28 Jan
2004
28 Jan
'04
7:25 p.m.
Hi
I wanted to trigger a conversation here on why Viruses infect Windows PCs and
not GNU/Linux systems,
Dr. Nagarjuna explained the concept of a file in a posix file system is never
set with execute permissions by default and that's why a GNU/Linux system
cannot get infected with a Virus.
The only way a program (virus) could infect the system would be is if a user
actually saved an attachment to disk, then did a 'chmod 755 attachment' and
then executed it by either double clicking it or ./attachment... Thus the
user would have to be really dumb to infect his computer. ;-)
Anyone care to comment or add to this?
All thoughts are most welcome since I am keen on the education more than
anything. Also I'm also wondering if I could be mistaken and that there are
potentially problems / vulnerabilities on a GNU/Linux system...
Regards
Rishi
28 Jan
28 Jan
7:38 p.m.
Evening Rishi...;)
On 2004.01.29 00:55 Rishi Gangoly wrote:
--
( >- -< )
/~\ __ Gnu/Linux, Its all about Choice __ /~\
| \) / trevor.w(a)pvision.biz \ (/ |
|_|_ \ Need a consultant, Call 9820349221 / _|_|
\____________________________________/
anything. Also I'm also wondering if I could be
mistaken and that
there are
potentially problems / vulnerabilities on a GNU/Linux system...
[snip]
I can assure you there are a multitude of them in forms of ....
* Buffer Overflow Exploits
* Various other Code Exploits and Privelege Escalation Exploits.
Gnu/Linux and most other Open Operating systems have their fare
share of security issues and ones that can be addressed in a very
realistic fashion.
Trevor
29 Jan
29 Jan
4:48 a.m.
On Thu, 29 Jan 2004, Trevor Warren wrote:
Gnu/Linux and most other Open Operating systems
have their fare
share of security issues and ones that can be addressed in a very
realistic fashion.
It's not just GNU/Linux or even operating systems that are susceptible
to this. Any sufficiently large program has a high potential for
security holes.
When writing a large program, it is quite likely that some security
aspects will be missed while getting the program to actually work. This
is where code review comes in.
With open source, it is easier for more people to inspect the code and
warn the developers about potential problems before they are actually
exploited.
An experience I had with libyahoo2:
The first release of libyahoo2 was 0.5. Very soon after that release, I
received a bug report about a possible buffer overflow. 0.6 was
released soon after with that fix in place.
Philip
--
The rate at which a disease spreads through a corn field is a precise
measurement of the speed of blight.
4:41 a.m.
On Thu, 29 Jan 2004, Rishi Gangoly wrote:
The only way a program (virus) could infect the system
would be is if
a user actually saved an attachment to disk, then did a 'chmod 755
attachment' and then executed it by either double clicking it or
./attachment... Thus the user would have to be really dumb to infect
his computer. ;-)
A virus also needs to infect other binaries with itself. If run as a
regular user, the virus only has access to executables that are writable
by the current user. To infect the entire system, the virus would have
to be executed as root.
If root executes the virus, I'd say you've given root to the wrong
person.
We need to contrast this with worms. Worms are capable of spreading
without human intervention, and yes, there have been linux worms in the
past. Typically, they would take advantage of well known holes in a
system's network security (remember l10n attacking rpcd, bind and
wuftpd) to gain access to that system. Once there, they'll install
themselves to be always executed, and then search for other hosts to
infect.
The only human intervention required is that the system be left open for
remote exploits like this.
We should remember that the first great Internet Worm was actually cross
platform. it worked on unix as well as vax systems.
--
Computer programmers never die, they just get lost in the processing.
5:37 a.m.
does this mean that i cannot open an attachment by just clicking on it?
shiv kumar
On Thu, 29 Jan 2004, Rishi Gangoly wrote:
> The only way a program (virus) could infect the system would be is if
> a user actually saved an attachment to disk, then did a 'chmod 755
> attachment' and then executed it by either double clicking it or
> ./attachment... Thus the user would have to be really dumb to infect
> his computer. ;-)
11:46 a.m.
On Thu, 29 Jan 2004, Shiv Kumaar,91-22-28906693, 9820320927 (mobile) wrote:
does this mean that i cannot open an attachment by
just clicking on it?
how to open a file depends on what kind of file it is. Something like a
html, pdf or mp3 file may be opened safely through some other
application. An executable file however, needs to be saved to disk and
executed manually.
Depending on how your system was set up, the Right Thing will happen for
each of the above. When in doubt, the system will prompt you.
Philip
--
Thus mathematics may be defined as the subject in which we never know
what we are talking about, nor whether what we are saying is true.
-- Bertrand Russell
-----BEGIN GEEK CODE BLOCK-----
GCS/ED/MU/TW d- s+: a- C+++ UL+++ P++++ L+++>$ E--- W+++ N- o-- K- w---
PS+ PE Y+ PGP+ t* X- R* tv b+ DI+++ D+ G++ e+++>$ h* r y
------END GEEK CODE BLOCK------
12:48 p.m.
does this mean that i cannot open an attachment by
just clicking on it?
shiv kumar
You can open an attachment (document/graphic/audio etc.) file by clicking it,
however, what that means is that the file attachment is opened as a document
for a specific application like xmms for mp3 files, or a graphic-file viewer
for pictures. These associations are already pre-configured in most systems.
However, the key point being that the files don't need 'execute' permission to
be viewed or heard ... since the application that the file is associated with
is executable... And that's ok....
In the case of Windows, there is another major problem.. which is by default
an option called 'auto-hide known extensions' is enabled ... which means if a
file attachment actually ends with .EXE or .PIF extension but the filename is
'filename.jpg.exe' then the user only sees an attachment called
'something.jpg' misleading the user to feel that the attachment is not an
executable but a jpg.
:-)
Rishi
30 Jan
30 Jan
6:11 a.m.
yea i agree abt the windows extension. long ago i clicked on one such and
got a virus. now all file extensions are very visible :) :) again if one
doesn't subscribe to computer mags, one wouldn't know the tricks in windows
sk
----- Original Message -----
From: "Rishi Gangoly" <rishi(a)theargoncompany.com>
To: "GNU/Linux Users Group, Mumbai, India" <linuxers(a)mm.ilug-bom.org.in>
Sent: January 29, 2004 6:18 PM
Subject: Re: [ILUG-BOM] Why do Viruses not infect GNU/Linux PCs?
In the case of Windows, there is another major problem.. which is by
default
an option called 'auto-hide known extensions'
is enabled ... which means
if a
file attachment actually ends with .EXE or .PIF
extension but the filename
is
'filename.jpg.exe' then the user only sees an
attachment called
'something.jpg' misleading the user to feel that the attachment is not an
executable but a jpg.
:-)
Rishi
6:30 p.m.
On Friday 30 Jan 2004 11:41 am, Shiv Kumaar,91-22-28906693, 9820320927
\(mobile\) wrote:
yea i agree abt the windows extension. long ago i
clicked on one such and
got a virus. now all file extensions are very visible :) :) again if one
doesn't subscribe to computer mags, one wouldn't know the tricks in windows
Or better yet.. move to GNU/Linux. ;-)
7255
days inactive
7257
days old
8 comments
4 participants
participants (4)
-
Philip S Tellis -
Rishi Gangoly -
Shiv Kumaar,91-22-28906693, 9820320927 (mobile) -
Trevor Warren