really dumb to infect his computer. ;-)
A virus also needs to infect other binaries with itself. If run as a regular user, the virus only has access to executables that are writable by the current user. To infect the entire system, the virus would have to be executed as root.
If root executes the virus, I'd say you've given root to the wrong person.
We need to contrast this with worms. Worms are capable of spreading without human intervention, and yes, there have been linux worms in the past. Typically, they would take advantage of well known holes in a system's network security (remember l10n attacking rpcd, bind and wuftpd) to gain access to that system. Once there, they'll install themselves to be always executed, and then search for other hosts to infect.
The only human intervention required is that the system be left open for remote exploits like this.
We should remember that the first great Internet Worm was actually cross platform. it worked on unix as well as vax systems.
does this mean that i cannot open an attachment by just clicking on it? shiv kumar
On Thu, 29 Jan 2004, Rishi Gangoly wrote:
The only way a program (virus) could infect the system would be is if a user actually saved an attachment to disk, then did a 'chmod 755 attachment' and then executed it by either double clicking it or ./attachment... Thus the user would have to be really dumb to infect his computer. ;-)
On Thu, 29 Jan 2004, Shiv Kumaar,91-22-28906693, 9820320927 (mobile) wrote:
does this mean that i cannot open an attachment by just clicking on it?
how to open a file depends on what kind of file it is. Something like a html, pdf or mp3 file may be opened safely through some other application. An executable file however, needs to be saved to disk and executed manually.
Depending on how your system was set up, the Right Thing will happen for each of the above. When in doubt, the system will prompt you.
Philip
does this mean that i cannot open an attachment by just clicking on it? shiv kumar
You can open an attachment (document/graphic/audio etc.) file by clicking it, however, what that means is that the file attachment is opened as a document for a specific application like xmms for mp3 files, or a graphic-file viewer for pictures. These associations are already pre-configured in most systems.
However, the key point being that the files don't need 'execute' permission to be viewed or heard ... since the application that the file is associated with is executable... And that's ok....
In the case of Windows, there is another major problem.. which is by default an option called 'auto-hide known extensions' is enabled ... which means if a file attachment actually ends with .EXE or .PIF extension but the filename is 'filename.jpg.exe' then the user only sees an attachment called 'something.jpg' misleading the user to feel that the attachment is not an executable but a jpg.
:-)
Rishi
yea i agree abt the windows extension. long ago i clicked on one such and got a virus. now all file extensions are very visible :) :) again if one doesn't subscribe to computer mags, one wouldn't know the tricks in windows sk
----- Original Message ----- From: "Rishi Gangoly" rishi@theargoncompany.com To: "GNU/Linux Users Group, Mumbai, India" linuxers@mm.ilug-bom.org.in Sent: January 29, 2004 6:18 PM Subject: Re: [ILUG-BOM] Why do Viruses not infect GNU/Linux PCs?
In the case of Windows, there is another major problem.. which is by
default
an option called 'auto-hide known extensions' is enabled ... which means
if a
file attachment actually ends with .EXE or .PIF extension but the filename
is
'filename.jpg.exe' then the user only sees an attachment called 'something.jpg' misleading the user to feel that the attachment is not an executable but a jpg.
:-)
Rishi
On Friday 30 Jan 2004 11:41 am, Shiv Kumaar,91-22-28906693, 9820320927 (mobile) wrote:
yea i agree abt the windows extension. long ago i clicked on one such and got a virus. now all file extensions are very visible :) :) again if one doesn't subscribe to computer mags, one wouldn't know the tricks in windows
Or better yet.. move to GNU/Linux. ;-)
-
Philip S Tellis -
Rishi Gangoly -
Shiv Kumaar,91-22-28906693, 9820320927 (mobile) -
Trevor Warren